mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-23 07:21:14 +02:00
feat(net-firewall/iptables) remove as portage-stable has newer version
This commit is contained in:
Greg Kroah-Hartman
parent
8087daaa3e
commit
519a0e0512
@ -1 +0,0 @@
|
|||||||
DIST iptables-1.4.8.tar.bz2 474980 SHA256 342926b3f9635f89f479660835b0ba518ccd465552e41c29aa83c5af7d506496 SHA512 62f412030fa90df5fd3a679e3436711f43178ecbcacc23a255e58a603914af14ebc5cb08f1765092244e7e20cc8ba2722942c3d5d238babaa613b8d7e266c830 WHIRLPOOL fc0a273d9f57f5e32be18d552015759cb9c6d747bbf98b4a46cbf92097ac47fa032b33050cc9ae52186ff3e5f7870ea29975351ec4c94c8c425352f65780dfb7
|
|
||||||
@ -1,11 +0,0 @@
|
|||||||
# /etc/conf.d/ip6tables
|
|
||||||
|
|
||||||
# Location in which iptables initscript will save set rules on
|
|
||||||
# service shutdown
|
|
||||||
IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
|
|
||||||
|
|
||||||
# Options to pass to iptables-save and iptables-restore
|
|
||||||
SAVE_RESTORE_OPTIONS="-c"
|
|
||||||
|
|
||||||
# Save state on stopping iptables
|
|
||||||
SAVE_ON_STOP="yes"
|
|
||||||
@ -1,11 +0,0 @@
|
|||||||
# /etc/conf.d/iptables
|
|
||||||
|
|
||||||
# Location in which iptables initscript will save set rules on
|
|
||||||
# service shutdown
|
|
||||||
IPTABLES_SAVE="/var/lib/iptables/rules-save"
|
|
||||||
|
|
||||||
# Options to pass to iptables-save and iptables-restore
|
|
||||||
SAVE_RESTORE_OPTIONS="-c"
|
|
||||||
|
|
||||||
# Save state on stopping iptables
|
|
||||||
SAVE_ON_STOP="yes"
|
|
||||||
@ -1,114 +0,0 @@
|
|||||||
#!/sbin/runscript
|
|
||||||
# Copyright 1999-2007 Gentoo Foundation
|
|
||||||
# Distributed under the terms of the GNU General Public License v2
|
|
||||||
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.6 2007/03/12 21:49:04 vapier Exp $
|
|
||||||
|
|
||||||
opts="save reload panic"
|
|
||||||
|
|
||||||
iptables_name=${SVCNAME}
|
|
||||||
if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
|
|
||||||
iptables_name="iptables"
|
|
||||||
fi
|
|
||||||
|
|
||||||
iptables_bin="/sbin/${iptables_name}"
|
|
||||||
case ${iptables_name} in
|
|
||||||
iptables) iptables_proc="/proc/net/ip_tables_names"
|
|
||||||
iptables_save=${IPTABLES_SAVE};;
|
|
||||||
ip6tables) iptables_proc="/proc/net/ip6_tables_names"
|
|
||||||
iptables_save=${IP6TABLES_SAVE};;
|
|
||||||
esac
|
|
||||||
|
|
||||||
depend() {
|
|
||||||
before net
|
|
||||||
use logger
|
|
||||||
}
|
|
||||||
|
|
||||||
set_table_policy() {
|
|
||||||
local chains table=$1 policy=$2
|
|
||||||
case ${table} in
|
|
||||||
nat) chains="PREROUTING POSTROUTING OUTPUT";;
|
|
||||||
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
|
|
||||||
filter) chains="INPUT FORWARD OUTPUT";;
|
|
||||||
*) chains="";;
|
|
||||||
esac
|
|
||||||
local chain
|
|
||||||
for chain in ${chains} ; do
|
|
||||||
${iptables_bin} -t ${table} -P ${chain} ${policy}
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
checkkernel() {
|
|
||||||
if [ ! -e ${iptables_proc} ] ; then
|
|
||||||
eerror "Your kernel lacks ${iptables_name} support, please load"
|
|
||||||
eerror "appropriate modules and try again."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
checkconfig() {
|
|
||||||
if [ ! -f ${iptables_save} ] ; then
|
|
||||||
eerror "Not starting ${iptables_name}. First create some rules then run:"
|
|
||||||
eerror "/etc/init.d/${iptables_name} save"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
start() {
|
|
||||||
checkconfig || return 1
|
|
||||||
ebegin "Loading ${iptables_name} state and starting firewall"
|
|
||||||
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
stop() {
|
|
||||||
if [ "${SAVE_ON_STOP}" = "yes" ] ; then
|
|
||||||
save || return 1
|
|
||||||
fi
|
|
||||||
checkkernel || return 1
|
|
||||||
ebegin "Stopping firewall"
|
|
||||||
local a
|
|
||||||
for a in $(cat ${iptables_proc}) ; do
|
|
||||||
set_table_policy $a ACCEPT
|
|
||||||
|
|
||||||
${iptables_bin} -F -t $a
|
|
||||||
${iptables_bin} -X -t $a
|
|
||||||
done
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
reload() {
|
|
||||||
checkkernel || return 1
|
|
||||||
ebegin "Flushing firewall"
|
|
||||||
local a
|
|
||||||
for a in $(cat ${iptables_proc}) ; do
|
|
||||||
${iptables_bin} -F -t $a
|
|
||||||
${iptables_bin} -X -t $a
|
|
||||||
done
|
|
||||||
eend $?
|
|
||||||
|
|
||||||
start
|
|
||||||
}
|
|
||||||
|
|
||||||
save() {
|
|
||||||
ebegin "Saving ${iptables_name} state"
|
|
||||||
touch "${iptables_save}"
|
|
||||||
chmod 0600 "${iptables_save}"
|
|
||||||
${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
panic() {
|
|
||||||
checkkernel || return 1
|
|
||||||
service_started ${iptables_name} && svc_stop
|
|
||||||
|
|
||||||
local a
|
|
||||||
ebegin "Dropping all packets"
|
|
||||||
for a in $(cat ${iptables_proc}) ; do
|
|
||||||
${iptables_bin} -F -t $a
|
|
||||||
${iptables_bin} -X -t $a
|
|
||||||
|
|
||||||
set_table_policy $a DROP
|
|
||||||
done
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
@ -1,14 +0,0 @@
|
|||||||
https://bugs.gentoo.org/show_bug.cgi?id=321271
|
|
||||||
http://marc.info/?l=netfilter&m=127468045031428&w=2
|
|
||||||
http://marc.info/?l=netfilter&m=127468044931416&w=2
|
|
||||||
|
|
||||||
--- a/utils/Makefile.am
|
|
||||||
+++ b/utils/Makefile.am
|
|
||||||
@@ -1,5 +1,7 @@
|
|
||||||
# -*- Makefile -*-
|
|
||||||
|
|
||||||
+AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
|
|
||||||
+
|
|
||||||
sbin_PROGRAMS = nfnl_osf
|
|
||||||
pkgdata_DATA = pf.os
|
|
||||||
|
|
||||||
@ -1,63 +0,0 @@
|
|||||||
# Copyright 1999-2010 Gentoo Foundation
|
|
||||||
# Distributed under the terms of the GNU General Public License v2
|
|
||||||
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.8-r1.ebuild,v 1.2 2010/05/25 13:20:57 pva Exp $
|
|
||||||
|
|
||||||
EAPI="2"
|
|
||||||
inherit eutils toolchain-funcs autotools
|
|
||||||
|
|
||||||
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
|
|
||||||
HOMEPAGE="http://www.iptables.org/"
|
|
||||||
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
|
|
||||||
|
|
||||||
LICENSE="GPL-2"
|
|
||||||
SLOT="0"
|
|
||||||
KEYWORDS="~alpha amd64 arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86"
|
|
||||||
IUSE="ipv6"
|
|
||||||
|
|
||||||
DEPEND="virtual/os-headers"
|
|
||||||
RDEPEND=""
|
|
||||||
|
|
||||||
src_prepare() {
|
|
||||||
# use the saner headers from the kernel
|
|
||||||
rm -f include/linux/{kernel,types}.h
|
|
||||||
|
|
||||||
epatch "${FILESDIR}/${P}-build.patch" #321271
|
|
||||||
epatch_user
|
|
||||||
eautoreconf
|
|
||||||
}
|
|
||||||
|
|
||||||
src_configure() {
|
|
||||||
econf \
|
|
||||||
--sbindir=/sbin \
|
|
||||||
--libexecdir=/$(get_libdir) \
|
|
||||||
--enable-devel \
|
|
||||||
--enable-libipq \
|
|
||||||
--enable-shared \
|
|
||||||
--enable-static \
|
|
||||||
$(use_enable ipv6)
|
|
||||||
}
|
|
||||||
|
|
||||||
src_compile() {
|
|
||||||
emake V=1 || die
|
|
||||||
}
|
|
||||||
|
|
||||||
src_install() {
|
|
||||||
emake install DESTDIR="${D}" || die
|
|
||||||
dosbin iptables-apply || die
|
|
||||||
doman iptables-apply.8 || die
|
|
||||||
dodoc INCOMPATIBILITIES iptables.xslt || die
|
|
||||||
|
|
||||||
insinto /usr/include
|
|
||||||
doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die
|
|
||||||
insinto /usr/include/iptables
|
|
||||||
doins include/iptables/internal.h || die
|
|
||||||
|
|
||||||
keepdir /var/lib/iptables
|
|
||||||
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die
|
|
||||||
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die
|
|
||||||
if use ipv6 ; then
|
|
||||||
keepdir /var/lib/ip6tables
|
|
||||||
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
|
|
||||||
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
Loading…
x
Reference in New Issue
Block a user