1 |
robbat2 13/12/01 19:16:16 |
2 |
|
3 |
Modified: ipset.confd ipset.initd-r2 |
4 |
Added: ipset.initd-r3 |
5 |
Log: |
6 |
Bump per bug #486836, adds new modules and future warning about NET_NS. Make USE=-modules not introduce kernel-sources via MODULES_OPTIONAL_USE. Bug #433411: Drop use |
7 |
|
8 |
(Portage version: 2.2.7/cvs/Linux x86_64, unsigned Manifest commit) |
9 |
|
10 |
Revision Changes Path |
11 |
1.2 net-firewall/ipset/files/ipset.confd |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.confd?rev=1.2&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.confd?rev=1.2&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.confd?r1=1.1&r2=1.2 |
16 |
|
17 |
Index: ipset.confd |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/net-firewall/ipset/files/ipset.confd,v |
20 |
retrieving revision 1.1 |
21 |
retrieving revision 1.2 |
22 |
diff -p -w -b -B -u -u -r1.1 -r1.2 |
23 |
--- ipset.confd 17 Dec 2011 03:30:59 -0000 1.1 |
24 |
+++ ipset.confd 1 Dec 2013 19:16:15 -0000 1.2 |
25 |
@@ -6,3 +6,11 @@ IPSET_SAVE="/var/lib/ipset/rules-save" |
26 |
|
27 |
# Save state on stopping ipset |
28 |
SAVE_ON_STOP="yes" |
29 |
+ |
30 |
+# If you need to log iptables messages as soon as iptables starts, |
31 |
+# AND your logger does NOT depend on the network, then you may wish |
32 |
+# to uncomment the next line. |
33 |
+# If your logger depends on the network, and you uncomment this line |
34 |
+# you will create an unresolvable circular dependency during startup. |
35 |
+# After commenting or uncommenting this line, you must run 'rc-update -u'. |
36 |
+#rc_use="logger" |
37 |
|
38 |
|
39 |
|
40 |
1.2 net-firewall/ipset/files/ipset.initd-r2 |
41 |
|
42 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.initd-r2?rev=1.2&view=markup |
43 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.initd-r2?rev=1.2&content-type=text/plain |
44 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.initd-r2?r1=1.1&r2=1.2 |
45 |
|
46 |
Index: ipset.initd-r2 |
47 |
=================================================================== |
48 |
RCS file: /var/cvsroot/gentoo-x86/net-firewall/ipset/files/ipset.initd-r2,v |
49 |
retrieving revision 1.1 |
50 |
retrieving revision 1.2 |
51 |
diff -p -w -b -B -u -u -r1.1 -r1.2 |
52 |
--- ipset.initd-r2 17 Dec 2011 03:30:59 -0000 1.1 |
53 |
+++ ipset.initd-r2 1 Dec 2013 19:16:15 -0000 1.2 |
54 |
@@ -1,7 +1,7 @@ |
55 |
#!/sbin/runscript |
56 |
-# Copyright 1999-2011 Gentoo Foundation |
57 |
+# Copyright 1999-2013 Gentoo Foundation |
58 |
# Distributed under the terms of the GNU General Public License v2 |
59 |
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipset/files/ipset.initd-r2,v 1.1 2011/12/17 03:30:59 pva Exp $ |
60 |
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipset/files/ipset.initd-r2,v 1.2 2013/12/01 19:16:15 robbat2 Exp $ |
61 |
|
62 |
extra_commands="save" |
63 |
|
64 |
@@ -9,7 +9,6 @@ IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/ |
65 |
|
66 |
depend() { |
67 |
before iptables ip6tables |
68 |
- use logger |
69 |
} |
70 |
|
71 |
checkconfig() { |
72 |
|
73 |
|
74 |
|
75 |
1.1 net-firewall/ipset/files/ipset.initd-r3 |
76 |
|
77 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.initd-r3?rev=1.1&view=markup |
78 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipset/files/ipset.initd-r3?rev=1.1&content-type=text/plain |
79 |
|
80 |
Index: ipset.initd-r3 |
81 |
=================================================================== |
82 |
#!/sbin/runscript |
83 |
# Copyright 1999-2013 Gentoo Foundation |
84 |
# Distributed under the terms of the GNU General Public License v2 |
85 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipset/files/ipset.initd-r3,v 1.1 2013/12/01 19:16:15 robbat2 Exp $ |
86 |
|
87 |
extra_commands="save" |
88 |
extra_started_commands="reload" |
89 |
|
90 |
IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} |
91 |
|
92 |
depend() { |
93 |
before iptables ip6tables |
94 |
} |
95 |
|
96 |
checkconfig() { |
97 |
if [ ! -f "${IPSET_SAVE}" ] ; then |
98 |
eerror "Not starting ${SVCNAME}. First create some rules then run:" |
99 |
eerror "/etc/init.d/${SVCNAME} save" |
100 |
return 1 |
101 |
fi |
102 |
return 0 |
103 |
} |
104 |
|
105 |
start() { |
106 |
checkconfig || return 1 |
107 |
ebegin "Loading ipset session" |
108 |
ipset restore < "${IPSET_SAVE}" |
109 |
eend $? |
110 |
} |
111 |
|
112 |
stop() { |
113 |
# check if there are any references to current sets |
114 |
|
115 |
if ! ipset list | gawk ' |
116 |
($1 == "References:") { refcnt += $2 } |
117 |
($1 == "Type:" && $2 == "list:set") { set = 1 } |
118 |
(scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } |
119 |
(set && $1 == "Members:") {scan = 1} |
120 |
END { if ((refcnt - setcnt) > 0) exit 1 } |
121 |
'; then |
122 |
eerror "ipset is in use, can't stop" |
123 |
return 1 |
124 |
fi |
125 |
|
126 |
if [ "${SAVE_ON_STOP}" = "yes" ] ; then |
127 |
save || return 1 |
128 |
fi |
129 |
|
130 |
ebegin "Removing kernel IP sets" |
131 |
ipset flush |
132 |
ipset destroy |
133 |
eend $? |
134 |
} |
135 |
|
136 |
reload() { |
137 |
ebegin "Reloading ipsets" |
138 |
|
139 |
# Loading sets from a save file is only additive (there is no |
140 |
# automatic flushing or replacing). And, we can not remove sets |
141 |
# that are currently used in existing iptables rules. |
142 |
# |
143 |
# Instead, we create new temp sets for any set that is already |
144 |
# in use, and then atomically swap them into place. |
145 |
# |
146 |
# XXX: This does not clean out previously used ipsets that are |
147 |
# not in the new saved policy--it can't, because they may still |
148 |
# be referenced in the current iptables rules. |
149 |
|
150 |
# Build a list of all currently used sets (if any). |
151 |
running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}') |
152 |
running_ipset_list="${running_ipset_list% }" |
153 |
# Build a regular expression that matches those set names. |
154 |
running_ipset_list_regex="${running_ipset_list// /|}" |
155 |
|
156 |
# Load up sets from the save file, but rename any set that already |
157 |
# exists to a temporary name that we will swap later. |
158 |
if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then |
159 |
eend $? "Failed to load new ipsets" |
160 |
fi |
161 |
|
162 |
# Now for every set name that currently exists, atomically swap it |
163 |
# with the temporary new one we created, and then destroy the old set. |
164 |
for ipset_name in ${running_ipset_list} ; do |
165 |
ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name" |
166 |
ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp" |
167 |
done |
168 |
eend 0 |
169 |
} |
170 |
|
171 |
save() { |
172 |
ebegin "Saving ipset session" |
173 |
touch "${IPSET_SAVE}" |
174 |
chmod 0600 "${IPSET_SAVE}" |
175 |
ipset save > "${IPSET_SAVE}" |
176 |
eend $? |
177 |
} |