Update of /cvsroot/leaf/src/bering-uclibc4/source/iptables
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv7318
Modified Files:
buildtool.cfg buildtool.mk iptables.init
Added Files:
iptables-config
Removed Files:
ip6tables.default ip6tables.init iptables.default
Log Message:
Updated simple script to powerful one from RedHat distro
--- NEW FILE: iptables-config ---
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"
# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"
# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"
# Verbose status output
# Value: yes|no, default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"
# Status output with numbered lines
# Value: yes|no, default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"
--- ip6tables.default DELETED ---
--- ip6tables.init DELETED ---
--- iptables.default DELETED ---
Index: buildtool.mk
===================================================================
RCS file: /cvsroot/leaf/src/bering-uclibc4/source/iptables/buildtool.mk,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** buildtool.mk 8 Nov 2010 11:28:51 -0000 1.5
--- buildtool.mk 8 Nov 2010 20:53:54 -0000 1.6
***************
*** 53,59 ****
cp -a $(IPTABLES_DIR)/include/iptables/*.h
$(IPTABLES_TARGET_DIR)/include/iptables
cp -a $(IPTABLES_DIR)/include/net/netfilter/*.h
$(IPTABLES_TARGET_DIR)/include/net/netfilter
- # $(MAKE) -C $(IPP2P_DIR) KERNEL_SRC=$(BT_LINUX_DIR)
IPTABLES_SRC=../$(IPTABLES_DIR)
- # cp -a $(IPP2P_DIR)/libipt_ipp2p.so $(IPTABLES_TARGET_DIR)/lib/iptables/
- # cp -a $(IPP2P_DIR)/ipt_ipp2p.o
$(BT_STAGING_DIR)/lib/modules/$(BT_KERNEL_RELEASE)/kernel/net/ipv4/netfilter/
-$(BT_STRIP) $(BT_STRIP_BINOPTS) $(IPTABLES_TARGET_DIR)/sbin/*
-$(BT_STRIP) $(BT_STRIP_LIBOPTS) $(IPTABLES_TARGET_DIR)/lib/*
--- 53,56 ----
***************
*** 61,72 ****
rm -rf $(IPTABLES_TARGET_DIR)/lib/pkgconfig $(IPTABLES_TARGET_DIR)/share
cp -a iptables.init $(IPTABLES_TARGET_DIR)/etc/init.d/iptables
! cp -a ip6tables.init $(IPTABLES_TARGET_DIR)/etc/init.d/ip6tables
! cp -a iptables.default $(IPTABLES_TARGET_DIR)/etc/default/iptables
! cp -a ip6tables.default $(IPTABLES_TARGET_DIR)/etc/default/ip6tables
! touch $(IPTABLES_TARGET_DIR)/etc/iptables/rules
! touch $(IPTABLES_TARGET_DIR)/etc/iptables/rules.v6
cp -a $(IPTABLES_TARGET_DIR)/* $(BT_STAGING_DIR)
- # touch $(IPTABLES_DIR)/.build
- # $(BT_DEPMOD) -ae -b $(BT_STAGING_DIR) -r -F
$(BT_STAGING_DIR)/lib/modules/$(BT_KERNEL_RELEASE)/build/System.map
$(BT_KERNEL_RELEASE)
touch $(IPTABLES_DIR)/.build
--- 58,67 ----
rm -rf $(IPTABLES_TARGET_DIR)/lib/pkgconfig $(IPTABLES_TARGET_DIR)/share
cp -a iptables.init $(IPTABLES_TARGET_DIR)/etc/init.d/iptables
! ln -sf iptables $(IPTABLES_TARGET_DIR)/etc/init.d/ip6tables
! cp -a iptables-config
$(IPTABLES_TARGET_DIR)/etc/iptables/iptables-config
! cp -a iptables-config
$(IPTABLES_TARGET_DIR)/etc/iptables/ip6tables-config
! touch $(IPTABLES_TARGET_DIR)/etc/iptables/iptables
! touch $(IPTABLES_TARGET_DIR)/etc/iptables/ip6tables
cp -a $(IPTABLES_TARGET_DIR)/* $(BT_STAGING_DIR)
touch $(IPTABLES_DIR)/.build
***************
*** 78,86 ****
-rm $(IPTABLES_DIR)/.build
-rm iptables
- # -rm $(IPP2P_DIR)/.build
-$(MAKE) -C $(IPTABLES_DIR) clean
- # -$(MAKE) -C $(IPP2P_DIR) clean
srcclean:
rm -rf $(IPTABLES_DIR)
- # rm -rf $(IPP2P_DIR
--- 73,78 ----
Index: iptables.init
===================================================================
RCS file: /cvsroot/leaf/src/bering-uclibc4/source/iptables/iptables.init,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** iptables.init 8 Nov 2010 11:28:51 -0000 1.1
--- iptables.init 8 Nov 2010 20:53:54 -0000 1.2
***************
*** 1,32 ****
#!/bin/sh
#
RCDLINKS="2,S30 3,S30 6,K60"
! . /etc/default/iptables
! OPTS=""
! [ "$SAVE_COUNTERS" = "yes" ] && OPTS="-c"
case "$1" in
! load)
! [ -f "$RULES_FILE" ] && /sbin/iptables-restore $OPTS $RULES_FILE
;;
! save)
! /sbin/iptables-save $OPTS > $RULES_FILE
;;
! start)
! [ "$LOAD_ON_START" = "yes" ] && $0 load
;;
! stop)
! [ "$SAVE_ON_STOP" = "yes" ] && $0 save
;;
! restart)
! $0 stop
! $0 start
;;
! *)
! echo "Usage: $0 {start|stop|restart|load|save}"
! exit 1
;;
esac
! exit 0
--- 1,340 ----
#!/bin/sh
#
+ # iptables Start iptables firewall
+ # Taked from Fedora Core distro with small modifications
+ #
RCDLINKS="2,S30 3,S30 6,K60"
! failure() {
! echo -e "\tFailed!"
! }
!
! success() {
! echo -e "\tDone."
! }
!
! IPTABLES=${0##*/}
! IPTABLES_DATA=/etc/iptables/$IPTABLES
! IPTABLES_CONFIG=/etc/iptables/${IPTABLES}-config
! IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
! [ "$IPV" = "ip" ] && _IPV="ipv4" || _IPV="ipv6"
! PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
! VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
!
! if [ ! -x /sbin/$IPTABLES ]; then
! echo -n "/sbin/$IPTABLES does not exist."; warning; echo
! exit 5
! fi
!
! # Default firewall configuration:
! IPTABLES_MODULES=""
! IPTABLES_MODULES_UNLOAD="yes"
! IPTABLES_SAVE_ON_STOP="no"
! IPTABLES_SAVE_ON_RESTART="no"
! IPTABLES_SAVE_COUNTER="no"
! IPTABLES_STATUS_NUMERIC="yes"
!
! # Load firewall configuration.
! [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
!
! # Netfilter modules
! NF_MODULES="${IPV}_tables nf_conntrack_${_IPV}"
! NF_MODULES_COMMON="x_tables nf_conntrack" # Used by netfilter v4 and v6
!
! # Get active tables
! NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
!
!
! rmmod_r() {
! # Unload module with all referring modules.
! # At first all referring modules will be unloaded, then the module itself.
! local mod=$1
! local ret=0
! local ref=
!
! ref=$(lsmod | awk "/^${mod}/ { print \$4; }" | tr ',' ' ') \
!
! # recursive call for all referring modules
! for i in $ref; do
! rmmod_r $i
! let ret+=$?;
! done
!
! # Unload module.
! # The extra test is for 2.6: The module might have autocleaned,
! # after all referring modules are unloaded.
! if grep -q "^${mod}" /proc/modules ; then
! modprobe -r $mod > /dev/null 2>&1
! let ret+=$?;
! fi
!
! return $ret
! }
!
! flush_n_delete() {
! # Flush firewall rules and delete chains.
! [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
!
! # Check if firewall is configured (has tables)
! [ -z "$NF_TABLES" ] && return 1
!
! echo -n "Flushing firewall rules: "
! ret=0
! # For all tables
! for i in $NF_TABLES; do
! # Flush firewall rules.
! $IPTABLES -t $i -F;
! let ret+=$?;
!
! # Delete firewall chains.
! $IPTABLES -t $i -X;
! let ret+=$?;
!
! # Set counter to zero.
! $IPTABLES -t $i -Z;
! let ret+=$?;
! done
!
! [ $ret -eq 0 ] && success || failure
! echo
! return $ret
! }
!
! set_policy() {
! # Set policy for configured tables.
! policy=$1
!
! # Check if iptable module is loaded
! [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
!
! # Check if firewall is configured (has tables)
! tables=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
! [ -z "$tables" ] && return 1
!
! echo -n "Setting chains to policy $policy: "
! ret=0
! for i in $tables; do
! echo -n "$i "
! case "$i" in
! raw)
! $IPTABLES -t raw -P PREROUTING $policy \
! && $IPTABLES -t raw -P OUTPUT $policy \
! || let ret+=1
! ;;
! filter)
! $IPTABLES -t filter -P INPUT $policy \
! && $IPTABLES -t filter -P OUTPUT $policy \
! && $IPTABLES -t filter -P FORWARD $policy \
! || let ret+=1
! ;;
! nat)
! $IPTABLES -t nat -P PREROUTING $policy \
! && $IPTABLES -t nat -P POSTROUTING $policy \
! && $IPTABLES -t nat -P OUTPUT $policy \
! || let ret+=1
! ;;
! mangle)
! $IPTABLES -t mangle -P PREROUTING $policy \
! && $IPTABLES -t mangle -P POSTROUTING $policy \
! && $IPTABLES -t mangle -P INPUT $policy \
! && $IPTABLES -t mangle -P OUTPUT $policy \
! && $IPTABLES -t mangle -P FORWARD $policy \
! || let ret+=1
! ;;
! *)
! let ret+=1
! ;;
! esac
! done
!
! [ $ret -eq 0 ] && success || failure
! echo
! return $ret
! }
!
! start() {
! # Do not start if there is no config file.
! [ ! -f "$IPTABLES_DATA" ] && return 6
!
! if [ "${IPV}" = "ip6" ] \
! && grep -qIs "^blacklist\W*${_IPV}" /etc/modprobe.conf
/etc/modprobe.d/* ; then
! echo "${0##*/}: ${_IPV} is blacklisted."
! return 6
! fi
!
! echo -n "Applying $IPTABLES firewall rules: "
!
! OPT=
! [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
!
! $IPTABLES-restore $OPT $IPTABLES_DATA
! if [ $? -eq 0 ]; then
! success; echo
! else
! failure; echo; return 1
! fi
!
! # Load additional modules (helpers)
! if [ -n "$IPTABLES_MODULES" ]; then
! echo -n "Loading additional $IPTABLES modules: "
! ret=0
! for mod in $IPTABLES_MODULES; do
! echo -n "$mod "
! modprobe $mod > /dev/null 2>&1
! let ret+=$?;
! done
! [ $ret -eq 0 ] && success || failure
! echo
! fi
!
! touch $VAR_SUBSYS_IPTABLES
! return $ret
! }
!
! stop() {
! # Do not stop if iptables module is not loaded.
! [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
!
! flush_n_delete
! set_policy ACCEPT
!
! if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
! echo -n "Unloading $IPTABLES modules: "
! ret=0
! for mod in ${NF_MODULES}; do
! rmmod_r $mod
! let ret+=$?;
! done
! # try to unload remaining netfilter modules used by ipv4 and ipv6
! # netfilter
! for mod in ${NF_MODULES_COMMON}; do
! rmmod_r $mod
! done
! [ $ret -eq 0 ] && success || failure
! echo
! fi
!
! rm -f $VAR_SUBSYS_IPTABLES
! return $ret
! }
!
! save() {
! # Check if iptable module is loaded
! [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
!
! # Check if firewall is configured (has tables)
! [ -z "$NF_TABLES" ] && return 6
!
! echo -n "Saving firewall rules to $IPTABLES_DATA: "
!
! OPT=
! [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
!
! ret=0
! TMP_FILE=/tmp/$IPTABLES.$(cat /proc/interrupts | awk '/LOC/ {print $2}') \
! && touch "$TMP_FILE" \
! && chmod 600 "$TMP_FILE" \
! && $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
! && size=$(ls -l $TMP_FILE | awk '{print $5}') && [ "$size" -gt 0 ] \
! || ret=1
! if [ $ret -eq 0 ]; then
! if [ -e $IPTABLES_DATA ]; then
! cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
! && chmod 600 $IPTABLES_DATA.save \
! || ret=1
! fi
! if [ $ret -eq 0 ]; then
! cp -f $TMP_FILE $IPTABLES_DATA \
! && chmod 600 $IPTABLES_DATA \
! || ret=1
! fi
! fi
! [ $ret -eq 0 ] && success || failure
! echo
! rm -f $TMP_FILE
! return $ret
! }
!
! status() {
! if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$NF_TABLES" ]; then
! echo "${0##*/}: Firewall is not running."
! return 3
! fi
!
! # Do not print status if lockfile is missing and iptables modules are not
! # loaded.
! # Check if iptable modules are loaded
! if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
! echo $"${0##*/}: Firewall modules are not loaded."
! return 3
! fi
!
! # Check if firewall is configured (has tables)
! if [ -z "$NF_TABLES" ]; then
! echo "${0##*/}: Firewall is not configured. "
! return 3
! fi
!
! NUM=
! [ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
! VERBOSE=
! [ "x$IPTABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose"
! COUNT=
! [ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers"
!
! for table in $NF_TABLES; do
! echo "Table: $table"
! $IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo
! done
!
! return 0
! }
!
! restart() {
! [ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
! stop
! start
! }
!
case "$1" in
! start)
! [ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
! start
! RETVAL=$?
;;
! stop)
! [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
! stop
! RETVAL=$?
;;
! restart|force-reload)
! restart
! RETVAL=$?
;;
! condrestart|try-restart)
! [ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
! restart
! RETVAL=$?
;;
! status)
! status
! RETVAL=$?
;;
! panic)
! flush_n_delete
! set_policy DROP
! RETVAL=$?
! ;;
! save)
! save
! RETVAL=$?
! ;;
! *)
! echo "Usage: ${0##*/}
{start|stop|restart|condrestart|status|panic|save}"
! RETVAL=2
;;
esac
!
! exit $RETVAL
Index: buildtool.cfg
===================================================================
RCS file: /cvsroot/leaf/src/bering-uclibc4/source/iptables/buildtool.cfg,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** buildtool.cfg 8 Nov 2010 11:28:51 -0000 1.7
--- buildtool.cfg 8 Nov 2010 20:53:54 -0000 1.8
***************
*** 30,46 ****
</File>
! <File iptables.default>
! Server = cvs4-sourceforge
! Revision = HEAD
! Directory = iptables
! </File>
!
! <File ip6tables.init>
! Server = cvs4-sourceforge
! Revision = HEAD
! Directory = iptables
! </File>
!
! <File ip6tables.default>
Server = cvs4-sourceforge
Revision = HEAD
--- 30,34 ----
</File>
! <File iptables-config>
Server = cvs4-sourceforge
Revision = HEAD
***************
*** 182,192 ****
Source = etc/init.d/iptables
Type = binary
! Type = conf
! Type = local
! Permissions = 755
</File>
<File>
! Filename = etc/default/iptables
! Source = etc/default/iptables
Type = binary
Type = conf
--- 170,178 ----
Source = etc/init.d/iptables
Type = binary
! Permissions = 750
</File>
<File>
! Filename = etc/iptables/iptables-config
! Source = etc/iptables/iptables-config
Type = binary
Type = conf
***************
*** 195,200 ****
</File>
<File>
! Filename = etc/iptables/rules
! Source = etc/iptables/rules
Type = binary
Type = conf
--- 181,186 ----
</File>
<File>
! Filename = etc/iptables/iptables
! Source = etc/iptables/iptables
Type = binary
Type = conf
***************
*** 312,324 ****
<File>
Filename = etc/init.d/ip6tables
! Source = etc/init.d/ip6tables
! Type = binary
! Type = conf
! Type = local
! Permissions = 755
</File>
<File>
! Filename = etc/default/ip6tables
! Source = etc/default/ip6tables
Type = binary
Type = conf
--- 298,307 ----
<File>
Filename = etc/init.d/ip6tables
! Target = etc/init.d/iptables
! Type = link
</File>
<File>
! Filename = etc/iptables/ip6tables-config
! Source = etc/iptables/ip6tables-config
Type = binary
Type = conf
***************
*** 327,332 ****
</File>
<File>
! Filename = etc/iptables/rules.v6
! Source = etc/iptables/rules.v6
Type = binary
Type = conf
--- 310,315 ----
</File>
<File>
! Filename = etc/iptables/ip6tables
! Source = etc/iptables/ip6tables
Type = binary
Type = conf
------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
