(non maintainer commit) [QA] Move big file to mirrors, bug 248994. Also remove old versions

(Portage version: 2.2_rc23/cvs/Linux x86_64)
author: Jeremy Olexa <darkside@gentoo.org> 2009-01-25 01:11:35 +0000
committer: Jeremy Olexa <darkside@gentoo.org> 2009-01-25 01:11:35 +0000
commit: 0695151a695601f87777c3981c25b7b126422cc0 (patch)
tree: a63ddc1d0d439f9b28258387aa80e0002806c434 /net-firewall/firehol
parent: Stable sys-kernel/hardened-sources-2.6.26-r9 on amd64/x86 (diff)
download: gentoo-2-0695151a695601f87777c3981c25b7b126422cc0.tar.gz
gentoo-2-0695151a695601f87777c3981c25b7b126422cc0.tar.bz2
gentoo-2-0695151a695601f87777c3981c25b7b126422cc0.zip
6 files changed, 13 insertions, 931 deletions
diff --git a/net-firewall/firehol/ChangeLog b/net-firewall/firehol/ChangeLog
index ed838268b6e0..24673f88f652 100644
--- a/net-firewall/firehol/ChangeLog
+++ b/net-firewall/firehol/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-firewall/firehol
-# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.38 2008/10/13 00:54:38 gengor Exp $
+# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/ChangeLog,v 1.39 2009/01/25 01:11:35 darkside Exp $
+
+  25 Jan 2009; Jeremy Olexa <darkside@gentoo.org>
+  -files/firehol-1.226-to-250.patch, -firehol-1.250.ebuild,
+  -firehol-1.250-r1.ebuild, firehol-1.250-r2.ebuild, -firehol-1.256.ebuild:
+  (non maintainer commit) [QA] Move big file to mirrors, bug 248994. Also
+  remove old versions
 
 *firehol-1.273 (13 Oct 2008)
 
diff --git a/net-firewall/firehol/files/firehol-1.226-to-250.patch b/net-firewall/firehol/files/firehol-1.226-to-250.patch
deleted file mode 100644
index e8d42846bd20..000000000000
--- a/net-firewall/firehol/files/firehol-1.226-to-250.patch
+++ /dev/null
@@ -1,695 +0,0 @@
-diff -Nur firehol-1.226/firehol.sh firehol-1.226.new/firehol.sh
---- firehol-1.226/firehol.sh	2006-12-29 23:48:19.000000000 +0100
-+++ firehol-1.226.new/firehol.sh	2006-12-29 23:49:40.000000000 +0100
-@@ -74,13 +74,16 @@
- 	return 0
- }
- 
--# Check for a command during runtime.
--# Currently the following commands are required only when needed:
--#
--# wget or curl (either is fine)
--# gzcat
--#
-+# command on demand support.
- require_cmd() {
-+	local block=1
-+	if [ "a$1" = "a-n" ]
-+	then
-+		local block=0
-+		shift
-+	fi
-+	
-+	# if one is found, return success
- 	for x in $1
- 	do
- 		eval var=`echo ${x} | tr 'a-z' 'A-Z'`_CMD
-@@ -92,21 +95,56 @@
- 		fi
- 	done
- 	
-+	if [ $block -eq 1 ]
-+	then
-+		echo >&2
-+		echo >&2 "ERROR:	THE REQUESTED FEATURE REQUIRES THESE PROGRAMS:"
-+		echo >&2
-+		echo >&2 "	$*"
-+		echo >&2
-+		echo >&2 "	You have requested the use of an optional FireHOL"
-+		echo >&2 "	feature that requires certain external programs"
-+		echo >&2 "	to be installed in the running system."
-+		echo >&2
-+		echo >&2 "	Please consult your Linux distribution manual to"
-+		echo >&2 "	install the package(s) that provide these external"
-+		echo >&2 "	programs and retry."
-+		echo >&2
-+		echo >&2 "	Note that you need an operational 'which' command"
-+		echo >&2 "	for FireHOL to find all the external programs it"
-+		echo >&2 "	needs. Check it yourself. Run:"
-+		echo >&2
-+		for x in $1
-+		do
-+			echo >&2 "	which $x"
-+		done
-+		
-+		exit 1
-+	fi
-+	
- 	return 1
- }
- 
-+# Currently the following commands are required only when needed.
-+# (i.e. Command on Demand)
-+#
-+# wget or curl (either is fine)
-+# gzcat
-+# ip
-+# netstat
-+# egrep
-+# date
-+# hostname
-+
-+# Commands that are mandatory for FireHOL operation:
- which_cmd CAT_CMD cat
- which_cmd CUT_CMD cut
- which_cmd CHOWN_CMD chown
- which_cmd CHMOD_CMD chmod
--which_cmd DATE_CMD date
--which_cmd EGREP_CMD egrep
- which_cmd EXPR_CMD expr
- which_cmd GAWK_CMD gawk
- which_cmd GREP_CMD grep
- which_cmd HEAD_CMD head
--which_cmd HOSTNAME_CMD hostname
--which_cmd IP_CMD ip
- which_cmd IPTABLES_CMD iptables
- which_cmd IPTABLES_SAVE_CMD iptables-save
- which_cmd LESS_CMD less
-@@ -114,7 +152,6 @@
- which_cmd MKDIR_CMD mkdir
- which_cmd MV_CMD mv
- which_cmd MODPROBE_CMD modprobe
--which_cmd NETSTAT_CMD netstat
- which_cmd RENICE_CMD renice
- which_cmd RM_CMD rm
- which_cmd SED_CMD sed
-@@ -170,6 +207,9 @@
- FIREHOL_SAVED="${FIREHOL_DIR}/firehol-save.sh"
- FIREHOL_TMP="${FIREHOL_DIR}/firehol-tmp.sh"
- 
-+FIREHOL_LOCK_DIR="/var/lock/subsys"
-+test ! -d "${FIREHOL_LOCK_DIR}" && FIREHOL_LOCK_DIR="/var/lock"
-+
- FIREHOL_SPOOL_DIR="/var/spool/firehol"
- 
- # The default configuration file
-@@ -209,6 +249,7 @@
- 
- # Run our exit even if we don't call exit.
- trap firehol_exit EXIT
-+trap firehol_exit SIGHUP
- 
- 
- # ------------------------------------------------------------------------------
-@@ -267,8 +308,8 @@
- if [ ! -d "${FIREHOL_SPOOL_DIR}" ]
- then
- 	"${MKDIR_CMD}" "${FIREHOL_SPOOL_DIR}"			|| exit 1
--	"${CHOWN_CMD}" root:root "${FIREHOL_CONFIG_DIR}"	|| exit 1
--	"${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}"		|| exit 1
-+	"${CHOWN_CMD}" root:root "${FIREHOL_SPOOL_DIR}"		|| exit 1
-+	"${CHMOD_CMD}" 700 "${FIREHOL_SPOOL_DIR}"		|| exit 1
- fi
- 
- 
-@@ -280,7 +321,7 @@
- # Optimized (CIDR) by Marc 'HE' Brockschmidt <marc@marcbrockschmidt.de>
- # Further optimized and reduced by http://www.vergenet.net/linux/aggregate/
- # The supplied get-iana.sh uses 'aggregate-flim' if it finds it in the path.
--RESERVED_IPS="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 41.0.0.0/8 42.0.0.0/8 73.0.0.0/8 74.0.0.0/7 76.0.0.0/6 89.0.0.0/8 90.0.0.0/7 92.0.0.0/6 96.0.0.0/3 173.0.0.0/8 174.0.0.0/7 176.0.0.0/5 184.0.0.0/6 189.0.0.0/8 190.0.0.0/8 197.0.0.0/8 223.0.0.0/8 240.0.0.0/4"
-+RESERVED_IPS="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 42.0.0.0/8 92.0.0.0/6 100.0.0.0/6 104.0.0.0/5 112.0.0.0/5 120.0.0.0/8 127.0.0.0/8 173.0.0.0/8 174.0.0.0/7 176.0.0.0/5 184.0.0.0/6 197.0.0.0/8 223.0.0.0/8 240.0.0.0/4 "
- 
- # Private IPv4 address space
- # Suggested by Fco.Felix Belmonte <ffelix@gescosoft.com>
-@@ -306,6 +347,11 @@
- # policy interface subscommand. 
- DEFAULT_INTERFACE_POLICY="DROP"
- 
-+# The default policy for the router commands of the firewall.
-+# This can be controlled on a per interface basis using the
-+# policy interface subscommand. 
-+DEFAULT_ROUTER_POLICY="RETURN"
-+
- # Which is the filter table chains policy during firewall activation?
- FIREHOL_INPUT_ACTIVATION_POLICY="ACCEPT"
- FIREHOL_OUTPUT_ACTIVATION_POLICY="ACCEPT"
-@@ -329,6 +375,10 @@
- FIREHOL_LOG_MODE="LOG"
- FIREHOL_LOG_FREQUENCY="1/second"
- FIREHOL_LOG_BURST="5"
-+FIREHOL_LOG_PREFIX=""
-+
-+# If enabled, FireHOL will silently drop orphan TCP packets with ACK,FIN set.
-+FIREHOL_DROP_ORPHAN_TCP_ACK_FIN=0
- 
- # The client ports to be used for "default" client ports when the
- # client specified is a foreign host.
-@@ -427,7 +477,7 @@
- work_name=
- work_inface=
- work_outface=
--work_policy="${DEFAULT_INTERFACE_POLICY}"
-+work_policy=
- work_error=0
- work_function="Initializing"
- 
-@@ -618,6 +668,9 @@
- server_microsoft_ds_ports="tcp/445"
- client_microsoft_ds_ports="default"
- 
-+server_ms_ds_ports="tcp/445"
-+client_ms_ds_ports="default"
-+
- server_mms_ports="tcp/1755 udp/1755"
- client_mms_ports="default"
- require_mms_modules="ip_conntrack_mms"
-@@ -666,6 +719,9 @@
- server_oracle_ports="tcp/1521"
- client_oracle_ports="default"
- 
-+server_OSPF_ports="89/any"
-+client_OSPF_ports="any"
-+
- server_pop3_ports="tcp/110"
- client_pop3_ports="default"
- 
-@@ -708,7 +764,7 @@
- client_rtp_ports="any"
- 
- server_sip_ports="udp/5060"
--client_sip_ports="default"
-+client_sip_ports="5060 default"
- 
- server_socks_ports="tcp/1080 udp/1080"
- client_socks_ports="default"
-@@ -769,7 +825,7 @@
- server_vmwareauth_ports="tcp/903"
- client_vmwareauth_ports="default"
- 
--server_vmwareweb_ports="tcp/8222"
-+server_vmwareweb_ports="tcp/8222 tcp/8333"
- client_vmwareweb_ports="default"
- 
- server_vnc_ports="tcp/5900:5903"
-@@ -1090,10 +1146,12 @@
- 		local server_rquotad_ports="`${CAT_CMD} "${tmp}" | ${GREP_CMD} " rquotad$"  | ( while read a b proto port s; do echo "$proto/$port"; done ) | ${SORT_CMD} | ${UNIQ_CMD}`"
- 		local server_mountd_ports="`${CAT_CMD} "${tmp}" | ${GREP_CMD} " mountd$"  | ( while read a b proto port s; do echo "$proto/$port"; done ) | ${SORT_CMD} | ${UNIQ_CMD}`"
- 		local server_lockd_ports="`${CAT_CMD} "${tmp}" | ${GREP_CMD} " nlockmgr$" | ( while read a b proto port s; do echo "$proto/$port"; done ) | ${SORT_CMD} | ${UNIQ_CMD}`"
-+		local server_statd_ports="`${CAT_CMD} "${tmp}" | ${GREP_CMD} " status$" | ( while read a b proto port s; do echo "$proto/$port"; done ) | ${SORT_CMD} | ${UNIQ_CMD}`"
- 		local server_nfsd_ports="`${CAT_CMD} "${tmp}" | ${GREP_CMD} " nfs$"       | ( while read a b proto port s; do echo "$proto/$port"; done ) | ${SORT_CMD} | ${UNIQ_CMD}`"
- 		
- 		test -z "${server_mountd_ports}" && error "Cannot find mountd ports for nfs server '${x}'" && return 1
- 		test -z "${server_lockd_ports}"  && error "Cannot find lockd ports for nfs server '${x}'" && return 1
-+		test -z "${server_statd_ports}"  && error "Cannot find statd ports for nfs server '${x}'" && return 1
- 		test -z "${server_nfsd_ports}"   && error "Cannot find nfsd ports for nfs server '${x}'" && return 1
- 		
- 		local dst=
-@@ -1113,6 +1171,9 @@
- 		
- 		set_work_function "Processing lockd rules for server '${x}'"
- 		rules_custom "${mychain}" "${type}" nfs-lockd "${server_lockd_ports}" "500:65535" "${action}" $dst "$@"
-+
-+		set_work_function "Processing statd rules for server '${x}'"
-+		rules_custom "${mychain}" "${type}" nfs-statd "${server_statd_ports}" "500:65535" "${action}" $dst "$@"
- 		
- 		set_work_function "Processing nfsd rules for server '${x}'"
- 		rules_custom "${mychain}" "${type}" nfs-nfsd   "${server_nfsd_ports}"   "500:65535" "${action}" $dst "$@"
-@@ -1798,7 +1859,7 @@
- firehol_wget() {
- 	local url="${1}"
- 	
--	require_cmd wget curl || error "Cannot find 'wget' or 'curl' in the path."
-+	require_cmd wget curl
- 	
- 	if [ ! -z "${WGET_CMD}" ]
- 	then
-@@ -2407,9 +2468,9 @@
- policy() {
-         work_realcmd_secondary ${FUNCNAME} "$@"
- 	
--	require_work set interface || return 1
-+	require_work set any || return 1
- 	
--	set_work_function "Setting interface '${work_inface}' (${work_name}) policy to ${1}"
-+	set_work_function "Setting policy of ${work_name} to ${1}"
- 	work_policy="$*"
- 	
- 	return 0
-@@ -2482,6 +2543,11 @@
- 				return 0
- 				;;
- 			
-+			bad-packets|BAD-PACKETS)
-+				protection ${reverse} "invalid fragments new-tcp-w/o-syn malformed-xmas malformed-null malformed-bad" "${rate}" "${burst}"
-+				return $?
-+				;;
-+			
- 			strong|STRONG|full|FULL|all|ALL)
- 				protection ${reverse} "invalid fragments new-tcp-w/o-syn icmp-floods syn-floods malformed-xmas malformed-null malformed-bad" "${rate}" "${burst}"
- 				return $?
-@@ -2529,6 +2595,16 @@
- 				rule in chain "${mychain}" loglimit "SYN FLOOD" action drop					|| return 1
- 				;;
- 				
-+			all-floods|ALL-FLOODS)
-+				local mychain="${pre}_${work_name}_allflood"
-+				create_chain filter "${mychain}" "${in}_${work_name}" in state NEW		|| return 1
-+				
-+				set_work_function "Generating rules to be protected from ALL floods on '${prface}' for ${work_cmd} '${work_name}'"
-+				
-+				rule in chain "${mychain}" limit "${rate}" "${burst}" action return				|| return 1
-+				rule in chain "${mychain}" loglimit "ALL FLOOD" action drop					|| return 1
-+				;;
-+				
- 			malformed-xmas|MALFORMED-XMAS)
- 				local mychain="${pre}_${work_name}_malxmas"
- 				create_chain filter "${mychain}" "${in}_${work_name}" in proto tcp custom "--tcp-flags ALL ALL"	|| return 1
-@@ -2589,7 +2665,7 @@
- # kernel modules.
- 
- # optionaly require command gzcat
--require_cmd gzcat
-+require_cmd -n gzcat
- 
- KERNEL_CONFIG=
- if [ -f "/proc/config" ]
-@@ -2632,6 +2708,7 @@
- 	echo >&2 " all kernel modules for the services used, without"
- 	echo >&2 " being able to detect failures."
- 	echo >&2 " "
-+	sleep 2
- fi
- 
- # activation-phase command to check for the existance of
-@@ -2824,11 +2901,12 @@
- 	work_name=
- 	work_inface=
- 	work_outface=
--	work_policy="${DEFAULT_INTERFACE_POLICY}"
-+	work_policy=
- 	
- 	return 0
- }
- 
-+
- # ------------------------------------------------------------------------------
- # close_interface
- # WHY:
-@@ -2841,6 +2919,12 @@
- 	
- 	set_work_function "Finilizing interface '${work_name}'"
- 	
-+	# Accept all related traffic to the established connections
-+	rule chain "in_${work_name}" state RELATED action ACCEPT || return 1
-+	rule chain "out_${work_name}" state RELATED action ACCEPT || return 1
-+	
-+	# make sure we have a policy
-+	test -z "${work_policy}" && work_policy="${DEFAULT_INTERFACE_POLICY}"
- 	case "${work_policy}" in
- 		return|RETURN)
- 			return 0
-@@ -2849,15 +2933,18 @@
- 		accept|ACCEPT)
- 			;;
- 		
--		*)
-+		*)	
- 			local -a inlog=(loglimit "'IN-${work_name}'")
- 			local -a outlog=(loglimit "'OUT-${work_name}'")
- 			;;
- 	esac
- 	
--	# Accept all related traffic to the established connections
--	rule chain "in_${work_name}" state RELATED action ACCEPT || return 1
--	rule chain "out_${work_name}" state RELATED action ACCEPT || return 1
-+	if [ "${FIREHOL_DROP_ORPHAN_TCP_ACK_FIN}" = "1" ]
-+	then
-+		# Silently drop orphan TCP/ACK FIN packets
-+		rule chain "in_${work_name}" state NEW proto tcp custom "--tcp-flags ALL ACK,FIN" action DROP || return 1
-+		rule reverse chain "out_${work_name}" state NEW proto tcp custom "--tcp-flags ALL ACK,FIN" action DROP || return 1
-+	fi
- 	
- 	rule chain "in_${work_name}" "${inlog[@]}" action ${work_policy} || return 1
- 	rule reverse chain "out_${work_name}" "${outlog[@]}" action ${work_policy} || return 1
-@@ -2882,6 +2969,32 @@
- 	rule chain "in_${work_name}" state RELATED action ACCEPT || return 1
- 	rule chain "out_${work_name}" state RELATED action ACCEPT || return 1
- 	
-+	# make sure we have a policy
-+	test -z "${work_policy}" && work_policy="${DEFAULT_ROUTER_POLICY}"
-+	case "${work_policy}" in
-+		return|RETURN)
-+			return 0
-+			;;
-+			
-+		accept|ACCEPT)
-+			;;
-+		
-+		*)	
-+			local -a inlog=(loglimit "'PASS-${work_name}'")
-+			local -a outlog=(loglimit "'PASS-${work_name}'")
-+			;;
-+	esac
-+	
-+	if [ "${FIREHOL_DROP_ORPHAN_TCP_ACK_FIN}" = "1" ]
-+	then
-+		# Silently drop orphan TCP/ACK FIN packets
-+		rule chain "in_${work_name}" state NEW proto tcp custom "--tcp-flags ALL ACK,FIN" action DROP || return 1
-+		rule reverse chain "out_${work_name}" state NEW proto tcp custom "--tcp-flags ALL ACK,FIN" action DROP || return 1
-+	fi
-+	
-+	rule chain "in_${work_name}" "${inlog[@]}" action ${work_policy} || return 1
-+	rule reverse chain "out_${work_name}" "${outlog[@]}" action ${work_policy} || return 1
-+	
- 	return 0
- }
- 
-@@ -2900,6 +3013,14 @@
- 	rule chain OUTPUT state RELATED action ACCEPT || return 1
- 	rule chain FORWARD state RELATED action ACCEPT || return 1
- 	
-+	if [ "${FIREHOL_DROP_ORPHAN_TCP_ACK_FIN}" = "1" ]
-+	then
-+		# Silently drop orphan TCP/ACK FIN packets
-+		rule chain INPUT state NEW proto tcp custom "--tcp-flags ALL ACK,FIN" action DROP || return 1
-+		rule chain OUTPUT state NEW proto tcp custom "--tcp-flags ALL ACK,FIN" action DROP || return 1
-+		rule chain FORWARD state NEW proto tcp custom "--tcp-flags ALL ACK,FIN" action DROP || return 1
-+	fi
-+	
- 	rule chain INPUT loglimit "IN-unknown" action ${UNMATCHED_INPUT_POLICY} || return 1
- 	rule chain OUTPUT loglimit "OUT-unknown" action ${UNMATCHED_OUTPUT_POLICY} || return 1
- 	rule chain FORWARD loglimit "PASS-unknown" action ${UNMATCHED_ROUTER_POLICY} || return 1
-@@ -3055,7 +3176,7 @@
- 						# to pass.
- 						if [ "${do_accept_limit}" = "1" ]
- 						then
--							local accept_limit_chain="`echo "ACCEPT ${freq} ${burst} ${overflow}" | tr " /." "___"`"
-+							local accept_limit_chain="`echo "ACCEPT LIMIT ${freq} ${burst} ${overflow}" | tr " /." "___"`"
- 							
- 							# does the chain we need already exist?
- 							if [ ! -f "${FIREHOL_CHAINS_DIR}/${accept_limit_chain}" ]
-@@ -3075,9 +3196,9 @@
- 								local -a logopts_arg=()
- 								if [ "${FIREHOL_LOG_MODE}" = "ULOG" ]
- 								then
--									local -a logopts_arg=("--ulog-prefix='OVERFLOW:'")
-+									local -a logopts_arg=("--ulog-prefix='${FIREHOL_LOG_PREFIX}LIMIT_OVERFLOW:'")
- 								else
--									local -a logopts_arg=("--log-level" "${FIREHOL_LOG_LEVEL}" "--log-prefix='OVERFLOW:'")
-+									local -a logopts_arg=("--log-level" "${FIREHOL_LOG_LEVEL}" "--log-prefix='${FIREHOL_LOG_PREFIX}LIMIT_OVERFLOW:'")
- 								fi
- 								iptables ${table} -A "${accept_limit_chain}" -m limit --limit "${FIREHOL_LOG_FREQUENCY}" --limit-burst "${FIREHOL_LOG_BURST}" -j ${FIREHOL_LOG_MODE} ${FIREHOL_LOG_OPTIONS} "${logopts_arg[@]}"
- 								
-@@ -3096,6 +3217,62 @@
- 						fi
- 						;;
- 						
-+					"recent")
-+						# limit NEW connections to the specified rate
-+						local name="${action_param[1]}"
-+						local seconds="${action_param[2]}"
-+						local hits="${action_param[3]}"
-+						
-+						# unset the action_param, so that if this rule does not include NEW connections,
-+						# we will not append anything to the generated iptables statements.
-+						local -a action_param=()
-+						
-+						# find is this rule matches NEW connections
-+						local has_new=`echo "${state}" | grep -i NEW`
-+						local do_accept_recent=0
-+						if [ -z "${statenot}" ]
-+						then
-+							test ! -z "${has_new}" && local do_accept_recent=1
-+						else
-+							test -z "${has_new}" && local do_accept_recent=1
-+						fi
-+						
-+						# we have a match for NEW connections.
-+						# redirect the traffic to a new chain, which will control
-+						# the NEW connections while allowing all the other traffic
-+						# to pass.
-+						if [ "${do_accept_recent}" = "1" ]
-+						then
-+							local accept_recent_chain="`echo "ACCEPT RECENT $name $seconds $hits" | tr " /." "___"`"
-+							
-+							# does the chain we need already exist?
-+							if [ ! -f "${FIREHOL_CHAINS_DIR}/${accept_recent_chain}" ]
-+							then
-+								# the chain does not exist. create it.
-+								iptables ${table} -N "${accept_recent_chain}"
-+								touch "${FIREHOL_CHAINS_DIR}/${accept_recent_chain}"
-+								
-+								# first, if the traffic is not a NEW connection, allow it.
-+								# doing this first will speed up normal traffic.
-+								iptables ${table} -A "${accept_recent_chain}" -m state ! --state NEW -j ACCEPT
-+								
-+								# accept NEW connections within the given limits.
-+								iptables ${table} -A "${accept_recent_chain}" -m recent --set --name "${name}"
-+								
-+								local t1=
-+								test ! -z $seconds && local t1="--seconds ${seconds}"
-+								local t2=
-+								test ! -z $hits && local t2="--hitcount ${hits}"
-+								
-+								iptables ${table} -A "${accept_recent_chain}" -m recent --update ${t1} ${t2} --name "${name}" -j RETURN
-+								iptables ${table} -A "${accept_recent_chain}" -j ACCEPT
-+							fi
-+							
-+							# send the rule to be generated to this chain
-+							local action=${accept_recent_chain}
-+						fi
-+						;;
-+						
- 					'knock')
- 						# the name of the knock
- 						local name="knock_${action_param[1]}"
-@@ -3175,6 +3352,12 @@
- 	local dst=any
- 	local dstnot=
- 	
-+	local srctype=
-+	local srctypenot=
-+	
-+	local dsttype=
-+	local dsttypenot=
-+	
- 	local sport=any
- 	local sportnot=
- 	
-@@ -3397,7 +3580,7 @@
- 				if [ "${1}" = "not" -o "${1}" = "NOT" ]
- 				then
- 					shift
--					macnot="!"
-+					test ${nomac} -eq 0 && macnot="!"
- 				fi
- 				test ${softwarnings} -eq 1 -a ! "${mac}" = "any" && softwarning "Overwritting param: mac '${mac}' becomes '${1}'"
- 				test ${nomac} -eq 0 && mac="${1}"
-@@ -3454,6 +3637,56 @@
- 				shift
- 				;;
- 				
-+			srctype|SRCTYPE|sourcetype|SOURCETYPE)
-+				shift
-+				if [ ${reverse} -eq 0 ]
-+				then
-+					srctypenot=
-+					if [ "${1}" = "not" -o "${1}" = "NOT" ]
-+					then
-+						shift
-+						srctypenot="!"
-+					fi
-+					test ${softwarnings} -eq 1 -a ! "${srctype}" = "" && softwarning "Overwritting param: srctype '${srctype}' becomes '${1}'"
-+					srctype="`echo ${1} | sed "s|^ \+||" | sed "s| \+\$||" | sed "s| \+|,|g" | tr a-z A-Z`"
-+				else
-+					dsttypenot=
-+					if [ "${1}" = "not" -o "${1}" = "NOT" ]
-+					then
-+						shift
-+						dsttypenot="!"
-+					fi
-+					test ${softwarnings} -eq 1 -a ! "${dsttype}" = "" && softwarning "Overwritting param: dsttype '${dsttype}' becomes '${1}'"
-+					dsttype="`echo ${1} | sed "s|^ \+||" | sed "s| \+\$||" | sed "s| \+|,|g" | tr a-z A-Z`"
-+				fi
-+				shift
-+				;;
-+				
-+			dsttype|DSTTYPE|destinationtype|DESTINATIONTYPE)
-+				shift
-+				if [ ${reverse} -eq 0 ]
-+				then
-+					dsttypenot=
-+					if [ "${1}" = "not" -o "${1}" = "NOT" ]
-+					then
-+						shift
-+						dsttypenot="!"
-+					fi
-+					test ${softwarnings} -eq 1 -a ! "${dsttype}" = "" && softwarning "Overwritting param: dsttype '${dsttype}' becomes '${1}'"
-+					dsttype="`echo ${1} | sed "s|^ \+||" | sed "s| \+\$||" | sed "s| \+|,|g" | tr a-z A-Z`"
-+				else
-+					srctypenot=
-+					if [ "${1}" = "not" -o "${1}" = "NOT" ]
-+					then
-+						shift
-+						srctypenot="!"
-+					fi
-+					test ${softwarnings} -eq 1 -a ! "${srctype}" = "" && softwarning "Overwritting param: srctype '${srctype}' becomes '${1}'"
-+					srctype="`echo ${1} | sed "s|^ \+||" | sed "s| \+\$||" | sed "s| \+|,|g" | tr a-z A-Z`"
-+				fi
-+				shift
-+				;;
-+				
- 			sport|SPORT|sourceport|SOURCEPORT)
- 				shift
- 				if [ ${reverse} -eq 0 ]
-@@ -3591,6 +3824,11 @@
- 									fi
- 									;;
- 								
-+								recent|RECENT)
-+									local -a action_param=("recent" "${2}" "${3}" "${4}")
-+									shift 4
-+									;;
-+								
- 								knock|KNOCK)
- 									local -a action_param=("knock" "${2}")
- 									shift 2
-@@ -3750,6 +3988,10 @@
- 						fi
- 						;;
- 						
-+					tarpit|TARPIT)
-+						action="TARPIT"
-+						;;
-+						
- 					*)
- 						chain_exists "${action}"
- 						local action_is_chain=$?
-@@ -3991,7 +4233,7 @@
- 	#         this temporary chain.
- 	
- 	
--	# ignore 'statenot' since it is negated in the positive rules
-+	# ignore 'statenot', 'srctypenot', 'dsttypenot' since it is negated in the positive rules
- 	if [ ! -z "${infacenot}${outfacenot}${physinnot}${physoutnot}${macnot}${srcnot}${dstnot}${sportnot}${dportnot}${protonot}${uidnot}${gidnot}${pidnot}${sidnot}${cmdnot}${marknot}${tosnot}${dscpnot}" ]
- 	then
- 		if [ ${action_is_chain} -eq 1 ]
-@@ -4540,6 +4782,25 @@
- 				;;
- 		esac
- 	
-+	# addrtype (srctype, dsttype)
-+	local -a addrtype_arg=()
-+	local -a stp_arg=()
-+	local -a dtp_arg=()
-+	if [ ! -z "${srctype}${dsttype}" ]
-+	then
-+		local -a addrtype_arg=("-m" "addrtype")
-+		
-+		if [ ! -z "${srctype}" ]
-+		then
-+			local -a stp_arg=("${srctypenot}" "--src-type" "${srctype}")
-+		fi
-+		
-+		if [ ! -z "${dsttype}" ]
-+		then
-+			local -a dtp_arg=("${dsttypenot}" "--dst-type" "${dsttype}")
-+		fi
-+	fi
-+	
- 	# state
- 	local -a state_arg=()
- 	if [ ! -z "${state}" ]
-@@ -4562,15 +4823,15 @@
- 	fi
- 	
- 	# build the command
--	declare -a basecmd=("${inf_arg[@]}" "${outf_arg[@]}" "${physdev_arg[@]}" "${inph_arg[@]}" "${outph_arg[@]}" "${limit_arg[@]}" "${iplimit_arg[@]}" "${proto_arg[@]}" "${s_arg[@]}" "${sp_arg[@]}" "${d_arg[@]}" "${dp_arg[@]}" "${owner_arg[@]}" "${uid_arg[@]}" "${gid_arg[@]}" "${pid_arg[@]}" "${sid_arg[@]}" "${cmd_arg[@]}" "${state_arg[@]}" "${mc_arg[@]}" "${mark_arg[@]}" "${tos_arg[@]}" "${dscp_arg[@]}")
-+	declare -a basecmd=("${inf_arg[@]}" "${outf_arg[@]}" "${physdev_arg[@]}" "${inph_arg[@]}" "${outph_arg[@]}" "${limit_arg[@]}" "${iplimit_arg[@]}" "${proto_arg[@]}" "${s_arg[@]}" "${sp_arg[@]}" "${d_arg[@]}" "${dp_arg[@]}" "${owner_arg[@]}" "${uid_arg[@]}" "${gid_arg[@]}" "${pid_arg[@]}" "${sid_arg[@]}" "${cmd_arg[@]}" "${addrtype_arg[@]}" "${stp_arg[@]}" "${dtp_arg[@]}" "${state_arg[@]}" "${mc_arg[@]}" "${mark_arg[@]}" "${tos_arg[@]}" "${dscp_arg[@]}")
- 	
- 	# log mode selection
- 	local -a logopts_arg=()
- 	if [ "${FIREHOL_LOG_MODE}" = "ULOG" ]
- 	then
--		local -a logopts_arg=("--ulog-prefix='${logtxt}:'")
-+		local -a logopts_arg=("--ulog-prefix='${FIREHOL_LOG_PREFIX}${logtxt}:'")
- 	else
--		local -a logopts_arg=("--log-level" "${loglevel}" "--log-prefix='${logtxt}:'")
-+		local -a logopts_arg=("--log-level" "${loglevel}" "--log-prefix='${FIREHOL_LOG_PREFIX}${logtxt}:'")
- 	fi
- 	
- 	# log / loglimit
-@@ -5005,8 +5266,8 @@
- 	stop)
- 		test ! -z "${1}" && softwarning "Arguments after parameter '${arg}' are ignored."
- 		
--		test -f /var/lock/subsys/firehol && ${RM_CMD} -f /var/lock/subsys/firehol
--		test -f /var/lock/subsys/iptables && ${RM_CMD} -f /var/lock/subsys/iptables
-+		test -f "${FIREHOL_LOCK_DIR}/firehol" && ${RM_CMD} -f "${FIREHOL_LOCK_DIR}/firehol"
-+		test -f "${FIREHOL_LOCK_DIR}/iptables" && ${RM_CMD} -f "${FIREHOL_LOCK_DIR}/iptables"
- 		
- 		echo -n $"FireHOL: Clearing Firewall:"
- 		load_kernel_module ip_tables
-@@ -5038,7 +5299,7 @@
- 	condrestart)
- 		test ! -z "${1}" && softwarning "Arguments after parameter '${arg}' are ignored."
- 		FIREHOL_TRY=0
--		if [ -f /var/lock/subsys/firehol ]
-+		if [ -f "${FIREHOL_LOCK_DIR}/firehol" ]
- 		then
- 			exit 0
- 		fi
-@@ -5459,6 +5720,13 @@
- 
- if [ ${FIREHOL_WIZARD} -eq 1 ]
- then
-+	# require commands for wizard mode
-+	require_cmd ip
-+	require_cmd netstat
-+	require_cmd egrep
-+	require_cmd date
-+	require_cmd hostname
-+	
- 	wizard_ask() {
- 		local prompt="${1}"; shift
- 		local def="${1}"; shift
-@@ -5603,7 +5871,12 @@
- 		local i4=${4}
- 		local i5=${5:-32}
- 		
--		echo ${i1}.${i2}.${i3}.${i4}/${i5}
-+		if [ "${i5}" = "32" ]
-+		then
-+			echo ${i1}.${i2}.${i3}.${i4}
-+		else
-+			echo ${i1}.${i2}.${i3}.${i4}/${i5}
-+		fi
- 	}
- 	
- 	ips2net() {
-@@ -6354,11 +6627,11 @@
- # Remove the saved firewall, so that the trap will not restore it.
- ${RM_CMD} -f "${FIREHOL_SAVED}"
- 
--# RedHat startup service locking.
--if [ -d /var/lock/subsys ]
-+# Startup service locking.
-+if [ -d "${FIREHOL_LOCK_DIR}" ]
- then
--	${TOUCH_CMD} /var/lock/subsys/iptables
--	${TOUCH_CMD} /var/lock/subsys/firehol
-+	${TOUCH_CMD} "${FIREHOL_LOCK_DIR}/iptables"
-+	${TOUCH_CMD} "${FIREHOL_LOCK_DIR}/firehol"
- fi
- 
- 
diff --git a/net-firewall/firehol/firehol-1.250-r1.ebuild b/net-firewall/firehol/firehol-1.250-r1.ebuild
deleted file mode 100644
index 30b460dee5e2..000000000000
--- a/net-firewall/firehol/firehol-1.250-r1.ebuild
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.250-r1.ebuild,v 1.5 2007/11/06 10:22:03 centic Exp $
-
-inherit eutils
-
-DESCRIPTION="iptables firewall generator"
-HOMEPAGE="http://firehol.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${PN}-1.226.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE=""
-KEYWORDS="~amd64 ~ppc ~sparc x86"
-
-DEPEND="sys-apps/iproute2"
-RDEPEND="net-firewall/iptables
-	sys-apps/iproute2
-	virtual/modutils
-	|| (
-		net-misc/wget
-		net-misc/curl
-	)"
-
-S="${WORKDIR}/${PN}-1.226"
-
-pkg_setup() {
-	# Bug 81600 fail if iproute2 is built with minimal
-	if built_with_use sys-apps/iproute2 minimal; then
-		eerror "Firehol requires iproute2 to be emerged without"
-		eerror "the USE-Flag \"minimal\"."
-		eerror "Re-emerge iproute2 with"
-		eerror "USE=\"-minimal\" emerge sys-apps/iproute2"
-		die "sys-apps/iproute2 without USE=\"minimal\" needed"
-	fi
-}
-
-# patch for embedded Gentoo - GNAP
-# backport from firehol-CVS.
-src_unpack() {
-	unpack ${A}
-	cd "${S}" || die
-	epatch "${FILESDIR}/firehol-1.226-to-228.patch" || die
-	epatch "${FILESDIR}/firehol-1.226-to-250.patch" || die
-	epatch "${FILESDIR}/${P}-groupwith.patch" || die
-	epatch "${FILESDIR}/${P}-printf.patch" || die
-}
-
-src_install() {
-	newsbin firehol.sh firehol
-
-	dodir /etc/firehol /etc/firehol/examples /etc/firehol/services
-	insinto /etc/firehol/examples
-	doins examples/* || die
-
-	newconfd "${FILESDIR}/firehol.conf.d" firehol || die
-
-	dodoc ChangeLog README TODO WhatIsNew || die
-	dohtml doc/*.html doc/*.css  || die
-
-	docinto scripts
-	dodoc get-iana.sh adblock.sh || die
-
-	doman man/*.1 man/*.5 || die
-
-	newinitd "${FILESDIR}/firehol.initrd" firehol || die
-}
-
-pkg_postinst() {
-	elog "The default path to firehol's configuration file is /etc/firehol/firehol.conf"
-	elog "See /etc/firehol/examples for configuration examples."
-	#
-	# Install a default configuration if none is available yet
-	if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then
-		einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf"
-		cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf"
-	fi
-}
diff --git a/net-firewall/firehol/firehol-1.250-r2.ebuild b/net-firewall/firehol/firehol-1.250-r2.ebuild
index 132815f6b77f..eea126cf1040 100644
--- a/net-firewall/firehol/firehol-1.250-r2.ebuild
+++ b/net-firewall/firehol/firehol-1.250-r2.ebuild
@@ -1,12 +1,13 @@
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.250-r2.ebuild,v 1.5 2007/11/06 10:22:03 centic Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.250-r2.ebuild,v 1.6 2009/01/25 01:11:35 darkside Exp $
 
 inherit eutils
 
 DESCRIPTION="iptables firewall generator"
 HOMEPAGE="http://firehol.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${PN}-1.226.tar.bz2"
+SRC_URI="mirror://sourceforge/${PN}/${PN}-1.226.tar.bz2
+	mirror://gentoo/${PN}-1.226-to-250.patch.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
@@ -41,7 +42,7 @@ src_unpack() {
 	unpack ${A}
 	cd "${S}" || die
 	epatch "${FILESDIR}/firehol-1.226-to-228.patch" || die
-	epatch "${FILESDIR}/firehol-1.226-to-250.patch" || die
+	epatch "${WORKDIR}/firehol-1.226-to-250.patch" || die
 	# invalid, see Bug 176862 epatch ${FILESDIR}/${P}-groupwith.patch || die
 	epatch "${FILESDIR}/${P}-printf.patch" || die
 }
diff --git a/net-firewall/firehol/firehol-1.250.ebuild b/net-firewall/firehol/firehol-1.250.ebuild
deleted file mode 100644
index 0535bbfc28d6..000000000000
--- a/net-firewall/firehol/firehol-1.250.ebuild
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.250.ebuild,v 1.7 2007/11/06 10:22:03 centic Exp $
-
-inherit eutils
-
-DESCRIPTION="iptables firewall generator"
-HOMEPAGE="http://firehol.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${PN}-1.226.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE=""
-KEYWORDS="~amd64 ~ppc ~sparc x86"
-
-DEPEND="sys-apps/iproute2"
-RDEPEND="net-firewall/iptables
-	sys-apps/iproute2
-	virtual/modutils
-	|| (
-		net-misc/wget
-		net-misc/curl
-	)"
-
-S="${WORKDIR}/${PN}-1.226"
-
-pkg_setup() {
-	# Bug 81600 fail if iproute2 is built with minimal
-	if built_with_use sys-apps/iproute2 minimal; then
-		eerror "Firehol requires iproute2 to be emerged without"
-		eerror "the USE-Flag \"minimal\"."
-		eerror "Re-emerge iproute2 with"
-		eerror "USE=\"-minimal\" emerge sys-apps/iproute2"
-		die "sys-apps/iproute2 without USE=\"minimal\" needed"
-	fi
-}
-
-# patch for embedded Gentoo - GNAP
-# backport from firehol-CVS.
-src_unpack() {
-	unpack ${A}
-	cd "${S}" || die
-	epatch "${FILESDIR}/firehol-1.226-to-228.patch" || die
-	epatch "${FILESDIR}/firehol-1.226-to-250.patch" || die
-	epatch "${FILESDIR}/${P}-printf.patch" || die
-}
-
-src_install() {
-	newsbin firehol.sh firehol
-
-	dodir /etc/firehol /etc/firehol/examples /etc/firehol/services
-	insinto /etc/firehol/examples
-	doins examples/* || die
-
-	newconfd "${FILESDIR}/firehol.conf.d" firehol || die
-
-	dodoc ChangeLog README TODO WhatIsNew || die
-	dohtml doc/*.html doc/*.css  || die
-
-	docinto scripts
-	dodoc get-iana.sh adblock.sh || die
-
-	doman man/*.1 man/*.5 || die
-
-	newinitd "${FILESDIR}/firehol.initrd" firehol || die
-}
-
-pkg_postinst() {
-	elog "The default path to firehol's configuration file is /etc/firehol/firehol.conf"
-	elog "See /etc/firehol/examples for configuration examples."
-	#
-	# Install a default configuration if none is available yet
-	if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then
-		einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf"
-		cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf"
-	fi
-}
diff --git a/net-firewall/firehol/firehol-1.256.ebuild b/net-firewall/firehol/firehol-1.256.ebuild
deleted file mode 100644
index cb36fca66f06..000000000000
--- a/net-firewall/firehol/firehol-1.256.ebuild
+++ /dev/null
@@ -1,75 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/firehol/firehol-1.256.ebuild,v 1.4 2007/11/06 10:22:03 centic Exp $
-
-inherit eutils
-
-DESCRIPTION="iptables firewall generator"
-HOMEPAGE="http://firehol.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE=""
-KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-
-DEPEND="sys-apps/iproute2"
-RDEPEND="net-firewall/iptables
-	sys-apps/iproute2
-	virtual/modutils
-	|| (
-		net-misc/wget
-		net-misc/curl
-	)"
-
-#S="${WORKDIR}/${PN}-1.226"
-
-pkg_setup() {
-	# Bug 81600 fail if iproute2 is built with minimal
-	if built_with_use sys-apps/iproute2 minimal; then
-		eerror "Firehol requires iproute2 to be emerged without"
-		eerror "the USE-Flag \"minimal\"."
-		eerror "Re-emerge iproute2 with"
-		eerror "USE=\"-minimal\" emerge sys-apps/iproute2"
-		die "sys-apps/iproute2 without USE=\"minimal\" needed"
-	fi
-}
-
-# patch for embedded Gentoo - GNAP
-# backport from firehol-CVS.
-src_unpack() {
-	unpack ${A}
-	cd "${S}" || die
-	epatch "${FILESDIR}/${P}-printf.patch" || die
-}
-
-src_install() {
-	newsbin firehol.sh firehol
-
-	dodir /etc/firehol /etc/firehol/examples /etc/firehol/services
-	insinto /etc/firehol/examples
-	doins examples/* || die
-
-	newconfd "${FILESDIR}/firehol.conf.d" firehol || die
-
-	dodoc ChangeLog README TODO WhatIsNew || die
-	dohtml doc/*.html doc/*.css  || die
-
-	docinto scripts
-	dodoc get-iana.sh adblock.sh || die
-
-	doman man/*.1 man/*.5 || die
-
-	newinitd "${FILESDIR}/firehol.initrd" firehol || die
-}
-
-pkg_postinst() {
-	elog "The default path to firehol's configuration file is /etc/firehol/firehol.conf"
-	elog "See /etc/firehol/examples for configuration examples."
-	#
-	# Install a default configuration if none is available yet
-	if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then
-		einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf"
-		cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf"
-	fi
-}
author	Jeremy Olexa <darkside@gentoo.org>	2009-01-25 01:11:35 +0000
committer	Jeremy Olexa <darkside@gentoo.org>	2009-01-25 01:11:35 +0000
commit	0695151a695601f87777c3981c25b7b126422cc0 (patch)
tree	a63ddc1d0d439f9b28258387aa80e0002806c434 /net-firewall/firehol
parent	Stable sys-kernel/hardened-sources-2.6.26-r9 on amd64/x86 (diff)
download	gentoo-2-0695151a695601f87777c3981c25b7b126422cc0.tar.gz gentoo-2-0695151a695601f87777c3981c25b7b126422cc0.tar.bz2 gentoo-2-0695151a695601f87777c3981c25b7b126422cc0.zip