Update of /cvsroot/leaf/src/bering-uclibc4/source/ipset
In directory
sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv10700/source/ipset
Added Files:
buildtool.cfg buildtool.mk ipset-4.4.tar.bz2 iptables-config
iptables.init
Log Message:
Added IPtool package
--- NEW FILE: iptables-config ---
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"
# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"
# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"
# Verbose status output
# Value: yes|no, default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"
# Status output with numbered lines
# Value: yes|no, default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"
--- NEW FILE: ipset-4.4.tar.bz2 ---
(This appears to be a binary file; contents omitted.)
--- NEW FILE: buildtool.cfg ---
<Server ipset.netfilter.org>
Type = http
Name = ipset.netfilter.org
# Serverpath =
</Server>
<File buildtool.mk>
Server = cvs4-sourceforge
Revision = HEAD
Directory = ipset
</File>
<File ipset-4.4.tar.bz2>
Server = cvs4-sourceforge
envname = SOURCE
Revision = HEAD
Directory = ipset
</File>
<Package>
<ipset>
Version = 4.4
Revision = 1
Help <<EOF
IPset tool for iptables, successor to ippool.
Homepage: http://ipset.netfilter.org
Requires: ip_set.ko ip_set_*.ko, ipt_set.ko ipt_SET.ko
LEAF package by __PACKAGER__, __BUILDDATE__
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = sbin/ipset
Source = sbin/ipset
Type = binary
Permissions = 755
</File>
<File>
Filename = lib/ipset/
Source = lib/ipset/libipset_*.so
Type = binary
Permissions = 755
</File>
</Contents>
</iptables>
</Package>
--- NEW FILE: buildtool.mk ---
#############################################################
#
# iptables
#
# $Id: buildtool.mk,v 1.1 2010/11/09 21:18:08 nitr0man Exp $
#############################################################
include $(MASTERMAKEFILE)
DIR:=ipset-4.4
TARGET_DIR:=$(BT_BUILD_DIR)/ipset
#IPhash settings
#max sets
IP_NF_SET_MAX=256
#max items count in set
IP_NF_SET_HASHSIZE=4096
$(DIR)/.source:
bzcat $(SOURCE) | tar -xvf -
touch $(DIR)/.source
$(DIR)/.build: $(DIR)/Makefile
mkdir -p $(TARGET_DIR)
(export IP_NF_SET_MAX=$(IP_NF_SET_MAX); \
export IP_NF_SET_HASHSIZE=$(IP_NF_SET_HASHSIZE); \
cd $(DIR) && for i in $(KARCHS); do export LOCALVERSION="-$$i" ; \
export KERNEL_DIR=$(BT_LINUX_DIR)-$(BT_KERNEL_RELEASE) ; \
export KBUILD_OUTPUT=$(BT_LINUX_DIR)-$$i ; \
export INSTALL_MOD_PATH=$(BT_STAGING_DIR) ; \
$(MAKE) clean && \
$(MAKE) modules && \
$(MAKE) GENKSYMS="$(BT_STAGING_DIR)/sbin/genksyms"
DEPMOD="$(BT_DEPMOD)" modules_install || \
exit 1 ; done; \
$(MAKE) binaries; $(MAKE) PREFIX=$(TARGET_DIR) binaries_install)
cp -a $(DIR)/kernel/include $(TARGET_DIR)/
-$(BT_STRIP) $(BT_STRIP_LIBOPTS) $(TARGET_DIR)/sbin/*
-$(BT_STRIP) $(BT_STRIP_LIBOPTS) $(TARGET_DIR)/lib/ipset/*
rm -rf $(TARGET_DIR)/lib/pkgconfig $(TARGET_DIR)/man
cp -a $(TARGET_DIR)/* $(BT_STAGING_DIR)
touch $(DIR)/.build
source: $(DIR)/.source
build: $(DIR)/.build
clean:
-rm $(DIR)/.build
-$(MAKE) -C $(DIR) clean
srcclean:
rm -rf $(DIR)
--- NEW FILE: iptables.init ---
#!/bin/sh
#
# iptables Start iptables firewall
# Taked from Fedora Core distro with small modifications
#
RCDLINKS="2,S30 3,S30 6,K60"
failure() {
echo -e "\tFailed!"
}
success() {
echo -e "\tDone."
}
IPTABLES=${0##*/}
IPTABLES_DATA=/etc/iptables/$IPTABLES
IPTABLES_CONFIG=/etc/iptables/${IPTABLES}-config
IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
[ "$IPV" = "ip" ] && _IPV="ipv4" || _IPV="ipv6"
PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
if [ ! -x /sbin/$IPTABLES ]; then
echo -n "/sbin/$IPTABLES does not exist."; warning; echo
exit 5
fi
# Default firewall configuration:
IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="yes"
# Load firewall configuration.
[ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
# Netfilter modules
NF_MODULES="${IPV}_tables nf_conntrack_${_IPV}"
NF_MODULES_COMMON="x_tables nf_conntrack" # Used by netfilter v4 and v6
# Get active tables
NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
rmmod_r() {
# Unload module with all referring modules.
# At first all referring modules will be unloaded, then the module itself.
local mod=$1
local ret=0
local ref=
ref=$(lsmod | awk "/^${mod}/ { print \$4; }" | tr ',' ' ') \
# recursive call for all referring modules
for i in $ref; do
rmmod_r $i
let ret+=$?;
done
# Unload module.
# The extra test is for 2.6: The module might have autocleaned,
# after all referring modules are unloaded.
if grep -q "^${mod}" /proc/modules ; then
modprobe -r $mod > /dev/null 2>&1
let ret+=$?;
fi
return $ret
}
flush_n_delete() {
# Flush firewall rules and delete chains.
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
# Check if firewall is configured (has tables)
[ -z "$NF_TABLES" ] && return 1
echo -n "Flushing firewall rules: "
ret=0
# For all tables
for i in $NF_TABLES; do
# Flush firewall rules.
$IPTABLES -t $i -F;
let ret+=$?;
# Delete firewall chains.
$IPTABLES -t $i -X;
let ret+=$?;
# Set counter to zero.
$IPTABLES -t $i -Z;
let ret+=$?;
done
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
set_policy() {
# Set policy for configured tables.
policy=$1
# Check if iptable module is loaded
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
# Check if firewall is configured (has tables)
tables=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
[ -z "$tables" ] && return 1
echo -n "Setting chains to policy $policy: "
ret=0
for i in $tables; do
echo -n "$i "
case "$i" in
raw)
$IPTABLES -t raw -P PREROUTING $policy \
&& $IPTABLES -t raw -P OUTPUT $policy \
|| let ret+=1
;;
filter)
$IPTABLES -t filter -P INPUT $policy \
&& $IPTABLES -t filter -P OUTPUT $policy \
&& $IPTABLES -t filter -P FORWARD $policy \
|| let ret+=1
;;
nat)
$IPTABLES -t nat -P PREROUTING $policy \
&& $IPTABLES -t nat -P POSTROUTING $policy \
&& $IPTABLES -t nat -P OUTPUT $policy \
|| let ret+=1
;;
mangle)
$IPTABLES -t mangle -P PREROUTING $policy \
&& $IPTABLES -t mangle -P POSTROUTING $policy \
&& $IPTABLES -t mangle -P INPUT $policy \
&& $IPTABLES -t mangle -P OUTPUT $policy \
&& $IPTABLES -t mangle -P FORWARD $policy \
|| let ret+=1
;;
*)
let ret+=1
;;
esac
done
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
start() {
# Do not start if there is no config file.
[ ! -f "$IPTABLES_DATA" ] && return 6
if [ "${IPV}" = "ip6" ] \
&& grep -qIs "^blacklist\W*${_IPV}" /etc/modprobe.conf
/etc/modprobe.d/* ; then
echo "${0##*/}: ${_IPV} is blacklisted."
return 6
fi
echo -n "Applying $IPTABLES firewall rules: "
OPT=
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
$IPTABLES-restore $OPT $IPTABLES_DATA
if [ $? -eq 0 ]; then
success; echo
else
failure; echo; return 1
fi
# Load additional modules (helpers)
if [ -n "$IPTABLES_MODULES" ]; then
echo -n "Loading additional $IPTABLES modules: "
ret=0
for mod in $IPTABLES_MODULES; do
echo -n "$mod "
modprobe $mod > /dev/null 2>&1
let ret+=$?;
done
[ $ret -eq 0 ] && success || failure
echo
fi
touch $VAR_SUBSYS_IPTABLES
return $ret
}
stop() {
# Do not stop if iptables module is not loaded.
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
flush_n_delete
set_policy ACCEPT
if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
echo -n "Unloading $IPTABLES modules: "
ret=0
for mod in ${NF_MODULES}; do
rmmod_r $mod
let ret+=$?;
done
# try to unload remaining netfilter modules used by ipv4 and ipv6
# netfilter
for mod in ${NF_MODULES_COMMON}; do
rmmod_r $mod
done
[ $ret -eq 0 ] && success || failure
echo
fi
rm -f $VAR_SUBSYS_IPTABLES
return $ret
}
save() {
# Check if iptable module is loaded
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
# Check if firewall is configured (has tables)
[ -z "$NF_TABLES" ] && return 6
echo -n "Saving firewall rules to $IPTABLES_DATA: "
OPT=
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
ret=0
TMP_FILE=/tmp/$IPTABLES.$(cat /proc/interrupts | awk '/LOC/ {print $2}') \
&& touch "$TMP_FILE" \
&& chmod 600 "$TMP_FILE" \
&& $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
&& size=$(ls -l $TMP_FILE | awk '{print $5}') && [ "$size" -gt 0 ] \
|| ret=1
if [ $ret -eq 0 ]; then
if [ -e $IPTABLES_DATA ]; then
cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
&& chmod 600 $IPTABLES_DATA.save \
|| ret=1
fi
if [ $ret -eq 0 ]; then
cp -f $TMP_FILE $IPTABLES_DATA \
&& chmod 600 $IPTABLES_DATA \
|| ret=1
fi
fi
[ $ret -eq 0 ] && success || failure
echo
rm -f $TMP_FILE
return $ret
}
status() {
if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$NF_TABLES" ]; then
echo "${0##*/}: Firewall is not running."
return 3
fi
# Do not print status if lockfile is missing and iptables modules are not
# loaded.
# Check if iptable modules are loaded
if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
echo $"${0##*/}: Firewall modules are not loaded."
return 3
fi
# Check if firewall is configured (has tables)
if [ -z "$NF_TABLES" ]; then
echo "${0##*/}: Firewall is not configured. "
return 3
fi
NUM=
[ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
VERBOSE=
[ "x$IPTABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose"
COUNT=
[ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers"
for table in $NF_TABLES; do
echo "Table: $table"
$IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo
done
return 0
}
restart() {
[ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
stop
start
}
case "$1" in
start)
[ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
start
RETVAL=$?
;;
stop)
[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
stop
RETVAL=$?
;;
restart|force-reload)
restart
RETVAL=$?
;;
condrestart|try-restart)
[ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
restart
RETVAL=$?
;;
status)
status
RETVAL=$?
;;
panic)
flush_n_delete
set_policy DROP
RETVAL=$?
;;
save)
save
RETVAL=$?
;;
*)
echo "Usage: ${0##*/}
{start|stop|restart|condrestart|status|panic|save}"
RETVAL=2
;;
esac
exit $RETVAL
------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
