From 07c05d4ac5d0709cba41e56da29f77ccc07d2e93 2015-12-16 01:51:03
From: Jan Wagner <mail@jwagner.eu>
Date: 2015-12-16 01:51:03
Subject: [PATCH] fix: ENABLE_IPTABLES

---

diff --git a/rpi2-gen-image.sh b/rpi2-gen-image.sh
index 5b6a2ff..0004ba9 100755
--- a/rpi2-gen-image.sh
+++ b/rpi2-gen-image.sh
@@ -123,7 +123,7 @@ mkdir -p $R
 
 # Add required packages for the minbase installation
 if [ "$ENABLE_MINBASE" = true ] ; then
-  APT_INCLUDES="${APT_INCLUDES},vim-tiny,net-tools"
+  APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools"
 else
   APT_INCLUDES="${APT_INCLUDES},locales"
 fi
@@ -133,6 +133,11 @@ if [ "$ENABLE_DBUS" = true ] ; then
   APT_INCLUDES="${APT_INCLUDES},dbus"
 fi
 
+# Add iptables IPv4/IPv6 package
+if [ "$ENABLE_IPTABLES" = true ] ; then
+  APT_INCLUDES="${APT_INCLUDES},iptables"
+fi
+
 # Add openssh server package
 if [ "$ENABLE_SSHD" = true ] ; then
   APT_INCLUDES="${APT_INCLUDES},openssh-server"
@@ -143,14 +148,17 @@ if [ "$ENABLE_HWRANDOM" = true ] ; then
   APT_INCLUDES="${APT_INCLUDES},rng-tools"
 fi
 
-# Add xorg package
-if [ "$ENABLE_XORG" = true ] ; then
-  APT_INCLUDES="${APT_INCLUDES},xorg"
-fi
-
 # Add fluxbox package with eterm
 if [ "$ENABLE_FLUXBOX" = true ] ; then
   APT_INCLUDES="${APT_INCLUDES},fluxbox,eterm"
+
+  # Enable xorg package dependency
+  ENABLE_XORG=true
+fi
+
+# Add xorg package
+if [ "$ENABLE_XORG" = true ] ; then
+  APT_INCLUDES="${APT_INCLUDES},xorg"
 fi
 
 # Set empty proxy string
@@ -293,7 +301,7 @@ if [ "$ENABLE_CONSOLE" = true ] ; then
   CMDLINE="${CMDLINE} console=ttyAMA0,115200 kgdboc=ttyAMA0,115200"
 fi
 
-# Set up ipv6 support (if requested)
+# Set up IPv6 networking support
 if [ "$ENABLE_IPV6" = false ] ; then
   CMDLINE="${CMDLINE} ipv6.disable=1"
 fi
@@ -658,10 +666,15 @@ EOM
   # Reload systemd configuration and enable iptables service
   LANG=C chroot $R systemctl daemon-reload
   LANG=C chroot $R systemctl enable ip6tables.service
-
   fi
 fi
 
+# Remove SSHD related iptables rules
+if [ "$ENABLE_SSHD" = false ] ; then
+ sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
+ sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
+fi
+
 if [ "$ENABLE_UBOOT" = true ] ; then
   # Fetch u-boot github
   git -C $R/tmp clone git://git.denx.de/u-boot.git