blob: 386dcbd5b36b8f78d7cda0be6cd83275c5cdaf96 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
#!/bin/sh /etc/rc.common
# Copyright (C) 2018 Mikael Magnusson
START=15
log_output() {
logger -t container_init "$@"
}
boot() {
# Only execute for lxc containers
if [ "$container" != "lxc" ]; then
exit 0
fi
local disable_ipv6="$(uci_get firewall @defaults[0] disable_ipv6 false)"
case "$disable_ipv6" in
'0'|'no'|'off'|'false'|'disabled') disable_ipv6=false ;;
'1'|'yes'|'on'|'true'|'enabled') disable_ipv6=true ;;
esac
tables='filter nat mangle raw'
res=0
for table in $tables; do
iptables -n -t $table -L >/dev/null 2>/dev/null
if ! grep $table /proc/net/ip_tables_names >/dev/null; then
log_output -p daemon.crit "ip $table load failed"
res=1
fi
if [ "$disable_ipv6" = "false" ]; then
ip6tables -n -t $table -L >/dev/null 2>/dev/null
if ! grep $table /proc/net/ip6_tables_names >/dev/null; then
log_output -p daemon.crit "ip6 $table load failed"
res=1
fi
fi
done
if [ "$res" == "0" ]; then
if [ "$disable_ipv6" = "false" ]; then
log_output -p daemon.info "ip and ip6 tables loaded successfully"
else
log_output -p daemon.info "ip tables loaded successfully"
fi
fi
exit $res
}
|
