Lots of small fixes

author: Daniel Ahlberg <aliz@gentoo.org> 2003-05-04 18:19:03 +0000
committer: Daniel Ahlberg <aliz@gentoo.org> 2003-05-04 18:19:03 +0000
commit: 7e1263321eaecd364126cf964c87da5d8eea11b9 (patch)
tree: 428a03a0106a1e2d6f87d2147fc5d5af7769a107 /net-firewall
parent: Updated ebuild to respect tcltk USE flag (diff)
download: gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.tar.gz
gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.tar.bz2
gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.zip
7 files changed, 204 insertions, 27 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog
index 6b3d252edc7c..f34ec090bcab 100644
--- a/net-firewall/iptables/ChangeLog
+++ b/net-firewall/iptables/ChangeLog
@@ -1,6 +1,20 @@
 # ChangeLog for net-firewall/iptables
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.9 2003/05/02 09:45:56 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.10 2003/05/04 18:19:03 aliz Exp $
+
+*iptables-1.2.8-r1 (04 May 2003)
+
+  04 May May 2003; Daniel Ahlberg <aliz@gentoo.org> iptables-1.2.8-r1.ebuild, files/iptables.init 
+							files/iptables.confd, files/ip6tables.init
+							files/ip6tables.confd :
+  Fixed ipv6 support. Closes #17155.
+
+  04 May 2003; Daniel Ahlberg <aliz@gentoo.org> files/1.2.8-files/03_hppa_gentoo.patch.bz2 :
+  doh! uncompressed patch.
+
+  04 May 2003; Daniel Ahlberg <aliz@gentoo.org> files/iptables.init :
+  Removed auto saving of rules when stopping iptables. Closing #15333 
+  and #13673.
 
   02 May 2003; Daniel Ahlberg <aliz@gentoo.org> iptables-1.2.8.ebuild :
   Force -O2 if no -O flag is set. Remove 03_all_no_optimize_fix.patch.bz2.
diff --git a/net-firewall/iptables/files/digest-iptables-1.2.8-r1 b/net-firewall/iptables/files/digest-iptables-1.2.8-r1
new file mode 100644
index 000000000000..3f611d49e423
--- /dev/null
+++ b/net-firewall/iptables/files/digest-iptables-1.2.8-r1
@@ -0,0 +1 @@
+MD5 cf62ebdabf05ccc5479334cc04fa993c iptables-1.2.8.tar.bz2 125446
diff --git a/net-firewall/iptables/files/ip6tables.confd b/net-firewall/iptables/files/ip6tables.confd
new file mode 100644
index 000000000000..8bc53f4afcff
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables.confd
@@ -0,0 +1,11 @@
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Change to "yes" to enable forwarding support in the kernel.  Please
+# note that this will override any setting placed in /etc/sysctl.conf.
+ENABLE_FORWARDING_IPv6="no"
+
+#Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
diff --git a/net-firewall/iptables/files/ip6tables.init b/net-firewall/iptables/files/ip6tables.init
new file mode 100644
index 000000000000..406de57b1434
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables.init
@@ -0,0 +1,71 @@
+#!/sbin/runscript
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or
+# later
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/ip6tables.init,v 1.1 2003/05/04 18:19:03 aliz Exp $
+
+opts="start stop save"
+
+depend() {
+	need logger net
+}
+
+checkrules() {
+	if [ ! -f ${IP6TABLES_SAVE} ]
+	then
+		eerror "Not starting ip6tables. First create some rules then run"
+		eerror "/etc/init.d/ip6tables save"
+		return 1
+	fi
+}
+
+start() {
+	checkrules || return 1	
+	ebegin "Loading ip6tables state and starting firewall"
+	einfo "Restoring ip6tables ruleset"
+	/sbin/ip6tables-restore ${SAVE_RESTORE_OPTIONS} < ${IP6TABLES_SAVE}
+
+	if [ "${ENABLE_FORWARDING_IPv6}" = "yes" ] ; then
+		einfo "Enabling forwarding for ipv6"
+		echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
+        fi
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		# set sane defaults that disable forwarding
+		if [ -f /proc/sys/net/ipv6/conf/all/forwarding ] ; then
+			echo "0" > /proc/sys/net/ipv6/conf/all/forwarding
+		fi
+
+		for a in `cat /proc/net/ip_tables_names`; do
+			ip6tables -F -t $a
+			ip6tables -X -t $a
+
+			if [ $a == nat ]; then
+				ip6tables -t nat -P PREROUTING ACCEPT
+				ip6tables -t nat -P POSTROUTING ACCEPT
+				ip6tables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				ip6tables -t mangle -P PREROUTING ACCEPT
+				ip6tables -t mangle -P INPUT ACCEPT
+				ip6tables -t mangle -P FORWARD ACCEPT
+				ip6tables -t mangle -P OUTPUT ACCEPT
+				ip6tables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				ip6tables -t filter -P INPUT ACCEPT
+				ip6tables -t filter -P FORWARD ACCEPT
+				ip6tables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+save() {
+        ebegin "Saving ip6tables state"
+        /sbin/ip6tables-save ${SAVE_RESTORE_OPTIONS} > ${IP6TABLES_SAVE}
+        eend $?
+}
+
diff --git a/net-firewall/iptables/files/iptables.confd b/net-firewall/iptables/files/iptables.confd
index b09de80da5b1..7dbea450b700 100644
--- a/net-firewall/iptables/files/iptables.confd
+++ b/net-firewall/iptables/files/iptables.confd
@@ -6,7 +6,6 @@ IPTABLES_SAVE="/var/lib/iptables/rules-save"
 # Change to "yes" to enable forwarding support in the kernel.  Please
 # note that this will override any setting placed in /etc/sysctl.conf.
 ENABLE_FORWARDING_IPv4="no"
-ENABLE_FORWARDING_IPv6="no"
 
 #Options to pass to iptables-save and iptables-restore 
 SAVE_RESTORE_OPTIONS="-c"
diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init
index 673cd5a4347c..9aeb20d4652e 100644
--- a/net-firewall/iptables/files/iptables.init
+++ b/net-firewall/iptables/files/iptables.init
@@ -2,7 +2,7 @@
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License, v2 or
 # later
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables.init,v 1.1 2003/03/11 21:50:24 mholzer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables.init,v 1.2 2003/05/04 18:19:03 aliz Exp $
 
 opts="start stop save"
 
@@ -10,45 +10,36 @@ depend() {
 	need logger net
 }
 
-start() {
-	ebegin "Loading iptables state and starting firewall"
-	# This variable is set in /etc/conf.d/iptables
+checkrules() {
 	if [ ! -f ${IPTABLES_SAVE} ]
 	then
-		einfo "Not starting iptables. First create some rules then run"
-		einfo "/etc/init.d/iptables save"
-	else 
-		einfo "Restoring iptables ruleset"
-		/sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
+		eerror "Not starting iptables. First create some rules then run"
+		eerror "/etc/init.d/iptables save"
+		return 1
+	fi
+}
 
-		if [ "${ENABLE_FORWARDING_IPv4}" = "yes" ] ; then
-			einfo "Enabling forwarding for ipv4"
-			echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
-		fi
+start() {
+	checkrules || return 1	
+	ebegin "Loading iptables state and starting firewall"
+	einfo "Restoring iptables ruleset"
+	/sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
 
-		if [ "${ENABLE_FORWARDING_IPv6}" = "yes" ] ; then
-			einfo "Enabling forwarding for ipv6"
-			echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
-               fi
+	if [ "${ENABLE_FORWARDING_IPv4}" = "yes" ] ; then
+		einfo "Enabling forwarding for ipv4"
+		echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
 	fi
 
 	eend $?
 }
 
 stop() {
-	ebegin "Stopping firewall and saving iptables state"
-		# This way we don't forget to save changes
-		/sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
-
+	ebegin "Stopping firewall"
 		# set sane defaults that disable forwarding
 		if [ -f /proc/sys/net/ipv4/conf/all/forwarding ] ; then
 			echo "0" > /proc/sys/net/ipv4/conf/all/forwarding
 		fi
 
-		if [ -f /proc/sys/net/ipv6/conf/all/forwarding ] ; then
-			echo "0" > /proc/sys/net/ipv6/conf/all/forwarding
-		fi
-
 		for a in `cat /proc/net/ip_tables_names`; do
 			iptables -F -t $a
 			iptables -X -t $a
diff --git a/net-firewall/iptables/iptables-1.2.8-r1.ebuild b/net-firewall/iptables/iptables-1.2.8-r1.ebuild
new file mode 100644
index 000000000000..7b353795db36
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.2.8-r1.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.8-r1.ebuild,v 1.1 2003/05/04 18:19:03 aliz Exp $
+
+inherit eutils flag-o-matic
+
+IUSE="ipv6"
+
+S=${WORKDIR}/${P}
+DESCRIPTION="Kernel 2.4 firewall, NAT and packet mangling tools"
+SRC_URI="http://www.iptables.org/files/${P}.tar.bz2"
+HOMEPAGE="http://www.iptables.org/"
+
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~alpha ~sparc ~hppa ~arm ~mips"
+LICENSE="GPL-2"
+
+# iptables is dependent on kernel sources.  Strange but true.
+DEPEND="virtual/os-headers"
+
+src_unpack() {
+	if [ -z $( get-flag O ) ]; then
+		append-flags -O2
+ 	fi
+
+	unpack ${A}
+	cd ${S}
+
+	epatch ${FILESDIR}/${PV}-files
+
+	# The folowing hack is needed because ${ARCH} is "sparc" and not "sparc64"
+	# and epatch uses ??_${ARCH}_foo.${EPATCH_SUFFIX} when reading from directories
+	[ "${PROFILE_ARCH}" = "sparc64" ] && epatch ${FILESDIR}/sparc64_limit_fix.patch.bz2
+
+	chmod +x extensions/.IMQ-test*
+
+	cp Makefile Makefile.new
+	sed -e "s:-O2:${CFLAGS}:g" -e "s:/usr/local::g" Makefile.new > Makefile
+}
+
+src_compile() {
+	# iptables and libraries are now installed to /sbin and /lib, so that
+	# systems with remote network-mounted /usr filesystems can get their
+	# network interfaces up and running correctly without /usr.
+
+#	local myconf
+	use ipv6 && myconf="${myconf} DO_IPV6=1" || myconf="${myconf} DO_IPV6=0"
+
+	make \
+		LIBDIR=/lib \
+		BINDIR=/sbin \
+		MANDIR=/usr/share/man \
+		INCDIR=/usr/include \
+		KERNEL_DIR=/usr/src/linux \
+		|| die
+}
+
+src_install() {
+#	local myconf
+#	use ipv6 && myconf="${myconf} DO_IPV6=1" || myconf="${myconf} DO_IPV6=0"
+
+	make DESTDIR=${D} MANDIR=/usr/share/man ${myconf} install-experimental
+	make DESTDIR=${D} MANDIR=/usr/share/man ${myconf} install
+	make DESTDIR=${D} ${myconf} \
+		LIBDIR=/usr/lib \
+		MANDIR=/usr/share/man \
+		INCDIR=/usr/include \
+		install-devel
+
+	dodoc COPYING KNOWN_BUGS
+	dodir /var/lib/iptables ; keepdir /var/lib/iptables
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/iptables.init iptables
+	insinto /etc/conf.d
+	newins ${FILESDIR}/iptables.confd iptables
+
+	if [ `use ipv6` ]; then
+		dodir /var/lib/ip6tables ; keepdir /var/lib/ip6tables
+		exeinto /etc/init.d
+		newexe ${FILESDIR}/ip6tables.init ip6tables
+		insinto /etc/conf.d
+		newins ${FILESDIR}/ip6tables.confd ip6tables
+	fi	
+}
+
+pkg_postinst() {
+	einfo "This package now includes an initscript which loads and saves"
+	einfo "rules stored in /var/lib/iptables/rules-save"
+	einfo "This location can be changed in /etc/conf.d/iptables"
+}
author	Daniel Ahlberg <aliz@gentoo.org>	2003-05-04 18:19:03 +0000
committer	Daniel Ahlberg <aliz@gentoo.org>	2003-05-04 18:19:03 +0000
commit	7e1263321eaecd364126cf964c87da5d8eea11b9 (patch)
tree	428a03a0106a1e2d6f87d2147fc5d5af7769a107 /net-firewall
parent	Updated ebuild to respect tcltk USE flag (diff)
download	gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.tar.gz gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.tar.bz2 gentoo-2-7e1263321eaecd364126cf964c87da5d8eea11b9.zip