From: Antonio Ospite <ao2@ao2.it>
Date: Thu, 3 May 2018 09:02:06 +0000 (+0200)
Subject: Makefile: support deploying with netfilter-persistent
X-Git-Url: https://git.ao2.it/config/iptables.git/commitdiff_plain/72b2b60922c789a8e29bca7b7f383846f3383188?ds=inline

Makefile: support deploying with netfilter-persistent
---

diff --git a/Makefile b/Makefile
index 9436a66..aec4351 100644
--- a/Makefile
+++ b/Makefile
@@ -3,5 +3,17 @@ all:
 deploy-workstation:
 	-[ -x /usr/sbin/nft ] && sudo nft flush ruleset
 	sudo ./iptables-workstation.sh
-	sudo iptables-save > iptables
-	sudo ip6tables-save > ip6tables
+	sudo sh -c "iptables-save > rules.v4"
+	sudo sh -c "ip6tables-save > rules.v6"
+	-if [ -x /usr/sbin/netfilter-persistent ]; \
+	then \
+	  [ -d /etc/iptables ] && sudo mkdir /etc/iptables; \
+	  sudo mv rules.v[46] /etc/iptables; \
+	  sudo etckeeper vcs add iptables; \
+	  if ! sudo etckeeper vcs diff --staged --no-patch --exit-code -- iptables; \
+	  then \
+	    sudo etckeeper vcs commit -m "iptables: update rules" -- iptables; \
+	  fi; \
+	  sudo systemctl restart netfilter-persistent.service; \
+	fi
+