diff options
Diffstat (limited to 'meta-google/recipes-google/nftables/files')
-rw-r--r-- | meta-google/recipes-google/nftables/files/nft-configure.sh | 14 | ||||
-rw-r--r-- | meta-google/recipes-google/nftables/files/nftables.service | 1 |
2 files changed, 10 insertions, 5 deletions
diff --git a/meta-google/recipes-google/nftables/files/nft-configure.sh b/meta-google/recipes-google/nftables/files/nft-configure.sh index 05bb23d8b..8c8e058b7 100644 --- a/meta-google/recipes-google/nftables/files/nft-configure.sh +++ b/meta-google/recipes-google/nftables/files/nft-configure.sh @@ -8,10 +8,14 @@ for dir in /run/nftables /etc/nftables /usr/share/nftables; do done let i+=1 done -rc=0 -nft flush ruleset || rc=$? + +rules="" +trap 'rm -f -- "$rules"' TERM INT EXIT ERR +rules="$(mktemp)" || exit +echo 'flush ruleset' >"$rules" for key in $(printf "%s\n" "${!basemap[@]}" | sort -r); do - echo "Executing ${basemap[$key]}" >&2 - nft -f "${basemap[$key]}" || rc=$? + echo "Loading ${basemap[$key]}" >&2 + echo '' >>"$rules" + cat "${basemap[$key]}" >>"$rules" done -exit $rc +nft -f "$rules" || exit diff --git a/meta-google/recipes-google/nftables/files/nftables.service b/meta-google/recipes-google/nftables/files/nftables.service index 770a3d3ac..1a93812b8 100644 --- a/meta-google/recipes-google/nftables/files/nftables.service +++ b/meta-google/recipes-google/nftables/files/nftables.service @@ -5,6 +5,7 @@ Before=network-pre.target Type=oneshot RemainAfterExit=yes ExecStart=/usr/libexec/nft-configure.sh +ExecReload=/usr/libexec/nft-configure.sh ExecStop=/usr/sbin/nft flush ruleset [Install] |