* [gentoo-commits] gentoo-x86 commit in net-firewall/conntrack-tools/files: conntrackd.initd-r1 conntrackd.confd-r1
@ 2008-11-20 12:06 Wolfram Schlich (wschlich)
0 siblings, 0 replies; only message in thread
From: Wolfram Schlich (wschlich) @ 2008-11-20 12:06 UTC (permalink / raw
To: gentoo-commits
wschlich 08/11/20 12:06:32
Added: conntrackd.initd-r1 conntrackd.confd-r1
Log:
improve init script, fix *DEPEND
(Portage version: 2.2_rc13/cvs/Linux 2.6.24-gentoo-r5-1 i686, RepoMan options: --force)
Revision Changes Path
1.1 net-firewall/conntrack-tools/files/conntrackd.initd-r1
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/conntrack-tools/files/conntrackd.initd-r1?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/conntrack-tools/files/conntrackd.initd-r1?rev=1.1&content-type=text/plain
Index: conntrackd.initd-r1
===================================================================
#!/sbin/runscript
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
CONNTRACKD_BIN="/usr/sbin/conntrackd"
CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf}
CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/var/lock/conntrack.lock}
depend() {
use logger
need net
}
checkconfig() {
# check for netfilter conntrack kernel support
local nf_ct_available=0
for k in net.netfilter.nf_conntrack_max \
net.ipv4.netfilter.ip_conntrack_max \
net.nf_conntrack_max; do
if sysctl -e -n ${k} &>/dev/null; then
nf_ct_available=1 # sysctl key found
break
fi
done
if [ ${nf_ct_available} -eq 0 ]; then
eerror
eerror "Your kernel is missing netfilter conntrack support!"
eerror "Make sure your kernel was compiled with netfilter conntrack support."
eerror
eerror "If it was compiled as a module you need to ensure the module is being"
eerror "loaded before starting conntrackd."
eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)"
eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module"
eerror "by hand like this, depending on your kernel version:"
eerror
eerror " modprobe nf_conntrack # (for newer kernels)"
eerror " modprobe ip_conntrack # (for older kernels)"
eerror
return 1
fi
# check if netfilter conntrack TCP window tracking is disabled
local nf_ct_tcp_be_liberal=0
for k in net.netfilter.nf_conntrack_tcp_be_liberal \
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do
nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null)
if [ ${?} -ne 0 ]; then
continue # sysctl key not found
else
break # sysctl key found
fi
done
if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then
eerror
eerror "You need to disable TCP window tracking!"
eerror "Add the following line to your /etc/sysctl.conf:"
eerror
eerror " ${k} = 1"
eerror
eerror "...and run this to activate the setting: sysctl -q -p"
eerror
return 1
fi
# check for config file
if [ ! -e "${CONNTRACKD_CFG}" ]; then
eerror
eerror "The conntrackd config file (${CONNTRACKD_CFG})"
eerror "is missing!"
eerror
return 1
fi
# check for leftover lockfile
if [ -f "${CONNTRACKD_LOCK}" ]; then
ewarn
ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})"
ewarn "exists although the service is not marked as started."
ewarn "Will remove the lockfile and start the service in 10s"
ewarn "if not interrupted..."
ewarn
sleep 10
if ! rm -f "${CONNTRACKD_LOCK}"; then
eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})"
return 1
fi
fi
}
start() {
checkconfig || return 1
ebegin "Starting conntrackd"
start-stop-daemon --start --exec "${CONNTRACKD_BIN}" \
-- -d -C "${CONNTRACKD_CFG}" ${CONNTRACKD_OPTS}
eend $?
}
stop() {
ebegin "Stopping conntrackd"
start-stop-daemon --stop --exec "${CONNTRACKD_BIN}"
eend $?
}
1.1 net-firewall/conntrack-tools/files/conntrackd.confd-r1
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/conntrack-tools/files/conntrackd.confd-r1?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-firewall/conntrack-tools/files/conntrackd.confd-r1?rev=1.1&content-type=text/plain
Index: conntrackd.confd-r1
===================================================================
# conntrackd config file
# default: /etc/conntrackd/conntrackd.conf
#CONNTRACKD_CFG=/etc/conntrackd/conntrackd.conf
# conntrackd lockfile (must match the "LockFile" entry
# from the "General" section in the config file)
# default: /var/lock/conntrack.lock
#CONNTRACKD_LOCK=/var/lock/conntrack.lock
# extra options for conntrackd
#CONNTRACKD_OPTS="" # you must NOT use -C here!
# depend on a specific network interface
#RC_NEED="net.eth1" # baselayout-1
#rc_need="net.eth1" # baselayout-2/OpenRC
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-11-20 12:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-20 12:06 [gentoo-commits] gentoo-x86 commit in net-firewall/conntrack-tools/files: conntrackd.initd-r1 conntrackd.confd-r1 Wolfram Schlich (wschlich)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox