- added support for native systemd file (rhbz#694738)

- new iptables.service file
  - additional requires
  - moved sysv init scripts to /usr/libexec
  - added new post, preun and postun scripts and triggers

iptables.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=iptables Firewall for IPv4
+After=syslog.target
+ConditionPathExists=/etc/sysconfig/iptables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/iptables start
+ExecStop=/usr/libexec/iptables stop
+Environment=BOOTUP=serial
+Environment=CONSOLETYPE=serial
+StandardOutput=syslog
+StandardError=syslog
+
+[Install]
+WantedBy=basic.target

iptables.spec

@@ -1,10 +1,25 @@
+# enable systemd for Fedora-16 and RHEL-7
+%if 0%{?fedora} > 15 || 0%{?rhel} > 6
+    %bcond_without systemd
+%else
+    %bcond_with systemd
+%endif
+
+# install init scripts to /usr/libexec with systemd
+%if %{with systemd}
+    %define script_path %{_libexecdir}
+%else
+    %define script_path /etc/rc.d/init.d
+%endif
+
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 Version: 1.4.11.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
+Source3: iptables.service
 Patch5: iptables-1.4.11-cloexec.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
@@ -13,8 +28,16 @@ License: GPLv2
 BuildRequires: libselinux-devel
 BuildRequires: kernel-headers
 Conflicts: kernel < 2.4.20
+%if %{with systemd}
+BuildRequires: systemd-units
+Requires(post): systemd-units
+Requires(post): systemd-sysv
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
 Requires(post): chkconfig
 Requires(preun): chkconfig
+%endif
 
 %description
 The iptables utility controls the network packet filtering code in the
@@ -89,26 +112,96 @@ done
 mv %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}/
 
 # install init scripts and configuration files
-install -d -m 755 %{buildroot}/etc/rc.d/init.d
+install -d -m 755 %{buildroot}%{script_path}
-install -c -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/iptables
+install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m 755 ip6tables.init %{buildroot}/etc/rc.d/init.d/ip6tables
+install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables
 install -d -m 755 %{buildroot}/etc/sysconfig
 install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config
 sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
 install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config
 
+%if %{with systemd}
+# install systemd service files
+install -d -m 755 %{buildroot}/lib/systemd/system
+install -c -m 755 %{SOURCE3} %{buildroot}/lib/systemd/system/
+sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' < %{SOURCE3} > ip6tables.service
+install -c -m 755 ip6tables.service %{buildroot}/lib/systemd/system/
+%endif
+
 %clean
 rm -rf %{buildroot}
 
+%if %{with systemd}
+
+%post
+/sbin/ldconfig
+if [ $1 -eq 1 ] ; then # Initial installation
+   /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+   /bin/systemctl enable iptables.service >/dev/null 2>&1 || :
+fi
+
+%preun
+if [ $1 -eq 0 ]; then # Package removal, not upgrade
+   /bin/systemctl --no-reload disable iptables.service > /dev/null 2>&1 || :
+   /bin/systemctl stop iptables.service > /dev/null 2>&1 || :
+fi
+
+%postun
+/sbin/ldconfig
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall
+   /bin/systemctl try-restart iptables.service >/dev/null 2>&1 || :
+fi
+
+%triggerun -- iptables < 1.4.11.1-3
+# To apply saved runlevel, use systemd-sysv-convert --apply iptables
+%{_bindir}/systemd-sysv-convert --save iptables >/dev/null 2>&1 ||:
+
+# Autostart
+/bin/systemctl --no-reload enable iptables.service >/dev/null 2>&1 ||:
+
+# Delete from sysv management, try to restart service
+/sbin/chkconfig --del iptables >/dev/null 2>&1 || :
+/bin/systemctl try-restart iptables.service >/dev/null 2>&1 || :
+
+%post ipv6
+if [ $1 -eq 1 ] ; then # Initial installation
+   /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+   /bin/systemctl enable ip6tables.service >/dev/null 2>&1 || :
+fi
+
+%preun ipv6
+if [ $1 -eq 0 ]; then # Package removal, not upgrade
+   /bin/systemctl --no-reload disable ip6tables.service > /dev/null 2>&1 || :
+   /bin/systemctl stop ip6tables.service > /dev/null 2>&1 || :
+fi
+
+%postun ipv6
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall
+   /bin/systemctl try-restart ip6tables.service >/dev/null 2>&1 || :
+fi
+
+%triggerun ipv6 -- ip6tables-ipv6 < 1.4.11.1-3
+# To apply saved runlevel, use systemd-sysv-convert --apply ip6tables
+%{_bindir}/systemd-sysv-convert --save ip6tables >/dev/null 2>&1 ||:
+
+# Autostart
+/bin/systemctl --no-reload enable ip6tables.service >/dev/null 2>&1 ||:
+
+# Delete from sysv management, try to restart service
+/sbin/chkconfig --del ip6tables >/dev/null 2>&1 || :
+/bin/systemctl try-restart ip6tables.service >/dev/null 2>&1 || :
+
+%else # no systemd
+
 %post
 /sbin/ldconfig
 /sbin/chkconfig --add iptables
 
-%postun -p /sbin/ldconfig
-
 %preun
-if [ "$1" = 0 ]; then
+if [ $1 -eq 0 ]; then
    /sbin/chkconfig --del iptables
 fi
 
@@ -116,15 +209,23 @@ fi
 /sbin/chkconfig --add ip6tables
 
 %preun ipv6
-if [ "$1" = 0 ]; then
+if [ $1 -eq 0 ]; then
    /sbin/chkconfig --del ip6tables
 fi
 
+%postun -p /sbin/ldconfig
+
+%endif # systemd
+
+
 %files
 %defattr(-,root,root)
 %doc COPYING INSTALL INCOMPATIBILITIES
-%attr(0755,root,root) /etc/rc.d/init.d/iptables
+%attr(0755,root,root) %{script_path}/iptables
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
+%if %{with systemd}
+/lib/systemd/system/iptables.service
+%endif
 /sbin/iptables*
 /sbin/xtables-multi
 /bin/iptables-xml
@@ -139,8 +240,11 @@ fi
 
 %files ipv6
 %defattr(-,root,root)
-%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
+%attr(0755,root,root) %{script_path}/ip6tables
 %config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
+%if %{with systemd}
+/lib/systemd/system/ip6tables.service
+%endif
 /sbin/ip6tables*
 %{_mandir}/man8/ip6tables*
 /%{_lib}/xtables/libip6t*
@@ -165,6 +269,13 @@ fi
 %{_libdir}/pkgconfig/xtables.pc
 
 %changelog
+* Fri Jul 15 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-3
+- added support for native systemd file (rhbz#694738)
+  - new iptables.service file
+  - additional requires
+  - moved sysv init scripts to /usr/libexec
+  - added new post, preun and postun scripts and triggers
+
 * Tue Jul 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-2
 - dropped temporary provide again
 - enabled smp build