diff options
author | William Hubbs <williamh@gentoo.org> | 2014-08-28 13:25:59 +0000 |
---|---|---|
committer | William Hubbs <williamh@gentoo.org> | 2014-08-28 13:25:59 +0000 |
commit | 4acb0470d8c31713a1c490aa8c89e2319625af14 (patch) | |
tree | 65427f8d9798c813613252f100b7d872c541470d /net-firewall | |
parent | New snapshot. (diff) | |
download | historical-4acb0470d8c31713a1c490aa8c89e2319625af14.tar.gz historical-4acb0470d8c31713a1c490aa8c89e2319625af14.tar.bz2 historical-4acb0470d8c31713a1c490aa8c89e2319625af14.zip |
revision bump for bug #521232 approved by Manuel Rueger
Package-Manager: portage-2.2.12/cvs/Linux x86_64
Manifest-Sign-Key: 0x30C46538
Diffstat (limited to 'net-firewall')
-rw-r--r-- | net-firewall/nftables/ChangeLog | 8 | ||||
-rw-r--r-- | net-firewall/nftables/Manifest | 15 | ||||
-rw-r--r-- | net-firewall/nftables/files/nftables.init | 99 | ||||
-rw-r--r-- | net-firewall/nftables/nftables-0.3-r2.ebuild | 53 |
4 files changed, 107 insertions, 68 deletions
diff --git a/net-firewall/nftables/ChangeLog b/net-firewall/nftables/ChangeLog index 29c7e6687ff1..2263350c9d69 100644 --- a/net-firewall/nftables/ChangeLog +++ b/net-firewall/nftables/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-firewall/nftables # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/nftables/ChangeLog,v 1.5 2014/08/26 17:53:54 mrueg Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/nftables/ChangeLog,v 1.6 2014/08/28 13:25:47 williamh Exp $ + +*nftables-0.3-r2 (28 Aug 2014) + + 28 Aug 2014; William Hubbs <williamh@gentoo.org> +nftables-0.3-r2.ebuild, + files/nftables.init: + revision bump for bug #521232 approved by Manuel Rueger *nftables-0.3-r1 (26 Aug 2014) diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index f6e520c4e2aa..4bedad10b43d 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -1,11 +1,22 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + AUX nftables-0.099-94300c7.patch 743 SHA256 60db6d9f106c3f92649a1d8653681b4fcaa93de501d238ec811e29e41568eae7 SHA512 8d21f0c720e662815678a338a5f2a275af9db97ea31a71473d83e8084d3138833772ef236d859223736b0dbfd506051640de548a2b91e98c770f36516d330f88 WHIRLPOOL 55cda592961edd9e11219ba3fcd94bf76aea7aaefa411a341b2a90036e01ad448ea44142a4d2f4109c66ca3fc6c12248511f00d90895f63f9488afefaf4a9907 AUX nftables.8 9645 SHA256 bec3d7dcdc424691269852c9c322bb6ad770b6cfec4939920e32fa67ca8caac2 SHA512 aaf74c4bf0a854f3993b7ed5b9cecd436baa0bfc6b5ff119574d45c2504e5e772fc7cf41e1108b7f9cc013132c0bc0a86c6262cbfa870e639ad40ae93e25e4dc WHIRLPOOL e1c082fc3a56a9a0eb4782dfd9253857668052025d471e5124fc836246bc33b794f6d2293c46e2d5b0d8d1761b454ec8c21eb627ed95e97f07fe47f704dcdae2 AUX nftables.confd 655 SHA256 d5e3077345dfea02849a70aea220396322a10c3808f0303b988119adbc56fdbd SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 WHIRLPOOL e39d13f996e620aa82714cb18e4f57624faa302f2259a44cc065804edf95fe07a314f744d17a76be6941c3771da6b233a19ae5b6b2f63783847121c63339197f -AUX nftables.init 4938 SHA256 7f95508d6720328077298226704a2320b6b5378931336f56031118a8984f07ed SHA512 ef10ce9ac2050674fc2d630e9e2d89a5b3b43c86ba216e69aa8e4ab28d8035c080a0621a1d0d6618ebe7bd9a2e1cdadcf3306c3fcac36b14bce5f05c536f2463 WHIRLPOOL 893c47238ef05655b6247a2172dd83ba667ba3ad51914cee193da86787b8b17eff5c6db9f115ef4d123073e40aec6abf6ee637c56eac70fde7759faf26a8711f +AUX nftables.init 4299 SHA256 293d5a0ef687c69fffdce912a833cf5812272c0baae9f59d603ada8efa5828a6 SHA512 ec43cc630b45ea2726044b30925e04f16fdb48ff2ee1871c112fde5b406f47c75b53ce05db4dfab8558156da96e9bf484ebab1f00f5cda20bbe8597c63b178fe WHIRLPOOL 0209ae515a046e5222f59832a80bf10663acaad28b5ac13771035575fcfda761049544b5428bbffe5aefc096fd6e1ab09fc1c6efbb368d45fd97636731857189 DIST nftables-0.099.tar.bz2 129351 SHA256 1a9e5f9e4d4790d69537c4d228676edc41a0890aea394e38233c351f694bf306 SHA512 5d54e1ca47544527768192776e3846254ff9af8aaa14bd6b3e2942deeedf424e62b9e1b68ab750c475ec1b2ddcf366e8a6c8ea79ad7319e8e2911890e270a2aa WHIRLPOOL 6f63be1c597719d10aade0d6c0fc3ec0a7320b960fa158d3cfbcc932b0057df2f12c3190d9e35cd29bf8c17c4c99bafbd175505ca617d740d9002dc8ac844e80 DIST nftables-0.3.tar.bz2 160585 SHA256 4d372645442d89675c7148b8a0a112c4825b57edf8bad15ddf9a08c220229c2f SHA512 76e280e6c42ad3c1d70d0b16c2d488ba92ffae1611241a9949f537da143f613ba06d5b2d7fbc40f0b51ac26a4e35cb93954816bab99dc0f485ef5797e1fcf1a0 WHIRLPOOL 019478f5be2204e9d48df47fab0cd6c07650accbc10c0857cea22c407965db71986c3f03e07b205ac80aa1cfaf4550d25896d1f25ec7f2b859fd24d5a2f774e5 EBUILD nftables-0.099.ebuild 1104 SHA256 e7bb0b76616aa741a584f450417193c663edf2dc221087f940729f05cdd3e17b SHA512 c4834348f2d446ebab32ec90e078173113d2519ebe0b0a7ad7867a7a00f2aca83baca4d8af041bfd8e9f52126bf6b63eaa95ef562a4ea72b85205f3c8d49c2ea WHIRLPOOL 0c8a126449980097daef9861f38dc076cdc5c1508b6c82c1ae86bdf51923b4fd89f52859eb0e379ea3a123b5609d4657bfac42a21b9961edcd9063e48b862da1 EBUILD nftables-0.3-r1.ebuild 1146 SHA256 3958cbf817fab6b1dda7d341af558f4e0d171d3119f3eeec9e128e40badddb2b SHA512 36ed0ab1d06b1f1b9d34ce11231836100f50cc55d1e86d85d4da5fd2257ee36d2a09730cf4ed3c3ea9f772a1efe779fcac6ad25b295bdb2a657e544cf139dc98 WHIRLPOOL ab40ba5378d71e1dd20173c43eabd86d4b1ef3e1f597cb33f1759208be7fbcf67957edab545a788eb04e84eacd9b9584de65b0d43756b789d1458fe7fb39c86f +EBUILD nftables-0.3-r2.ebuild 1150 SHA256 d46d6f61ece4c37c0be23e930809d12ae56b1e93e5c01d32b8cf6ecb8137cbef SHA512 a27ad3b5a8afbd6a19a089147c9e15fde8d7324927527fa3a985632376490779553c0d478e1ecdf88bf47a4047309acf4e405727448396bba3ad2bf27e64394a WHIRLPOOL 24a897dcf4ee157d7bdd1b19ec2c7bd9f4ae4d5620d950fc1ffda2f3a695b6ff5f9b94bc0c82d563c932badaa4c693a272753eaf0532db6da5dbed73c423c786 EBUILD nftables-0.3.ebuild 1143 SHA256 8cb1a1e5ed5cccb3ef9afce34bdc08a60fcdecffd6642d613a035e8480dcbdd3 SHA512 2a61445142731935c7d0f4459a32cf7c751325e5bbc385810d66b918544b0157c17ff852b7c79639a29fd462de37cab9fce155d02e4f23c1f8ee1c31f9eda734 WHIRLPOOL f3e036c6e81dc1d9a688304ed45f203f0bbfa4d631b8b605501ee5379bfd27752d6458b53aca5b17e33e28a68809377ed80a05c8c63e5f9b0b822f30c76b0e4d -MISC ChangeLog 1150 SHA256 a029006c1443336b70e3f2a9f4f3e54b6ef05b2dffe4da48dba63c4d1b75c747 SHA512 bc4e971d3ad505e3da9492e9e6be65004c0178acc7f64eb0eb75baf67cdb8e056489b132c5f5c19792b8ad5bd349b5971904b37d2566b5e35a3183b9106e76b6 WHIRLPOOL 34d5b15f7f1fa5324ffa856bf2f93fb446ea78a8a58591ec5782d392b037a96b1377cdd5eb1643f929136285bde60247b311cbac3faebb247ff61aa5d17d00a5 +MISC ChangeLog 1343 SHA256 d54c04220923fadfc80d41907cb274ffcb96599e95ae8361c115b354e0fd4c4b SHA512 80850cad09a5c52a18ea6a4b8ce9527701146b6100d9047521f0f6eaf2221fc39548a577dfb8fa1e412baa6c3996ef814644a56661dec530a5d85f2b78fd49b1 WHIRLPOOL 1bea039d8cadb5d7df9effdf2ed3185c907f0bee036da9168a9146cc5f9841b494e2ec46c1e377055ccb3c030d327dbbc26e269325aac04b77d98b251886fc57 MISC metadata.xml 252 SHA256 f84bf09b09be6b4fd6af298648e5dd82a09df785dc60a293af3454ee7ffa98a6 SHA512 f43d02d1ef50b540266375e6f7a4bdc7463fccf1367569759a92309c229144959be5a30b49736a21aa45290804faa0f63973d57de8d2a00be4892ad96dd459cc WHIRLPOOL 0717afb11b59771006901e893feb32d5342d405323675b0c11126e25a1bfd53cf3cc6a44f80fecc0fd5f432a0eb43e42b1036f8d862cfb19ab0d04cd18ee88a5 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iEYEAREIAAYFAlP/LecACgkQblQW9DDEZThk/QCgicTbFwQA/9Far0KlTq+Yu8g2 +N2oAnAyJ84/xUFvOmh/HPLkfRIy+XPS3 +=40pi +-----END PGP SIGNATURE----- diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init index ce2e5f75c6e4..c72639305654 100644 --- a/net-firewall/nftables/files/nftables.init +++ b/net-firewall/nftables/files/nftables.init @@ -3,21 +3,17 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -extra_commands="check clear list panic save" +extra_commands="clear list panic save" extra_started_commands="reload" -nftables_name=nftables -nft_bin=/sbin/nft - depend() { need localmount #434774 before net } checkkernel() { - ${nft_bin} list tables &>/dev/null - if [ $? -ne 0 ]; then - eerror "Your kernel lacks ${nftables_name} support, please load" + if ! nft list tables >/dev/null 2>&1; then + eerror "Your kernel lacks nftables support, please load" eerror "appropriate modules and try again." return 1 fi @@ -26,57 +22,39 @@ checkkernel() { checkconfig() { if [ ! -f ${NFTABLES_SAVE} ]; then - eerror "Not starting ${nftables_name}. First create some rules then run:" - eerror "/etc/init.d/${nftables_name} save" + eerror "Not starting nftables. First create some rules then run:" + eerror "rc-service nftables save" return 1 fi return 0 } -checkfamilies() { - if [ -n "${families+set}" ]; then - return - fi - - families=() +getfamilies() { + local families for l3f in ip arp ip6 bridge inet; do - ${nft_bin} list tables ${l3f} &> /dev/null - if [ $? -eq 0 ]; then - families+=($l3f) + if nft list tables ${l3f} > /dev/null 2>&1; then + families="${families}${l3f} " fi done -} - -havefamily() { - local i tfamily=$1 - checkfamilies - - for i in ${families[@]}; do - if [ $i == $tfamily ]; then - return 0 - fi - done - return 1 + echo ${families} } clearNFT() { - checkfamilies - local l3f line table chain - for l3f in ${families[@]}; do - ${nft_bin} list tables ${l3f} | while read line; do + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do table=$(echo ${line} | sed "s/table[ \t]*//") - ${nft_bin} flush table ${l3f} ${table} - ${nft_bin} list table ${l3f} ${table} | while read l; do + nft flush table ${l3f} ${table} + nft list table ${l3f} ${table} | while read l; do chain=$(echo $l | grep -o 'chain [^[:space:]]\+' |\ cut -d ' ' -f2) if [ -n "${chain}" ]; then - ${nft_bin} flush chain ${l3f} ${table} ${chain} - ${nft_bin} delete chain ${l3f} ${table} ${chain} + nft flush chain ${l3f} ${table} ${chain} + nft delete chain ${l3f} ${table} ${chain} fi done - ${nft_bin} delete table ${l3f} ${table} + nft delete table ${l3f} ${table} done done } @@ -92,22 +70,21 @@ addpanictable() { nft add rule ${l3f} panic forward drop } -checkrules() { - ewarn "Rules not checked as ${nftables_name} does not support this feature." - return 0 +start_pre() { + checkkernel || return 1 + checkconfig || return 1 + return 0 } start() { - checkkernel || return 1 - checkconfig || return 1 - ebegin "Loading ${nftables_name} state and starting firewall" + ebegin "Loading nftables state and starting firewall" clearNFT - ${nft_bin} -f ${NFTABLES_SAVE} + nft -f ${NFTABLES_SAVE} eend $? } stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then + if yesno ${SAVE_ON_STOP:-yes}; then save || return 1 fi @@ -125,39 +102,31 @@ reload() { start } -check() { - # Short name for users of init.d script - checkrules -} - clear() { clearNFT } list() { - checkfamilies local l3f - for l3f in ${families[@]}; do - ${nft_bin} list tables ${l3f} | while read line; do + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do line=$(echo ${line} | sed "s/table/table ${l3f}/") - echo "$(${nft_bin} list ${line})" + echo "$(nft list ${line})" done done } save() { - checkfamilies - - ebegin "Saving ${nftables_name} state" + ebegin "Saving nftables state" checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" checkpath -q -m 0600 -f "${NFTABLES_SAVE}" local l3f line tmp_save="${NFTABLES_SAVE}.tmp" touch "${tmp_save}" - for l3f in ${families[@]}; do - ${nft_bin} list tables ${l3f} | while read line; do + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do line=$(echo ${line} | sed "s/table/table ${l3f}/") # The below substitution fixes an issue where nft -n output may not # always be parsable by nft -f. For example, nft -n might print @@ -171,7 +140,7 @@ save() { # Invalid argument # table ip6 filter { # ^^ - echo "$(${nft_bin} ${SAVE_OPTIONS} list ${line} |\ + echo "$(nft ${SAVE_OPTIONS} list ${line} |\ sed 's/\(::[0-9a-fA-F]\+\)\([^/]\)/\1\/128\2/g')" >> "${tmp_save}" done done @@ -180,15 +149,15 @@ save() { panic() { checkkernel || return 1 - if service_started ${nftables_name}; then - rc-service ${nftables_name} stop + if service_started ${RC_SVCNAME}; then + rc-service ${RC_SVCNAME} stop fi ebegin "Dropping all packets" clearNFT local l3f - for l3f in ${families[@]}; do + for l3f in $(getfamilies); do case ${l3f} in ip) addpanictable ${l3f} ;; ip6) addpanictable ${l3f} ;; diff --git a/net-firewall/nftables/nftables-0.3-r2.ebuild b/net-firewall/nftables/nftables-0.3-r2.ebuild new file mode 100644 index 000000000000..3be276c05f26 --- /dev/null +++ b/net-firewall/nftables/nftables-0.3-r2.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/nftables/nftables-0.3-r2.ebuild,v 1.1 2014/08/28 13:25:47 williamh Exp $ + +EAPI=5 + +inherit autotools linux-info + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://netfilter.org/projects/nftables/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="debug" +SRC_URI="http://netfilter.org/projects/${PN}/files/${P}.tar.bz2" + +RDEPEND="net-libs/libmnl + >=net-libs/libnftnl-1.0.2 + dev-libs/gmp + sys-libs/readline" +DEPEND="${RDEPEND} + >=app-text/docbook2X-0.8.8-r4 + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if kernel_is ge 3 13; then + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + epatch_user + eautoreconf +} + +src_configure() { + econf \ + --sbindir="${EPREFIX}"/sbin \ + $(use_enable debug) +} + +src_install() { + default + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.init ${PN} + keepdir /var/lib/nftables +} |