diff options
| author |   Stuart Shelton <stuart@shelton.me> | 2016-02-08 18:30:41 +0000 |
|---|---|---|
| committer | Stuart Shelton <stuart@shelton.me> | 2016-02-08 18:30:41 +0000 |
| commit | c467a1d89a95a6ecce5d44e1045320a7924ffa11 (patch) | |
| tree | 43e26e21bc8e5bbb75652c2d0e57d6fab656a937 /net-firewall/iptables | |
| parent | Add net-firewall/iptables-nftables-1.4.21-r4, update net-firewall/iptables-nf... (diff) | |
| download | srcshelton-c467a1d89a95a6ecce5d44e1045320a7924ffa11.tar.gz srcshelton-c467a1d89a95a6ecce5d44e1045320a7924ffa11.tar.bz2 srcshelton-c467a1d89a95a6ecce5d44e1045320a7924ffa11.zip | |
Add net-firewall/iptables-1.6.0, update net-firewall/iptables-9999
Diffstat (limited to 'net-firewall/iptables')
| -rw-r--r-- | net-firewall/iptables/Manifest | 7 | ||||
| -rwxr-xr-x | net-firewall/iptables/files/iptables.init | 120 | ||||
| -rw-r--r-- | net-firewall/iptables/iptables-1.6.0.ebuild | 120 | ||||
| -rw-r--r-- | net-firewall/iptables/iptables-9999.ebuild | 8 |
4 files changed, 205 insertions, 50 deletions
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index e49d7b30..32da2a1f 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -1,13 +1,14 @@ AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10 -AUX iptables-1.4.13-r1.init 2815 SHA256 b843ce324bb7073e60a4e5b2ab7bf8d032ddbe42229a8ce75eaae7dcedc0c6a0 SHA512 21a481cdbde5b3914f949e87d1ff7a8ac57dc534a7a45bad4d171ee3951599994b1bb127d35aff104335ac1d130af3da37a24e079af721e0dfb77cf388bfd6e1 WHIRLPOOL f419cfd9aae7694c5ddf1020d39c82ce6198542c6ef8946249269688cd84cb95c86011a14457183ce4ef4a262e333ddfe67ac063588c3a4d6412125293919ec6 AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b AUX iptables-1.4.21-configure.patch 1066 SHA256 73454c278b48fae5debcdb72ada8f2d60a36b5134cb1052b1a332b83169cbdc0 SHA512 45445d1460072ed19ba617be983be82094fdd0535a25de4f6159173de4a08be9bee9da13c7aeea419291beb92402ca25efba3a0e269510e221f7eacc8bcd5176 WHIRLPOOL 55c56c9e0711409c54b8635dc9b480be885c852b60ac336a32b3a48586c85ba5b7b9a0b4d2d427f7d646dfdc4d49c9fe6957ed39eac5cdd7de3526249f99e6ed AUX iptables-1.4.21-static-connlabel-config.patch 2195 SHA256 e03de480a940b0ac386bba2ec681f724ba39f5e53153398e061f2d74ae491c49 SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1 WHIRLPOOL c1b79bb8e9a915d27940b443c564d0d00ccbd31728b8519bd18a6957ca7085c19dd09592d94a4aecee48102303a000130eba85710ad1de1533ef783ef1c28811 -AUX iptables.init 2836 SHA256 9e849fa991b236b8860fc516210eaf17b3041d876d6dba4634dd3ac3b729ab0a SHA512 de67ccdc99a121137d2af3aa2ad31cf0b4d486b169947a575ab14ae97d32deaf9f1d5edce7bead26235212b1358d3947c794ddd9ed0ef31ba335a776ec9cdeec WHIRLPOOL 7393cb784291e9898020b8503c9039c4ccabe387f8fa00fb72c4d9eb9831aa86a78a02b4cd07511c6368264a9c96d0f0be51ede1d45a451b81fd069e95633b9e +AUX iptables.init 3153 SHA256 e27ff5dd149133df9087c5a262bdfed50a1c4883573c5c205160e7320855d65f SHA512 84689d326ace1fea6176034e3fd073e2842321a3da3568439f1255d0768ce3bd010be4c531182d0b705f7faa3d95d88645960535de6a412c720800073be18bf0 WHIRLPOOL bfe3e64ebf0c6e96f9e1a8bd8f5ba4145bec8f580db52b062579ee8b34e2963f4666e82b4dac661c37dc0f493040ff57b946afb02d3dc929ce9fde3a653914f4 AUX systemd/ip6tables-restore.service 395 SHA256 679ba8327bf037e991ff07d8cf910009c67026b0faf8112d75c945b64f4b64de SHA512 e41f7bc55b2b58452b993ccb42014b5bc2701aeeef46eee845a2b016b334299ff4e6d11ba22f3aaff47195f1049dc7fd4be41a7055911420230107b1ee4c6ba3 WHIRLPOOL 232d90f8591358fe853c8c4b569b2825ba02ced59d390232a7f7fb535e3bfbbcb70972938506cbead5e6b57845310f5a91c1fd225898f185cffb96ba7d4d97f3 AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6 AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0 AUX systemd/iptables-restore.service 391 SHA256 ace3b2085700bde96f0597e8c6f3b8524c28d4f9b6c924deb09b164a5b8e979c SHA512 222a088d487f8e5c199aec4a3619f8c8ee620ffca13c35fd3da8daf926db25fa5203226a6f4a2c426622d935ffd57c02ad4ff5edbca922f8168e29fc3e52c516 WHIRLPOOL 507cfef3650fcce3a17d56edfb39110d08397bbd96c88cb21c2cdb74c69b920142f0f68f71312ae7a6013057e0ab500546a0075806dd424fc85b9aebdb76b5f4 AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3 -EBUILD iptables-9999.ebuild 3227 SHA256 12997cacb81bbc0082bc4fbe72dfaa9cfb2140801c43ce74932bb8a4b302440d SHA512 56d8c645502ae38f38f1ee75b1a476675139c807aac249933dac5c3c4d4cebf6b084a97e7321f7175be4550a613d8fa2a5965df243c5e477e2ab5a65a9c740eb WHIRLPOOL bcd5aaa7d788814c7c9667f17d1b04bbd45810233d35a20c438090e4b3166e8aacec1e0c6002b9fb8eb4ead1fb22cd79dd4d9e74654eae081d2fbc387750b82b +DIST iptables-1.6.0.tar.bz2 608288 SHA256 4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60 SHA512 60360910db76e3265fb7b6456a55b91708263bde9c4e5b9cadf3832d2e2a9db3e6cb60c82e278ea0672618bd5c9566c374e00d19d35a2e8f330116c3ab6aaf51 WHIRLPOOL e5ab2398b0650883d31ea144777a6b00904a4e02434f0420037aa54cfc5e47359b95604e945ae3a1abbf3037c37aea2143d3a5457a500e12f1c1139b11655015 +EBUILD iptables-1.6.0.ebuild 3307 SHA256 b382f04b62997bb5a0f805d0675ffefde4b0ea38231f7d8b2b048d83bc222d3c SHA512 24d8cbebf82fea1f367009e035708a1cd53e867df1e71cdbdc9dc57922da0082a7b6bf4921675edee7e1995ea033bf444fdd46f8e05f7863cd0423205ba143b7 WHIRLPOOL b27c8bb82c6932554c9266c2f81cbdea20b8527e9f0a00e8b4dfb1c27fb683b0ae4a85c3f6ea952d61dae5f2356a1668ca6367377fd46ec1a724704bf444db58 +EBUILD iptables-9999.ebuild 3246 SHA256 258162d4ee9b4c244ea15920618705905e148a7bd2e28d80d917bdaf71a2665c SHA512 7ef7f7ac4a9061a957c9cbd25933a2d1fa6afde9627ac0c12ab7ec25ca5fa1bce0e08eee59aa332c4664753cd65aa75fc2690dcafb3f14671fe187799f138a03 WHIRLPOOL d27cadae8bc19b5ea5efdd94806138aae62c94612aa5a741723d91fb14cff0fabd18cb359be7c942a78c4bcdf085a8b251f0aa0ccc195aa60f8625ac4a123da2 diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init index ec76ed93..06d295f9 100755 --- a/net-firewall/iptables/files/iptables.init +++ b/net-firewall/iptables/files/iptables.init @@ -6,18 +6,26 @@ extra_commands="check save panic" extra_started_commands="reload" -iptables_name=${SVCNAME} -case ${iptables_name} in -iptables|ip6tables) ;; -*) iptables_name="iptables" ;; +iptables_name="${SVCNAME}" +case "${iptables_name}" in + iptables|ip6tables) + : + ;; + *) + iptables_name="iptables" + ;; esac iptables_bin="/sbin/${iptables_name}" -case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE};; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE};; +case "${iptables_name}" in + iptables) + iptables_proc="/proc/net/ip_tables_names" + iptables_save="${IPTABLES_SAVE}" + ;; + ip6tables) + iptables_proc="/proc/net/ip6_tables_names" + iptables_save="${IP6TABLES_SAVE}" + ;; esac depend() { @@ -26,29 +34,32 @@ depend() { } set_table_policy() { - local chains table=$1 policy=$2 - case ${table} in - nat) chains="PREROUTING POSTROUTING OUTPUT";; - mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; - filter) chains="INPUT FORWARD OUTPUT";; - *) chains="";; + local chain chains table policy + table="${1}" + policy="${2}" + + case "${table}" in + nat) chains="PREROUTING POSTROUTING OUTPUT" ;; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING" ;; + filter) chains="INPUT FORWARD OUTPUT" ;; + *) chains="" ;; esac - local chain for chain in ${chains} ; do - ${iptables_bin} -w -t ${table} -P ${chain} ${policy} + "${iptables_bin}" -w -t "${table}" -P "${chain}" "${policy}" done } checkkernel() { - if [ ! -e ${iptables_proc} ] ; then + if [ ! -e "${iptables_proc}" ] ; then eerror "Your kernel lacks ${iptables_name} support, please load" eerror "appropriate modules and try again." return 1 fi return 0 } + checkconfig() { - if [ ! -f ${iptables_save} ] ; then + if [ ! -f "${iptables_save}" ] ; then eerror "Not starting ${iptables_name}. First create some rules then run:" eerror "/etc/init.d/${iptables_name} save" return 1 @@ -58,36 +69,51 @@ checkconfig() { start() { checkconfig || return 1 + + if [ -x /sbin/setsystz ] && grep -qi ' time ' "${iptables_save}"; then + ebegin "Setting kernel timezone (for -m TIME rules)" + /sbin/setsystz + eend ${?} "setsystz failed" + fi ebegin "Loading ${iptables_name} state and starting firewall" - ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + "${iptables_bin}-restore" ${SAVE_RESTORE_OPTIONS:-} < "${iptables_save}" eend $? } stop() { + local a + if [ "${SAVE_ON_STOP}" = "yes" ] ; then save || return 1 fi + checkkernel || return 1 + ebegin "Stopping firewall" - local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a + for a in $( cat "${iptables_proc}" ) ; do + set_table_policy "${a}" ACCEPT + + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" done - eend $? + + eend ${?} } reload() { + local a + checkkernel || return 1 checkrules || return 1 + ebegin "Flushing firewall" - local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a + + for a in $( cat "${iptables_proc}" ) ; do + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" done + eend $? start @@ -95,8 +121,10 @@ reload() { checkrules() { ebegin "Checking rules" - ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" - eend $? + + "${iptables_bin}-restore" --test ${SAVE_RESTORE_OPTIONS:-} < "${iptables_save}" + + eend ${?} } check() { @@ -106,25 +134,31 @@ check() { save() { ebegin "Saving ${iptables_name} state" - checkpath -q -d "$(dirname "${iptables_save}")" + + checkpath -q -d "$( dirname "${iptables_save}" )" checkpath -q -m 0600 -f "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? + "${iptables_bin}-save" ${SAVE_RESTORE_OPTIONS:-} > "${iptables_save}" + + eend ${?} } panic() { + local a + checkkernel || return 1 - if service_started ${iptables_name}; then - rc-service ${iptables_name} stop + + if service_started "${iptables_name}"; then + rc-service "${iptables_name}" stop fi - local a ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w -F -t $a - ${iptables_bin} -w -X -t $a - set_table_policy $a DROP + for a in $( cat "${iptables_proc}" ) ; do + "${iptables_bin}" -w -F -t "${a}" + "${iptables_bin}" -w -X -t "${a}" + + set_table_policy "${a}" DROP done - eend $? + + eend ${?} } diff --git a/net-firewall/iptables/iptables-1.6.0.ebuild b/net-firewall/iptables/iptables-1.6.0.ebuild new file mode 100644 index 00000000..cee96e54 --- /dev/null +++ b/net-firewall/iptables/iptables-1.6.0.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id: d3c06aaa14204ce737e4d54979b3e5844fbe59d0 $ + +EAPI="5" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit autotools eutils flag-o-matic multilib systemd toolchain-funcs + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +# Subslot tracks libxtables as that's the one other packages generally link +# against and iptables changes. Will have to revisit if other sonames change. +SLOT="0/11" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="conntrack ipv6 netlink nftables pcap static-libs systemd" + +RDEPEND=" + conntrack? ( net-libs/libnetfilter_conntrack ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0 + >=net-libs/libnftnl-1.0.5 + ) + pcap? ( net-libs/libpcap ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig + nftables? ( + sys-devel/flex + virtual/yacc + ) +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + sed -i \ + -e '/define XT_LOCK_NAME/s:"/run/:"/var/run/:' \ + iptables/xshared.c || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + --enable-libipq \ + $(use_enable nftables) \ + $(use_enable pcap bpf-compiler) \ + $(use_enable pcap nfsynproxy) \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + # Deal with parallel build errors. + use nftables && emake -C iptables xtables-config-parser.h + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/iptables.init iptables + newconfd "${FILESDIR}"/iptables-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + if use systemd; then + systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service + fi + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-9999.ebuild b/net-firewall/iptables/iptables-9999.ebuild index 4df5109f..a2c83b63 100644 --- a/net-firewall/iptables/iptables-9999.ebuild +++ b/net-firewall/iptables/iptables-9999.ebuild @@ -66,8 +66,8 @@ src_configure() { --enable-devel \ --enable-shared \ --enable-libipq \ - --enable-nfsynproxy \ $(use_enable pcap bpf-compiler) \ + $(use_enable pcap nfsynproxy) \ $(use_enable static-libs static) \ $(use_enable ipv6) } @@ -93,11 +93,11 @@ src_install() { doins include/iptables/internal.h keepdir /var/lib/iptables - newinitd "${FILESDIR}"/${PN}.init iptables - newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + newinitd "${FILESDIR}"/iptables.init iptables + newconfd "${FILESDIR}"/iptables-1.4.13.confd iptables if use ipv6 ; then keepdir /var/lib/ip6tables - newinitd "${FILESDIR}"/${PN}.init ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables fi |