: ${:=} not ${:=}

[autopkgtest.git] / xen / initscript

diff --git a/xen/initscript b/xen/initscript
index 578b1dbffd6ef1e552a5b23277687b50dc68927b..373d265ea7eff1d33efa4c8194e064efd180d4f0 100755 (executable)
--- a/xen/initscript
+++ b/xen/initscript
@@ -1,12 +1,27 @@
-#!/bin/sh
+#!/bin/bash
 set -e
-. ${ADT_XENLVM_SHARE:=/usr/share/autopkgtest/xenlvm}/readconfig
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
-default=/etc/default/adt-xen
-if test -f $default; then
-  . $default
+### BEGIN INIT INFO
+# Provides: adtxenlvm
+# Required-Start: $network $local_fs
+# Required-Stop:
+# Should-Start: $remote_fs
+# Should-Stop: $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Prepare firewall tables for autopkgtest Xen guests
+### END INIT INFO
+
+lsbif=/lib/lsb/init-functions
+if test -e $lsbif; then
+  . $lsbif
+else
+  log_daemon_msg () { printf "%s: " "$1"; }
+  log_progress_msg () { printf "%s " "$1"; }
+  log_end_msg () { echo "done."; }
 fi
+. /etc/default/rcS
 
 chains='AdtXenIn AdtXenFwd AdtXenIcmp'
 
@@ -15,6 +30,7 @@ if ! type iptables >/dev/null 2>&1 || ! type xm >/dev/null 2>&1; then
 fi
 
 safety () {
+  log_progress_msg block
   iptables -I INPUT -j DROP
   iptables -I FORWARD -j DROP
   trap '
@@ -25,6 +41,7 @@ safety () {
 }
 
 unsafety () {
+  log_progress_msg unblock
   iptables -D INPUT -j DROP
   iptables -D FORWARD -j DROP
   trap '' 0
@@ -32,14 +49,18 @@ unsafety () {
 
 case "$1" in
 stop)
+  log_daemon_msg "adtxenlvm: removing firewall rules"
   safety
+  log_progress_msg clear
   for chain in $chains; do
-    if iptables -L $chain >/dev/null 2>&1; then
+    if iptables -L -n $chain >/dev/null 2>&1; then
+      log_progress_msg $chain
       iptables -F $chain
       iptables -X $chain
     fi
   done
   unsafety
+  log_end_msg 0
   exit 0
   ;;
 start|restart|force-reload)
@@ -54,13 +75,33 @@ start|restart|force-reload)
   ;;
 esac
 
+set --
+
+exec 8>&1
+case "$VERBOSE" in
+no)    exec >/dev/null ;;
+esac
+
+adt_readconfig_initscript=y
+printf "adtxenlvm: reading configuration for firewall setup:\n"
+. ${ADT_XENLVM_SHARE:=/usr/share/autopkgtest/xenlvm}/readconfig
+
+exec >&8 8>&-
+
+log_daemon_msg "adtxenlvm: installing firewall rules"
+
 safety
+
+log_progress_msg create
 for chain in $chains; do
+  log_progress_msg $chain
   iptables -N $chain >/dev/null 2>&1 || iptables -F $chain
   iptables -I $chain -j DROP
 done
 unsafety
 
+log_progress_msg rules
+
 iptables -A AdtXenIcmp -j ACCEPT -p icmp --icmp-type echo-request
 # per RFC1122, allow ICMP echo exchanges with anyone we can talk to at all
 
@@ -105,17 +146,27 @@ for port in $adt_fw_allowglobalports; do
   iptables -A $main -p tcp --dport $port -j ACCEPT
 done
 
-if test -f $default-rules; then
-  . $default-rules
+if [ "x$adt_fw_hook" != x ]; then
+  log_progress_msg hook
+  . $adt_fw_hook
 fi
 
+log_progress_msg confirm
+
 iptables -A $main -j REJECT --reject-with icmp-admin-prohibited
-iptables -A $main -j ACCEPT
 iptables -D $main -j DROP
 
+log_progress_msg engage
+
 iptables -A AdtXenIn -j ACCEPT -p icmp --icmp-type echo-request
 iptables -A AdtXenIn -j ACCEPT -m conntrack --ctstate ESTABLISHED
 iptables -A AdtXenIn -j AdtXenFwd
 iptables -D AdtXenIn -j DROP
 
+iptables -D AdtXenIcmp -j DROP
+
+log_progress_msg proxyarp
+
 echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp 
+
+log_end_msg 0