[gentoo-commits] proj/releng:master commit in: config/fwbuilder/ - gentoo-commits

From:	"Andreas K. Hüttel" <dilfridge@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/releng:master commit in: config/fwbuilder/
Date:	Sat, 03 Jul 2021 19:00:42
Message-Id:	`1625338815.658ae5794f43de05d2792bbd014657287051b7bc.dilfridge@gentoo`

1

commit:     658ae5794f43de05d2792bbd014657287051b7bc

2

Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>

3

AuthorDate: Sat Jul  3 19:00:15 2021 +0000

4

Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>

5

CommitDate: Sat Jul  3 19:00:15 2021 +0000

6

URL:        https://gitweb.gentoo.org/proj/releng.git/commit/?id=658ae579

7

8

fix external interface name on demeter

9

10

Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

11

12

 config/fwbuilder/demeter.fw  | 36 ++++++++++++++++++------------------

13

 config/fwbuilder/demeter.fwb |  4 ++--

14

 2 files changed, 20 insertions(+), 20 deletions(-)

15

16

diff --git a/config/fwbuilder/demeter.fw b/config/fwbuilder/demeter.fw

17

index af0e36ed..86f101e2 100755

18

--- a/config/fwbuilder/demeter.fw

19

+++ b/config/fwbuilder/demeter.fw

20

@@ -4,7 +4,7 @@

21

#

22

 #  Firewall Builder  fwb_ipt v5.3.7

23

#

24

-#  Generated Sat Jul  3 20:39:41 2021 CEST by huettel

25

+#  Generated Sat Jul  3 20:58:57 2021 CEST by huettel

26

#

27

 # files: * demeter.fw /etc/demeter.fw

28

#

29

@@ -290,8 +290,8 @@ load_modules() {

30

31

 verify_interfaces() {

32

:

33

-    echo "Verifying interfaces: eth0 lo"

34

-    for i in eth0 lo ; do

35

+    echo "Verifying interfaces: enp9s0 lo"

36

+    for i in enp9s0 lo ; do

37

         $IP link show "$i" > /dev/null 2>&1 || {

38

             log "Interface $i does not exist"

39

             exit 1

40

@@ -318,10 +318,10 @@ configure_interfaces() {

41

:

42

     # Configure interfaces

43

     update_addresses_of_interface "lo 127.0.0.1/8" ""

44

-    getaddr eth0  i_eth0

45

-    getaddr6 eth0  i_eth0_v6

46

-    getnet eth0  i_eth0_network

47

-    getnet6 eth0  i_eth0_v6_network

48

+    getaddr enp9s0  i_enp9s0

49

+    getaddr6 enp9s0  i_enp9s0_v6

50

+    getnet enp9s0  i_enp9s0_network

51

+    getnet6 enp9s0  i_enp9s0_v6_network

52

}

53

54

 script_body() {

55

@@ -341,19 +341,19 @@ script_body() {

56

57

     # ================ Table 'filter', rule set Policy

58

#

59

-    # Rule 0 (eth0)

60

+    # Rule 0 (enp9s0)

61

#

62

-    echo "Rule 0 (eth0)"

63

+    echo "Rule 0 (enp9s0)"

64

#

65

     # anti spoofing rule

66

     $IPTABLES -N In_RULE_0

67

-    for i_eth0 in $i_eth0_list

68

+    for i_enp9s0 in $i_enp9s0_list

69

do

70

-    test -n "$i_eth0" && $IPTABLES -A INPUT -i eth0   -s $i_eth0   -m state --state NEW  -j In_RULE_0 

71

+    test -n "$i_enp9s0" && $IPTABLES -A INPUT -i enp9s0   -s $i_enp9s0   -m state --state NEW  -j In_RULE_0 

72

     done

73

-    for i_eth0 in $i_eth0_list

74

+    for i_enp9s0 in $i_enp9s0_list

75

do

76

-    test -n "$i_eth0" && $IPTABLES -A FORWARD -i eth0   -s $i_eth0   -m state --state NEW  -j In_RULE_0 

77

+    test -n "$i_enp9s0" && $IPTABLES -A FORWARD -i enp9s0   -s $i_enp9s0   -m state --state NEW  -j In_RULE_0 

78

     done

79

     $IPTABLES -A In_RULE_0  -j LOG  --log-level info --log-prefix "RULE 0 -- DENY "

80

     $IPTABLES -A In_RULE_0  -j DROP

81

@@ -372,9 +372,9 @@ script_body() {

82

     # SSH Access to the host; useful ICMP

83

     # types; ping request

84

     $IPTABLES -N Cid4543X4142577.0

85

-    for i_eth0 in $i_eth0_list

86

+    for i_enp9s0 in $i_enp9s0_list

87

do

88

-    test -n "$i_eth0" && $IPTABLES -A OUTPUT  -d $i_eth0   -m state --state NEW  -j Cid4543X4142577.0 

89

+    test -n "$i_enp9s0" && $IPTABLES -A OUTPUT  -d $i_enp9s0   -m state --state NEW  -j Cid4543X4142577.0 

90

     done

91

     $IPTABLES -A Cid4543X4142577.0 -p icmp  -m icmp  --icmp-type 3  -j ACCEPT

92

     $IPTABLES -A Cid4543X4142577.0 -p icmp  -m icmp  --icmp-type 0/0   -j ACCEPT

93

@@ -393,9 +393,9 @@ script_body() {

94

#

95

     echo "Rule 3 (global)"

96

#

97

-    for i_eth0 in $i_eth0_list

98

+    for i_enp9s0 in $i_enp9s0_list

99

do

100

-    test -n "$i_eth0" && $IPTABLES -A INPUT  -s $i_eth0   -m state --state NEW  -j ACCEPT 

101

+    test -n "$i_enp9s0" && $IPTABLES -A INPUT  -s $i_enp9s0   -m state --state NEW  -j ACCEPT 

102

     done

103

     $IPTABLES -A OUTPUT  -m state --state NEW  -j ACCEPT

104

#

105

@@ -461,7 +461,7 @@ test -z "$cmd" && {

106

107

 case "$cmd" in

108

     start)

109

-        log "Activating firewall script generated Sat Jul  3 20:39:41 2021 by huettel"

110

+        log "Activating firewall script generated Sat Jul  3 20:58:57 2021 by huettel"

111

         check_tools

112

          prolog_commands 

113

         check_run_time_address_table_files

114

115

diff --git a/config/fwbuilder/demeter.fwb b/config/fwbuilder/demeter.fwb

116

index 2a433ef3..09e4a983 100644

117

--- a/config/fwbuilder/demeter.fwb

118

+++ b/config/fwbuilder/demeter.fwb

119

@@ -505,7 +505,7 @@

120

       <ServiceGroup id="id1609X4142577" name="TagServices" comment="" ro="False"/>

121

     </ServiceGroup>

122

     <ObjectGroup id="id1610X4142577" name="Firewalls" comment="" ro="False">

123

-      <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625337581" lastInstalled="0" lastModified="1625337497" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False">

124

+      <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625338737" lastInstalled="0" lastModified="1625338718" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False">

125

         <NAT id="id4482X4142577" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">

126

           <RuleSetOptions/>

127

         </NAT>

128

@@ -607,7 +607,7 @@

129

         <Routing id="id4630X4142577" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">

130

           <RuleSetOptions/>

131

         </Routing>

132

-        <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">

133

+        <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="enp9s0" comment="" ro="False">

134

           <InterfaceOptions/>

135

         </Interface>

136

         <Interface id="id4474X4142577" dedicated_failover="False" dyn="False" label="loopback" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">

1	commit: 658ae5794f43de05d2792bbd014657287051b7bc
2	Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3	AuthorDate: Sat Jul 3 19:00:15 2021 +0000
4	Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
5	CommitDate: Sat Jul 3 19:00:15 2021 +0000
6	URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=658ae579
7
8	fix external interface name on demeter
9
10	Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
11
12	config/fwbuilder/demeter.fw \| 36 ++++++++++++++++++------------------
13	config/fwbuilder/demeter.fwb \| 4 ++--
14	2 files changed, 20 insertions(+), 20 deletions(-)
15
16	diff --git a/config/fwbuilder/demeter.fw b/config/fwbuilder/demeter.fw
17	index af0e36ed..86f101e2 100755
18	--- a/config/fwbuilder/demeter.fw
19	+++ b/config/fwbuilder/demeter.fw
20	@@ -4,7 +4,7 @@
21	#
22	# Firewall Builder fwb_ipt v5.3.7
23	#
24	-# Generated Sat Jul 3 20:39:41 2021 CEST by huettel
25	+# Generated Sat Jul 3 20:58:57 2021 CEST by huettel
26	#
27	# files: * demeter.fw /etc/demeter.fw
28	#
29	@@ -290,8 +290,8 @@ load_modules() {
30
31	verify_interfaces() {
32	:
33	- echo "Verifying interfaces: eth0 lo"
34	- for i in eth0 lo ; do
35	+ echo "Verifying interfaces: enp9s0 lo"
36	+ for i in enp9s0 lo ; do
37	$IP link show "$i" > /dev/null 2>&1 \|\| {
38	log "Interface $i does not exist"
39	exit 1
40	@@ -318,10 +318,10 @@ configure_interfaces() {
41	:
42	# Configure interfaces
43	update_addresses_of_interface "lo 127.0.0.1/8" ""
44	- getaddr eth0 i_eth0
45	- getaddr6 eth0 i_eth0_v6
46	- getnet eth0 i_eth0_network
47	- getnet6 eth0 i_eth0_v6_network
48	+ getaddr enp9s0 i_enp9s0
49	+ getaddr6 enp9s0 i_enp9s0_v6
50	+ getnet enp9s0 i_enp9s0_network
51	+ getnet6 enp9s0 i_enp9s0_v6_network
52	}
53
54	script_body() {
55	@@ -341,19 +341,19 @@ script_body() {
56
57	# ================ Table 'filter', rule set Policy
58	#
59	- # Rule 0 (eth0)
60	+ # Rule 0 (enp9s0)
61	#
62	- echo "Rule 0 (eth0)"
63	+ echo "Rule 0 (enp9s0)"
64	#
65	# anti spoofing rule
66	$IPTABLES -N In_RULE_0
67	- for i_eth0 in $i_eth0_list
68	+ for i_enp9s0 in $i_enp9s0_list
69	do
70	- test -n "$i_eth0" && $IPTABLES -A INPUT -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0
71	+ test -n "$i_enp9s0" && $IPTABLES -A INPUT -i enp9s0 -s $i_enp9s0 -m state --state NEW -j In_RULE_0
72	done
73	- for i_eth0 in $i_eth0_list
74	+ for i_enp9s0 in $i_enp9s0_list
75	do
76	- test -n "$i_eth0" && $IPTABLES -A FORWARD -i eth0 -s $i_eth0 -m state --state NEW -j In_RULE_0
77	+ test -n "$i_enp9s0" && $IPTABLES -A FORWARD -i enp9s0 -s $i_enp9s0 -m state --state NEW -j In_RULE_0
78	done
79	$IPTABLES -A In_RULE_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY "
80	$IPTABLES -A In_RULE_0 -j DROP
81	@@ -372,9 +372,9 @@ script_body() {
82	# SSH Access to the host; useful ICMP
83	# types; ping request
84	$IPTABLES -N Cid4543X4142577.0
85	- for i_eth0 in $i_eth0_list
86	+ for i_enp9s0 in $i_enp9s0_list
87	do
88	- test -n "$i_eth0" && $IPTABLES -A OUTPUT -d $i_eth0 -m state --state NEW -j Cid4543X4142577.0
89	+ test -n "$i_enp9s0" && $IPTABLES -A OUTPUT -d $i_enp9s0 -m state --state NEW -j Cid4543X4142577.0
90	done
91	$IPTABLES -A Cid4543X4142577.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
92	$IPTABLES -A Cid4543X4142577.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
93	@@ -393,9 +393,9 @@ script_body() {
94	#
95	echo "Rule 3 (global)"
96	#
97	- for i_eth0 in $i_eth0_list
98	+ for i_enp9s0 in $i_enp9s0_list
99	do
100	- test -n "$i_eth0" && $IPTABLES -A INPUT -s $i_eth0 -m state --state NEW -j ACCEPT
101	+ test -n "$i_enp9s0" && $IPTABLES -A INPUT -s $i_enp9s0 -m state --state NEW -j ACCEPT
102	done
103	$IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT
104	#
105	@@ -461,7 +461,7 @@ test -z "$cmd" && {
106
107	case "$cmd" in
108	start)
109	- log "Activating firewall script generated Sat Jul 3 20:39:41 2021 by huettel"
110	+ log "Activating firewall script generated Sat Jul 3 20:58:57 2021 by huettel"
111	check_tools
112	prolog_commands
113	check_run_time_address_table_files
114
115	diff --git a/config/fwbuilder/demeter.fwb b/config/fwbuilder/demeter.fwb
116	index 2a433ef3..09e4a983 100644
117	--- a/config/fwbuilder/demeter.fwb
118	+++ b/config/fwbuilder/demeter.fwb
119	@@ -505,7 +505,7 @@
120	<ServiceGroup id="id1609X4142577" name="TagServices" comment="" ro="False"/>
121	</ServiceGroup>
122	<ObjectGroup id="id1610X4142577" name="Firewalls" comment="" ro="False">
123	- <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625337581" lastInstalled="0" lastModified="1625337497" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False">
124	+ <Firewall id="id4464X4142577" host_OS="linux24" lastCompiled="1625338737" lastInstalled="0" lastModified="1625338718" platform="iptables" version="" name="demeter" comment="This is an example of a firewall protecting a host ( a server or a workstation). Only SSH access to the host is permitted. Host has dynamic address." ro="False">
125	<NAT id="id4482X4142577" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
126	<RuleSetOptions/>
127	</NAT>
128	@@ -607,7 +607,7 @@
129	<Routing id="id4630X4142577" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
130	<RuleSetOptions/>
131	</Routing>
132	- <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
133	+ <Interface id="id4472X4142577" dedicated_failover="False" dyn="True" label="outside" mgmt="False" security_level="0" unnum="False" unprotected="False" name="enp9s0" comment="" ro="False">
134	<InterfaceOptions/>
135	</Interface>
136	<Interface id="id4474X4142577" dedicated_failover="False" dyn="False" label="loopback" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">

Gentoo Archives: gentoo-commits