xen service: Fix removing netfilter rules while stopping xen-bridge
This fixes a bug in the stopping script for the xen-bridge service, which caused the script to crash and fail to remove some netfilter rules.
This commit is contained in:
parent
3f6d21bafc
commit
1c7629ce63
1 changed files with 5 additions and 2 deletions
|
@ -406,6 +406,9 @@ in
|
|||
'';
|
||||
serviceConfig.ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq --conf-file=/var/run/xen/dnsmasq.conf";
|
||||
postStop = ''
|
||||
IFS='-' read -a data <<< `${pkgs.sipcalc}/bin/sipcalc ${cfg.bridge.address}/${toString cfg.bridge.prefixLength} | grep Network\ address`
|
||||
export XEN_BRIDGE_NETWORK_ADDRESS="${"\${data[1]//[[:blank:]]/}"}"
|
||||
|
||||
${pkgs.inetutils}/bin/ifconfig ${cfg.bridge.name} down
|
||||
${pkgs.bridge-utils}/bin/brctl delbr ${cfg.bridge.name}
|
||||
|
||||
|
@ -413,8 +416,8 @@ in
|
|||
${pkgs.iptables}/bin/iptables -w -D INPUT -i ${cfg.bridge.name} -p udp -d ${cfg.bridge.address} --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -w -D INPUT -i ${cfg.bridge.name} -p tcp -d ${cfg.bridge.address} --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||
# DHCP
|
||||
${pkgs.iptables}/bin/iptables -w -D INPUT -i ${cfg.bridge.name} -p udp --sport 68 --dport 67 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -w -D INPUT -i ${cfg.bridge.name} -p tcp --sport 68 --dport 67 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -w -D INPUT -i ${cfg.bridge.name} -p udp -s $XEN_BRIDGE_NETWORK_ADDRESS/${toString cfg.bridge.prefixLength} --sport 68 --dport 67 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -w -D INPUT -i ${cfg.bridge.name} -p tcp -s $XEN_BRIDGE_NETWORK_ADDRESS/${toString cfg.bridge.prefixLength} --sport 68 --dport 67 -j ACCEPT
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue