diff options
| author |   William Hubbs <williamh@gentoo.org> | 2012-05-21 21:24:16 +0000 |
|---|---|---|
| committer | William Hubbs <williamh@gentoo.org> | 2012-05-21 21:24:16 +0000 |
| commit | dc4590c79750e3a4d3d99dd1a13a73f7a0ace8b2 (patch) | |
| tree | d79a992af581f23c743c485488f2052dad8fb90b /net-firewall | |
| parent | marked x86 per bug 415501 (diff) | |
| download | gentoo-2-dc4590c79750e3a4d3d99dd1a13a73f7a0ace8b2.tar.gz gentoo-2-dc4590c79750e3a4d3d99dd1a13a73f7a0ace8b2.tar.bz2 gentoo-2-dc4590c79750e3a4d3d99dd1a13a73f7a0ace8b2.zip | |
/tmp/msg
(Portage version: 2.2.0_alpha107/cvs/Linux i686)
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/iptables/ChangeLog | 9 | ||||
| -rw-r--r-- | net-firewall/iptables/files/ip6tables-1.4.13.confd | 19 | ||||
| -rw-r--r-- | net-firewall/iptables/files/iptables-1.4.13.confd | 19 | ||||
| -rw-r--r-- | net-firewall/iptables/files/iptables-1.4.13.init | 116 | ||||
| -rw-r--r-- | net-firewall/iptables/iptables-1.4.13-r1.ebuild | 82 |
5 files changed, 244 insertions, 1 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog index 393e9bc3beb9..5c63d489f490 100644 --- a/net-firewall/iptables/ChangeLog +++ b/net-firewall/iptables/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/iptables # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.268 2012/05/15 18:58:12 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.269 2012/05/21 21:24:16 williamh Exp $ + +*iptables-1.4.13-r1 (21 May 2012) + + 21 May 2012; William Hubbs <williamh@gentoo.org> + +files/ip6tables-1.4.13.confd, +files/iptables-1.4.13.confd, + +files/iptables-1.4.13.init, +iptables-1.4.13-r1.ebuild: + /tmp/msg 15 May 2012; Jeroen Roovers <jer@gentoo.org> iptables-1.4.13.ebuild: Stable for HPPA (bug #414329). diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd new file mode 100644 index 000000000000..3bb36989d37e --- /dev/null +++ b/net-firewall/iptables/files/ip6tables-1.4.13.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/ip6tables + +# Location in which iptables initscript will save set rules on +# service shutdown +IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd new file mode 100644 index 000000000000..7225374c3a8a --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.13.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/iptables + +# Location in which iptables initscript will save set rules on +# service shutdown +IPTABLES_SAVE="/var/lib/iptables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/iptables/files/iptables-1.4.13.init b/net-firewall/iptables/files/iptables-1.4.13.init new file mode 100644 index 000000000000..b698140de319 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.13.init @@ -0,0 +1,116 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13.init,v 1.1 2012/05/21 21:24:16 williamh Exp $ + +extra_commands="save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then + iptables_name="iptables" +fi + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + before net +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? + + start +} + +save() { + ebegin "Saving ${iptables_name} state" + touch "${iptables_save}" + chmod 0600 "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/iptables/iptables-1.4.13-r1.ebuild b/net-firewall/iptables/iptables-1.4.13-r1.ebuild new file mode 100644 index 000000000000..96a2a651eded --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.13-r1.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.13-r1.ebuild,v 1.1 2012/05/21 21:24:16 williamh Exp $ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} |