Add net-firewall/nftables-0.8-r3

author: Stuart Shelton <stuart@shelton.me> 2018-01-12 12:46:53 +0000
committer: Stuart Shelton <stuart@shelton.me> 2018-01-12 12:46:53 +0000
commit: bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09 (patch)
tree: a591fec47c7d097b34bf2a5aff259fd040ba8f5b /net-firewall
parent: Add dev-lang/php-5.6.33, dev-lang/php-7.0.27, dev-lang/php-7.1.13 (diff)
download: srcshelton-bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09.tar.gz
srcshelton-bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09.tar.bz2
srcshelton-bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09.zip
4 files changed, 257 insertions, 0 deletions
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 28e84c4a..4e81e4b7 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,15 +1,19 @@
+AUX libexec/nftables.sh 3643 SHA256 8f8ca76bc1f77d09b1198e144479cd8cf7f50cf787317522ac6c1978ca9b7e6b SHA512 efc9b4f9520c78b6248f16bd5708669872e8abf949f6f4b81182f331f8532dfeaae2df648e8878e9b5cbd66c0259daab71035ea922754807654b2b3bc86b4352 WHIRLPOOL d3ea74671d3686af9e70a22bf727b9f64ab735cd63270ca283013fc1ba0cad6750ca82127e968f028b65dfe905aeb6275b4e9c295a43f5c8dfe2a7b815a66c44
 AUX nftables-0.4-nftables.8 30392 SHA256 772062e1e8b65c6f825a644c199b62d590fad93fd63ded7f52a0c76cda926690 SHA512 13475548e2720f84e0f2cc437260438429ad8fc457a2920d36b7f27a05799d2152c7ed9f9ff7043a852700b074a76aaa230c4ab5e67c13a2e84f7ce0ac473a52 WHIRLPOOL 644d93ac68dec16b29372ea0ee138077510a3c48d2801e372a6b4b6047037039aec21d9960e0da03bedccbafee722016b19201ca9eed73ba075a4c6cc396c09a
 AUX nftables-0.4.1-nftables.8 30461 SHA256 97ba96a0dce959d9d2a5e26f7e7d27a2e3e33d93aeff69fa26a801959ed6abdf SHA512 1c4a193c255ac5f89fe303c2125515b383a41dbb6fcdbb0abc02640b6b7863cf7b6cc679b13656461d57bad27627843669eafdf33cf308175ae9bc812f4116ff WHIRLPOOL 11afa35800ac96d111a5d95efcf1d2b2ae1326a654a692e26e47f15fc84e100e07639748341264e7c2006351badadbc6a79f13de9ee624868b65191c477ce1a1
 AUX nftables-0.4.2-nftables.8 30927 SHA256 0f1b98148486dcd42c9febda555ce395c8937b1ae78f58be36e4656dfaa71104 SHA512 6513bd82fed18391e8eb0cfadb225cd08e4597b4ab3b4b438eac3ed70c1824378cff42d7e0782be38262cac12d716dd68d2e985913ac6d3681fb50b7013f2b61 WHIRLPOOL 242da52c6209d8e537cf812a7568da1538fb36a86898f10df4e65120728a04fd976ea479c6f59cf90969cb958b628d8c25a5aa0b6ea07a25274bf1bb7bc53a57
 AUX nftables.8 9645 SHA256 bec3d7dcdc424691269852c9c322bb6ad770b6cfec4939920e32fa67ca8caac2 SHA512 aaf74c4bf0a854f3993b7ed5b9cecd436baa0bfc6b5ff119574d45c2504e5e772fc7cf41e1108b7f9cc013132c0bc0a86c6262cbfa870e639ad40ae93e25e4dc WHIRLPOOL e1c082fc3a56a9a0eb4782dfd9253857668052025d471e5124fc836246bc33b794f6d2293c46e2d5b0d8d1761b454ec8c21eb627ed95e97f07fe47f704dcdae2
 AUX nftables.confd 655 SHA256 d5e3077345dfea02849a70aea220396322a10c3808f0303b988119adbc56fdbd SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 WHIRLPOOL e39d13f996e620aa82714cb18e4f57624faa302f2259a44cc065804edf95fe07a314f744d17a76be6941c3771da6b233a19ae5b6b2f63783847121c63339197f
 AUX nftables.init 2356 SHA256 5451ea13c9f44ca8ad0e4835ee9ea465cb52f8a86ab1e83cd9460c4f691b5680 SHA512 c4795879d619f345dcac10f66738da3027b29de70be28d268929beed2c40c16bcd2e8a1f112b8c2376a441b5139d68b0f8599dc5427371f3bfaa04afde90eff0 WHIRLPOOL 71fb5eebcef64a31614d02c45836dc11edc46c7748f59718516ef98a0ce791bb57a005cee47df90c61ae40d6e1fbfcd10164679c8406918aff3c6c270a70ba97
+AUX systemd/nftables-restore.service 394 SHA256 ec9ca69ca916e0739de2eb229c8fee2a65a551a97886c4c0a69c35776f3f1c95 SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0 WHIRLPOOL 67eb5b72e81ca66ba079ffd3b574fd21d3ac3cb9fc3d4a3986b1b5543e4059adbdb633b432fa1bb71208a48b4e2eda425d1a09e4b853b7c555d48e8da2b92ded
 DIST nftables-0.2.tar.bz2 154821 SHA256 2b947f1ed5b66e042fbda7e5bb8353e9697a1c2cec4ea99ccbc822d2e89c505f SHA512 319f3de619634a31ed5903f87623cdf6f9f8f69124cd451d659ecc87121c97a7b9cc352a591d37a24b41c8b0a71c2da77928cdf0858f7f1269c2c1336784cf43 WHIRLPOOL 97c49af74660e5993cbbca81336fa1c7def81ca9e44d39c3405fb060713d472933172e98c59f9ae094cb8e8d5467ab540f69225798eacaf5c64cbb02ae9612e4
 DIST nftables-0.3.tar.bz2 160585 SHA256 4d372645442d89675c7148b8a0a112c4825b57edf8bad15ddf9a08c220229c2f SHA512 76e280e6c42ad3c1d70d0b16c2d488ba92ffae1611241a9949f537da143f613ba06d5b2d7fbc40f0b51ac26a4e35cb93954816bab99dc0f485ef5797e1fcf1a0 WHIRLPOOL 019478f5be2204e9d48df47fab0cd6c07650accbc10c0857cea22c407965db71986c3f03e07b205ac80aa1cfaf4550d25896d1f25ec7f2b859fd24d5a2f774e5
 DIST nftables-0.4.tar.bz2 362120 SHA256 f6ca69b75c68915f9f3a3972274ec68354dfbbcfc0b9fc55c813a0525c351d3c SHA512 0932cf987da602285fbf7c7f61328b0d74d687889c2d4a5bd2bd7fe11e8b99433bc5ee53ebbddadf2c90e40acdcb28f6babf07e11feedff815c571c3b782dffc WHIRLPOOL 1604010f260247c2fd98d33ca931eb0be6f38097937983aadfbdf2eb44fd3827212d00e6e6351821ccd8a2696fc696d9e7ec102d447387f930b8fb2afadc22a8
+DIST nftables-0.8.tar.gz 327629 SHA256 95603f34e47dbfe89a1d704e17131ba1d60f458343c573c0985ac1e84cbca85a SHA512 90ffebc338c121334ca42822793b6fdeff48390e755c690308919de47064b53f9af735a2c2914e5255f1bddec90484599337d4cdd67f7a01a3956deefcef9fcb WHIRLPOOL ef5224eabdb57a640d4a3d53c90721c5fc473e06af977ea8e8e3fc566f8755e858fa7780642a34c4da72480357671d75a460a32d97d60bb47d009f5cc735f0e2
 EBUILD nftables-0.2.ebuild 1046 SHA256 1a10625878573fa3d3e25d6af8833bb0ed51caadab60685ead2c7db6642018d9 SHA512 60ebf308e2885ee409a617b08a82e465b9cc514f43d2ba2a56ee3757259174a8c37001d4e9225431509e63b606d7ab7af86a931541f564029d077cb5417694a5 WHIRLPOOL 0acec148bad096a0f74fbdffce7eb3a43bf6da12cffb2bd6bb66202950c5f1e45aa3a254bca88af7078370ee4f70c890246447908137016d93424a0d07ff273a
 EBUILD nftables-0.3-r2.ebuild 1294 SHA256 d97720a7c9b5ba4ed52b7fe679289fc712cf90ababd675d96c6fe6f3c5480ee1 SHA512 c9411d14025fc1926c6ded8d2ce3823545c513d54b843ca3f9d3c4f0b05bbd44c2f530996471ef941b07af1b7d99de9e1c5acd596ede4e9dd285130c8ca5f971 WHIRLPOOL 266ff2c135c9cf3c42222ee178e7ea4cf20a5f6f620e4127a6151c92c0888fb3a7cb1d916d28cfe4cc09d12b6ab33c543646c12dd2c9a165cfc8feea464ecac3
 EBUILD nftables-0.4.1.9999.ebuild 1324 SHA256 dd76fbec5c6a4419258924f47b02b10f22ab8904ddaf506bb91bbe3f89983f9b SHA512 c1089884b852f4d0dec0fb5d9722a63dc5881f0e2a73397dc8cf798bc72cc901d350b6622fe8d7cdfdb2bd7e9ae69297d488073ca04f94a7729d6c79b907a4ad WHIRLPOOL ac03c64fa8a12aafc8e84c302cb4c30fbd2f98bddbc3e9bbf30c521a636ff9beb16b1280f33985710a271e8f562c70f522755a5c38385b6e98cae09e538737a6
 EBUILD nftables-0.4.2.9999.ebuild 1378 SHA256 55f6cacffae8696df02780f6e6854a2202c66d62fb3e377e7b6f6b8ee56332f6 SHA512 a030739319f3b8bb7d774676f33a2ab4ad4d8871c1aeb4cdc34e481722519ca1c9b35a9dbdea92ac59b26c386c68ee4b9cf74703942ffb7e5b616ace5b580642 WHIRLPOOL d2d36003f3df5aa5ef27f109687d8981ba98fd8991c65ce1088e9060664410c6d330e91e8b8347d2b7c93529e747f021742ecbc1920777431c8dbc19c3edba61
 EBUILD nftables-0.4.ebuild 1283 SHA256 4742c55e9e50786b172d0f5a67171a81b445244d47e461f2ce61a864b0dad1aa SHA512 41afa2f03009366e8078c29102818d313ae46640a7d67c9f7c0013869614b2fd056edd7270c4e9bf728a2a85625246e39a7716426baf26d7e8cdac35bd51ef63 WHIRLPOOL 1d58bd27a6f5dd9c65b8286ea8aebb48e25c63f5239b411314d8f534263873b0a9e36c26e24d484c68e44c44d3bd15bda6cbd1e6ef4eba335bfafc5bc30b6d88
+EBUILD nftables-0.8-r3.ebuild 2074 SHA256 ebb648342adb21fab80eddc542dcf57b7beea3229530264422838b7265e2172a SHA512 12aaa3f86ea74dd5178910dba6259ec2f596bc525313318700e70f031532444a0b950dadb70c90f5e6cbc66ee7d71daa957b9490094cae88be62abc758cb6da1 WHIRLPOOL 617f5b870952cf2cf9530745def1873ded5e83e9beacf03ceac8361b9c1add397702e21dd442db87313974c4ec84bb07c31c889c94174f80c00900b7316d7198
 EBUILD nftables-9999.ebuild 1298 SHA256 3fbdc894ed3b7a49820f835ae4bfd7c00dcc19a7d09bcaeaf74dea5a7b634c51 SHA512 e5d5fec0c13bc1129d8f1400dd14e9b45a2b64afddad660b44a2fb6bcfab4596235e917bb8ea883727ca8b66c7d1fd3c25ab42ac9f62940bcb72e4119447ec11 WHIRLPOOL 00fca81273cecb2582cf070cb43a64d5f69e01961c52f1a0be7e6321180d478622152c3aa8d97367b6224615a5e82d4e1c04b1028c92a34f2fbcdd87ed8dd63e
diff --git a/net-firewall/nftables/files/libexec/nftables.sh b/net-firewall/nftables/files/libexec/nftables.sh
new file mode 100755
index 00000000..cc55f856
--- /dev/null
+++ b/net-firewall/nftables/files/libexec/nftables.sh
@@ -0,0 +1,149 @@
+#! /bin/sh
+
+main() {
+    local NFTABLES_SAVE=${2:-'/var/lib/nftables/rules-save'}
+    local retval
+    case "$1" in
+        "clear")
+            if ! use_legacy; then
+                nft flush ruleset
+            else
+                clear_legacy
+            fi
+            retval=$?
+        ;;
+        "list")
+            if ! use_legacy; then
+                nft list ruleset
+            else
+                list_legacy
+            fi
+            retval=$?
+        ;;
+        "load")
+            nft -f ${NFTABLES_SAVE}
+            retval=$?
+        ;;
+        "store")
+            local tmp_save="${NFTABLES_SAVE}.tmp"
+            if ! use_legacy; then
+                nft ${SAVE_OPTIONS} list ruleset > ${tmp_save}
+            else
+                save_legacy ${tmp_save}
+            fi
+            retval=$?
+            if [ ${retval} ]; then
+                mv ${tmp_save} ${NFTABLES_SAVE}
+            fi
+        ;;
+    esac
+    return ${retval}
+}
+
+clear_legacy() {
+    local l3f line table chain first_line
+
+    first_line=1
+    if manualwalk; then
+        for l3f in $(getfamilies); do
+            nft list tables ${l3f} | while read line; do
+                table=$(echo ${line} | sed "s/table[ \t]*//")
+                deletetable ${l3f} ${table}
+            done
+        done
+    else
+        nft list tables | while read line; do
+            l3f=$(echo ${line} | cut -d ' ' -f2)
+            table=$(echo ${line} | cut -d ' ' -f3)
+            deletetable ${l3f} ${table}
+        done
+    fi
+}
+
+list_legacy() {
+    local l3f
+
+    if manualwalk; then
+        for l3f in $(getfamilies); do
+            nft list tables ${l3f} | while read line; do
+                line=$(echo ${line} | sed "s/table/table ${l3f}/")
+                echo "$(nft list ${line})"
+            done
+        done
+    else
+        nft list tables | while read line; do
+            echo "$(nft list ${line})"
+        done
+    fi
+}
+
+save_legacy() {
+    tmp_save=$1
+    touch "${tmp_save}"
+    if manualwalk; then
+        for l3f in $(getfamilies); do
+            nft list tables ${l3f} | while read line; do
+                line=$(echo ${line} | sed "s/table/table ${l3f}/")
+                nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save}
+            done
+        done
+    else
+        nft list tables | while read line; do
+            nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}"
+        done
+    fi
+}
+
+use_legacy() {
+    local major_ver minor_ver
+
+    major_ver=$(uname -r | cut -d '.' -f1)
+    minor_ver=$(uname -r | cut -d '.' -f2)
+
+    [ $major_ver -ge 4 -o $major_ver -eq 3 -a $minor_ver -ge 18 ] && return 1
+    return 0
+}
+
+CHECK_TABLE_NAME="GENTOO_CHECK_TABLE"
+
+getfamilies() {
+    local l3f families
+
+    for l3f in ip arp ip6 bridge inet; do
+        if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then
+            families="${families}${l3f} "
+            nft delete table ${l3f} ${CHECK_TABLE_NAME}
+        fi
+    done
+    echo ${families}
+}
+
+manualwalk() {
+    local result l3f=`getfamilies | cut -d ' ' -f1`
+
+    nft create table ${l3f} ${CHECK_TABLE_NAME}
+    nft list tables | read line
+    if [ $(echo $line | wc -w) -lt 3 ]; then
+        result=0
+    fi
+    result=1
+    nft delete table ${l3f} ${CHECK_TABLE_NAME}
+
+    return $result
+}
+
+deletetable() {
+    # family is $1
+    # table name is $2
+    nft flush table $1 $2
+    nft list table $1 $2 | while read l; do
+        chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2)
+        if [ -n "${chain}" ]; then
+            nft flush chain $1 $2 ${chain}
+            nft delete chain $1 $2 ${chain}
+        fi
+    done
+    nft delete table $1 $2
+}
+
+main "$@"
diff --git a/net-firewall/nftables/files/systemd/nftables-restore.service b/net-firewall/nftables/files/systemd/nftables-restore.service
new file mode 100644
index 00000000..4b68b0a5
--- /dev/null
+++ b/net-firewall/nftables/files/systemd/nftables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Store and restore nftables firewall rules
+ConditionPathExists=/var/lib/nftables/rules-save
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save
+ExecStop=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/nftables/nftables-0.8-r3.ebuild b/net-firewall/nftables/nftables-0.8-r3.ebuild
new file mode 100644
index 00000000..085e9454
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.8-r3.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools linux-info systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm ia64 x86"
+IUSE="debug +doc +gmp pdf +readline systemd"
+
+RDEPEND=">=net-libs/libmnl-1.0.3:0=
+	gmp? ( dev-libs/gmp:0= )
+	readline? ( sys-libs/readline:0= )
+	>=net-libs/libnftnl-1.0.8:0="
+
+DEPEND="${RDEPEND}
+	doc? ( >=app-text/docbook2X-0.8.8-r4 )
+	pdf? ( app-text/dblatex )
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig"
+
+S="${WORKDIR}/v${PV}"
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable pdf pdf-doc)
+		$(use_enable debug)
+		$(use_with readline cli)
+		$(use_with !gmp mini_gmp)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	if ! use doc; then
+		newman "${FILESDIR}"/"${P}"-nftables.8 nft.8
+	fi
+
+	dodir /usr/libexec/${PN}
+	exeinto /usr/libexec/${PN}
+	doexe "${FILESDIR}"/libexec/${PN}.sh
+
+	newconfd "${FILESDIR}"/${PN}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}.init ${PN}
+	keepdir /var/lib/nftables
+
+	if use systemd; then
+		systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+		systemd_enable_service basic.target ${PN}-restore.service
+	fi
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT%/}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f ${save_file} ]]; then
+		touch ${save_file}
+	fi
+
+	elog "If you are creating firewall rules before the next system restart "
+	elog "the nftables-restore service must be manually started in order to "
+	elog "save those rules on shutdown."
+}
author	Stuart Shelton <stuart@shelton.me>	2018-01-12 12:46:53 +0000
committer	Stuart Shelton <stuart@shelton.me>	2018-01-12 12:46:53 +0000
commit	bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09 (patch)
tree	a591fec47c7d097b34bf2a5aff259fd040ba8f5b /net-firewall
parent	Add dev-lang/php-5.6.33, dev-lang/php-7.0.27, dev-lang/php-7.1.13 (diff)
download	srcshelton-bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09.tar.gz srcshelton-bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09.tar.bz2 srcshelton-bd0ef9fd9d987c8d1340c6aaadfbee52850a5f09.zip