From d8807f594ff57bb9503df8179e76b8c5b47fe9fc Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com>
Date: Fri, 30 Nov 2018 20:46:56 +0000
Subject: [PATCH] net-firewall/iptables: Import from portage-stable

---
 .../md5-cache/net-firewall/iptables-1.6.2-r2  |  13 ++
 .../net-firewall/iptables/Manifest            |   1 +
 .../iptables/files/ip6tables-1.4.13.confd     |  19 +++
 .../iptables/files/iptables-1.4.13.confd      |  19 +++
 .../net-firewall/iptables/files/iptables.init | 129 ++++++++++++++++++
 .../files/systemd/ip6tables-restore.service   |  14 ++
 .../files/systemd/ip6tables-store.service     |  11 ++
 .../iptables/files/systemd/ip6tables.service  |   6 +
 .../files/systemd/iptables-restore.service    |  14 ++
 .../files/systemd/iptables-store.service      |  11 ++
 .../iptables/files/systemd/iptables.service   |   6 +
 .../iptables/iptables-1.6.2-r2.ebuild         | 123 +++++++++++++++++
 .../net-firewall/iptables/metadata.xml        |  29 ++++
 13 files changed, 395 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/net-firewall/iptables-1.6.2-r2
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/Manifest
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/ip6tables-1.4.13.confd
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.4.13.confd
 create mode 100755 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables.init
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-restore.service
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-store.service
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables.service
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-restore.service
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-store.service
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables.service
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/iptables-1.6.2-r2.ebuild
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/metadata.xml

diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/net-firewall/iptables-1.6.2-r2 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/net-firewall/iptables-1.6.2-r2
new file mode 100644
index 0000000000..710d9a706c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/net-firewall/iptables-1.6.2-r2
@@ -0,0 +1,13 @@
+DEFINED_PHASES=compile configure install prepare
+DEPEND=conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) netlink? ( net-libs/libnfnetlink ) nftables? ( >=net-libs/libmnl-1.0:0= >=net-libs/libnftnl-1.0.5:0= ) pcap? ( net-libs/libpcap ) virtual/os-headers >=sys-kernel/linux-headers-4.4:0 virtual/pkgconfig nftables? ( sys-devel/flex virtual/yacc ) virtual/pkgconfig >=app-portage/elt-patches-20170815
+DESCRIPTION=Linux kernel (2.4+) firewall, NAT and packet mangling tools
+EAPI=6
+HOMEPAGE=https://www.netfilter.org/projects/iptables/
+IUSE=conntrack ipv6 netlink nftables pcap static-libs
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86
+LICENSE=GPL-2
+RDEPEND=conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) netlink? ( net-libs/libnfnetlink ) nftables? ( >=net-libs/libmnl-1.0:0= >=net-libs/libnftnl-1.0.5:0= ) pcap? ( net-libs/libpcap ) nftables? ( net-misc/ethertypes )
+SLOT=0/12
+SRC_URI=https://www.netfilter.org/projects/iptables/files/iptables-1.6.2.tar.bz2
+_eclasses_=autotools	1bf086cdd7356f5c9a4acd9727bd2065	desktop	b1d22ac8bdd4679ab79c71aca235009d	epatch	a1bf4756dba418a7238f3be0cb010c54	estack	43ddf5aaffa7a8d0482df54d25a66a1f	eutils	6e6c2737b59a4b982de6fb3ecefd87f8	flag-o-matic	55aaa148741116aa54ad0d80e361818e	libtool	f143db5a74ccd9ca28c1234deffede96	ltprune	08f9e1d9ee0af8f5d9a7854efbcd8c0e	multilib	b2f01ad412baf81650c23fcf0975fa33	preserve-libs	ef207dc62baddfddfd39a164d9797648	systemd	47c677ae1d7b69031f11f630ac09f0d1	toolchain-funcs	f164325a2cdb5b3ea39311d483988861	vcs-clean	2a0f74a496fa2b1552c4f3398258b7bf
+_md5_=31725eeb8a1903749ec428aea6abdd02
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/Manifest b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/Manifest
new file mode 100644
index 0000000000..c5e244b595
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/Manifest
@@ -0,0 +1 @@
+DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/ip6tables-1.4.13.confd b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/ip6tables-1.4.13.confd
new file mode 100644
index 0000000000..3bb36989d3
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/ip6tables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/ip6tables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.4.13.confd b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.4.13.confd
new file mode 100644
index 0000000000..7225374c3a
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables.init b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables.init
new file mode 100755
index 0000000000..10394c6f09
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/iptables.init
@@ -0,0 +1,129 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+iptables|ip6tables) ;;
+*) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	need localmount #434774
+	before net
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -w -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -w -F -t $a
+		${iptables_bin} -w -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	checkrules || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -w -F -t $a
+		${iptables_bin} -w -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+checkrules() {
+	ebegin "Checking rules"
+	${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+check() {
+	# Short name for users of init.d script.
+	checkrules
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	checkpath -q -d "$(dirname "${iptables_save}")"
+	checkpath -q -m 0600 -f "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	if service_started ${iptables_name}; then
+		rc-service ${iptables_name} stop
+	fi
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -w -F -t $a
+		${iptables_bin} -w -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-restore.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-restore.service
new file mode 100644
index 0000000000..921b691296
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore ip6tables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=ip6tables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip6tables-restore -w -- /var/lib/ip6tables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-store.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-store.service
new file mode 100644
index 0000000000..9975378353
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store ip6tables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables.service
new file mode 100644
index 0000000000..0a6d7fa1c8
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/ip6tables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore ip6tables firewall rules
+
+[Install]
+Also=ip6tables-store.service
+Also=ip6tables-restore.service
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-restore.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-restore.service
new file mode 100644
index 0000000000..a9e5679354
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore iptables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=iptables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore -w -- /var/lib/iptables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-store.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-store.service
new file mode 100644
index 0000000000..aa16e75e9c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store iptables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables.service b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables.service
new file mode 100644
index 0000000000..3643a3e310
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/files/systemd/iptables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore iptables firewall rules
+
+[Install]
+Also=iptables-store.service
+Also=iptables-restore.service
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/iptables-1.6.2-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/iptables-1.6.2-r2.ebuild
new file mode 100644
index 0000000000..6688c68b71
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/iptables-1.6.2-r2.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit ltprune multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes.  Will have to revisit if other sonames change.
+SLOT="0/12"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+	netlink? ( net-libs/libnfnetlink )
+	nftables? (
+		>=net-libs/libmnl-1.0:0=
+		>=net-libs/libnftnl-1.0.5:0=
+	)
+	pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+	virtual/os-headers
+	>=sys-kernel/linux-headers-4.4:0
+	virtual/pkgconfig
+	nftables? (
+		sys-devel/flex
+		virtual/yacc
+	)
+"
+RDEPEND="${COMMON_DEPEND}
+	nftables? ( net-misc/ethertypes )
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	eapply_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	# Hack around struct mismatches between userland & kernel for some ABIs. #472388
+	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+		configure || die
+
+	local myeconfargs=(
+		--sbindir="${EPREFIX}/sbin"
+		--libexecdir="${EPREFIX}/$(get_libdir)"
+		--enable-devel
+		--enable-shared
+		$(use_enable nftables)
+		$(use_enable pcap bpf-compiler)
+		$(use_enable pcap nfsynproxy)
+		$(use_enable static-libs static)
+		$(use_enable ipv6)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	# Deal with parallel build errors.
+	use nftables && emake -C iptables xtables-config-parser.h
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	if use nftables; then
+		# Bug 647458
+		rm "${ED%/}"/etc/ethertypes || die
+	fi
+
+	systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+	if use ipv6 ; then
+		systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+	fi
+
+	# Move important libs to /lib #332175
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+	prune_libtool_files
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/metadata.xml b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/metadata.xml
new file mode 100644
index 0000000000..0b5f57f8bf
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-firewall/iptables/metadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>base-system@gentoo.org</email>
+		<name>Gentoo Base System</name>
+	</maintainer>
+	<use>
+		<flag name="conntrack">Build against <pkg>net-libs/libnetfilter_conntrack</pkg> when enables the connlabel matcher</flag>
+		<flag name="netlink">Build against libnfnetlink which enables the nfnl_osf util</flag>
+		<flag name="nftables">Support nftables kernel interface</flag>
+		<flag name="pcap">Build against <pkg>net-libs/libpcap</pkg> which enables the nfbpf_compile util</flag>
+	</use>
+	<longdescription>
+		iptables is the userspace command line program used to set up, maintain, and
+		inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a
+		part of packet filtering framework which allows the stateless and stateful
+		packet filtering, all kinds of network address and port translation, and is a
+		flexible and extensible infrastructure with multiple layers of API's for 3rd
+		party extensions. The iptables package also includes ip6tables. ip6tables is
+		used for configuring the IPv6 packet filter.
+
+		Note that some extensions (e.g. imq and l7filter) are not included into
+		official kernel sources so you have to patch the sources before installation.
+	</longdescription>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:netfilter_core_team:iptables</remote-id>
+	</upstream>
+</pkgmetadata>