Bug #80556, initial work, lots of changes here. This is hardmasked for testing still. It didn't compile against my mm-sources kernel, but does compile against a stock kernel.

Package-Manager: portage-2.0.51.16

14 files changed, 268 insertions, 43 deletions

diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog
index 40db3ef64551..116d993055e7 100644
--- a/net-firewall/iptables/ChangeLog
+++ b/net-firewall/iptables/ChangeLog
@@ -1,6 +1,18 @@
 # ChangeLog for net-firewall/iptables
-# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.58 2004/12/29 03:04:58 ciaranm Exp $
+# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.59 2005/03/09 10:16:31 robbat2 Exp $
+
+*iptables-1.3.1 (09 Mar 2005)
+
+  09 Mar 2005; Robin H. Johnson <robbat2@gentoo.org>
+  +files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1.bz2,
+  +files/1.3.1-files/install_all_dev_files.patch-1.3.1.bz2,
+  +files/1.3.1-files/install_ipv6_apps.patch.bz2,
+  +files/1.3.1-files/iptables-1.3.1-compilefix.patch,
+  +iptables-1.3.1.ebuild:
+  Bug #80556, initial work, lots of changes here. This is hardmasked for
+  testing still. It didn't compile against my mm-sources kernel, but does
+  compile against a stock kernel.
 
   29 Dec 2004; Ciaran McCreesh <ciaranm@gentoo.org> :
   Change encoding to UTF-8 for GLEP 31 compliance
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index bae485046302..994530fadcbb 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,43 +1,60 @@
-MD5 446359a0182a0a43d1ef826288ed6abf iptables-1.2.7a-r3.ebuild 1981
-MD5 df8530dba9f60fdeb117dcdc61cea0d2 ChangeLog 15492
-MD5 2e35947618db05b61050b554b5c69eb4 iptables-1.2.9.ebuild 2806
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+MD5 cdf47a369303ed0da3bb2f6888dc1aa8 iptables-1.2.7a-r3.ebuild 1982
+MD5 cc52d7c9d9ba2c7a77ddf61dbc4edec6 iptables-1.3.1.ebuild 5420
+MD5 5a28ca4cbaa41ce47ecabf7a1484c040 iptables-1.2.11-r3.ebuild 5451
+MD5 e2158f065e3c8a603eb424a8ff613e4e iptables-1.2.9-r4.ebuild 5435
+MD5 20d154d66f67db6a04208bda433d9823 iptables-1.2.9.ebuild 2805
+MD5 d8db7c69648295e17016d8bbe4c55c07 iptables-1.2.9-r1.ebuild 3526
+MD5 5c9fe97964cdb981c75f43f20ba48c15 iptables-1.2.11-r2.ebuild 5379
+MD5 1e218b7e13e01fe8976e5b494e03caac ChangeLog 16012
 MD5 37236013e0d26d43c6bff35a8a48e8ec metadata.xml 220
-MD5 f0dd3e706a06dfff3b1f1b746f56cdd6 iptables-1.2.9-r4.ebuild 5435
-MD5 d494c008fc794e08d7441b753de8fbc8 iptables-1.2.11-r3.ebuild 5453
-MD5 b396b91124c4161228ca8183c3181e15 iptables-1.2.11-r2.ebuild 5377
-MD5 cf710eb268d1f501b4917425877a0f48 iptables-1.2.9-r1.ebuild 3526
-MD5 9366ae3d4d34c4dbf665b8539c609dd0 files/digest-iptables-1.2.9 67
 MD5 f876be872ec78bc824f2503059338d8d files/iptables.confd 382
-MD5 b4abd6e2518af2b4a14ba14c0392fe02 files/iptables-1.2.7a-hppa.diff 345
-MD5 d01fea0fed4592571090b2fe958a395a files/ip6tables-1.2.9-r1.init 1878
-MD5 e16ca98d9b770d5e61b3eb760b13b7c7 files/ip6tables.confd 384
+MD5 cc47b162c1a113d2de67762963ba7b0a files/ip6tables.init 2104
+MD5 1d34d1326df13874bd2f1997f3ee4d59 files/sparc64_limit_fix.patch.bz2 1227
+MD5 9366ae3d4d34c4dbf665b8539c609dd0 files/digest-iptables-1.2.9 67
+MD5 e3b68b1fb7a369382046e3b4562ccffa files/digest-iptables-1.3.1 206
+MD5 3ec239b461aa2724ec737824cf5615be files/iptables-1.2.9-r1.init 1842
 MD5 23da9a56b3162ef3cd18fcc8cc45a33f files/iptables.init 2087
 MD5 9366ae3d4d34c4dbf665b8539c609dd0 files/digest-iptables-1.2.9-r1 67
-MD5 3ec239b461aa2724ec737824cf5615be files/iptables-1.2.9-r1.init 1842
-MD5 4e055c59114fd6abc5a27bdaa97d2946 files/iptables-1.2.9-r1.confd 264
-MD5 1d34d1326df13874bd2f1997f3ee4d59 files/sparc64_limit_fix.patch.bz2 1227
-MD5 183ec92f9fee7f072d9edb36917b4f9e files/digest-iptables-1.2.7a-r3 68
-MD5 23c4c7ee1b86cd191e7b17b046289c91 files/iptables-1.2.9-hppa.patch.bz2 278
-MD5 cc47b162c1a113d2de67762963ba7b0a files/ip6tables.init 2104
+MD5 9366ae3d4d34c4dbf665b8539c609dd0 files/digest-iptables-1.2.9-r4 67
+MD5 e16ca98d9b770d5e61b3eb760b13b7c7 files/ip6tables.confd 384
 MD5 1457a4df1ce1faccfaccc8c7208bc432 files/digest-iptables-1.2.11-r2 68
 MD5 1457a4df1ce1faccfaccc8c7208bc432 files/digest-iptables-1.2.11-r3 68
+MD5 183ec92f9fee7f072d9edb36917b4f9e files/digest-iptables-1.2.7a-r3 68
+MD5 23c4c7ee1b86cd191e7b17b046289c91 files/iptables-1.2.9-hppa.patch.bz2 278
 MD5 dd4f4563c89d33fc6987043d95531e05 files/ip6tables-1.2.9-r1.confd 266
-MD5 9366ae3d4d34c4dbf665b8539c609dd0 files/digest-iptables-1.2.9-r4 67
-MD5 23c4c7ee1b86cd191e7b17b046289c91 files/1.2.9-files/03_hppa_gentoo.patch.bz2 278
-MD5 c4f9d5d795f4ab2c221681e55ebac8dd files/1.2.9-files/02_all_imq.patch.bz2 2936
+MD5 b4abd6e2518af2b4a14ba14c0392fe02 files/iptables-1.2.7a-hppa.diff 345
+MD5 4e055c59114fd6abc5a27bdaa97d2946 files/iptables-1.2.9-r1.confd 264
+MD5 d01fea0fed4592571090b2fe958a395a files/ip6tables-1.2.9-r1.init 1878
+MD5 628b6569018552e77bd5543d98baa664 files/1.3.1-files/iptables-1.3.1-compilefix.patch 539
+MD5 76a42dd64d1a4f419a5f07de5a6cb0c2 files/1.3.1-files/install_all_dev_files.patch-1.3.1.bz2 1098
+MD5 0eacca16bacc2e2d7cc125d3aa65b30d files/1.3.1-files/install_ipv6_apps.patch.bz2 334
+MD5 bcbdd7e40a2fd78796c9a00a5ae463cb files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1.bz2 801
+MD5 ea3ad4b64a781b66b711cb587d4a718b files/1.2.7a-files/01_all_grsecurity.patch.bz2 1163
+MD5 c4f9d5d795f4ab2c221681e55ebac8dd files/1.2.7a-files/02_all_imq.patch.bz2 2936
+MD5 0b7b54af1ab69e8e10ddcaab93fd62ff files/1.2.7a-files/03_all_mac_fix.patch.bz2 305
+MD5 76d3e579f6be5bc9d4f22f7cdbfd8c71 files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2 549
 MD5 0eacca16bacc2e2d7cc125d3aa65b30d files/1.2.9-files/04_all_install_ipv6_apps.patch.bz2 334
-MD5 2599393f05041feef25abb4f204e72cb files/1.2.9-files/05_all_install_all_dev_files.patch.bz2 1056
 MD5 1d34d1326df13874bd2f1997f3ee4d59 files/1.2.9-files/sparc64_limit_fix.patch.bz2 1227
 MD5 d5afce91314f40a8448cd20a8b585ee5 files/1.2.9-files/01_all_grsecurity.patch.bz2 1224
+MD5 23c4c7ee1b86cd191e7b17b046289c91 files/1.2.9-files/03_hppa_gentoo.patch.bz2 278
+MD5 c4f9d5d795f4ab2c221681e55ebac8dd files/1.2.9-files/02_all_imq.patch.bz2 2936
 MD5 88d477ca9a41c15b1cc2d5253e371ada files/1.2.9-files/06_all_l7.patch.bz2 4455
-MD5 76d3e579f6be5bc9d4f22f7cdbfd8c71 files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2 549
-MD5 c4f9d5d795f4ab2c221681e55ebac8dd files/1.2.7a-files/02_all_imq.patch.bz2 2936
-MD5 0b7b54af1ab69e8e10ddcaab93fd62ff files/1.2.7a-files/03_all_mac_fix.patch.bz2 305
-MD5 ea3ad4b64a781b66b711cb587d4a718b files/1.2.7a-files/01_all_grsecurity.patch.bz2 1163
-MD5 756f721b4c0c0646a174993befa199c4 files/1.2.11-files/CAN-2004-0986.patch 1365
-MD5 66834df31d6b9d23cac3f4226a865cb2 files/1.2.11-files/iptables-layer7-0.9.0.patch.bz2 3815
-MD5 0eacca16bacc2e2d7cc125d3aa65b30d files/1.2.11-files/install_ipv6_apps.patch.bz2 334
+MD5 2599393f05041feef25abb4f204e72cb files/1.2.9-files/05_all_install_all_dev_files.patch.bz2 1056
 MD5 b0150e53cd00cec2a3c1cff0e2e7673f files/1.2.11-files/round-robin.patch 830
+MD5 0eacca16bacc2e2d7cc125d3aa65b30d files/1.2.11-files/install_ipv6_apps.patch.bz2 334
+MD5 66834df31d6b9d23cac3f4226a865cb2 files/1.2.11-files/iptables-layer7-0.9.0.patch.bz2 3815
+MD5 e501a7bffac71e8c86aa8c62414d1621 files/1.2.11-files/install_all_dev_files.patch.bz2 1041
 MD5 3e4bb17303647ee7a43279f6aa6f0d61 files/1.2.11-files/iptables-1.2.9-imq1.diff.bz2 1420
 MD5 1d104ede1329b4433cd31e2bf734aaaa files/1.2.11-files/grsecurity-1.2.8-iptables.patch.bz2 763
-MD5 e501a7bffac71e8c86aa8c62414d1621 files/1.2.11-files/install_all_dev_files.patch.bz2 1041
+MD5 756f721b4c0c0646a174993befa199c4 files/1.2.11-files/CAN-2004-0986.patch 1365
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (GNU/Linux)
+Comment: Robbat2 @ Orbis-Terrarum Networks
+
+iD8DBQFCLs0dsnuUTjSIToURAgEwAJ91BHU10pK3ocH9/kzKSQ8OTk/QlgCeMcyL
+/WWgC/Wmfu/GgtLHsak65KM=
+=x71h
+-----END PGP SIGNATURE-----
diff --git a/net-firewall/iptables/files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1.bz2 b/net-firewall/iptables/files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1.bz2
new file mode 100644
index 000000000000..106545d31948
--- /dev/null
+++ b/net-firewall/iptables/files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1.bz2
diff --git a/net-firewall/iptables/files/1.3.1-files/install_all_dev_files.patch-1.3.1.bz2 b/net-firewall/iptables/files/1.3.1-files/install_all_dev_files.patch-1.3.1.bz2
new file mode 100644
index 000000000000..39b97a195734
--- /dev/null
+++ b/net-firewall/iptables/files/1.3.1-files/install_all_dev_files.patch-1.3.1.bz2
diff --git a/net-firewall/iptables/files/1.3.1-files/install_ipv6_apps.patch.bz2 b/net-firewall/iptables/files/1.3.1-files/install_ipv6_apps.patch.bz2
new file mode 100644
index 000000000000..d6a865a6eb28
--- /dev/null
+++ b/net-firewall/iptables/files/1.3.1-files/install_ipv6_apps.patch.bz2
diff --git a/net-firewall/iptables/files/1.3.1-files/iptables-1.3.1-compilefix.patch b/net-firewall/iptables/files/1.3.1-files/iptables-1.3.1-compilefix.patch
new file mode 100644
index 000000000000..e9ccb754e7b1
--- /dev/null
+++ b/net-firewall/iptables/files/1.3.1-files/iptables-1.3.1-compilefix.patch
@@ -0,0 +1,11 @@
+diff -Nuar iptables-1.3.1.old/extensions/libipt_conntrack.c iptables-1.3.1/extensions/libipt_conntrack.c
+--- iptables-1.3.1.old/extensions/libipt_conntrack.c	2005-02-19 11:19:17.000000000 -0800
++++ iptables-1.3.1/extensions/libipt_conntrack.c	2005-03-08 23:22:10.342926831 -0800
+@@ -9,6 +9,7 @@
+ #include <getopt.h>
+ #include <ctype.h>
+ #include <iptables.h>
++#include <linux/types.h> // for u8
+ #include <linux/netfilter_ipv4/ip_conntrack.h>
+ #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
+ /* For 64bit kernel / 32bit userspace */
diff --git a/net-firewall/iptables/files/digest-iptables-1.3.1 b/net-firewall/iptables/files/digest-iptables-1.3.1
new file mode 100644
index 000000000000..c87b056aa406
--- /dev/null
+++ b/net-firewall/iptables/files/digest-iptables-1.3.1
@@ -0,0 +1,3 @@
+MD5 c3358a3bd0d7755df0b64a5063db296b iptables-1.3.1.tar.bz2 180670
+MD5 9adae8be9562775a176fc1b275b3cb29 iptables-1.3.0-imq1.diff 5369
+MD5 1fcf37948baef72fd708c11dee3bdbb6 netfilter-layer7-v1.0.tar.gz 55404
diff --git a/net-firewall/iptables/iptables-1.2.11-r2.ebuild b/net-firewall/iptables/iptables-1.2.11-r2.ebuild
index 1f8768d45b2b..35df17a58b73 100644
--- a/net-firewall/iptables/iptables-1.2.11-r2.ebuild
+++ b/net-firewall/iptables/iptables-1.2.11-r2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.11-r2.ebuild,v 1.14 2004/11/07 10:36:09 kumba Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.11-r2.ebuild,v 1.15 2005/03/09 10:16:31 robbat2 Exp $
 
 inherit eutils flag-o-matic
 
diff --git a/net-firewall/iptables/iptables-1.2.11-r3.ebuild b/net-firewall/iptables/iptables-1.2.11-r3.ebuild
index ca7c20ed0b4d..d93d6ec305d5 100644
--- a/net-firewall/iptables/iptables-1.2.11-r3.ebuild
+++ b/net-firewall/iptables/iptables-1.2.11-r3.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.11-r3.ebuild,v 1.11 2004/11/10 11:31:04 mr_bones_ Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.11-r3.ebuild,v 1.12 2005/03/09 10:16:31 robbat2 Exp $
 
 inherit eutils flag-o-matic
 
diff --git a/net-firewall/iptables/iptables-1.2.7a-r3.ebuild b/net-firewall/iptables/iptables-1.2.7a-r3.ebuild
index fa43d2808d7a..15d172900660 100644
--- a/net-firewall/iptables/iptables-1.2.7a-r3.ebuild
+++ b/net-firewall/iptables/iptables-1.2.7a-r3.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.7a-r3.ebuild,v 1.10 2004/08/19 21:59:53 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.7a-r3.ebuild,v 1.11 2005/03/09 10:16:31 robbat2 Exp $
 
 inherit eutils
 
diff --git a/net-firewall/iptables/iptables-1.2.9-r1.ebuild b/net-firewall/iptables/iptables-1.2.9-r1.ebuild
index 1fdc090192e5..f174b04f8a45 100644
--- a/net-firewall/iptables/iptables-1.2.9-r1.ebuild
+++ b/net-firewall/iptables/iptables-1.2.9-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9-r1.ebuild,v 1.10 2004/08/23 07:49:40 seemant Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9-r1.ebuild,v 1.11 2005/03/09 10:16:31 robbat2 Exp $
 
 inherit eutils flag-o-matic
 
diff --git a/net-firewall/iptables/iptables-1.2.9-r4.ebuild b/net-firewall/iptables/iptables-1.2.9-r4.ebuild
index a2025d69a68c..cfa52e23bde3 100644
--- a/net-firewall/iptables/iptables-1.2.9-r4.ebuild
+++ b/net-firewall/iptables/iptables-1.2.9-r4.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9-r4.ebuild,v 1.4 2004/08/23 07:49:40 seemant Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9-r4.ebuild,v 1.5 2005/03/09 10:16:31 robbat2 Exp $
 
 inherit eutils flag-o-matic
 
diff --git a/net-firewall/iptables/iptables-1.2.9.ebuild b/net-firewall/iptables/iptables-1.2.9.ebuild
index 1e11054c9814..c25f78a15e14 100644
--- a/net-firewall/iptables/iptables-1.2.9.ebuild
+++ b/net-firewall/iptables/iptables-1.2.9.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9.ebuild,v 1.18 2004/10/04 22:49:23 pvdabeel Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.9.ebuild,v 1.19 2005/03/09 10:16:31 robbat2 Exp $
 
 inherit eutils flag-o-matic
 
diff --git a/net-firewall/iptables/iptables-1.3.1.ebuild b/net-firewall/iptables/iptables-1.3.1.ebuild
new file mode 100644
index 000000000000..8f1d9755bf08
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.3.1.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.1.ebuild,v 1.1 2005/03/09 10:16:31 robbat2 Exp $
+
+inherit eutils flag-o-matic
+
+#extensions versions
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 static extensions"
+
+DEPEND="virtual/os-headers
+		extensions? ( virtual/linux-sources )"
+RDEPEND=""
+
+L7_PN="netfilter-layer7"
+L7_PV="1.0"
+L7_P="${L7_PN}-v${L7_PV}"
+L7_PATCH="iptables-layer7-${L7_PV}.patch"
+IMQ_PATCH="iptables-1.3.0-imq1.diff"
+
+SRC_URI="http://www.iptables.org/files/${P}.tar.bz2
+		extensions? (
+			http://www.linuximq.net/patchs/${IMQ_PATCH}
+			mirror://sourceforge/l7-filter/${L7_P}.tar.gz
+		)"
+
+pkg_setup() {
+	if use extensions; then
+		einfo "WARNING: 3rd party extensions has been enabled."
+		einfo "This means that iptables will use your currently installed"
+		einfo "kernel in /usr/src/linux as headers for iptables."
+		einfo ""
+		einfo "You may have to patch your kernel to allow iptables to build."
+		einfo "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ for patches"
+		einfo "for your kernel."
+	fi
+}
+
+
+src_unpack() {
+	unpack ${P}.tar.bz2 ${L7_P}.tar.gz ; cd ${S}
+
+	EPATCH_OPTS="-p0" \
+	epatch ${FILESDIR}/${PV}-files/install_ipv6_apps.patch.bz2
+	EPATCH_OPTS="-p1" \
+	epatch ${FILESDIR}/${PV}-files/install_all_dev_files.patch-${PV}.bz2
+
+	# Both of these have been merged upstream
+	# EPATCH_OPTS="-p1" epatch ${FILESDIR}/${PV}-files/round-robin.patch 
+	# security bug 70240
+	# EPATCH_OPTS="-p2" epatch ${FILESDIR}/${PV}-files/CAN-2004-0986.patch 
+	
+	# this provide's grsec's stealth match
+	EPATCH_OPTS="-p0" \
+	epatch ${FILESDIR}/${PV}-files/grsecurity-1.2.8-iptables.patch-${PV}.bz2
+	sed -i "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" extensions/Makefile
+
+	EPATCH_OPTS="-p1" \
+	epatch ${FILESDIR}/${PV}-files/${P}-compilefix.patch
+
+	if use extensions; then
+		EPATCH_OPTS="-p1" epatch ${DISTDIR}/${IMQ_PATCH}
+		EPATCH_OPTS="-p1" epatch ${WORKDIR}/${L7_P}/${L7_PATCH}
+		chmod +x extensions/{.IMQ-test*,.childlevel-test*,.layer7-test*}
+	fi
+}
+
+
+src_defs() {
+	# these are used in both of src_compile and src_install
+	myconf="${myconf} PREFIX="
+	myconf="${myconf} LIBDIR=/lib"
+	myconf="${myconf} BINDIR=/sbin" 
+	myconf="${myconf} MANDIR=/usr/share/man"
+	myconf="${myconf} INCDIR=/usr/include"
+	# iptables and libraries are now installed to /sbin and /lib, so that
+	# systems with remote network-mounted /usr filesystems can get their
+	# network interfaces up and running correctly without /usr.
+	use ipv6 || myconf="${myconf} DO_IPV6=0"
+	use static && myconf="${myconf} NO_SHARED_LIBS=0"
+	export myconf
+	diemsg="Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables"
+	export diemsg
+}
+
+
+src_compile() {
+	src_defs
+	replace-flags -O0 -O2
+
+	if [ -z `get-flag O` ]; then
+		append-flags -O2
+	fi
+
+	# prevent it from causing ICMP errors.
+	# http://bugs.gentoo.org/show_bug.cgi?id=23645
+	filter-flags "-fstack-protector"
+
+
+	if use extensions; then
+		# Only check_KV if /usr/src/linux exists
+		if [ -L ${ROOT}/usr/src/linux -o -d ${ROOT}/usr/src/linux ]; then
+			check_KV
+		else
+			ewarn "You don't have kernel sources available at /usr/src/linux."
+			ewarn "Iptables will be built against linux-headers."
+		fi
+
+		make COPT_FLAGS="${CFLAGS}" ${myconf} \
+			KERNEL_DIR=/usr/src/linux \
+			|| die "${diemsg}"
+	else
+		make COPT_FLAGS="${CFLAGS}" ${myconf} \
+			KERNEL_DIR=/usr \
+			|| die
+	fi
+}
+
+src_install() {
+	src_defs
+	myconf="DESTDIR=${D} ${myconf}"
+	if use extensions; then
+		make ${myconf} \
+			KERNEL_DIR=/usr/src/linux \
+			install || die "${diemsg}"
+
+		make ${myconf} \
+			KERNEL_DIR=/usr/src/linux \
+			install-devel || die "${diemsg}"
+	else
+		make ${myconf} \
+			KERNEL_DIR=/usr \
+			install || die
+
+		make ${myconf} \
+			KERNEL_DIR=/usr \
+			install-devel || die
+	fi
+
+	dodoc COPYING
+	keepdir /var/lib/iptables
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/${PN}-1.2.9-r1.init iptables
+	insinto /etc/conf.d
+	newins ${FILESDIR}/${PN}-1.2.9-r1.confd iptables
+
+	if use ipv6; then
+		keepdir /var/lib/ip6tables
+		exeinto /etc/init.d
+		newexe ${FILESDIR}/${PN/iptables/ip6tables}-1.2.9-r1.init ip6tables
+		insinto /etc/conf.d
+		newins ${FILESDIR}/${PN/iptables/ip6tables}-1.2.9-r1.confd ip6tables
+	fi
+}
+
+pkg_postinst() {
+	einfo "This package now includes an initscript which loads and saves"
+	einfo "rules stored in /var/lib/iptables/rules-save"
+	useq ipv6 >/dev/null && einfo "and /var/lib/ip6tables/rules-save"
+	einfo "This location can be changed in /etc/conf.d/iptables"
+	einfo ""
+	einfo "If you are using the iptables initsscript you should save your"
+	einfo "rules using the new iptables version before rebooting."
+	einfo ""
+	einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
+	einfo "iptables."
+	einfo ""
+	ewarn "!!! ipforwarding is now not a part of the iptables initscripts."
+	einfo "Until a more permanent solution is implemented adding the following"
+	einfo "to /etc/conf.d/local.start will enable ipforwarding at bootup:"
+	einfo "  echo \"1\" > /proc/sys/net/ipv4/conf/all/forwarding"
+	if useq ipv6; then
+		einfo "and/or"
+		einfo "  echo \"1\" > /proc/sys/net/ipv6/conf/all/forwarding"
+		einfo "for ipv6."
+	fi
+}