summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2010-05-09 17:16:15 +0000
committerPeter Volkov <pva@gentoo.org>2010-05-09 17:16:15 +0000
commitfa977b5a71399e58e1dc6263807b36cb9bea7a34 (patch)
treef811bb57d6aac544b37fde50a03caea9bceb80ea
parentalpha/sparc stable wrt #312843 (diff)
downloadgentoo-2-fa977b5a71399e58e1dc6263807b36cb9bea7a34.tar.gz
gentoo-2-fa977b5a71399e58e1dc6263807b36cb9bea7a34.tar.bz2
gentoo-2-fa977b5a71399e58e1dc6263807b36cb9bea7a34.zip
Fix ebtables tables detection, bug #314529, thank Veovis for report and suggested fix.
(Portage version: 2.1.8.3/cvs/Linux x86_64)
-rw-r--r--net-firewall/ebtables/ChangeLog9
-rw-r--r--net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild65
-rw-r--r--net-firewall/ebtables/files/ebtables.confd-r111
-rw-r--r--net-firewall/ebtables/files/ebtables.initd-r1101
4 files changed, 185 insertions, 1 deletions
diff --git a/net-firewall/ebtables/ChangeLog b/net-firewall/ebtables/ChangeLog
index 14437518a51c..d0b041e6711c 100644
--- a/net-firewall/ebtables/ChangeLog
+++ b/net-firewall/ebtables/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-firewall/ebtables
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/ChangeLog,v 1.35 2010/03/16 07:49:08 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/ChangeLog,v 1.36 2010/05/09 17:16:15 pva Exp $
+
+*ebtables-2.0.9.2-r1 (09 May 2010)
+
+ 09 May 2010; Peter Volkov <pva@gentoo.org> +ebtables-2.0.9.2-r1.ebuild,
+ +files/ebtables.confd-r1, +files/ebtables.initd-r1:
+ Fix ebtables tables detection, bug #314529, thank Veovis for report and
+ suggested fix.
*ebtables-2.0.9.2 (16 Mar 2010)
diff --git a/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild
new file mode 100644
index 000000000000..72fc2ca41598
--- /dev/null
+++ b/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/ebtables-2.0.9.2-r1.ebuild,v 1.1 2010/05/09 17:16:15 pva Exp $
+
+EAPI="2"
+
+inherit versionator eutils toolchain-funcs multilib flag-o-matic
+
+MY_PV=$(replace_version_separator 3 '-' )
+MY_P=${PN}-v${MY_PV}
+
+DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting."
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
+
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="static"
+LICENSE="GPL-2"
+SLOT="0"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+ if use static; then
+ ewarn "You've chosen static build which is useful for embedded devices."
+ ewarn "It has no init script. Make sure that's really what you want."
+ fi
+}
+
+src_prepare() {
+ # Enhance ebtables-save to take table names as parameters bug #189315
+ epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff"
+ epatch "${FILESDIR}/${PN}-v2.0.9-2-LDFLAGS.diff"
+ epatch "${FILESDIR}/${PN}-v2.0.8-2-ethertype-DESTDIR-mkdir.patch"
+
+ sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \
+ -e "s,^BINDIR:=.*,BINDIR:=/sbin," \
+ -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \
+ -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \
+ -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile
+}
+
+src_compile() {
+ # This package uses _init functions to initialise extensions. With
+ # --as-needed this will not work.
+ append-ldflags $(no-as-needed)
+ emake \
+ CC="$(tc-getCC)" \
+ CFLAGS="${CFLAGS}" \
+ $(use static && echo static) \
+ || die "emake failed"
+}
+
+src_install() {
+ if ! use static; then
+ make DESTDIR="${D}" install || die
+ keepdir /var/lib/ebtables/
+ newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables || die
+ newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables || die
+ else
+ into /
+ newsbin static ebtables || die
+ fi
+ dodoc ChangeLog THANKS || die
+}
diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1
new file mode 100644
index 000000000000..645b26edae99
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables.confd-r1
@@ -0,0 +1,11 @@
+# /etc/conf.d/ebtables
+
+# Location in which ebtables initscript will save set rules on
+# service shutdown
+EBTABLES_SAVE="/var/lib/ebtables/rules-save"
+
+# Options to pass to ebtables-save and ebtables-restore
+SAVE_RESTORE_OPTIONS=""
+
+# Save state on stopping ebtables
+SAVE_ON_STOP="yes"
diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1
new file mode 100644
index 000000000000..1088ad3f5c49
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables.initd-r1
@@ -0,0 +1,101 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd-r1,v 1.1 2010/05/09 17:16:15 pva Exp $
+
+opts="save reload panic"
+
+ebtables_bin="/sbin/ebtables"
+ebtables_save=${EBTABLES_SAVE}
+
+depend() {
+ before net
+ use logger
+}
+
+ebtables_tables() {
+ for table in filter nat broute; do
+ if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then
+ echo -n "${table} "
+ fi
+ done
+}
+
+set_table_policy() {
+ local chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ broute) chains="BROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+ local chain
+ for chain in ${chains} ; do
+ ${ebtables_bin} -t ${table} -P ${chain} ${policy}
+ done
+}
+
+checkconfig() {
+ if [ ! -f ${ebtables_save} ] ; then
+ eerror "Not starting ebtables. First create some rules then run:"
+ eerror "/etc/init.d/ebtables save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ebtables state and starting bridge firewall"
+ ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+ ebegin "Stopping bridge firewall"
+ local a
+ for a in $(ebtables_tables); do
+ set_table_policy $a ACCEPT
+
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing bridge firewall"
+ local a
+ for a in $(ebtables_tables); do
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+ done
+ eend $?
+
+ start
+}
+
+save() {
+ ebegin "Saving ebtables state"
+ touch "${ebtables_save}"
+ chmod 0600 "${ebtables_save}"
+ ${ebtables_bin}-save $(ebtables_tables) ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}"
+ eend $?
+}
+
+panic() {
+ service_started ebtables && svc_stop
+
+ local a
+ ebegin "Dropping all packets forwarded on bridges"
+ for a in $(ebtables_tables); do
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+
+ set_table_policy $a DROP
+ done
+ eend $?
+}