diff options
author | Peter Volkov <pva@gentoo.org> | 2010-05-09 17:16:15 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2010-05-09 17:16:15 +0000 |
commit | fa977b5a71399e58e1dc6263807b36cb9bea7a34 (patch) | |
tree | f811bb57d6aac544b37fde50a03caea9bceb80ea | |
parent | alpha/sparc stable wrt #312843 (diff) | |
download | gentoo-2-fa977b5a71399e58e1dc6263807b36cb9bea7a34.tar.gz gentoo-2-fa977b5a71399e58e1dc6263807b36cb9bea7a34.tar.bz2 gentoo-2-fa977b5a71399e58e1dc6263807b36cb9bea7a34.zip |
Fix ebtables tables detection, bug #314529, thank Veovis for report and suggested fix.
(Portage version: 2.1.8.3/cvs/Linux x86_64)
-rw-r--r-- | net-firewall/ebtables/ChangeLog | 9 | ||||
-rw-r--r-- | net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild | 65 | ||||
-rw-r--r-- | net-firewall/ebtables/files/ebtables.confd-r1 | 11 | ||||
-rw-r--r-- | net-firewall/ebtables/files/ebtables.initd-r1 | 101 |
4 files changed, 185 insertions, 1 deletions
diff --git a/net-firewall/ebtables/ChangeLog b/net-firewall/ebtables/ChangeLog index 14437518a51c..d0b041e6711c 100644 --- a/net-firewall/ebtables/ChangeLog +++ b/net-firewall/ebtables/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/ebtables # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/ChangeLog,v 1.35 2010/03/16 07:49:08 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/ChangeLog,v 1.36 2010/05/09 17:16:15 pva Exp $ + +*ebtables-2.0.9.2-r1 (09 May 2010) + + 09 May 2010; Peter Volkov <pva@gentoo.org> +ebtables-2.0.9.2-r1.ebuild, + +files/ebtables.confd-r1, +files/ebtables.initd-r1: + Fix ebtables tables detection, bug #314529, thank Veovis for report and + suggested fix. *ebtables-2.0.9.2 (16 Mar 2010) diff --git a/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild new file mode 100644 index 000000000000..72fc2ca41598 --- /dev/null +++ b/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild,v 1.1 2010/05/09 17:16:15 pva Exp $ + +EAPI="2" + +inherit versionator eutils toolchain-funcs multilib flag-o-matic + +MY_PV=$(replace_version_separator 3 '-' ) +MY_P=${PN}-v${MY_PV} + +DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting." +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz" + +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="static" +LICENSE="GPL-2" +SLOT="0" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + if use static; then + ewarn "You've chosen static build which is useful for embedded devices." + ewarn "It has no init script. Make sure that's really what you want." + fi +} + +src_prepare() { + # Enhance ebtables-save to take table names as parameters bug #189315 + epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff" + epatch "${FILESDIR}/${PN}-v2.0.9-2-LDFLAGS.diff" + epatch "${FILESDIR}/${PN}-v2.0.8-2-ethertype-DESTDIR-mkdir.patch" + + sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \ + -e "s,^BINDIR:=.*,BINDIR:=/sbin," \ + -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \ + -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \ + -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile +} + +src_compile() { + # This package uses _init functions to initialise extensions. With + # --as-needed this will not work. + append-ldflags $(no-as-needed) + emake \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + $(use static && echo static) \ + || die "emake failed" +} + +src_install() { + if ! use static; then + make DESTDIR="${D}" install || die + keepdir /var/lib/ebtables/ + newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables || die + newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables || die + else + into / + newsbin static ebtables || die + fi + dodoc ChangeLog THANKS || die +} diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1 new file mode 100644 index 000000000000..645b26edae99 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.confd-r1 @@ -0,0 +1,11 @@ +# /etc/conf.d/ebtables + +# Location in which ebtables initscript will save set rules on +# service shutdown +EBTABLES_SAVE="/var/lib/ebtables/rules-save" + +# Options to pass to ebtables-save and ebtables-restore +SAVE_RESTORE_OPTIONS="" + +# Save state on stopping ebtables +SAVE_ON_STOP="yes" diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1 new file mode 100644 index 000000000000..1088ad3f5c49 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.initd-r1 @@ -0,0 +1,101 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd-r1,v 1.1 2010/05/09 17:16:15 pva Exp $ + +opts="save reload panic" + +ebtables_bin="/sbin/ebtables" +ebtables_save=${EBTABLES_SAVE} + +depend() { + before net + use logger +} + +ebtables_tables() { + for table in filter nat broute; do + if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then + echo -n "${table} " + fi + done +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + broute) chains="BROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${ebtables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkconfig() { + if [ ! -f ${ebtables_save} ] ; then + eerror "Not starting ebtables. First create some rules then run:" + eerror "/etc/init.d/ebtables save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ebtables state and starting bridge firewall" + ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + ebegin "Stopping bridge firewall" + local a + for a in $(ebtables_tables); do + set_table_policy $a ACCEPT + + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? +} + +reload() { + ebegin "Flushing bridge firewall" + local a + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? + + start +} + +save() { + ebegin "Saving ebtables state" + touch "${ebtables_save}" + chmod 0600 "${ebtables_save}" + ${ebtables_bin}-save $(ebtables_tables) ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}" + eend $? +} + +panic() { + service_started ebtables && svc_stop + + local a + ebegin "Dropping all packets forwarded on bridges" + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + + set_table_policy $a DROP + done + eend $? +} |