diff options
author | Daniel Ahlberg <aliz@gentoo.org> | 2003-05-04 18:19:03 +0000 |
---|---|---|
committer | Daniel Ahlberg <aliz@gentoo.org> | 2003-05-04 18:19:03 +0000 |
commit | 7e1263321eaecd364126cf964c87da5d8eea11b9 (patch) | |
tree | 428a03a0106a1e2d6f87d2147fc5d5af7769a107 /net-firewall/iptables | |
parent | Updated ebuild to respect tcltk USE flag (diff) | |
download | gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.tar.gz gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.tar.bz2 gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.zip |
Lots of small fixes
Diffstat (limited to 'net-firewall/iptables')
-rw-r--r-- | net-firewall/iptables/ChangeLog | 16 | ||||
-rw-r--r-- | net-firewall/iptables/files/digest-iptables-1.2.8-r1 | 1 | ||||
-rw-r--r-- | net-firewall/iptables/files/ip6tables.confd | 11 | ||||
-rw-r--r-- | net-firewall/iptables/files/ip6tables.init | 71 | ||||
-rw-r--r-- | net-firewall/iptables/files/iptables.confd | 1 | ||||
-rw-r--r-- | net-firewall/iptables/files/iptables.init | 41 | ||||
-rw-r--r-- | net-firewall/iptables/iptables-1.2.8-r1.ebuild | 90 |
7 files changed, 204 insertions, 27 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog index 6b3d252edc7c..f34ec090bcab 100644 --- a/net-firewall/iptables/ChangeLog +++ b/net-firewall/iptables/ChangeLog @@ -1,6 +1,20 @@ # ChangeLog for net-firewall/iptables # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.9 2003/05/02 09:45:56 aliz Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.10 2003/05/04 18:19:03 aliz Exp $ + +*iptables-1.2.8-r1 (04 May 2003) + + 04 May May 2003; Daniel Ahlberg <aliz@gentoo.org> iptables-1.2.8-r1.ebuild, files/iptables.init + files/iptables.confd, files/ip6tables.init + files/ip6tables.confd : + Fixed ipv6 support. Closes #17155. + + 04 May 2003; Daniel Ahlberg <aliz@gentoo.org> files/1.2.8-files/03_hppa_gentoo.patch.bz2 : + doh! uncompressed patch. + + 04 May 2003; Daniel Ahlberg <aliz@gentoo.org> files/iptables.init : + Removed auto saving of rules when stopping iptables. Closing #15333 + and #13673. 02 May 2003; Daniel Ahlberg <aliz@gentoo.org> iptables-1.2.8.ebuild : Force -O2 if no -O flag is set. Remove 03_all_no_optimize_fix.patch.bz2. diff --git a/net-firewall/iptables/files/digest-iptables-1.2.8-r1 b/net-firewall/iptables/files/digest-iptables-1.2.8-r1 new file mode 100644 index 000000000000..3f611d49e423 --- /dev/null +++ b/net-firewall/iptables/files/digest-iptables-1.2.8-r1 @@ -0,0 +1 @@ +MD5 cf62ebdabf05ccc5479334cc04fa993c iptables-1.2.8.tar.bz2 125446 diff --git a/net-firewall/iptables/files/ip6tables.confd b/net-firewall/iptables/files/ip6tables.confd new file mode 100644 index 000000000000..8bc53f4afcff --- /dev/null +++ b/net-firewall/iptables/files/ip6tables.confd @@ -0,0 +1,11 @@ + +# Location in which iptables initscript will save set rules on +# service shutdown +IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" + +# Change to "yes" to enable forwarding support in the kernel. Please +# note that this will override any setting placed in /etc/sysctl.conf. +ENABLE_FORWARDING_IPv6="no" + +#Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" diff --git a/net-firewall/iptables/files/ip6tables.init b/net-firewall/iptables/files/ip6tables.init new file mode 100644 index 000000000000..406de57b1434 --- /dev/null +++ b/net-firewall/iptables/files/ip6tables.init @@ -0,0 +1,71 @@ +#!/sbin/runscript +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or +# later +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/ip6tables.init,v 1.1 2003/05/04 18:19:03 aliz Exp $ + +opts="start stop save" + +depend() { + need logger net +} + +checkrules() { + if [ ! -f ${IP6TABLES_SAVE} ] + then + eerror "Not starting ip6tables. First create some rules then run" + eerror "/etc/init.d/ip6tables save" + return 1 + fi +} + +start() { + checkrules || return 1 + ebegin "Loading ip6tables state and starting firewall" + einfo "Restoring ip6tables ruleset" + /sbin/ip6tables-restore ${SAVE_RESTORE_OPTIONS} < ${IP6TABLES_SAVE} + + if [ "${ENABLE_FORWARDING_IPv6}" = "yes" ] ; then + einfo "Enabling forwarding for ipv6" + echo "1" > /proc/sys/net/ipv6/conf/all/forwarding + fi + + eend $? +} + +stop() { + ebegin "Stopping firewall" + # set sane defaults that disable forwarding + if [ -f /proc/sys/net/ipv6/conf/all/forwarding ] ; then + echo "0" > /proc/sys/net/ipv6/conf/all/forwarding + fi + + for a in `cat /proc/net/ip_tables_names`; do + ip6tables -F -t $a + ip6tables -X -t $a + + if [ $a == nat ]; then + ip6tables -t nat -P PREROUTING ACCEPT + ip6tables -t nat -P POSTROUTING ACCEPT + ip6tables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + ip6tables -t mangle -P PREROUTING ACCEPT + ip6tables -t mangle -P INPUT ACCEPT + ip6tables -t mangle -P FORWARD ACCEPT + ip6tables -t mangle -P OUTPUT ACCEPT + ip6tables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + ip6tables -t filter -P INPUT ACCEPT + ip6tables -t filter -P FORWARD ACCEPT + ip6tables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +save() { + ebegin "Saving ip6tables state" + /sbin/ip6tables-save ${SAVE_RESTORE_OPTIONS} > ${IP6TABLES_SAVE} + eend $? +} + diff --git a/net-firewall/iptables/files/iptables.confd b/net-firewall/iptables/files/iptables.confd index b09de80da5b1..7dbea450b700 100644 --- a/net-firewall/iptables/files/iptables.confd +++ b/net-firewall/iptables/files/iptables.confd @@ -6,7 +6,6 @@ IPTABLES_SAVE="/var/lib/iptables/rules-save" # Change to "yes" to enable forwarding support in the kernel. Please # note that this will override any setting placed in /etc/sysctl.conf. ENABLE_FORWARDING_IPv4="no" -ENABLE_FORWARDING_IPv6="no" #Options to pass to iptables-save and iptables-restore SAVE_RESTORE_OPTIONS="-c" diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init index 673cd5a4347c..9aeb20d4652e 100644 --- a/net-firewall/iptables/files/iptables.init +++ b/net-firewall/iptables/files/iptables.init @@ -2,7 +2,7 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or # later -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables.init,v 1.1 2003/03/11 21:50:24 mholzer Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables.init,v 1.2 2003/05/04 18:19:03 aliz Exp $ opts="start stop save" @@ -10,45 +10,36 @@ depend() { need logger net } -start() { - ebegin "Loading iptables state and starting firewall" - # This variable is set in /etc/conf.d/iptables +checkrules() { if [ ! -f ${IPTABLES_SAVE} ] then - einfo "Not starting iptables. First create some rules then run" - einfo "/etc/init.d/iptables save" - else - einfo "Restoring iptables ruleset" - /sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE} + eerror "Not starting iptables. First create some rules then run" + eerror "/etc/init.d/iptables save" + return 1 + fi +} - if [ "${ENABLE_FORWARDING_IPv4}" = "yes" ] ; then - einfo "Enabling forwarding for ipv4" - echo "1" > /proc/sys/net/ipv4/conf/all/forwarding - fi +start() { + checkrules || return 1 + ebegin "Loading iptables state and starting firewall" + einfo "Restoring iptables ruleset" + /sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE} - if [ "${ENABLE_FORWARDING_IPv6}" = "yes" ] ; then - einfo "Enabling forwarding for ipv6" - echo "1" > /proc/sys/net/ipv6/conf/all/forwarding - fi + if [ "${ENABLE_FORWARDING_IPv4}" = "yes" ] ; then + einfo "Enabling forwarding for ipv4" + echo "1" > /proc/sys/net/ipv4/conf/all/forwarding fi eend $? } stop() { - ebegin "Stopping firewall and saving iptables state" - # This way we don't forget to save changes - /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE} - + ebegin "Stopping firewall" # set sane defaults that disable forwarding if [ -f /proc/sys/net/ipv4/conf/all/forwarding ] ; then echo "0" > /proc/sys/net/ipv4/conf/all/forwarding fi - if [ -f /proc/sys/net/ipv6/conf/all/forwarding ] ; then - echo "0" > /proc/sys/net/ipv6/conf/all/forwarding - fi - for a in `cat /proc/net/ip_tables_names`; do iptables -F -t $a iptables -X -t $a diff --git a/net-firewall/iptables/iptables-1.2.8-r1.ebuild b/net-firewall/iptables/iptables-1.2.8-r1.ebuild new file mode 100644 index 000000000000..7b353795db36 --- /dev/null +++ b/net-firewall/iptables/iptables-1.2.8-r1.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.8-r1.ebuild,v 1.1 2003/05/04 18:19:03 aliz Exp $ + +inherit eutils flag-o-matic + +IUSE="ipv6" + +S=${WORKDIR}/${P} +DESCRIPTION="Kernel 2.4 firewall, NAT and packet mangling tools" +SRC_URI="http://www.iptables.org/files/${P}.tar.bz2" +HOMEPAGE="http://www.iptables.org/" + +SLOT="0" +KEYWORDS="~x86 ~ppc ~alpha ~sparc ~hppa ~arm ~mips" +LICENSE="GPL-2" + +# iptables is dependent on kernel sources. Strange but true. +DEPEND="virtual/os-headers" + +src_unpack() { + if [ -z $( get-flag O ) ]; then + append-flags -O2 + fi + + unpack ${A} + cd ${S} + + epatch ${FILESDIR}/${PV}-files + + # The folowing hack is needed because ${ARCH} is "sparc" and not "sparc64" + # and epatch uses ??_${ARCH}_foo.${EPATCH_SUFFIX} when reading from directories + [ "${PROFILE_ARCH}" = "sparc64" ] && epatch ${FILESDIR}/sparc64_limit_fix.patch.bz2 + + chmod +x extensions/.IMQ-test* + + cp Makefile Makefile.new + sed -e "s:-O2:${CFLAGS}:g" -e "s:/usr/local::g" Makefile.new > Makefile +} + +src_compile() { + # iptables and libraries are now installed to /sbin and /lib, so that + # systems with remote network-mounted /usr filesystems can get their + # network interfaces up and running correctly without /usr. + +# local myconf + use ipv6 && myconf="${myconf} DO_IPV6=1" || myconf="${myconf} DO_IPV6=0" + + make \ + LIBDIR=/lib \ + BINDIR=/sbin \ + MANDIR=/usr/share/man \ + INCDIR=/usr/include \ + KERNEL_DIR=/usr/src/linux \ + || die +} + +src_install() { +# local myconf +# use ipv6 && myconf="${myconf} DO_IPV6=1" || myconf="${myconf} DO_IPV6=0" + + make DESTDIR=${D} MANDIR=/usr/share/man ${myconf} install-experimental + make DESTDIR=${D} MANDIR=/usr/share/man ${myconf} install + make DESTDIR=${D} ${myconf} \ + LIBDIR=/usr/lib \ + MANDIR=/usr/share/man \ + INCDIR=/usr/include \ + install-devel + + dodoc COPYING KNOWN_BUGS + dodir /var/lib/iptables ; keepdir /var/lib/iptables + exeinto /etc/init.d + newexe ${FILESDIR}/iptables.init iptables + insinto /etc/conf.d + newins ${FILESDIR}/iptables.confd iptables + + if [ `use ipv6` ]; then + dodir /var/lib/ip6tables ; keepdir /var/lib/ip6tables + exeinto /etc/init.d + newexe ${FILESDIR}/ip6tables.init ip6tables + insinto /etc/conf.d + newins ${FILESDIR}/ip6tables.confd ip6tables + fi +} + +pkg_postinst() { + einfo "This package now includes an initscript which loads and saves" + einfo "rules stored in /var/lib/iptables/rules-save" + einfo "This location can be changed in /etc/conf.d/iptables" +} |