[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/
commit: 1faf16f1d4692af480bbf82d7a6e462dc5179546
Author: Michael Mair-Keimberger levelnine at>
AuthorDate: Sun Feb 25 15:43:41 2024 +
Commit: Conrad Kostecki gentoo org>
CommitDate: Sat Mar 16 12:13:24 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1faf16f1
net-firewall/iptables: remove unused patch
Signed-off-by: Michael Mair-Keimberger levelnine.at>
Signed-off-by: Conrad Kostecki gentoo.org>
.../iptables/files/iptables-1.8.2-link.patch | 24 --
1 file changed, 24 deletions(-)
diff --git a/net-firewall/iptables/files/iptables-1.8.2-link.patch
b/net-firewall/iptables/files/iptables-1.8.2-link.patch
deleted file mode 100644
index c20f2e54b804..
--- a/net-firewall/iptables/files/iptables-1.8.2-link.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From ee4fc7c558d9eb9c37035250046d4eac9af3fa28 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping
-Date: Thu, 27 Dec 2018 23:47:33 +0100
-Subject: [PATCH] Fix link errors for USE="conntrack static-libs" (bug #586106)
-
- iptables/Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/iptables/Makefile.am b/iptables/Makefile.am
-index 581dc32..2c3db86 100644
a/iptables/Makefile.am
-+++ b/iptables/Makefile.am
-@@ -26,6 +26,7 @@ xtables_legacy_multi_LDADD += ../libiptc/libip6tc.la
../extensions/libext6.a
- endif
- xtables_legacy_multi_SOURCES += xshared.c
- xtables_legacy_multi_LDADD += ../libxtables/libxtables.la -lm
-+xtables_legacy_multi_LDADD += ${libnetfilter_conntrack_LIBS}
-
- # iptables using nf_tables api
- if ENABLE_NFTABLES
---
-2.19.1
-
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: e9227501ae5ec3674ba2fd93766df71f85c1da2f
Author: Robert Kolchmeyer google com>
AuthorDate: Thu Aug 31 18:00:02 2023 +
Commit: Sam James gentoo org>
CommitDate: Mon Sep 18 08:39:28 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9227501
net-firewall/iptables: fix checking existence of rule
This bug was introduced in 1.8.9, and a release including the fix has
not been made yet. This patch can be removed after upgrading beyond
1.8.9.
Signed-off-by: Robert Kolchmeyer google.com>
Closes: https://github.com/gentoo/gentoo/pull/32541
Signed-off-by: Sam James gentoo.org>
...bles-1.8.9-fix-checking-existence-of-rule.patch | 34
net-firewall/iptables/iptables-1.8.9-r1.ebuild | 181 +
2 files changed, 215 insertions(+)
diff --git
a/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch
b/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch
new file mode 100644
index ..16c894f185e7
--- /dev/null
+++
b/net-firewall/iptables/files/iptables-1.8.9-fix-checking-existence-of-rule.patch
@@ -0,0 +1,34 @@
+https://git.netfilter.org/iptables/commit/?id=78850e7dba64a949c440dbdbe557f59409c6db48
+
+From 78850e7dba64a949c440dbdbe557f59409c6db48 Mon Sep 17 00:00:00 2001
+From: Markus Boehme
+Date: Mon, 3 Apr 2023 23:13:47 +0200
+Subject: [PATCH] ip6tables: Fix checking existence of rule
+
+Pass the proper entry size when creating a match mask for checking the
+existence of a rule. Failing to do so causes wrong results.
+
+Reported-by: Jonathan Caicedo
+Fixes: eb2546a846776 ("xshared: Share make_delete_mask() between ip{,6}tables")
+Signed-off-by: Markus Boehme
+Signed-off-by: Phil Sutter
+---
+ iptables/ip6tables.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
+index 345af451..9afc32c1 100644
+--- a/iptables/ip6tables.c
b/iptables/ip6tables.c
+@@ -331,7 +331,7 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry
*fw,
+ int ret = 1;
+ unsigned char *mask;
+
+- mask = make_delete_mask(matches, target, sizeof(fw));
++ mask = make_delete_mask(matches, target, sizeof(*fw));
+ for (i = 0; i < nsaddrs; i++) {
+ fw->ipv6.src = saddrs[i];
+ fw->ipv6.smsk = smasks[i];
+--
+2.42.0.283.g2d96d420d3-goog
+
diff --git a/net-firewall/iptables/iptables-1.8.9-r1.ebuild
b/net-firewall/iptables/iptables-1.8.9-r1.ebuild
new file mode 100644
index ..f3c3728c7812
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.9-r1.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/;
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz;
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64
~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:=
+ >=net-libs/libnftnl-1.1.6:=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="
+ ${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ app-alternatives/yacc
+ )
+"
+RDEPEND="
+ ${COMMON_DEPEND}
+ nftables? ( net-misc/ethertypes )
+ !https://bugs.gentoo.org/881295
+ rm "${ED}/usr/bin/iptables-xml" || die
+
+ dodoc iptables/iptables.xslt
+
+ # All the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/ip{,6}tables.h
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/ip{,6}tables
+ newinitd "${FILESDIR}"/${PN}-r3.init iptables
+ newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+ dosym iptables /etc/init.d/ip6tables
+ newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+
+ if use nftables; then
+ # Bug #647458
+ rm "${ED}"/etc/ethertypes || die
+
+ # Bugs #660886 and #669894
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+ fi
+
+ systemd_dounit
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/
commit: b2f817cba647957defa7ff0f2add91db0f5bc252
Author: Michael Mair-Keimberger levelnine at>
AuthorDate: Sat Oct 1 12:17:59 2022 +
Commit: Conrad Kostecki gentoo org>
CommitDate: Sun Oct 2 14:42:39 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2f817cb
net-firewall/iptables: remove unused file
Signed-off-by: Michael Mair-Keimberger levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/27559
Signed-off-by: Conrad Kostecki gentoo.org>
net-firewall/iptables/files/iptables-r2.init | 165 ---
1 file changed, 165 deletions(-)
diff --git a/net-firewall/iptables/files/iptables-r2.init
b/net-firewall/iptables/files/iptables-r2.init
deleted file mode 100644
index 3dcabb0dfb41..
--- a/net-firewall/iptables/files/iptables-r2.init
+++ /dev/null
@@ -1,165 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="check save panic"
-extra_started_commands="reload"
-
-iptables_lock_wait_time=${IPTABLES_LOCK_WAIT_TIME:-"60"}
-iptables_lock_wait_interval=${IPTABLES_LOCK_WAIT_INTERVAL:-"1000"}
-
-iptables_name=${SVCNAME}
-case ${iptables_name} in
- iptables|ip6tables) ;;
- *) iptables_name="iptables" ;;
-esac
-
-iptables_bin="/sbin/${iptables_name}"
-case ${iptables_name} in
- iptables) iptables_proc="/proc/net/ip_tables_names"
- iptables_save=${IPTABLES_SAVE};;
- ip6tables) iptables_proc="/proc/net/ip6_tables_names"
- iptables_save=${IP6TABLES_SAVE};;
-esac
-
-depend() {
- need localmount #434774
- before net
-}
-
-set_table_policy() {
- local has_errors=0 chains table=$1 policy=$2
- case ${table} in
- nat)chains="PREROUTING POSTROUTING OUTPUT";;
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
- filter) chains="INPUT FORWARD OUTPUT";;
- *) chains="";;
- esac
-
- local chain
- for chain in ${chains} ; do
- ${iptables_bin} --wait ${iptables_lock_wait_time}
--wait-interval ${iptables_lock_wait_interval} -t ${table} -P ${chain} ${policy}
- [ $? -ne 0 ] && has_errors=1
- done
-
- return ${has_errors}
-}
-
-checkkernel() {
- if [ ! -e ${iptables_proc} ] ; then
- eerror "Your kernel lacks ${iptables_name} support, please load"
- eerror "appropriate modules and try again."
- return 1
- fi
- return 0
-}
-
-checkconfig() {
- if [ -z "${iptables_save}" -o ! -f "${iptables_save}" ] ; then
- eerror "Not starting ${iptables_name}. First create some rules
then run:"
- eerror "/etc/init.d/${iptables_name} save"
- return 1
- fi
- return 0
-}
-
-start_pre() {
- checkconfig || return 1
-}
-
-start() {
- ebegin "Loading ${iptables_name} state and starting firewall"
- ${iptables_bin}-restore --wait ${iptables_lock_wait_time}
--wait-interval ${iptables_lock_wait_interval} ${SAVE_RESTORE_OPTIONS} <
"${iptables_save}"
- eend $?
-}
-
-stop_pre() {
- checkkernel || return 1
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
-
- ebegin "Stopping firewall"
- local has_errors=0 a
- for a in $(cat ${iptables_proc}) ; do
- set_table_policy $a ACCEPT
- [ $? -ne 0 ] && has_errors=1
-
- ${iptables_bin} --wait ${iptables_lock_wait_time}
--wait-interval ${iptables_lock_wait_interval} -F -t $a
- [ $? -ne 0 ] && has_errors=1
-
- ${iptables_bin} --wait ${iptables_lock_wait_time}
--wait-interval ${iptables_lock_wait_interval} -X -t $a
- [ $? -ne 0 ] && has_errors=1
- done
- eend ${has_errors}
-}
-
-reload() {
- checkkernel || return 1
- checkrules || return 1
- ebegin "Flushing firewall"
- local has_errors=0 a
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} --wait ${iptables_lock_wait_time}
--wait-interval ${iptables_lock_wait_interval} -F -t $a
- [ $? -ne 0 ] && has_errors=1
-
- ${iptables_bin} --wait ${iptables_lock_wait_time}
--wait-interval ${iptables_lock_wait_interval} -X -t $a
- [ $? -ne 0 ] && has_errors=1
- done
- eend ${has_errors}
-
- start
-}
-
-checkrules() {
- ebegin "Checking rules"
- ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} <
"${iptables_save}"
- eend $?
-}
-
-check() {
- # Short name for users of init.d script.
- checkrules
-}
-
-save() {
- ebegin "Saving ${iptables_name} state"
- checkpath -q -d "$(dirname "${iptables_save}")"
- checkpath -q -m 0600 -f "${iptables_save}"
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} >
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 72df47c7b128fc5e8b7019dee4632ddf9b20ed35
Author: Sam James gentoo org>
AuthorDate: Fri Sep 23 02:12:39 2022 +
Commit: Sam James gentoo org>
CommitDate: Fri Sep 23 02:13:36 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72df47c7
net-firewall/iptables: drop 1.8.7-r2
Signed-off-by: Sam James gentoo.org>
net-firewall/iptables/Manifest | 1 -
.../files/iptables-1.8.7-cache-double-free.patch | 61 ---
net-firewall/iptables/iptables-1.8.7-r2.ebuild | 176 -
3 files changed, 238 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 76320a6fa208..44c1d5abb450 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,2 +1 @@
-DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B
fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976
SHA512
c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B
0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164
SHA512
f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
diff --git a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
b/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
deleted file mode 100644
index fc88636d2944..
--- a/net-firewall/iptables/files/iptables-1.8.7-cache-double-free.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-commit 4318961230bce82958df82b57f1796143bf2f421
-Author: Phil Sutter
-Date: Tue Sep 21 11:39:45 2021 +0200
-
-nft: cache: Avoid double free of unrecognized base-chains
-
-On error, nft_cache_add_chain() frees the allocated nft_chain object
-along with the nftnl_chain it points at. Fix nftnl_chain_list_cb() to
-not free the nftnl_chain again in that case.
-
-Fixes: 176c92c26bfc9 ("nft: Introduce a dedicated base chain array")
-Signed-off-by: Phil Sutter
-
-diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
-index 2c88301c..9a03bbfb 100644
a/iptables/nft-cache.c
-+++ b/iptables/nft-cache.c
-@@ -314,9 +314,7 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh,
void *data)
- goto out;
- }
-
-- if (nft_cache_add_chain(h, t, c))
-- goto out;
--
-+ nft_cache_add_chain(h, t, c);
- return MNL_CB_OK;
- out:
- nftnl_chain_free(c);
-diff --git a/iptables/tests/shell/testcases/chain/0004extra-base_0
b/iptables/tests/shell/testcases/chain/0004extra-base_0
-new file mode 100755
-index ..1b85b060
/dev/null
-+++ b/iptables/tests/shell/testcases/chain/0004extra-base_0
-@@ -0,0 +1,27 @@
-+#!/bin/bash
-+
-+case $XT_MULTI in
-+*xtables-nft-multi)
-+ ;;
-+*)
-+ echo skip $XT_MULTI
-+ exit 0
-+ ;;
-+esac
-+
-+set -e
-+
-+nft -f -
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 56a695955754b0947cc12f99da838eab57f939de
Author: Sam James gentoo org>
AuthorDate: Sat May 28 02:52:03 2022 +
Commit: Sam James gentoo org>
CommitDate: Sat May 28 02:52:21 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56a69595
net-firewall/iptables: fix musl build
Closes: https://bugs.gentoo.org/846377
Signed-off-by: Sam James gentoo.org>
.../files/iptables-1.8.8-musl-headers.patch| 59 ++
.../files/iptables-1.8.8-out-of-tree-build.patch | 26 ++
net-firewall/iptables/iptables-1.8.8-r2.ebuild | 2 +
3 files changed, 87 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
new file mode 100644
index ..52e2c7019972
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
@@ -0,0 +1,59 @@
+https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e
+https://bugs.gentoo.org/846377
+
+From: Phil Sutter
+Date: Wed, 18 May 2022 16:04:09 +0200
+Subject: Revert "fix build for missing ETH_ALEN definition"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke
+compiling against musl libc. Might be a bug in the latter, but for the
+time being try to please both by avoiding the include and instead
+defining ETH_ALEN if unset.
+
+While being at it, move netinet/ether.h include up.
+
+Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing
support")
+Signed-off-by: Phil Sutter
+Reviewed-by: Maciej Żenczykowski
+--- a/libxtables/xtables.c
b/libxtables/xtables.c
+@@ -28,6 +28,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -45,7 +46,6 @@
+
+ #include
+ #include /* INT_MAX in ip_tables.h/ip6_tables.h */
+-#include /* ETH_ALEN */
+ #include
+ #include
+ #include
+@@ -72,6 +72,10 @@
+ #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
+ #endif
+
++#ifndef ETH_ALEN
++#define ETH_ALEN 6
++#endif
++
+ /* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the
+ * current line of the input file, in order to give a more precise error
+ * message. ip6?tables itself doesn't need this, so it is initialized to the
+@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int
format)
+ printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
+ }
+
+-#include
+-
+ static const unsigned char mac_type_unicast[ETH_ALEN] = {};
+ static const unsigned char msk_type_unicast[ETH_ALEN] = {1};
+ static const unsigned char mac_type_multicast[ETH_ALEN] = {1};
+cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
new file mode 100644
index ..ee9e218b5dbd
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
@@ -0,0 +1,26 @@
+https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece
+
+From: Ben Brown
+Date: Wed, 25 May 2022 16:26:13 +0100
+Subject: build: Fix error during out of tree build
+
+Fixes the following error:
+
+../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No
such file or directory
+ 52 | #include
+
+Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table")
+Signed-off-by: Ben Brown
+Signed-off-by: Phil Sutter
+--- a/libxtables/Makefile.am
b/libxtables/Makefile.am
+@@ -1,7 +1,7 @@
+ # -*- Makefile -*-
+
+ AM_CFLAGS = ${regular_CFLAGS}
+-AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include
-I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
++AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include
-I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir}
${kinclude_CPPFLAGS}
+
+ lib_LTLIBRARIES = libxtables.la
+ libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c
+cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8-r2.ebuild
b/net-firewall/iptables/iptables-1.8.8-r2.ebuild
index 03c908c9d9b1..c4fcdc0fb260 100644
--- a/net-firewall/iptables/iptables-1.8.8-r2.ebuild
+++ b/net-firewall/iptables/iptables-1.8.8-r2.ebuild
@@ -52,6 +52,8 @@ PATCHES=(
"${FILESDIR}/${P}-format-security.patch"
"${FILESDIR}/${P}-uint-musl.patch"
+ "${FILESDIR}/${P}-musl-headers.patch"
+ "${FILESDIR}/${P}-out-of-tree-build.patch"
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: d8ae486250804a820434c22df25be9cfdb584f31
Author: Sam James gentoo org>
AuthorDate: Wed May 18 20:52:39 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed May 18 20:52:47 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8ae4862
net-firewall/iptables: fix build w/ musl (and installed headers)
Signed-off-by: Sam James gentoo.org>
.../iptables/files/iptables-1.8.8-uint-musl.patch | 135 +
...ables-1.8.8.ebuild => iptables-1.8.8-r1.ebuild} | 1 +
2 files changed, 136 insertions(+)
diff --git a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
new file mode 100644
index ..40302f624e23
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
@@ -0,0 +1,135 @@
+https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189
+
+From: Nick Hainke
+Date: Mon, 16 May 2022 18:16:41 +0200
+Subject: treewide: use uint* instead of u_int*
+
+Gcc complains about missing types. Some commits introduced u_int* instead
+of uint*. Use uint treewide.
+
+Fixes errors in the form of:
+In file included from xtables-legacy-multi.c:5:
+xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
+83 | set_option(unsigned int *options, unsigned int option, u_int16_t
*invflg,
+|^
+|uint16_t
+make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error
1
+
+Avoid libipq API breakage by adjusting libipq.h include accordingly. For
+arpt_mangle.h kernel uAPI header, apply same change as in kernel commit
+e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t").
+
+Signed-off-by: Nick Hainke
+Signed-off-by: Phil Sutter
+--- a/extensions/libxt_conntrack.c
b/extensions/libxt_conntrack.c
+@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct
xt_entry_match *match, int numeric,
+
+ static void
+ conntrack_dump_ports(const char *prefix, const char *opt,
+- u_int16_t port_low, u_int16_t port_high)
++ uint16_t port_low, uint16_t port_high)
+ {
+ if (port_high == 0 || port_low == port_high)
+ printf(" %s%s %u", prefix, opt, port_low);
+--- a/include/libipq/libipq.h
b/include/libipq/libipq.h
+@@ -24,7 +24,7 @@
+ #include
+ #include
+ #include
+-#include
++#include
+ #include
+ #include
+ #include
+@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t;
+ struct ipq_handle
+ {
+ int fd;
+- u_int8_t blocking;
++ uint8_t blocking;
+ struct sockaddr_nl local;
+ struct sockaddr_nl peer;
+ };
+
+-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
++struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
+
+ int ipq_destroy_handle(struct ipq_handle *h);
+
+ ssize_t ipq_read(const struct ipq_handle *h,
+ unsigned char *buf, size_t len, int timeout);
+
+-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
++int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
+
+ ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
+
+--- a/include/libiptc/libxtc.h
b/include/libiptc/libxtc.h
+@@ -10,7 +10,7 @@ extern "C" {
+ #endif
+
+ #ifndef XT_MIN_ALIGN
+-/* xt_entry has pointers and u_int64_t's in it, so if you align to
++/* xt_entry has pointers and uint64_t's in it, so if you align to
+it, you'll also align to any crazy matches and targets someone
+might write */
+ #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
+--- a/include/linux/netfilter_arp/arpt_mangle.h
b/include/linux/netfilter_arp/arpt_mangle.h
+@@ -13,7 +13,7 @@ struct arpt_mangle
+ union {
+ struct in_addr tgt_ip;
+ } u_t;
+- u_int8_t flags;
++ __u8 flags;
+ int target;
+ };
+
+--- a/iptables/xshared.c
b/iptables/xshared.c
+@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
+ };
+
+ void
+-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
++set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
+ bool invert)
+ {
+ if (*options & option)
+--- a/iptables/xshared.h
b/iptables/xshared.h
+@@ -80,7 +80,7 @@ struct xtables_target;
+ #define IPT_INV_ARPHRD0x0800
+
+ void
+-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
++set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
+ bool invert);
+
+ /**
+--- a/libipq/ipq_create_handle.3
b/libipq/ipq_create_handle.3
+@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and
destroy libipq handles.
+ .br
+ .B #include
+ .sp
+-.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t "
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 9b5cb98661907b8e44b7c5b61fc9f7d7c4fc7703
Author: Sam James gentoo org>
AuthorDate: Sat May 14 03:46:57 2022 +
Commit: Sam James gentoo org>
CommitDate: Sat May 14 21:22:22 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b5cb986
net-firewall/iptables: add 1.8.8
Signed-off-by: Sam James gentoo.org>
net-firewall/iptables/Manifest | 1 +
.../files/iptables-1.8.8-format-security.patch | 21 +++
net-firewall/iptables/iptables-1.8.8.ebuild| 176 +
3 files changed, 198 insertions(+)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 20be9ec24c2d..76320a6fa208 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1 +1,2 @@
DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B
fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976
SHA512
c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
+DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B
0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164
SHA512
f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
new file mode 100644
index ..fafc435379b5
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
@@ -0,0 +1,21 @@
+https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a
+
+From: Phil Sutter
+Date: Fri, 13 May 2022 16:51:58 +0200
+Subject: xshared: Fix build for -Werror=format-security
+
+Gcc complains about the omitted format string.
+
+Signed-off-by: Phil Sutter
+--- a/iptables/xshared.c
b/iptables/xshared.c
+@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args
*args, const char *arg)
+ return;
+
+ if (args->family != NFPROTO_ARP)
+- xtables_error(PARAMETER_PROBLEM, msg);
++ xtables_error(PARAMETER_PROBLEM, "%s", msg);
+
+ fprintf(stderr, "%s", msg);
+ }
+cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8.ebuild
b/net-firewall/iptables/iptables-1.8.8.ebuild
new file mode 100644
index ..e65230759e5f
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.8.ebuild
@@ -0,0 +1,176 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/;
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2;
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64
~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+BUILD_DEPEND="
+ >=app-eselect/eselect-iptables-20220320
+"
+COMMON_DEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0:0=
+ >=net-libs/libnftnl-1.1.6:0=
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/os-headers
+ >=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="${BUILD_DEPEND}
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+RDEPEND="${COMMON_DEPEND}
+ ${BUILD_DEPEND}
+ nftables? ( net-misc/ethertypes )
+ !/dev/null; then
+ elog "Current iptables implementation is unset, setting to
${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ fi
+
+ if use nftables; then
+ local tables
+ for tables in {arp,eb}tables; do
+ if ! eselect ${tables} show &>/dev/null; then
+ elog "Current ${tables} implementation is
unset, setting to ${default_iptables}"
+ eselect ${tables} set xtables-nft-multi
+ fi
+ done
+ fi
+
+ eselect iptables show
+}
+
+pkg_prerm() {
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+ fi
+
+ if ! has_version 'net-firewall/ebtables'; then
+ elog "Unsetting ebtables symlinks before removal"
+ eselect ebtables
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/
commit: f2cd485c607a93587a35f61ace65615164667843
Author: Michael Mair-Keimberger levelnine at>
AuthorDate: Wed Feb 17 16:16:20 2021 +
Commit: Conrad Kostecki gentoo org>
CommitDate: Wed Feb 17 19:32:53 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2cd485c
net-firewall/iptables: remove unused patch
Closes: https://github.com/gentoo/gentoo/pull/19504
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Michael Mair-Keimberger levelnine.at>
Signed-off-by: Conrad Kostecki gentoo.org>
net-firewall/iptables/files/iptables.init | 129 --
1 file changed, 129 deletions(-)
diff --git a/net-firewall/iptables/files/iptables.init
b/net-firewall/iptables/files/iptables.init
deleted file mode 100644
index 0c24ca12b81..000
--- a/net-firewall/iptables/files/iptables.init
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="check save panic"
-extra_started_commands="reload"
-
-iptables_name=${SVCNAME}
-case ${iptables_name} in
-iptables|ip6tables) ;;
-*) iptables_name="iptables" ;;
-esac
-
-iptables_bin="/sbin/${iptables_name}"
-case ${iptables_name} in
- iptables) iptables_proc="/proc/net/ip_tables_names"
- iptables_save=${IPTABLES_SAVE};;
- ip6tables) iptables_proc="/proc/net/ip6_tables_names"
- iptables_save=${IP6TABLES_SAVE};;
-esac
-
-depend() {
- need localmount #434774
- before net
-}
-
-set_table_policy() {
- local chains table=$1 policy=$2
- case ${table} in
- nat)chains="PREROUTING POSTROUTING OUTPUT";;
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
- filter) chains="INPUT FORWARD OUTPUT";;
- *) chains="";;
- esac
- local chain
- for chain in ${chains} ; do
- ${iptables_bin} -w -t ${table} -P ${chain} ${policy}
- done
-}
-
-checkkernel() {
- if [ ! -e ${iptables_proc} ] ; then
- eerror "Your kernel lacks ${iptables_name} support, please load"
- eerror "appropriate modules and try again."
- return 1
- fi
- return 0
-}
-checkconfig() {
- if [ ! -f ${iptables_save} ] ; then
- eerror "Not starting ${iptables_name}. First create some rules
then run:"
- eerror "/etc/init.d/${iptables_name} save"
- return 1
- fi
- return 0
-}
-
-start() {
- checkconfig || return 1
- ebegin "Loading ${iptables_name} state and starting firewall"
- ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
- eend $?
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
- checkkernel || return 1
- ebegin "Stopping firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- set_table_policy $a ACCEPT
-
- ${iptables_bin} -w -F -t $a
- ${iptables_bin} -w -X -t $a
- done
- eend $?
-}
-
-reload() {
- checkkernel || return 1
- checkrules || return 1
- ebegin "Flushing firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -w -F -t $a
- ${iptables_bin} -w -X -t $a
- done
- eend $?
-
- start
-}
-
-checkrules() {
- ebegin "Checking rules"
- ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} <
"${iptables_save}"
- eend $?
-}
-
-check() {
- # Short name for users of init.d script.
- checkrules
-}
-
-save() {
- ebegin "Saving ${iptables_name} state"
- checkpath -q -d "$(dirname "${iptables_save}")"
- checkpath -q -m 0600 -f "${iptables_save}"
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
- eend $?
-}
-
-panic() {
- checkkernel || return 1
- if service_started ${iptables_name}; then
- rc-service ${iptables_name} stop
- fi
-
- local a
- ebegin "Dropping all packets"
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -w -F -t $a
- ${iptables_bin} -w -X -t $a
-
- set_table_policy $a DROP
- done
- eend $?
-}
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 3124aea6bcf75de81f6619cee0a345499c177c19 Author: Lars Wendler gentoo org> AuthorDate: Sat Jan 16 23:35:22 2021 + Commit: Lars Wendler gentoo org> CommitDate: Sat Jan 16 23:36:09 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3124aea6 net-firewall/iptables: Removed old Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Lars Wendler gentoo.org> net-firewall/iptables/Manifest | 3 - net-firewall/iptables/files/ip6tables-1.4.13.confd | 19 --- net-firewall/iptables/files/iptables-1.4.13.confd | 19 --- net-firewall/iptables/iptables-1.6.1-r3.ebuild | 119 -- net-firewall/iptables/iptables-1.6.2-r2.ebuild | 123 -- net-firewall/iptables/iptables-1.8.4-r2.ebuild | 179 - 6 files changed, 462 deletions(-) diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index 6124f5ea369..2e92db50183 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -1,6 +1,3 @@ -DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8 -DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0 -DIST iptables-1.8.4.tar.bz2 704312 BLAKE2B f677bb9ed2c86e6a39953c0565766991e9647224effdc7db2b563f3f491f6ace2f9073ecc8e865d489101a9f80cf964d9775ab81536412dbd4ca85937432de94 SHA512 a7faaab58608ffaa51e26e8056551c0e91a49187439d30fcf5cce2800274cc3c0515db6cfba0f4c85613fb80779cf96089b8915db0e89161e9980a6384faebdb DIST iptables-1.8.5.tar.bz2 713769 BLAKE2B 49659fc2f1f284f31637048fa1e6edb4853e9bf6ac0b6ada5599a7af34a4449205b5eb6b85b630ce4757b49cf3f8ac9ad6220e07c2c22abb688a3aeb5cf99cd2 SHA512 6a6baa541bb7aa331b176e0a91894e0766859814b59e77c71351ac34d6ebd337487981db48c70e476a48c67bcf891cfc663221a7582feb1496ad1df56eb28da8 DIST iptables-1.8.6.tar.bz2 715744 BLAKE2B 72167610b396054fe18c495d7a9e23051d217116074ee39198af989a3e50b9908cb75f42b9172d3cfd76343835386a78a2c51d1153ed5d219a6d68209e11dc9c SHA512 d06e4cddb69822c4618664a35877fc5811992936cade2040bb0e4eb25a4d879eadc7c84401c40fb39ffac7888568505adcb1cfe995cd166a15c702237daf6acf DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd deleted file mode 100644 index 3bb36989d37..000 --- a/net-firewall/iptables/files/ip6tables-1.4.13.confd +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/conf.d/ip6tables - -# Location in which iptables initscript will save set rules on -# service shutdown -IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" - -# Options to pass to iptables-save and iptables-restore -SAVE_RESTORE_OPTIONS="-c" - -# Save state on stopping iptables -SAVE_ON_STOP="yes" - -# If you need to log iptables messages as soon as iptables starts, -# AND your logger does NOT depend on the network, then you may wish -# to uncomment the next line. -# If your logger depends on the network, and you uncomment this line -# you will create an unresolvable circular dependency during startup. -# After commenting or uncommenting this line, you must run 'rc-update -u'. -#rc_use="logger" diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd deleted file mode 100644 index 7225374c3a8..000 --- a/net-firewall/iptables/files/iptables-1.4.13.confd +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/conf.d/iptables - -# Location in which iptables initscript will save set rules on -# service shutdown -IPTABLES_SAVE="/var/lib/iptables/rules-save" - -# Options to pass to iptables-save and iptables-restore -SAVE_RESTORE_OPTIONS="-c" - -# Save state on stopping iptables -SAVE_ON_STOP="yes" - -# If you need to log iptables messages as soon as iptables starts, -# AND your logger does NOT depend on the network, then you may wish -# to uncomment the next line. -# If your logger depends on the network, and you uncomment this line -# you will create an unresolvable circular dependency during startup. -# After commenting or uncommenting this line, you must run 'rc-update -u'. -#rc_use="logger" diff --git a/net-firewall/iptables/iptables-1.6.1-r3.ebuild b/net-firewall/iptables/iptables-1.6.1-r3.ebuild deleted
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/
commit: 19fbad7c1f9ffe6ebec5040d0c416c8b59fe71e3 Author: Mike Gilbert gentoo org> AuthorDate: Thu Sep 19 15:28:09 2019 + Commit: Mike Gilbert gentoo org> CommitDate: Thu Sep 19 15:29:14 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19fbad7c net-firewall/iptables: chmod -x files/*.init Closes: https://bugs.gentoo.org/694844 Signed-off-by: Mike Gilbert gentoo.org> net-firewall/iptables/files/iptables-r2.init | 0 net-firewall/iptables/files/iptables.init| 0 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/net-firewall/iptables/files/iptables-r2.init b/net-firewall/iptables/files/iptables-r2.init old mode 100755 new mode 100644 diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init old mode 100755 new mode 100644
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/
commit: 582ddf7c9cd3a1cdf225aeb1cde0953961a98ab2
Author: Michael Mair-Keimberger gmail com>
AuthorDate: Wed Jul 10 18:47:01 2019 +
Commit: Aaron Bauman gentoo org>
CommitDate: Sat Jul 20 19:37:48 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=582ddf7c
net-firewall/iptables: remove unused file
Signed-off-by: Michael Mair-Keimberger gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/12417
Signed-off-by: Aaron Bauman gentoo.org>
.../iptables/files/iptables-1.4.13-r1.init | 129 -
1 file changed, 129 deletions(-)
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init
b/net-firewall/iptables/files/iptables-1.4.13-r1.init
deleted file mode 100644
index b410b4ff52b..000
--- a/net-firewall/iptables/files/iptables-1.4.13-r1.init
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="check save panic"
-extra_started_commands="reload"
-
-iptables_name=${SVCNAME}
-case ${iptables_name} in
-iptables|ip6tables) ;;
-*) iptables_name="iptables" ;;
-esac
-
-iptables_bin="/sbin/${iptables_name}"
-case ${iptables_name} in
- iptables) iptables_proc="/proc/net/ip_tables_names"
- iptables_save=${IPTABLES_SAVE};;
- ip6tables) iptables_proc="/proc/net/ip6_tables_names"
- iptables_save=${IP6TABLES_SAVE};;
-esac
-
-depend() {
- need localmount #434774
- before net
-}
-
-set_table_policy() {
- local chains table=$1 policy=$2
- case ${table} in
- nat)chains="PREROUTING POSTROUTING OUTPUT";;
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
- filter) chains="INPUT FORWARD OUTPUT";;
- *) chains="";;
- esac
- local chain
- for chain in ${chains} ; do
- ${iptables_bin} -t ${table} -P ${chain} ${policy}
- done
-}
-
-checkkernel() {
- if [ ! -e ${iptables_proc} ] ; then
- eerror "Your kernel lacks ${iptables_name} support, please load"
- eerror "appropriate modules and try again."
- return 1
- fi
- return 0
-}
-checkconfig() {
- if [ ! -f ${iptables_save} ] ; then
- eerror "Not starting ${iptables_name}. First create some rules
then run:"
- eerror "/etc/init.d/${iptables_name} save"
- return 1
- fi
- return 0
-}
-
-start() {
- checkconfig || return 1
- ebegin "Loading ${iptables_name} state and starting firewall"
- ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
- eend $?
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then
- save || return 1
- fi
- checkkernel || return 1
- ebegin "Stopping firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- set_table_policy $a ACCEPT
-
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-}
-
-reload() {
- checkkernel || return 1
- checkrules || return 1
- ebegin "Flushing firewall"
- local a
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
- done
- eend $?
-
- start
-}
-
-checkrules() {
- ebegin "Checking rules"
- ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} <
"${iptables_save}"
- eend $?
-}
-
-check() {
- # Short name for users of init.d script.
- checkrules
-}
-
-save() {
- ebegin "Saving ${iptables_name} state"
- checkpath -q -d "$(dirname "${iptables_save}")"
- checkpath -q -m 0600 -f "${iptables_save}"
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
- eend $?
-}
-
-panic() {
- checkkernel || return 1
- if service_started ${iptables_name}; then
- rc-service ${iptables_name} stop
- fi
-
- local a
- ebegin "Dropping all packets"
- for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
-
- set_table_policy $a DROP
- done
- eend $?
-}
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 81518bff4f1a83cba9c65438f6a812f8e523b162
Author: Lars Wendler gentoo org>
AuthorDate: Tue May 28 00:39:51 2019 +
Commit: Lars Wendler gentoo org>
CommitDate: Tue May 28 00:41:08 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81518bff
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.67, Repoman-2.3.13
Signed-off-by: Lars Wendler gentoo.org>
net-firewall/iptables/Manifest | 2 -
.../iptables/files/iptables-1.4.21-configure.patch | 34 --
.../iptables-1.4.21-static-connlabel-config.patch | 77
...es-1.8.1-build_limit_without_libnftnl_fix.patch | 44 ---
net-firewall/iptables/iptables-1.4.21-r1.ebuild| 93 ---
net-firewall/iptables/iptables-1.4.21-r5.ebuild| 104
net-firewall/iptables/iptables-1.8.1-r1.ebuild | 131 -
net-firewall/iptables/iptables-1.8.2.ebuild| 129
8 files changed, 614 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 5e0703efb12..0199e509e2c 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,6 +1,4 @@
-DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B
e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d
SHA512
dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B
b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d
SHA512
12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B
3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017
SHA512
04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
-DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B
671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd
SHA512
96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
DIST iptables-1.8.2.tar.bz2 679858 BLAKE2B
2004d85c89ecbc37ef0d571ac8ece680fd2e11a51b074f6387d6e9c4892da524c785d6bf3f30e26af4e7c2cb1f401d51bf8bcb21a91e380e24945374553139cb
SHA512
8cf0f515764e1dc6e03284581d682d1949b33e8f25fea29c27ae856f1089fe8ca7b1814524b85f4378fd1fc7c7c7d002f06557b257ae2bbc945f8555bad0dc76
DIST iptables-1.8.3.tar.bz2 716257 BLAKE2B
58c606a5753ae2cb8ada9039e4653d2abe03c7c9b6aeef1e458baa3e10e818893f35e8f2aed5221e692415115e618aa673c8fcd33d172f85e9d1b609ed79c7b8
SHA512
84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch
b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
deleted file mode 100644
index e827885f168..000
--- a/net-firewall/iptables/files/iptables-1.4.21-configure.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://bugs.gentoo.org/557586
-
-From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
-From: Mike Frysinger
-Date: Sat, 15 Aug 2015 14:12:39 -0400
-Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
-
-The 3rd arg is used when --{enable,disable}-foo are passed in, not when
-the feature is enabled. Use the existing $enableval instead.
-
-Signed-off-by: Mike Frysinger
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
a/configure
-+++ b/configure
-@@ -11898,14 +11898,14 @@ fi
-
- # Check whether --enable-bpf-compiler was given.
- if test "${enable_bpf_compiler+set}" = set; then :
-- enableval=$enable_bpf_compiler; enable_bpfc="yes"
-+ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
- else
- enable_bpfc="no"
- fi
-
- # Check whether --enable-nfsynproxy was given.
- if test "${enable_nfsynproxy+set}" = set; then :
-- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
-+ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
- else
- enable_nfsynproxy="no"
- fi
diff --git
a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
deleted file mode 100644
index a4183d6d402..000
--- a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-https://bugs.gentoo.org/558234
-http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
-
-From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
-From: Florian
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: cdc003118830087bbb409761fe4e0e2c19ea103a
Author: Thomas Deutschmann gentoo org>
AuthorDate: Tue Nov 20 15:36:22 2018 +
Commit: Thomas Deutschmann gentoo org>
CommitDate: Tue Nov 20 15:36:38 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdc00311
net-firewall/iptables: multiple fixes for runscript
- We are now passing iptables "--wait" option to every iptables
command which needs to aquire a lock. [Bug 501710]
- In addition, "--wait" (IPTABLES_LOCK_WAIT_TIME) and "--wait-interval"
(IPTABLES_LOCK_WAIT_INTERVAL) is now configurable via
/etc/conf.d/{iptables,ip6tables}.
- We are now only installing one runscript and now using a symlink
for the ip6tables runscript.
- Error detection improved/added.
Closes: https://bugs.gentoo.org/501710
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann gentoo.org>
net-firewall/iptables/files/ip6tables-r1.confd | 27 +
net-firewall/iptables/files/iptables-r1.confd | 27 +
net-firewall/iptables/files/iptables-r1.init | 159 +
net-firewall/iptables/iptables-1.8.2-r1.ebuild | 129
4 files changed, 342 insertions(+)
diff --git a/net-firewall/iptables/files/ip6tables-r1.confd
b/net-firewall/iptables/files/ip6tables-r1.confd
new file mode 100644
index 000..e608f41d1ea
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables-r1.confd
@@ -0,0 +1,27 @@
+# /etc/conf.d/ip6tables
+
+# Set wait option for xtables lock in seconds
+# DEFAULT: 60
+#IPTABLES_LOCK_WAIT_TIME="60"
+
+# Set wait interval option for xtables lock in microseconds
+# DEFAULT: 1000
+#IPTABLES_LOCK_WAIT_INTERVAL="1000"
+
+# Location in which ip6tables initscript will save set rules on
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to ip6tables-save and ip6tables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping ip6tables
+SAVE_ON_STOP="yes"
+
+# If you need to log ip6tables messages as soon as ip6tables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-r1.confd
b/net-firewall/iptables/files/iptables-r1.confd
new file mode 100644
index 000..d5055e0a5d2
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-r1.confd
@@ -0,0 +1,27 @@
+# /etc/conf.d/iptables
+
+# Set wait option for xtables lock in seconds
+# DEFAULT: 60
+#IPTABLES_LOCK_WAIT_TIME="60"
+
+# Set wait interval option for xtables lock in microseconds
+# DEFAULT: 1000
+#IPTABLES_LOCK_WAIT_INTERVAL="1000"
+
+# Location in which iptables initscript will save set rules on
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-r1.init
b/net-firewall/iptables/files/iptables-r1.init
new file mode 100755
index 000..708dcce6d3c
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-r1.init
@@ -0,0 +1,159 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_lock_wait_time=${IPTABLES_LOCK_WAIT_TIME:-"60"}
+iptables_lock_wait_interval=${IPTABLES_LOCK_WAIT_INTERVAL:-"1000"}
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+ iptables|ip6tables) ;;
+ *) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+ iptables) iptables_proc="/proc/net/ip_tables_names"
+ iptables_save=${IPTABLES_SAVE};;
+ ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+ iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+set_table_policy() {
+ local has_errors=0 chains table=$1 policy=$2
+ case ${table} in
+ nat)chains="PREROUTING POSTROUTING OUTPUT";;
+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+
+ local chain
+
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 7ed84d5b5c472c3251c4acb752d9fed6880bf973
Author: Lars Wendler gentoo org>
AuthorDate: Tue Nov 20 14:21:32 2018 +
Commit: Lars Wendler gentoo org>
CommitDate: Tue Nov 20 14:22:55 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ed84d5b
Revert "net-firewall/iptables: Removed old."
This reverts commit 070fae35cc6d85cdb9c35b92b476394e17c8c144.
Signed-off-by: Lars Wendler gentoo.org>
net-firewall/iptables/Manifest | 1 +
.../iptables/files/iptables-1.4.21-configure.patch | 34 +++
.../iptables-1.4.21-static-connlabel-config.patch | 77 +++
net-firewall/iptables/iptables-1.4.21-r1.ebuild| 93 ++
net-firewall/iptables/iptables-1.4.21-r5.ebuild| 104 +
5 files changed, 309 insertions(+)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 2d94c7883a8..8808dd33a3a 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,3 +1,4 @@
+DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B
e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d
SHA512
dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B
b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d
SHA512
12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B
3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017
SHA512
04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B
671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd
SHA512
96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch
b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
new file mode 100644
index 000..e827885f168
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/557586
+
+From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
+From: Mike Frysinger
+Date: Sat, 15 Aug 2015 14:12:39 -0400
+Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
+
+The 3rd arg is used when --{enable,disable}-foo are passed in, not when
+the feature is enabled. Use the existing $enableval instead.
+
+Signed-off-by: Mike Frysinger
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/configure
b/configure
+@@ -11898,14 +11898,14 @@ fi
+
+ # Check whether --enable-bpf-compiler was given.
+ if test "${enable_bpf_compiler+set}" = set; then :
+- enableval=$enable_bpf_compiler; enable_bpfc="yes"
++ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
+ else
+ enable_bpfc="no"
+ fi
+
+ # Check whether --enable-nfsynproxy was given.
+ if test "${enable_nfsynproxy+set}" = set; then :
+- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
++ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
+ else
+ enable_nfsynproxy="no"
+ fi
diff --git
a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
new file mode 100644
index 000..a4183d6d402
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
@@ -0,0 +1,77 @@
+https://bugs.gentoo.org/558234
+http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
+
+From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
+From: Florian Westphal
+Date: Fri, 5 Sep 2014 20:45:56 +0200
+Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
+ _init hook
+
+else, static builds will print this for every iptables invocation,
+even 'iptables -L'. Delay open until we need to translate a mapping.
+
+Reported-by: Thomas De Schampheleire
+Signed-off-by: Florian Westphal
+---
+ extensions/libxt_connlabel.c | 27 ---
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
+index c84a167..1f83095 100644
+--- a/extensions/libxt_connlabel.c
b/extensions/libxt_connlabel.c
+@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
+ XTOPT_TABLEEND,
+ };
+
++/* cannot do this via _init, else static builds might
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 070fae35cc6d85cdb9c35b92b476394e17c8c144
Author: Lars Wendler gentoo org>
AuthorDate: Tue Nov 20 13:53:28 2018 +
Commit: Lars Wendler gentoo org>
CommitDate: Tue Nov 20 13:54:09 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=070fae35
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler gentoo.org>
net-firewall/iptables/Manifest | 1 -
.../iptables/files/iptables-1.4.21-configure.patch | 34 ---
.../iptables-1.4.21-static-connlabel-config.patch | 77 ---
net-firewall/iptables/iptables-1.4.21-r1.ebuild| 93 --
net-firewall/iptables/iptables-1.4.21-r5.ebuild| 104 -
5 files changed, 309 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 8808dd33a3a..2d94c7883a8 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,4 +1,3 @@
-DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B
e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d
SHA512
dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B
b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d
SHA512
12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B
3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017
SHA512
04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B
671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd
SHA512
96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch
b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
deleted file mode 100644
index e827885f168..000
--- a/net-firewall/iptables/files/iptables-1.4.21-configure.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://bugs.gentoo.org/557586
-
-From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
-From: Mike Frysinger
-Date: Sat, 15 Aug 2015 14:12:39 -0400
-Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
-
-The 3rd arg is used when --{enable,disable}-foo are passed in, not when
-the feature is enabled. Use the existing $enableval instead.
-
-Signed-off-by: Mike Frysinger
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
a/configure
-+++ b/configure
-@@ -11898,14 +11898,14 @@ fi
-
- # Check whether --enable-bpf-compiler was given.
- if test "${enable_bpf_compiler+set}" = set; then :
-- enableval=$enable_bpf_compiler; enable_bpfc="yes"
-+ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
- else
- enable_bpfc="no"
- fi
-
- # Check whether --enable-nfsynproxy was given.
- if test "${enable_nfsynproxy+set}" = set; then :
-- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
-+ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
- else
- enable_nfsynproxy="no"
- fi
diff --git
a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
deleted file mode 100644
index a4183d6d402..000
--- a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-https://bugs.gentoo.org/558234
-http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
-
-From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
-From: Florian Westphal
-Date: Fri, 5 Sep 2014 20:45:56 +0200
-Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
- _init hook
-
-else, static builds will print this for every iptables invocation,
-even 'iptables -L'. Delay open until we need to translate a mapping.
-
-Reported-by: Thomas De Schampheleire
-Signed-off-by: Florian Westphal
- extensions/libxt_connlabel.c | 27 ---
- 1 file changed, 20 insertions(+), 7 deletions(-)
-
-diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
-index c84a167..1f83095 100644
a/extensions/libxt_connlabel.c
-+++ b/extensions/libxt_connlabel.c
-@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
- XTOPT_TABLEEND,
- };
-
-+/* cannot do this via _init, else static builds might spew error message
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: d3b81429961f996c4a19552ea3c832e1bea615d0
Author: Lars Wendler gentoo org>
AuthorDate: Wed Nov 14 10:13:15 2018 +
Commit: Lars Wendler gentoo org>
CommitDate: Wed Nov 14 10:13:33 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3b81429
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.51, Repoman-2.3.12
Signed-off-by: Lars Wendler gentoo.org>
net-firewall/iptables/Manifest | 1 -
...es-1.8.0-fix-building-without-nft-backend.patch | 26
...ort-nft-suffix-for-arptables-and-ebtables.patch | 44 ---
net-firewall/iptables/iptables-1.8.0-r1.ebuild | 132 -
4 files changed, 203 deletions(-)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index aaefc0f765c..8808dd33a3a 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,6 +1,5 @@
DIST iptables-1.4.21.tar.bz2 547439 BLAKE2B
e30f25581a118b91781dcc02761d4c8c420fb19876ec9e8ade3aff22b574931065f9a1c1ec31983a444c406dd928c47673d02698553da85c3db4f31484b1597d
SHA512
dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B
b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d
SHA512
12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B
3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017
SHA512
04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
-DIST iptables-1.8.0.tar.bz2 677980 BLAKE2B
ce874572d736087f46ea5a6e393cf9b32bf7328efda0fd9faee94dfa11428fc0e124d5ed81329484032ac4ebe89b2604b26dbb135e152c0e0f4c74d88db52d00
SHA512
5f3fe4c15f02e29a2e6ee2905a242f450f8a3b51553618e0cdc59301c35b8bb663e8f2ea70dfcaed8d4e53192c01519906b60ff649385c693e0602622742890f
DIST iptables-1.8.1.tar.bz2 678706 BLAKE2B
671e7329cc07dae0fbc54c1f6061bc148c4823e1f675369ee36a7cd2346cc1a9a516d5aa2e8a3506d5400027c1ba306cbe426940894117710bc61aacd256fccd
SHA512
96a896b6dd26c2d0b4e1672d428ea3c3aab0a3c9e56a896af3a2b8428c4212d7378ba555e0be198b0ccb3fd370bca529466ab8b4edc1777eb7deed600d3f0e11
DIST iptables-1.8.2.tar.bz2 679858 BLAKE2B
2004d85c89ecbc37ef0d571ac8ece680fd2e11a51b074f6387d6e9c4892da524c785d6bf3f30e26af4e7c2cb1f401d51bf8bcb21a91e380e24945374553139cb
SHA512
8cf0f515764e1dc6e03284581d682d1949b33e8f25fea29c27ae856f1089fe8ca7b1814524b85f4378fd1fc7c7c7d002f06557b257ae2bbc945f8555bad0dc76
diff --git
a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
deleted file mode 100644
index 6b19c87678b..000
---
a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-extensions: don't bother to build libebt/libarp extensions if nft backend was
disabled
-
-Bug: https://bugs.gentoo.org/660790
-Reported-by: Thomas Deutschmann
-Signed-off-by: Florian Westphal
- extensions/GNUmakefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
-index bee666e80e45..c0d73cd28c03 100644
a/extensions/GNUmakefile.in
-+++ b/extensions/GNUmakefile.in
-@@ -40,8 +40,8 @@ endif
- # Wildcard module list
- #
- pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard
${srcdir}/libxt_*.c)))
--pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard
${srcdir}/libebt_*.c)))
--pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard
${srcdir}/libarpt_*.c)))
-+@ENABLE_NFTABLES_TRUE@ pfb_build_mod := $(patsubst
${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
-+@ENABLE_NFTABLES_TRUE@ pfa_build_mod := $(patsubst
${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
- pfx_symlinks := NOTRACK state
- @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort
$(wildcard ${srcdir}/libipt_*.c)))
- @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort
$(wildcard ${srcdir}/libip6t_*.c)))
---
-2.17.1
diff --git
a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
b/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
deleted file mode 100644
index 1053c0a338e..000
---
a/net-firewall/iptables/files/iptables-1.8.0-support-nft-suffix-for-arptables-and-ebtables.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Backport of
-
-https://git.netfilter.org/iptables/commit/?id=565a22395c4c620bf26a002515d9016db0c35824
-
-Bug:
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 281ad1c5b4f2d41492b69aaf169f5fa6ea1ab20b
Author: Lars Wendler gentoo org>
AuthorDate: Wed Oct 24 13:26:18 2018 +
Commit: Lars Wendler gentoo org>
CommitDate: Wed Oct 24 13:26:33 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=281ad1c5
net-firewall/iptables: Fixed build with USE="-nftables"
Closes: https://bugs.gentoo.org/669486
Signed-off-by: Lars Wendler gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
...es-1.8.1-build_limit_without_libnftnl_fix.patch | 44 ++
net-firewall/iptables/iptables-1.8.1.ebuild| 2 +
2 files changed, 46 insertions(+)
diff --git
a/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
new file mode 100644
index 000..a0fca7efa93
--- /dev/null
+++
b/net-firewall/iptables/files/iptables-1.8.1-build_limit_without_libnftnl_fix.patch
@@ -0,0 +1,44 @@
+From b2fc2a368562d55fadad94d995247bb8cd7e68a3 Mon Sep 17 00:00:00 2001
+From: Florian Westphal
+Date: Wed, 24 Oct 2018 12:00:11 +0200
+Subject: extensions: limit: unbreak build without libnftnl
+
+Lars Wendler reported 1.8.1 build failure when trying to build without nft
backend:
+
+ In file included from ../iptables/nft.h:5, from libxt_limit.c:18:
libnftnl/rule.h: No such file or directory
+
+Reported-by: Lars Wendler
+Fixes: 02b80972c43 ("ebtables: Merge libebt_limit.c into libxt_limit.c")
+Signed-off-by: Florian Westphal
+---
+ extensions/libxt_limit.c | 1 -
+ iptables/nft-bridge.h| 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c
+index c7b66295..1b324657 100644
+--- a/extensions/libxt_limit.c
b/extensions/libxt_limit.c
+@@ -15,7 +15,6 @@
+ #include
+ #include
+ #include
+-#include "iptables/nft.h"
+ #include "iptables/nft-bridge.h"
+
+ #define XT_LIMIT_AVG "3/hour"
+diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
+index 9d49ccbe..de52cd71 100644
+--- a/iptables/nft-bridge.h
b/iptables/nft-bridge.h
+@@ -68,6 +68,7 @@ int ebt_get_mac_and_mask(const char *from, unsigned char
*to, unsigned char *mas
+ #define EBT_VERDICT_BITS 0x000F
+
+ struct nftnl_rule;
++struct iptables_command_state;
+
+ static const char *ebt_standard_targets[NUM_STANDARD_TARGETS] = {
+ "ACCEPT",
+--
+cgit v1.2.1
+
diff --git a/net-firewall/iptables/iptables-1.8.1.ebuild
b/net-firewall/iptables/iptables-1.8.1.ebuild
index 043562633bd..3db0cde5904 100644
--- a/net-firewall/iptables/iptables-1.8.1.ebuild
+++ b/net-firewall/iptables/iptables-1.8.1.ebuild
@@ -42,6 +42,8 @@ RDEPEND="${COMMON_DEPEND}
"
src_prepare() {
+ eapply "${FILESDIR}/${P}-build_limit_without_libnftnl_fix.patch" #669486
+
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 3a10deb82c1bcadbc0977d26dce8650c2bf5ba0a
Author: Thomas Deutschmann gentoo org>
AuthorDate: Mon Jul 9 14:51:42 2018 +
Commit: Thomas Deutschmann gentoo org>
CommitDate: Mon Jul 9 14:51:59 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a10deb8
net-firewall/iptables: fix building with USE=-nftables
Closes: https://bugs.gentoo.org/660790
Package-Manager: Portage-2.3.41, Repoman-2.3.9
...es-1.8.0-fix-building-without-nft-backend.patch | 26 ++
net-firewall/iptables/iptables-1.8.0.ebuild| 7 --
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git
a/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
new file mode 100644
index 000..6b19c87678b
--- /dev/null
+++
b/net-firewall/iptables/files/iptables-1.8.0-fix-building-without-nft-backend.patch
@@ -0,0 +1,26 @@
+extensions: don't bother to build libebt/libarp extensions if nft backend was
disabled
+
+Bug: https://bugs.gentoo.org/660790
+Reported-by: Thomas Deutschmann
+Signed-off-by: Florian Westphal
+---
+ extensions/GNUmakefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index bee666e80e45..c0d73cd28c03 100644
+--- a/extensions/GNUmakefile.in
b/extensions/GNUmakefile.in
+@@ -40,8 +40,8 @@ endif
+ # Wildcard module list
+ #
+ pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard
${srcdir}/libxt_*.c)))
+-pfb_build_mod := $(patsubst ${srcdir}/libebt_%.c,%,$(sort $(wildcard
${srcdir}/libebt_*.c)))
+-pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard
${srcdir}/libarpt_*.c)))
++@ENABLE_NFTABLES_TRUE@ pfb_build_mod := $(patsubst
${srcdir}/libebt_%.c,%,$(sort $(wildcard ${srcdir}/libebt_*.c)))
++@ENABLE_NFTABLES_TRUE@ pfa_build_mod := $(patsubst
${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/libarpt_*.c)))
+ pfx_symlinks := NOTRACK state
+ @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort
$(wildcard ${srcdir}/libipt_*.c)))
+ @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort
$(wildcard ${srcdir}/libip6t_*.c)))
+--
+2.17.1
diff --git a/net-firewall/iptables/iptables-1.8.0.ebuild
b/net-firewall/iptables/iptables-1.8.0.ebuild
index 78051935b05..d4cee0085fc 100644
--- a/net-firewall/iptables/iptables-1.8.0.ebuild
+++ b/net-firewall/iptables/iptables-1.8.0.ebuild
@@ -41,12 +41,15 @@ RDEPEND="${COMMON_DEPEND}
nftables? ( net-misc/ethertypes )
"
+PATCHES=( "${FILESDIR}"/iptables-1.8.0-fix-building-without-nft-backend.patch )
+
src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
- # Only run autotools if user patched something
- eapply_user && eautoreconf || elibtoolize
+ default
+
+ eautoreconf
}
src_configure() {
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/systemd/
commit: 0cfab3ee206cb4edae48ded9bb5b63a7eab8fbc2 Author: Mike Gilbert gentoo org> AuthorDate: Sun Oct 23 19:06:27 2016 + Commit: Mike Gilbert gentoo org> CommitDate: Sun Oct 23 19:07:18 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cfab3ee net-firewall/iptables: adjust systemd service deps Package-Manager: portage-2.3.2 net-firewall/iptables/files/systemd/ip6tables-restore.service | 4 ++-- net-firewall/iptables/files/systemd/iptables-restore.service | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service index 88415fa..c149e92 100644 --- a/net-firewall/iptables/files/systemd/ip6tables-restore.service +++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service @@ -3,8 +3,8 @@ Description=Restore ip6tables firewall rules # if both are queued for some reason, don't store before restoring :) Before=ip6tables-store.service # sounds reasonable to have firewall up before any of the services go up -Before=network.target -Conflicts=shutdown.target +Before=network-pre.target +Wants=network-pre.target [Service] Type=oneshot diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service index 9d568d7..2474ee3 100644 --- a/net-firewall/iptables/files/systemd/iptables-restore.service +++ b/net-firewall/iptables/files/systemd/iptables-restore.service @@ -3,8 +3,8 @@ Description=Restore iptables firewall rules # if both are queued for some reason, don't store before restoring :) Before=iptables-store.service # sounds reasonable to have firewall up before any of the services go up -Before=network.target -Conflicts=shutdown.target +Before=network-pre.target +Wants=network-pre.target [Service] Type=oneshot
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: adbc9428f6d4f5f6751127f4edc6846b36083d28
Author: Mike Frysinger vapier AT gentoo DOT org
AuthorDate: Thu Aug 27 02:07:03 2015 +
Commit: Mike Frysinger vapier AT gentoo DOT org
CommitDate: Thu Aug 27 02:07:43 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adbc9428
net-firewall/iptables: fix from upstream for static builds #558234
Silence constant connlabel.conf warnings when using static libs.
.../iptables-1.4.21-static-connlabel-config.patch | 77 +++
net-firewall/iptables/iptables-1.4.21-r3.ebuild| 104 +
2 files changed, 181 insertions(+)
diff --git
a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
new file mode 100644
index 000..a4183d6
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
@@ -0,0 +1,77 @@
+https://bugs.gentoo.org/558234
+http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
+
+From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
+From: Florian Westphal f...@strlen.de
+Date: Fri, 5 Sep 2014 20:45:56 +0200
+Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
+ _init hook
+
+else, static builds will print this for every iptables invocation,
+even 'iptables -L'. Delay open until we need to translate a mapping.
+
+Reported-by: Thomas De Schampheleire patrickdeping...@gmail.com
+Signed-off-by: Florian Westphal f...@strlen.de
+---
+ extensions/libxt_connlabel.c | 27 ---
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
+index c84a167..1f83095 100644
+--- a/extensions/libxt_connlabel.c
b/extensions/libxt_connlabel.c
+@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
+ XTOPT_TABLEEND,
+ };
+
++/* cannot do this via _init, else static builds might spew error message
++ * for every iptables invocation.
++ */
++static void connlabel_open(void)
++{
++ if (map)
++ return;
++
++ map = nfct_labelmap_new(NULL);
++ if (!map errno)
++ xtables_error(RESOURCE_PROBLEM, cannot open connlabel.conf:
%s\n,
++ strerror(errno));
++}
++
+ static void connlabel_mt_parse(struct xt_option_call *cb)
+ {
+ struct xt_connlabel_mtinfo *info = cb-data;
+ int tmp;
+
++ connlabel_open();
+ xtables_option_parse(cb);
+
+ switch (cb-entry-id) {
+@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
+
+ static const char *connlabel_get_name(int b)
+ {
+- const char *name = nfct_labelmap_get_name(map, b);
++ const char *name;
++
++ connlabel_open();
++
++ name = nfct_labelmap_get_name(map, b);
+ if (name strcmp(name, ))
+ return name;
+ return NULL;
+@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
+
+ void _init(void)
+ {
+- map = nfct_labelmap_new(NULL);
+- if (!map) {
+- fprintf(stderr, cannot open connlabel.conf, not registering
'%s' match: %s\n,
+- connlabel_mt_reg.name, strerror(errno));
+- return;
+- }
+ xtables_register_match(connlabel_mt_reg);
+ }
+--
+2.4.4
+
diff --git a/net-firewall/iptables/iptables-1.4.21-r3.ebuild
b/net-firewall/iptables/iptables-1.4.21-r3.ebuild
new file mode 100644
index 000..ef4eb78
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r3.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION=Linux kernel (2.4+) firewall, NAT and packet mangling tools
+HOMEPAGE=http://www.netfilter.org/projects/iptables/;
+SRC_URI=http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2;
+
+LICENSE=GPL-2
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT=0/10
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86
+IUSE=conntrack ipv6 netlink pcap static-libs
+
+RDEPEND=
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+ pcap? ( net-libs/libpcap )
+
+DEPEND=${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ epatch ${FILESDIR}/${P}-configure.patch #557586
+ epatch ${FILESDIR}/${P}-static-connlabel-config.patch #558234
+
+ # Only run autotools if user patched something
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/
commit: 27a2f5aa3b111e62f52fcd3f66f763293f24871b
Author: Mike Frysinger vapier AT gentoo DOT org
AuthorDate: Fri Aug 14 09:12:11 2015 +
Commit: Mike Frysinger vapier AT gentoo DOT org
CommitDate: Fri Aug 14 09:28:26 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27a2f5aa
net-firewall/iptables: init: use -w when running iptables #501710
Newer iptables versions have an internal lock to keep multiple instances
from trampling on each other, but you have to use the -w flag. Normally
this doesn't come up, but when you run iptables ip6tables in parallel,
things can get a bit racy wrt state (even though they're updating diff
sets of chains).
net-firewall/iptables/files/iptables.init | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/net-firewall/iptables/files/iptables.init
b/net-firewall/iptables/files/iptables.init
index 440e840..f396ea2 100755
--- a/net-firewall/iptables/files/iptables.init
+++ b/net-firewall/iptables/files/iptables.init
@@ -35,7 +35,7 @@ set_table_policy() {
esac
local chain
for chain in ${chains} ; do
- ${iptables_bin} -t ${table} -P ${chain} ${policy}
+ ${iptables_bin} -w -t ${table} -P ${chain} ${policy}
done
}
@@ -73,8 +73,8 @@ stop() {
for a in $(cat ${iptables_proc}) ; do
set_table_policy $a ACCEPT
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
done
eend $?
}
@@ -85,8 +85,8 @@ reload() {
ebegin Flushing firewall
local a
for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
done
eend $?
@@ -121,8 +121,8 @@ panic() {
local a
ebegin Dropping all packets
for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
set_table_policy $a DROP
done
[gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/, net-firewall/iptables/
commit: 190ab2e9052a9e2304a9aafac6c6ae17bd4e1ba2
Author: Michał Górny mgorny AT gentoo DOT org
AuthorDate: Fri Aug 14 12:41:41 2015 +
Commit: Michał Górny mgorny AT gentoo DOT org
CommitDate: Fri Aug 14 12:42:00 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=190ab2e9
net-firewall/iptables: Restore 1.4.17 required by dev-perl/IPTables-libiptc
Package-Manager: portage-2.2.20
net-firewall/iptables/Manifest | 1 +
.../iptables/files/iptables-1.4.17-libip6tc.patch | 32
net-firewall/iptables/iptables-1.4.17.ebuild | 87 ++
3 files changed, 120 insertions(+)
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index e3c1f23..8e3fa0b 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1 +1,2 @@
+DIST iptables-1.4.17.tar.bz2 541137 SHA256
51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925 SHA512
022f89cbf56408842bdeb1adbe05076addaad007599fdb662f32a1c134d743dade28c26842acc7545d2474903164be5fe3ec7fd1e276cd2c37bd3b33b8a30de1
WHIRLPOOL
f2cb85d5f4080fce2c6673a58737ace3d55130f74c66207bc515d0c7b4ecd75bd7ac8540a862e8af133e740d34eee40833d72c9c3236c7ef4dc75cd43816ec41
DIST iptables-1.4.21.tar.bz2 547439 SHA256
52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512
dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b
WHIRLPOOL
475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200
diff --git a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
new file mode 100644
index 000..5212dd2
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
@@ -0,0 +1,32 @@
+From d42bc7c100de69396a527e90736198f8e4e3000b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger vap...@gentoo.org
+Date: Sun, 30 Dec 2012 18:06:15 -0500
+Subject: [PATCH] extensions: fix linking against -lip6tc
+
+The current build forgets to specify a path to find libip6tc which means
+it either fails (if there is no libip6tc in the system), or links against
+an old version (if there is one in the system).
+
+References: https://bugs.gentoo.org/449262
+Reported-by: Mike Gilbert flop...@gentoo.org
+Signed-off-by: Mike Frysinger vap...@gentoo.org
+---
+ extensions/GNUmakefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index e71e3ff..a605474 100644
+--- a/extensions/GNUmakefile.in
b/extensions/GNUmakefile.in
+@@ -101,7 +101,7 @@ libxt_state.so: libxt_conntrack.so
+ ln -fs $ $@
+
+ # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+-ip6t_NETMAP_LIBADD = -lip6tc
++ip6t_NETMAP_LIBADD = -L../libiptc/.libs -lip6tc
+ xt_RATEEST_LIBADD = -lm
+ xt_statistic_LIBADD = -lm
+
+--
+1.8.0
+
diff --git a/net-firewall/iptables/iptables-1.4.17.ebuild
b/net-firewall/iptables/iptables-1.4.17.ebuild
new file mode 100644
index 000..0bbfa2b
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.17.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION=Linux kernel (2.4+) firewall, NAT and packet mangling tools
+HOMEPAGE=http://www.iptables.org/;
+SRC_URI=http://iptables.org/projects/iptables/files/${P}.tar.bz2;
+
+LICENSE=GPL-2
+SLOT=0
+KEYWORDS=~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh
~sparc ~x86
+IUSE=ipv6 netlink static-libs
+
+RDEPEND=
+ netlink? ( net-libs/libnfnetlink )
+
+DEPEND=${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+ epatch ${FILESDIR}/${P}-libip6tc.patch #449262
+
+ # Only run autotools if user patched something
+ epatch_user eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ sed -i \
+ -e /nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0): \
+ configure || die
+
+ econf \
+ --sbindir=${EPREFIX}/sbin \
+ --libexecdir=${EPREFIX}/$(get_libdir) \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in
