From 68e038c675f85b4c9a704ebb61458215b0af89a0 Mon Sep 17 00:00:00 2001 From: Radostan Riedel Date: Fri, 5 Jan 2018 11:15:13 +0100 Subject: [PATCH] iptables: Fix several issues - iptables.service: Fix flush on stop if EnviromentFile becomes unavailable - home.v*: Fix wifi tethering - iptables_helper: fix check_docker function --- packages/network/iptables/config/home.v4 | 2 +- packages/network/iptables/config/home.v6 | 2 +- packages/network/iptables/scripts/iptables_helper | 13 +++++++------ packages/network/iptables/system.d/iptables.service | 4 ++-- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/packages/network/iptables/config/home.v4 b/packages/network/iptables/config/home.v4 index cd8dec7645..583a3e845e 100644 --- a/packages/network/iptables/config/home.v4 +++ b/packages/network/iptables/config/home.v4 @@ -8,7 +8,7 @@ -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -i tether -p udp -m conntrack --ctstate NEW -j ACCEPT -A INPUT -j private-subnets --A FORWARD -i tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -i tether -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A DOCKER-USER -j private-subnets -A private-subnets -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT diff --git a/packages/network/iptables/config/home.v6 b/packages/network/iptables/config/home.v6 index 46f5e79ce8..44074d0908 100644 --- a/packages/network/iptables/config/home.v6 +++ b/packages/network/iptables/config/home.v6 @@ -8,7 +8,7 @@ -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -i tether -p udp -m conntrack --ctstate NEW -j ACCEPT -A INPUT -j private-subnets --A FORWARD -i tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -i tether -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A DOCKER-USER -j private-subnets -A private-subnets -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT diff --git a/packages/network/iptables/scripts/iptables_helper b/packages/network/iptables/scripts/iptables_helper index 0ce0f35abc..b032af2f16 100755 --- a/packages/network/iptables/scripts/iptables_helper +++ b/packages/network/iptables/scripts/iptables_helper @@ -23,18 +23,19 @@ IPTABLES_CMDS="$IPTABLES4 $IPTABLES6" PUBLIC_RULES="/etc/iptables/public.v" HOME_RULES="/etc/iptables/home.v" CUSTOM_RULES="/storage/.config/iptables/rules.v" +DOCKER="service.system.docker.service" +SYSTEMCTL="/usr/bin/systemctl" +CONNMANCTL="/usr/bin/connmanctl" check_docker() { - if [ "`/usr/bin/systemctl is-active docker.service`" == "active" ]; then - /usr/bin/systemctl restart docker - fi + $SYSTEMCTL is-active --quiet $DOCKER && $SYSTEMCTL restart $DOCKER } check_tether() { - if [ -n "`/usr/bin/connmanctl technologies|grep 'Tethering = True'`" ]; then - /usr/bin/connmanctl tether wifi off + if [ -n "`$CONNMANCTL technologies|grep 'Tethering = True'`" ]; then + $CONNMANCTL tether wifi off sleep 1 - /usr/bin/connmanctl tether wifi on + $CONNMANCTL tether wifi on fi } diff --git a/packages/network/iptables/system.d/iptables.service b/packages/network/iptables/system.d/iptables.service index 071b32a00b..eacb387908 100644 --- a/packages/network/iptables/system.d/iptables.service +++ b/packages/network/iptables/system.d/iptables.service @@ -1,13 +1,13 @@ [Unit] Description=IPTABLES Packet Filtering ConditionPathExists=/usr/lib/libreelec/iptables_helper -ConditionPathExists=/storage/.cache/services/iptables.conf +ConditionPathExists=|/storage/.cache/services/iptables.conf Before=network.target Wants=network.target [Service] Type=oneshot -EnvironmentFile=/storage/.cache/services/iptables.conf +EnvironmentFile=-/storage/.cache/services/iptables.conf ExecStart=/usr/lib/libreelec/iptables_helper enable ExecReload=/usr/lib/libreelec/iptables_helper enable ExecStop=/usr/lib/libreelec/iptables_helper disable