1 |
commit: f473cb298779981b8ec6c522165f41562d67548a |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri May 8 04:28:39 2020 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri May 8 04:30:03 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/eselect.git/commit/?id=f473cb29 |
7 |
|
8 |
iptables.eselect: new module |
9 |
|
10 |
Bug: https://bugs.gentoo.org/698746 |
11 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
12 |
|
13 |
AUTHORS | 3 + |
14 |
modules/iptables.eselect | 175 +++++++++++++++++++++++++++++++++++++++++++++++ |
15 |
2 files changed, 178 insertions(+) |
16 |
|
17 |
diff --git a/AUTHORS b/AUTHORS |
18 |
index 77f5bdb..ded9cae 100644 |
19 |
--- a/AUTHORS |
20 |
+++ b/AUTHORS |
21 |
@@ -36,3 +36,6 @@ Ben de Groot <yngwin@g.o> |
22 |
|
23 |
Alexandre Rostovtsev <tetromino@g.o> |
24 |
Modules: gnome-shell-extensions |
25 |
+ |
26 |
+Chris Pritchard <chris@×××××××××××××××××××××××.uk> |
27 |
+ Modules: iptables |
28 |
|
29 |
diff --git a/modules/iptables.eselect b/modules/iptables.eselect |
30 |
new file mode 100644 |
31 |
index 0000000..f94b25c |
32 |
--- /dev/null |
33 |
+++ b/modules/iptables.eselect |
34 |
@@ -0,0 +1,175 @@ |
35 |
+# -*-eselect-*- vim: ft=eselect |
36 |
+# Copyright 2005-2020 Gentoo Authors |
37 |
+# Distributed under the terms of the GNU GPL version 2 or later |
38 |
+ |
39 |
+DESCRIPTION="Manage the iptables and ip6tables symlink" |
40 |
+AUTHOR="chris@×××××××××××××××××××××××.uk" |
41 |
+MAINTAINER="base-system@g.o" |
42 |
+VERSION="20200319" |
43 |
+ |
44 |
+IPTABLES_TARGETS=("iptables" "iptables-restore" "iptables-save") |
45 |
+IP6TABLES_TARGETS=("ip6tables" "ip6tables-restore" "ip6tables-save") |
46 |
+ |
47 |
+# find a list of xtables symlink targets |
48 |
+find_targets() { |
49 |
+ local f |
50 |
+ for f in "${EROOT}"/sbin/xtables-*-multi; do |
51 |
+ [[ -f ${f} ]] && basename "${f}" |
52 |
+ done |
53 |
+} |
54 |
+ |
55 |
+# remove the iptables symlink |
56 |
+remove_symlinks() { |
57 |
+ local ipt |
58 |
+ for ipt in "${IPTABLES_TARGETS[@]}"; do |
59 |
+ rm -f "${EROOT}/sbin/${ipt}" &>/dev/null |
60 |
+ done |
61 |
+ if [[ -n ${ipv6} && -n ${ipv6_remove} ]]; then |
62 |
+ local ip6t |
63 |
+ for ip6t in "${IP6TABLES_TARGETS[@]}"; do |
64 |
+ rm -f "${EROOT}/sbin/${ip6t}" &>/dev/null |
65 |
+ done |
66 |
+ fi |
67 |
+} |
68 |
+ |
69 |
+# set the iptables symlink |
70 |
+set_symlinks() { |
71 |
+ local target="${1}" |
72 |
+ |
73 |
+ if is_number "${target}" && [[ ${target} -ge 1 ]]; then |
74 |
+ local -a targets |
75 |
+ readarray -t targets <<< "$(find_targets)" |
76 |
+ target=${targets[$((target-1))]} |
77 |
+ fi |
78 |
+ |
79 |
+ if [[ -z ${target} || ! -f ${EROOT}/sbin/${target} ]]; then |
80 |
+ die -q "Target \"${target}\" doesn't appear to be valid!" |
81 |
+ fi |
82 |
+ |
83 |
+ local ipt |
84 |
+ for ipt in "${IPTABLES_TARGETS[@]}"; do |
85 |
+ ln -s "${target}" "${EROOT}/sbin/${ipt}" |
86 |
+ done |
87 |
+ |
88 |
+ if [[ -n ${ipv6} ]]; then |
89 |
+ local ip6t |
90 |
+ for ip6t in "${IP6TABLES_TARGETS[@]}"; do |
91 |
+ ln -s "${target}" "${EROOT}/sbin/${ip6t}" |
92 |
+ done |
93 |
+ fi |
94 |
+} |
95 |
+ |
96 |
+### show action ### |
97 |
+ |
98 |
+describe_show() { |
99 |
+ echo "Show the current iptables symlink" |
100 |
+} |
101 |
+ |
102 |
+do_show() { |
103 |
+ local ipv6 |
104 |
+ if [[ -d ${EROOT}/var/lib/ip6tables ]]; then |
105 |
+ ipv6=1 |
106 |
+ fi |
107 |
+ write_list_start "Current iptables symlinks:" |
108 |
+ local ipt all_unset=1 |
109 |
+ for ipt in "${IPTABLES_TARGETS[@]}"; do |
110 |
+ if [[ -L ${EROOT}/sbin/${ipt} ]]; then |
111 |
+ local ipta |
112 |
+ ipta=$(canonicalise "${EROOT}/sbin/${ipt}") |
113 |
+ write_kv_list_entry "${ipt}" "${ipta%/}" |
114 |
+ all_unset=0 |
115 |
+ else |
116 |
+ write_kv_list_entry "${ipt}" "(unset)" |
117 |
+ fi |
118 |
+ done |
119 |
+ if [[ ${ipv6} -eq 1 ]]; then |
120 |
+ write_list_start "Current ip6tables symlinks:" |
121 |
+ local ip6t |
122 |
+ for ip6t in "${IP6TABLES_TARGETS[@]}"; do |
123 |
+ if [[ -L ${EROOT}/sbin/${ip6t} ]]; then |
124 |
+ local ipta |
125 |
+ ipta=$(canonicalise "${EROOT}/sbin/${ip6t}") |
126 |
+ write_kv_list_entry "${ip6t}" "${ipta%/}" |
127 |
+ all_unset=0 |
128 |
+ else |
129 |
+ write_kv_list_entry "${ip6t}" "(unset)" |
130 |
+ fi |
131 |
+ done |
132 |
+ fi |
133 |
+ return "${all_unset}" |
134 |
+} |
135 |
+### list action ### |
136 |
+ |
137 |
+describe_list() { |
138 |
+ echo "List available iptables symlink targets" |
139 |
+} |
140 |
+ |
141 |
+do_list() { |
142 |
+ local ipv6 |
143 |
+ local -a targets |
144 |
+ readarray -t targets <<< "$(find_targets)" |
145 |
+ if [[ -L ${EROOT}/var/lib/ip6tables ]]; then |
146 |
+ ipv6=1 |
147 |
+ fi |
148 |
+ write_list_start "Available iptables symlink targets:" |
149 |
+ local i |
150 |
+ for (( i = 0; i < ${#targets[@]}; i++ )); do |
151 |
+ # highlight the target where the symlink is pointing to |
152 |
+ [[ ${targets[i]} = \ |
153 |
+ $(basename "$(canonicalise "${EROOT}/sbin/iptables")") ]] \ |
154 |
+ && targets[i]=$(highlight_marker "${targets[i]}") |
155 |
+ done |
156 |
+ write_numbered_list -m "(none found)" "${targets[@]}" |
157 |
+} |
158 |
+ |
159 |
+### set action ### |
160 |
+ |
161 |
+describe_set() { |
162 |
+ echo "Set a new iptables symlink target" |
163 |
+} |
164 |
+ |
165 |
+describe_set_parameters() { |
166 |
+ echo "[--ipv6] <target>" |
167 |
+} |
168 |
+ |
169 |
+describe_set_options() { |
170 |
+ echo "--ipv6: Forces creation of ip6tables symlinks" |
171 |
+ echo "target : Target name or number (from 'list' action)" |
172 |
+} |
173 |
+ |
174 |
+do_set() { |
175 |
+ local ipv6 ipv6_remove |
176 |
+ if [[ ${1} == "--ipv6" ]]; then |
177 |
+ ipv6=1 |
178 |
+ shift |
179 |
+ fi |
180 |
+ local target="${1}" |
181 |
+ |
182 |
+ [[ -z ${target} ]] && die -q "You didn't tell me what to set the symlink to" |
183 |
+ [[ ${#} -gt 2 ]] && die -q "Too many parameters" |
184 |
+ |
185 |
+ if [[ -d ${EROOT}/var/lib/ip6tables ]]; then |
186 |
+ ipv6=1 |
187 |
+ [[ -L ${EROOT}/sbin/ip6tables ]] && ipv6_remove=1 |
188 |
+ fi |
189 |
+ if [[ -L ${EROOT}/sbin/iptables ]]; then |
190 |
+ # existing symlink |
191 |
+ remove_symlinks || die -q "Couldn't remove existing symlink" |
192 |
+ set_symlinks "${target}" || die -q "Couldn't set a new symlink" |
193 |
+ elif [[ -e ${EROOT}/sbin/iptables ]]; then |
194 |
+ # we have something strange |
195 |
+ die -q "${EROOT}/sbin/iptables exists but is not a symlink" |
196 |
+ else |
197 |
+ set_symlinks "${target}" || die -q "Couldn't set a new symlink" |
198 |
+ fi |
199 |
+} |
200 |
+ |
201 |
+### unset action ### |
202 |
+ |
203 |
+describe_unset() { |
204 |
+ echo "Unset iptables symlink targets" |
205 |
+} |
206 |
+ |
207 |
+do_unset() { |
208 |
+ remove_symlinks |
209 |
+} |