1 |
commit: f2c7695094408d0d81dc0a99201d160c59e694f2 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jul 21 01:20:15 2019 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jul 21 01:20:15 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=f2c76950 |
7 |
|
8 |
net-firewall/iptables: in tree version works |
9 |
|
10 |
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> |
11 |
|
12 |
net-firewall/iptables/Manifest | 1 - |
13 |
net-firewall/iptables/files/ip6tables-1.4.13.confd | 19 --- |
14 |
.../iptables/files/iptables-1.4.13-r1.init | 130 --------------------- |
15 |
net-firewall/iptables/files/iptables-1.4.13.confd | 19 --- |
16 |
.../iptables/files/iptables-1.4.21-musl.patch | 76 ------------ |
17 |
net-firewall/iptables/files/iptables.init | 130 --------------------- |
18 |
.../files/systemd/ip6tables-restore.service | 14 --- |
19 |
.../iptables/files/systemd/ip6tables-store.service | 11 -- |
20 |
.../iptables/files/systemd/ip6tables.service | 6 - |
21 |
.../files/systemd/iptables-restore.service | 14 --- |
22 |
.../iptables/files/systemd/iptables-store.service | 11 -- |
23 |
.../iptables/files/systemd/iptables.service | 6 - |
24 |
net-firewall/iptables/iptables-1.4.21-r1.ebuild | 95 --------------- |
25 |
net-firewall/iptables/metadata.xml | 27 ----- |
26 |
14 files changed, 559 deletions(-) |
27 |
|
28 |
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest |
29 |
deleted file mode 100644 |
30 |
index e3c1f23..0000000 |
31 |
--- a/net-firewall/iptables/Manifest |
32 |
+++ /dev/null |
33 |
@@ -1 +0,0 @@ |
34 |
-DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200 |
35 |
|
36 |
diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd |
37 |
deleted file mode 100644 |
38 |
index 3bb3698..0000000 |
39 |
--- a/net-firewall/iptables/files/ip6tables-1.4.13.confd |
40 |
+++ /dev/null |
41 |
@@ -1,19 +0,0 @@ |
42 |
-# /etc/conf.d/ip6tables |
43 |
- |
44 |
-# Location in which iptables initscript will save set rules on |
45 |
-# service shutdown |
46 |
-IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" |
47 |
- |
48 |
-# Options to pass to iptables-save and iptables-restore |
49 |
-SAVE_RESTORE_OPTIONS="-c" |
50 |
- |
51 |
-# Save state on stopping iptables |
52 |
-SAVE_ON_STOP="yes" |
53 |
- |
54 |
-# If you need to log iptables messages as soon as iptables starts, |
55 |
-# AND your logger does NOT depend on the network, then you may wish |
56 |
-# to uncomment the next line. |
57 |
-# If your logger depends on the network, and you uncomment this line |
58 |
-# you will create an unresolvable circular dependency during startup. |
59 |
-# After commenting or uncommenting this line, you must run 'rc-update -u'. |
60 |
-#rc_use="logger" |
61 |
|
62 |
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init |
63 |
deleted file mode 100644 |
64 |
index 56d2a70..0000000 |
65 |
--- a/net-firewall/iptables/files/iptables-1.4.13-r1.init |
66 |
+++ /dev/null |
67 |
@@ -1,130 +0,0 @@ |
68 |
-#!/sbin/openrc-run |
69 |
-# Copyright 1999-2013 Gentoo Foundation |
70 |
-# Distributed under the terms of the GNU General Public License v2 |
71 |
-# $Id$ |
72 |
- |
73 |
-extra_commands="check save panic" |
74 |
-extra_started_commands="reload" |
75 |
- |
76 |
-iptables_name=${SVCNAME} |
77 |
-case ${iptables_name} in |
78 |
-iptables|ip6tables) ;; |
79 |
-*) iptables_name="iptables" ;; |
80 |
-esac |
81 |
- |
82 |
-iptables_bin="/sbin/${iptables_name}" |
83 |
-case ${iptables_name} in |
84 |
- iptables) iptables_proc="/proc/net/ip_tables_names" |
85 |
- iptables_save=${IPTABLES_SAVE};; |
86 |
- ip6tables) iptables_proc="/proc/net/ip6_tables_names" |
87 |
- iptables_save=${IP6TABLES_SAVE};; |
88 |
-esac |
89 |
- |
90 |
-depend() { |
91 |
- need localmount #434774 |
92 |
- before net |
93 |
-} |
94 |
- |
95 |
-set_table_policy() { |
96 |
- local chains table=$1 policy=$2 |
97 |
- case ${table} in |
98 |
- nat) chains="PREROUTING POSTROUTING OUTPUT";; |
99 |
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; |
100 |
- filter) chains="INPUT FORWARD OUTPUT";; |
101 |
- *) chains="";; |
102 |
- esac |
103 |
- local chain |
104 |
- for chain in ${chains} ; do |
105 |
- ${iptables_bin} -t ${table} -P ${chain} ${policy} |
106 |
- done |
107 |
-} |
108 |
- |
109 |
-checkkernel() { |
110 |
- if [ ! -e ${iptables_proc} ] ; then |
111 |
- eerror "Your kernel lacks ${iptables_name} support, please load" |
112 |
- eerror "appropriate modules and try again." |
113 |
- return 1 |
114 |
- fi |
115 |
- return 0 |
116 |
-} |
117 |
-checkconfig() { |
118 |
- if [ ! -f ${iptables_save} ] ; then |
119 |
- eerror "Not starting ${iptables_name}. First create some rules then run:" |
120 |
- eerror "/etc/init.d/${iptables_name} save" |
121 |
- return 1 |
122 |
- fi |
123 |
- return 0 |
124 |
-} |
125 |
- |
126 |
-start() { |
127 |
- checkconfig || return 1 |
128 |
- ebegin "Loading ${iptables_name} state and starting firewall" |
129 |
- ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" |
130 |
- eend $? |
131 |
-} |
132 |
- |
133 |
-stop() { |
134 |
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then |
135 |
- save || return 1 |
136 |
- fi |
137 |
- checkkernel || return 1 |
138 |
- ebegin "Stopping firewall" |
139 |
- local a |
140 |
- for a in $(cat ${iptables_proc}) ; do |
141 |
- set_table_policy $a ACCEPT |
142 |
- |
143 |
- ${iptables_bin} -F -t $a |
144 |
- ${iptables_bin} -X -t $a |
145 |
- done |
146 |
- eend $? |
147 |
-} |
148 |
- |
149 |
-reload() { |
150 |
- checkkernel || return 1 |
151 |
- checkrules || return 1 |
152 |
- ebegin "Flushing firewall" |
153 |
- local a |
154 |
- for a in $(cat ${iptables_proc}) ; do |
155 |
- ${iptables_bin} -F -t $a |
156 |
- ${iptables_bin} -X -t $a |
157 |
- done |
158 |
- eend $? |
159 |
- |
160 |
- start |
161 |
-} |
162 |
- |
163 |
-checkrules() { |
164 |
- ebegin "Checking rules" |
165 |
- ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" |
166 |
- eend $? |
167 |
-} |
168 |
- |
169 |
-check() { |
170 |
- # Short name for users of init.d script. |
171 |
- checkrules |
172 |
-} |
173 |
- |
174 |
-save() { |
175 |
- ebegin "Saving ${iptables_name} state" |
176 |
- checkpath -q -d "$(dirname "${iptables_save}")" |
177 |
- checkpath -q -m 0600 -f "${iptables_save}" |
178 |
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" |
179 |
- eend $? |
180 |
-} |
181 |
- |
182 |
-panic() { |
183 |
- checkkernel || return 1 |
184 |
- if service_started ${iptables_name}; then |
185 |
- rc-service ${iptables_name} stop |
186 |
- fi |
187 |
- |
188 |
- local a |
189 |
- ebegin "Dropping all packets" |
190 |
- for a in $(cat ${iptables_proc}) ; do |
191 |
- ${iptables_bin} -F -t $a |
192 |
- ${iptables_bin} -X -t $a |
193 |
- |
194 |
- set_table_policy $a DROP |
195 |
- done |
196 |
- eend $? |
197 |
-} |
198 |
|
199 |
diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd |
200 |
deleted file mode 100644 |
201 |
index 7225374..0000000 |
202 |
--- a/net-firewall/iptables/files/iptables-1.4.13.confd |
203 |
+++ /dev/null |
204 |
@@ -1,19 +0,0 @@ |
205 |
-# /etc/conf.d/iptables |
206 |
- |
207 |
-# Location in which iptables initscript will save set rules on |
208 |
-# service shutdown |
209 |
-IPTABLES_SAVE="/var/lib/iptables/rules-save" |
210 |
- |
211 |
-# Options to pass to iptables-save and iptables-restore |
212 |
-SAVE_RESTORE_OPTIONS="-c" |
213 |
- |
214 |
-# Save state on stopping iptables |
215 |
-SAVE_ON_STOP="yes" |
216 |
- |
217 |
-# If you need to log iptables messages as soon as iptables starts, |
218 |
-# AND your logger does NOT depend on the network, then you may wish |
219 |
-# to uncomment the next line. |
220 |
-# If your logger depends on the network, and you uncomment this line |
221 |
-# you will create an unresolvable circular dependency during startup. |
222 |
-# After commenting or uncommenting this line, you must run 'rc-update -u'. |
223 |
-#rc_use="logger" |
224 |
|
225 |
diff --git a/net-firewall/iptables/files/iptables-1.4.21-musl.patch b/net-firewall/iptables/files/iptables-1.4.21-musl.patch |
226 |
deleted file mode 100644 |
227 |
index f6ad3c7..0000000 |
228 |
--- a/net-firewall/iptables/files/iptables-1.4.21-musl.patch |
229 |
+++ /dev/null |
230 |
@@ -1,76 +0,0 @@ |
231 |
-diff -ru a/iptables-1.4.21/extensions/libip6t_ipv6header.c b/iptables-1.4.21/extensions/libip6t_ipv6header.c |
232 |
---- a/iptables-1.4.21/extensions/libip6t_ipv6header.c |
233 |
-+++ b/iptables-1.4.21/extensions/libip6t_ipv6header.c |
234 |
-@@ -10,6 +10,9 @@ |
235 |
- #include <netdb.h> |
236 |
- #include <xtables.h> |
237 |
- #include <linux/netfilter_ipv6/ip6t_ipv6header.h> |
238 |
-+#ifndef IPPROTO_HOPOPTS |
239 |
-+# define IPPROTO_HOPOPTS 0 |
240 |
-+#endif |
241 |
- |
242 |
- enum { |
243 |
- O_HEADER = 0, |
244 |
-diff -ru a/iptables-1.4.21/extensions/libxt_TCPOPTSTRIP.c b/iptables-1.4.21/extensions/libxt_TCPOPTSTRIP.c |
245 |
---- a/iptables-1.4.21/extensions/libxt_TCPOPTSTRIP.c |
246 |
-+++ b/iptables-1.4.21/extensions/libxt_TCPOPTSTRIP.c |
247 |
-@@ -12,6 +12,21 @@ |
248 |
- #ifndef TCPOPT_MD5SIG |
249 |
- # define TCPOPT_MD5SIG 19 |
250 |
- #endif |
251 |
-+#ifndef TCPOPT_MAXSEG |
252 |
-+# define TCPOPT_MAXSEG 2 |
253 |
-+#endif |
254 |
-+#ifndef TCPOPT_WINDOW |
255 |
-+# define TCPOPT_WINDOW 3 |
256 |
-+#endif |
257 |
-+#ifndef TCPOPT_SACK_PERMITTED |
258 |
-+# define TCPOPT_SACK_PERMITTED 4 |
259 |
-+#endif |
260 |
-+#ifndef TCPOPT_SACK |
261 |
-+# define TCPOPT_SACK 5 |
262 |
-+#endif |
263 |
-+#ifndef TCPOPT_TIMESTAMP |
264 |
-+# define TCPOPT_TIMESTAMP 8 |
265 |
-+#endif |
266 |
- |
267 |
- enum { |
268 |
- O_STRIP_OPTION = 0, |
269 |
-diff -ru a/iptables-1.4.21/include/libiptc/ipt_kernel_headers.h b/iptables-1.4.21/include/libiptc/ipt_kernel_headers.h |
270 |
---- a/iptables-1.4.21/include/libiptc/ipt_kernel_headers.h |
271 |
-+++ b/iptables-1.4.21/include/libiptc/ipt_kernel_headers.h |
272 |
-@@ -5,7 +5,6 @@ |
273 |
- |
274 |
- #include <limits.h> |
275 |
- |
276 |
--#if defined(__GLIBC__) && __GLIBC__ == 2 |
277 |
- #include <netinet/ip.h> |
278 |
- #include <netinet/in.h> |
279 |
- #include <netinet/ip_icmp.h> |
280 |
-@@ -13,15 +12,4 @@ |
281 |
- #include <netinet/udp.h> |
282 |
- #include <net/if.h> |
283 |
- #include <sys/types.h> |
284 |
--#else /* libc5 */ |
285 |
--#include <sys/socket.h> |
286 |
--#include <linux/ip.h> |
287 |
--#include <linux/in.h> |
288 |
--#include <linux/if.h> |
289 |
--#include <linux/icmp.h> |
290 |
--#include <linux/tcp.h> |
291 |
--#include <linux/udp.h> |
292 |
--#include <linux/types.h> |
293 |
--#include <linux/in6.h> |
294 |
--#endif |
295 |
- #endif |
296 |
-diff -ru a/iptables-1.4.21/include/linux/netfilter_ipv4/ip_tables.h b/iptables-1.4.21/include/linux/netfilter_ipv4/ip_tables.h |
297 |
---- a/iptables-1.4.21/include/linux/netfilter_ipv4/ip_tables.h |
298 |
-+++ b/iptables-1.4.21/include/linux/netfilter_ipv4/ip_tables.h |
299 |
-@@ -16,6 +16,7 @@ |
300 |
- #define _IPTABLES_H |
301 |
- |
302 |
- #include <linux/types.h> |
303 |
-+#include <sys/types.h> |
304 |
- |
305 |
- #include <linux/netfilter_ipv4.h> |
306 |
- |
307 |
|
308 |
diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init |
309 |
deleted file mode 100755 |
310 |
index de9f39f..0000000 |
311 |
--- a/net-firewall/iptables/files/iptables.init |
312 |
+++ /dev/null |
313 |
@@ -1,130 +0,0 @@ |
314 |
-#!/sbin/openrc-run |
315 |
-# Copyright 1999-2013 Gentoo Foundation |
316 |
-# Distributed under the terms of the GNU General Public License v2 |
317 |
-# $Id$ |
318 |
- |
319 |
-extra_commands="check save panic" |
320 |
-extra_started_commands="reload" |
321 |
- |
322 |
-iptables_name=${SVCNAME} |
323 |
-case ${iptables_name} in |
324 |
-iptables|ip6tables) ;; |
325 |
-*) iptables_name="iptables" ;; |
326 |
-esac |
327 |
- |
328 |
-iptables_bin="/sbin/${iptables_name}" |
329 |
-case ${iptables_name} in |
330 |
- iptables) iptables_proc="/proc/net/ip_tables_names" |
331 |
- iptables_save=${IPTABLES_SAVE};; |
332 |
- ip6tables) iptables_proc="/proc/net/ip6_tables_names" |
333 |
- iptables_save=${IP6TABLES_SAVE};; |
334 |
-esac |
335 |
- |
336 |
-depend() { |
337 |
- need localmount #434774 |
338 |
- before net |
339 |
-} |
340 |
- |
341 |
-set_table_policy() { |
342 |
- local chains table=$1 policy=$2 |
343 |
- case ${table} in |
344 |
- nat) chains="PREROUTING POSTROUTING OUTPUT";; |
345 |
- mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; |
346 |
- filter) chains="INPUT FORWARD OUTPUT";; |
347 |
- *) chains="";; |
348 |
- esac |
349 |
- local chain |
350 |
- for chain in ${chains} ; do |
351 |
- ${iptables_bin} -w -t ${table} -P ${chain} ${policy} |
352 |
- done |
353 |
-} |
354 |
- |
355 |
-checkkernel() { |
356 |
- if [ ! -e ${iptables_proc} ] ; then |
357 |
- eerror "Your kernel lacks ${iptables_name} support, please load" |
358 |
- eerror "appropriate modules and try again." |
359 |
- return 1 |
360 |
- fi |
361 |
- return 0 |
362 |
-} |
363 |
-checkconfig() { |
364 |
- if [ ! -f ${iptables_save} ] ; then |
365 |
- eerror "Not starting ${iptables_name}. First create some rules then run:" |
366 |
- eerror "/etc/init.d/${iptables_name} save" |
367 |
- return 1 |
368 |
- fi |
369 |
- return 0 |
370 |
-} |
371 |
- |
372 |
-start() { |
373 |
- checkconfig || return 1 |
374 |
- ebegin "Loading ${iptables_name} state and starting firewall" |
375 |
- ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" |
376 |
- eend $? |
377 |
-} |
378 |
- |
379 |
-stop() { |
380 |
- if [ "${SAVE_ON_STOP}" = "yes" ] ; then |
381 |
- save || return 1 |
382 |
- fi |
383 |
- checkkernel || return 1 |
384 |
- ebegin "Stopping firewall" |
385 |
- local a |
386 |
- for a in $(cat ${iptables_proc}) ; do |
387 |
- set_table_policy $a ACCEPT |
388 |
- |
389 |
- ${iptables_bin} -w -F -t $a |
390 |
- ${iptables_bin} -w -X -t $a |
391 |
- done |
392 |
- eend $? |
393 |
-} |
394 |
- |
395 |
-reload() { |
396 |
- checkkernel || return 1 |
397 |
- checkrules || return 1 |
398 |
- ebegin "Flushing firewall" |
399 |
- local a |
400 |
- for a in $(cat ${iptables_proc}) ; do |
401 |
- ${iptables_bin} -w -F -t $a |
402 |
- ${iptables_bin} -w -X -t $a |
403 |
- done |
404 |
- eend $? |
405 |
- |
406 |
- start |
407 |
-} |
408 |
- |
409 |
-checkrules() { |
410 |
- ebegin "Checking rules" |
411 |
- ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" |
412 |
- eend $? |
413 |
-} |
414 |
- |
415 |
-check() { |
416 |
- # Short name for users of init.d script. |
417 |
- checkrules |
418 |
-} |
419 |
- |
420 |
-save() { |
421 |
- ebegin "Saving ${iptables_name} state" |
422 |
- checkpath -q -d "$(dirname "${iptables_save}")" |
423 |
- checkpath -q -m 0600 -f "${iptables_save}" |
424 |
- ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" |
425 |
- eend $? |
426 |
-} |
427 |
- |
428 |
-panic() { |
429 |
- checkkernel || return 1 |
430 |
- if service_started ${iptables_name}; then |
431 |
- rc-service ${iptables_name} stop |
432 |
- fi |
433 |
- |
434 |
- local a |
435 |
- ebegin "Dropping all packets" |
436 |
- for a in $(cat ${iptables_proc}) ; do |
437 |
- ${iptables_bin} -w -F -t $a |
438 |
- ${iptables_bin} -w -X -t $a |
439 |
- |
440 |
- set_table_policy $a DROP |
441 |
- done |
442 |
- eend $? |
443 |
-} |
444 |
|
445 |
diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service |
446 |
deleted file mode 100644 |
447 |
index c149e92..0000000 |
448 |
--- a/net-firewall/iptables/files/systemd/ip6tables-restore.service |
449 |
+++ /dev/null |
450 |
@@ -1,14 +0,0 @@ |
451 |
-[Unit] |
452 |
-Description=Restore ip6tables firewall rules |
453 |
-# if both are queued for some reason, don't store before restoring :) |
454 |
-Before=ip6tables-store.service |
455 |
-# sounds reasonable to have firewall up before any of the services go up |
456 |
-Before=network-pre.target |
457 |
-Wants=network-pre.target |
458 |
- |
459 |
-[Service] |
460 |
-Type=oneshot |
461 |
-ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save |
462 |
- |
463 |
-[Install] |
464 |
-WantedBy=basic.target |
465 |
|
466 |
diff --git a/net-firewall/iptables/files/systemd/ip6tables-store.service b/net-firewall/iptables/files/systemd/ip6tables-store.service |
467 |
deleted file mode 100644 |
468 |
index 9975378..0000000 |
469 |
--- a/net-firewall/iptables/files/systemd/ip6tables-store.service |
470 |
+++ /dev/null |
471 |
@@ -1,11 +0,0 @@ |
472 |
-[Unit] |
473 |
-Description=Store ip6tables firewall rules |
474 |
-Before=shutdown.target |
475 |
-DefaultDependencies=No |
476 |
- |
477 |
-[Service] |
478 |
-Type=oneshot |
479 |
-ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save" |
480 |
- |
481 |
-[Install] |
482 |
-WantedBy=shutdown.target |
483 |
|
484 |
diff --git a/net-firewall/iptables/files/systemd/ip6tables.service b/net-firewall/iptables/files/systemd/ip6tables.service |
485 |
deleted file mode 100644 |
486 |
index 0a6d7fa..0000000 |
487 |
--- a/net-firewall/iptables/files/systemd/ip6tables.service |
488 |
+++ /dev/null |
489 |
@@ -1,6 +0,0 @@ |
490 |
-[Unit] |
491 |
-Description=Store and restore ip6tables firewall rules |
492 |
- |
493 |
-[Install] |
494 |
-Also=ip6tables-store.service |
495 |
-Also=ip6tables-restore.service |
496 |
|
497 |
diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service |
498 |
deleted file mode 100644 |
499 |
index 2474ee3..0000000 |
500 |
--- a/net-firewall/iptables/files/systemd/iptables-restore.service |
501 |
+++ /dev/null |
502 |
@@ -1,14 +0,0 @@ |
503 |
-[Unit] |
504 |
-Description=Restore iptables firewall rules |
505 |
-# if both are queued for some reason, don't store before restoring :) |
506 |
-Before=iptables-store.service |
507 |
-# sounds reasonable to have firewall up before any of the services go up |
508 |
-Before=network-pre.target |
509 |
-Wants=network-pre.target |
510 |
- |
511 |
-[Service] |
512 |
-Type=oneshot |
513 |
-ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save |
514 |
- |
515 |
-[Install] |
516 |
-WantedBy=basic.target |
517 |
|
518 |
diff --git a/net-firewall/iptables/files/systemd/iptables-store.service b/net-firewall/iptables/files/systemd/iptables-store.service |
519 |
deleted file mode 100644 |
520 |
index aa16e75..0000000 |
521 |
--- a/net-firewall/iptables/files/systemd/iptables-store.service |
522 |
+++ /dev/null |
523 |
@@ -1,11 +0,0 @@ |
524 |
-[Unit] |
525 |
-Description=Store iptables firewall rules |
526 |
-Before=shutdown.target |
527 |
-DefaultDependencies=No |
528 |
- |
529 |
-[Service] |
530 |
-Type=oneshot |
531 |
-ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save" |
532 |
- |
533 |
-[Install] |
534 |
-WantedBy=shutdown.target |
535 |
|
536 |
diff --git a/net-firewall/iptables/files/systemd/iptables.service b/net-firewall/iptables/files/systemd/iptables.service |
537 |
deleted file mode 100644 |
538 |
index 3643a3e..0000000 |
539 |
--- a/net-firewall/iptables/files/systemd/iptables.service |
540 |
+++ /dev/null |
541 |
@@ -1,6 +0,0 @@ |
542 |
-[Unit] |
543 |
-Description=Store and restore iptables firewall rules |
544 |
- |
545 |
-[Install] |
546 |
-Also=iptables-store.service |
547 |
-Also=iptables-restore.service |
548 |
|
549 |
diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild |
550 |
deleted file mode 100644 |
551 |
index 87f0912..0000000 |
552 |
--- a/net-firewall/iptables/iptables-1.4.21-r1.ebuild |
553 |
+++ /dev/null |
554 |
@@ -1,95 +0,0 @@ |
555 |
-# Copyright 1999-2014 Gentoo Foundation |
556 |
-# Distributed under the terms of the GNU General Public License v2 |
557 |
- |
558 |
-EAPI="5" |
559 |
- |
560 |
-# Force users doing their own patches to install their own tools |
561 |
-AUTOTOOLS_AUTO_DEPEND=no |
562 |
- |
563 |
-inherit eutils multilib systemd toolchain-funcs autotools |
564 |
- |
565 |
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" |
566 |
-HOMEPAGE="http://www.netfilter.org/projects/iptables/" |
567 |
-SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" |
568 |
- |
569 |
-LICENSE="GPL-2" |
570 |
-SLOT="0" |
571 |
-KEYWORDS="amd64 arm arm64 ia64 ~mips ppc sh sparc x86" |
572 |
-IUSE="conntrack ipv6 netlink static-libs" |
573 |
- |
574 |
-RDEPEND=" |
575 |
- conntrack? ( net-libs/libnetfilter_conntrack ) |
576 |
- netlink? ( net-libs/libnfnetlink ) |
577 |
-" |
578 |
-DEPEND="${RDEPEND} |
579 |
- virtual/os-headers |
580 |
- virtual/pkgconfig |
581 |
-" |
582 |
- |
583 |
-src_prepare() { |
584 |
- # use the saner headers from the kernel |
585 |
- rm -f include/linux/{kernel,types}.h |
586 |
- |
587 |
- epatch ${FILESDIR}/${P}-musl.patch |
588 |
- |
589 |
- # Only run autotools if user patched something |
590 |
- epatch_user && eautoreconf || elibtoolize |
591 |
-} |
592 |
- |
593 |
-src_configure() { |
594 |
- # Some libs use $(AR) rather than libtool to build #444282 |
595 |
- tc-export AR |
596 |
- |
597 |
- sed -i \ |
598 |
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ |
599 |
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ |
600 |
- configure || die |
601 |
- |
602 |
- econf \ |
603 |
- --sbindir="${EPREFIX}/sbin" \ |
604 |
- --libexecdir="${EPREFIX}/$(get_libdir)" \ |
605 |
- --enable-devel \ |
606 |
- --enable-shared \ |
607 |
- $(use_enable static-libs static) \ |
608 |
- $(use_enable ipv6) |
609 |
-} |
610 |
- |
611 |
-src_compile() { |
612 |
- emake V=1 |
613 |
-} |
614 |
- |
615 |
-src_install() { |
616 |
- default |
617 |
- dodoc INCOMPATIBILITIES iptables/iptables.xslt |
618 |
- |
619 |
- # all the iptables binaries are in /sbin, so might as well |
620 |
- # put these small files in with them |
621 |
- into / |
622 |
- dosbin iptables/iptables-apply |
623 |
- dosym iptables-apply /sbin/ip6tables-apply |
624 |
- doman iptables/iptables-apply.8 |
625 |
- |
626 |
- insinto /usr/include |
627 |
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) |
628 |
- insinto /usr/include/iptables |
629 |
- doins include/iptables/internal.h |
630 |
- |
631 |
- keepdir /var/lib/iptables |
632 |
- newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables |
633 |
- newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables |
634 |
- if use ipv6 ; then |
635 |
- keepdir /var/lib/ip6tables |
636 |
- newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables |
637 |
- newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables |
638 |
- fi |
639 |
- |
640 |
- systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service |
641 |
- if use ipv6 ; then |
642 |
- systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service |
643 |
- fi |
644 |
- |
645 |
- # Move important libs to /lib #332175 |
646 |
- gen_usr_ldscript -a ip{4,6}tc iptc xtables |
647 |
- |
648 |
- prune_libtool_files |
649 |
-} |
650 |
|
651 |
diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml |
652 |
deleted file mode 100644 |
653 |
index 299ae63..0000000 |
654 |
--- a/net-firewall/iptables/metadata.xml |
655 |
+++ /dev/null |
656 |
@@ -1,27 +0,0 @@ |
657 |
-<?xml version="1.0" encoding="UTF-8"?> |
658 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
659 |
-<pkgmetadata> |
660 |
-<maintainer type="project"> |
661 |
- <email>base-system@g.o</email> |
662 |
- <name>Gentoo Base System</name> |
663 |
-</maintainer> |
664 |
-<use> |
665 |
- <flag name="conntrack">Build against <pkg>net-libs/libnetfilter_conntrack</pkg> when enables the connlabel matcher</flag> |
666 |
- <flag name="netlink">Build against libnfnetlink which enables the nfnl_osf util</flag> |
667 |
-</use> |
668 |
-<longdescription> |
669 |
- iptables is the userspace command line program used to set up, maintain, and |
670 |
- inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a |
671 |
- part of packet filtering framework which allows the stateless and stateful |
672 |
- packet filtering, all kinds of network address and port translation, and is a |
673 |
- flexible and extensible infrastructure with multiple layers of API's for 3rd |
674 |
- party extensions. The iptables package also includes ip6tables. ip6tables is |
675 |
- used for configuring the IPv6 packet filter. |
676 |
- |
677 |
- Note that some extensions (e.g. imq and l7filter) are not included into |
678 |
- official kernel sources so you have to patch the sources before installation. |
679 |
-</longdescription> |
680 |
-<upstream> |
681 |
- <remote-id type="cpe">cpe:/a:netfilter_core_team:iptables</remote-id> |
682 |
-</upstream> |
683 |
-</pkgmetadata> |