diff options
author | Daniel Ahlberg <aliz@gentoo.org> | 2004-01-26 10:40:53 +0000 |
---|---|---|
committer | Daniel Ahlberg <aliz@gentoo.org> | 2004-01-26 10:40:53 +0000 |
commit | 0a0553c7b8cfdec84e586f947f974f17bed7d5fe (patch) | |
tree | 747e8f4ce5540c71ca08bed5291612f7cde54375 | |
parent | update cvs snapshot (diff) | |
download | historical-0a0553c7b8cfdec84e586f947f974f17bed7d5fe.tar.gz historical-0a0553c7b8cfdec84e586f947f974f17bed7d5fe.tar.bz2 historical-0a0553c7b8cfdec84e586f947f974f17bed7d5fe.zip |
Unmask and bugs fixed
-rw-r--r-- | net-firewall/iptables/ChangeLog | 7 | ||||
-rw-r--r-- | net-firewall/iptables/Manifest | 16 | ||||
-rw-r--r-- | net-firewall/iptables/files/ip6tables.init | 38 | ||||
-rw-r--r-- | net-firewall/iptables/files/iptables.init | 41 | ||||
-rw-r--r-- | net-firewall/iptables/iptables-1.2.9.ebuild | 14 |
5 files changed, 73 insertions, 43 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog index 19c4c6329d59..c435c0717324 100644 --- a/net-firewall/iptables/ChangeLog +++ b/net-firewall/iptables/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-firewall/iptables # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.18 2003/11/21 15:45:33 aliz Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.19 2004/01/26 10:40:42 aliz Exp $ + + 23 Jan 2004; Daniel Ahlberg <aliz@gentoo.org> files/iptables.init, files/ip6tables.init, iptables-1.2.9.ebuild: + Add reload support to initscript. Closing #21801. + Added note about saving your rules if upgrading. Closing #35135. + Unmasked, closing #34910. 21 Nov 2003; Daniel Ahlberg <aliz@gentoo.org> iptables-1.2.9.ebuild : Replae -O0 with -O2, same as the the lack of -O flag problem. Closing #33899. diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index e56ec4aee4ed..3bd102877199 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -1,17 +1,23 @@ MD5 3870252e9f2f0568119041ef86366324 iptables-1.2.8-r1.ebuild 2603 MD5 611eccaed05cd06e19488b1a14d78747 iptables-1.2.7a-r3.ebuild 1993 MD5 59eb30b46fae4911251ff539850a4d0b iptables-1.2.8.ebuild 2105 +MD5 b76799632db21bda76bfaa16ce8bd9ac iptables-1.2.8-r2.ebuild 2731 +MD5 ceb03819b44784147104358fa559ba1d iptables-1.2.7a-r4.ebuild 2105 +MD5 f35d215db7ee698f65615a935a59e15c iptables-1.2.9.ebuild 2666 +MD5 8995bf9ae4d83b613747f9443bb17a28 ChangeLog 9002 +MD5 37236013e0d26d43c6bff35a8a48e8ec metadata.xml 220 MD5 f876be872ec78bc824f2503059338d8d files/iptables.confd 382 -MD5 1416ab080ec8704b26a5426976f17990 files/ip6tables.init 1864 +MD5 04a4f2f4455c1c5df002cde52d354dee files/ip6tables.init 2108 MD5 1d34d1326df13874bd2f1997f3ee4d59 files/sparc64_limit_fix.patch.bz2 1227 MD5 69d604b3e3317fddf6778f9e1baaa2f0 files/digest-iptables-1.2.8 67 MD5 9366ae3d4d34c4dbf665b8539c609dd0 files/digest-iptables-1.2.9 67 -MD5 a0cf33b15c278425a59e1e9e99665000 files/iptables.init 1832 +MD5 a691c35088525c77c3c9b107cdb74da1 files/iptables.init 2092 MD5 69d604b3e3317fddf6778f9e1baaa2f0 files/digest-iptables-1.2.8-r1 67 MD5 69d604b3e3317fddf6778f9e1baaa2f0 files/digest-iptables-1.2.8-r2 67 MD5 e16ca98d9b770d5e61b3eb760b13b7c7 files/ip6tables.confd 384 MD5 183ec92f9fee7f072d9edb36917b4f9e files/digest-iptables-1.2.7a-r3 68 MD5 183ec92f9fee7f072d9edb36917b4f9e files/digest-iptables-1.2.7a-r4 68 +MD5 b4abd6e2518af2b4a14ba14c0392fe02 files/iptables-1.2.7a-hppa.diff 345 MD5 ea3ad4b64a781b66b711cb587d4a718b files/1.2.7a-files/01_all_grsecurity.patch.bz2 1163 MD5 c4f9d5d795f4ab2c221681e55ebac8dd files/1.2.7a-files/02_all_imq.patch.bz2 2936 MD5 0b7b54af1ab69e8e10ddcaab93fd62ff files/1.2.7a-files/03_all_mac_fix.patch.bz2 305 @@ -19,12 +25,6 @@ MD5 76d3e579f6be5bc9d4f22f7cdbfd8c71 files/1.2.7a-files/04_all_no_optimize_fix.p MD5 d0e0fa48b2181f3cf1fe8d145d202dc6 files/1.2.8-files/01_all_grsecurity.patch.bz2 1180 MD5 23c4c7ee1b86cd191e7b17b046289c91 files/1.2.8-files/03_hppa_gentoo.patch.bz2 278 MD5 c4f9d5d795f4ab2c221681e55ebac8dd files/1.2.8-files/02_all_imq.patch.bz2 2936 -MD5 b4abd6e2518af2b4a14ba14c0392fe02 files/iptables-1.2.7a-hppa.diff 345 MD5 d5afce91314f40a8448cd20a8b585ee5 files/1.2.9-files/01_all_grsecurity.patch.bz2 1224 MD5 23c4c7ee1b86cd191e7b17b046289c91 files/1.2.9-files/03_hppa_gentoo.patch.bz2 278 MD5 c4f9d5d795f4ab2c221681e55ebac8dd files/1.2.9-files/02_all_imq.patch.bz2 2936 -MD5 b76799632db21bda76bfaa16ce8bd9ac iptables-1.2.8-r2.ebuild 2731 -MD5 ceb03819b44784147104358fa559ba1d iptables-1.2.7a-r4.ebuild 2105 -MD5 d388e95454aeeef490b6f49ebfb22536 iptables-1.2.9.ebuild 2582 -MD5 7f8f7b41124192f585896d8c8c9a50b2 ChangeLog 8740 -MD5 37236013e0d26d43c6bff35a8a48e8ec metadata.xml 220 diff --git a/net-firewall/iptables/files/ip6tables.init b/net-firewall/iptables/files/ip6tables.init index e067b9d20f75..02446e245d4d 100644 --- a/net-firewall/iptables/files/ip6tables.init +++ b/net-firewall/iptables/files/ip6tables.init @@ -2,9 +2,9 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or # later -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/ip6tables.init,v 1.2 2003/09/19 13:54:29 aliz Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/ip6tables.init,v 1.3 2004/01/26 10:40:42 aliz Exp $ -opts="start stop save" +opts="start stop save reload" depend() { need logger net @@ -45,24 +45,36 @@ stop() { ip6tables -X -t $a if [ $a == nat ]; then - ip6tables -t nat -P PREROUTING ACCEPT - ip6tables -t nat -P POSTROUTING ACCEPT - ip6tables -t nat -P OUTPUT ACCEPT + /sbin/ip6tables -t nat -P PREROUTING ACCEPT + /sbin/ip6tables -t nat -P POSTROUTING ACCEPT + /sbin/ip6tables -t nat -P OUTPUT ACCEPT elif [ $a == mangle ]; then - ip6tables -t mangle -P PREROUTING ACCEPT - ip6tables -t mangle -P INPUT ACCEPT - ip6tables -t mangle -P FORWARD ACCEPT - ip6tables -t mangle -P OUTPUT ACCEPT - ip6tables -t mangle -P POSTROUTING ACCEPT + /sbin/ip6tables -t mangle -P PREROUTING ACCEPT + /sbin/ip6tables -t mangle -P INPUT ACCEPT + /sbin/ip6tables -t mangle -P FORWARD ACCEPT + /sbin/ip6tables -t mangle -P OUTPUT ACCEPT + /sbin/ip6tables -t mangle -P POSTROUTING ACCEPT elif [ $a == filter ]; then - ip6tables -t filter -P INPUT ACCEPT - ip6tables -t filter -P FORWARD ACCEPT - ip6tables -t filter -P OUTPUT ACCEPT + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT fi done eend $? } +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + + start +} + + save() { ebegin "Saving ip6tables state" /sbin/ip6tables-save ${SAVE_RESTORE_OPTIONS} > ${IP6TABLES_SAVE} diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init index 9aeb20d4652e..7ecca837a6ec 100644 --- a/net-firewall/iptables/files/iptables.init +++ b/net-firewall/iptables/files/iptables.init @@ -2,9 +2,9 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or # later -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables.init,v 1.2 2003/05/04 18:19:03 aliz Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables.init,v 1.3 2004/01/26 10:40:42 aliz Exp $ -opts="start stop save" +opts="start stop save reload" depend() { need logger net @@ -41,28 +41,39 @@ stop() { fi for a in `cat /proc/net/ip_tables_names`; do - iptables -F -t $a - iptables -X -t $a + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a if [ $a == nat ]; then - iptables -t nat -P PREROUTING ACCEPT - iptables -t nat -P POSTROUTING ACCEPT - iptables -t nat -P OUTPUT ACCEPT + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT elif [ $a == mangle ]; then - iptables -t mangle -P PREROUTING ACCEPT - iptables -t mangle -P INPUT ACCEPT - iptables -t mangle -P FORWARD ACCEPT - iptables -t mangle -P OUTPUT ACCEPT - iptables -t mangle -P POSTROUTING ACCEPT + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT elif [ $a == filter ]; then - iptables -t filter -P INPUT ACCEPT - iptables -t filter -P FORWARD ACCEPT - iptables -t filter -P OUTPUT ACCEPT + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT fi done eend $? } +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + + start +} + save() { ebegin "Saving iptables state" /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE} diff --git a/net-firewall/iptables/iptables-1.2.9.ebuild b/net-firewall/iptables/iptables-1.2.9.ebuild index bac33962564f..6d0ebe8aa809 100644 --- a/net-firewall/iptables/iptables-1.2.9.ebuild +++ b/net-firewall/iptables/iptables-1.2.9.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. +# Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9.ebuild,v 1.3 2003/12/03 23:03:40 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9.ebuild,v 1.4 2004/01/26 10:40:42 aliz Exp $ inherit eutils flag-o-matic @@ -16,7 +16,7 @@ SRC_URI="http://www.iptables.org/files/${P}.tar.bz2" HOMEPAGE="http://www.iptables.org/" SLOT="0" -KEYWORDS="~x86 ~ppc ~alpha ~sparc ~hppa ~arm ~mips ~ia64 ~amd64" +KEYWORDS="x86 ~ppc ~alpha ~sparc ~hppa ~arm ~mips ~ia64 amd64" LICENSE="GPL-2" # iptables is dependent on kernel sources. Strange but true. @@ -40,8 +40,7 @@ src_unpack() { chmod +x extensions/.IMQ-test* - cp Makefile Makefile.new - sed -e "s:-O2:${CFLAGS} -Iinclude:g" -e "s:/usr/local::g" -e "s:-Iinclude/::" Makefile.new > Makefile + sed -i -e "s:-O2:${CFLAGS} -Iinclude:g" -e "s:/usr/local::g" -e "s:-Iinclude/::" Makefile } src_compile() { @@ -68,7 +67,7 @@ src_install() { INCDIR=/usr/include \ install-devel - dodoc COPYING KNOWN_BUGS + dodoc COPYING dodir /var/lib/iptables ; keepdir /var/lib/iptables exeinto /etc/init.d newexe ${FILESDIR}/iptables.init iptables @@ -88,5 +87,8 @@ pkg_postinst() { einfo "This package now includes an initscript which loads and saves" einfo "rules stored in /var/lib/iptables/rules-save" einfo "This location can be changed in /etc/conf.d/iptables" + + einfo "If you are using the iptables initsscript you should save your" + einfo "rules using the new iptables version before rebooting." } |