Move net-firewall/iptables-nftables-9999 to net-firewall/iptables-nftables-1.4.21-r1, add net-firewall/iptables-9999

author: Stuart Shelton <stuart@shelton.me> 2015-04-22 00:37:17 +0100
committer: Stuart Shelton <stuart@shelton.me> 2015-04-22 00:37:17 +0100
commit: 25f26e00099f5475672dddb6658926265276a7a7 (patch)
tree: 47eb04d1041553d49ae5f6b0bbb1a886d238f806 /net-firewall
parent: Move app-admin/eselect-php to app-eselect/eselect-php, add app-eselect/eselec... (diff)
download: srcshelton-25f26e00099f5475672dddb6658926265276a7a7.tar.gz
srcshelton-25f26e00099f5475672dddb6658926265276a7a7.tar.bz2
srcshelton-25f26e00099f5475672dddb6658926265276a7a7.zip
19 files changed, 423 insertions, 6 deletions
diff --git a/net-firewall/iptables-nftables/Manifest b/net-firewall/iptables-nftables/Manifest
index bad52321..198af63f 100644
--- a/net-firewall/iptables-nftables/Manifest
+++ b/net-firewall/iptables-nftables/Manifest
@@ -1,4 +1,10 @@
 AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10
 AUX iptables-1.4.13-r1.init 2891 SHA256 13047698e03079b754957e1e548ce7505dfb2c73c9a31f87e061140603ab0e44 SHA512 c35d4fc3d08e6fe3c567a5fe4b8dc0679c87c01c5d90e9a08b68039e4e846043a1f1ae47bc37bc718af761b9287394e8edfa3681d5ae23d666fc9de60a8c8302 WHIRLPOOL 7007ab6e5524b7d1e6e3c17ed0a7c40c6e7034510ecad2e442a2863a819a72f5f1cda58c5b6ad331b36c6c5c40980f344364593246d46cf95c1527a24115b829
 AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b
-EBUILD iptables-nftables-9999.ebuild 2736 SHA256 11b5ba1ce37cc43505917c3aed2d30b4d19008afeb2e091e7fe3c11184e1a971 SHA512 75a1d99df7af0315ab815daee73ab4599e65ad24fee365c26a1b62a05e2423902f1368e56eb7a26df138bba5dc653990a3380a02a587603fa3da604542aee619 WHIRLPOOL 9b04c9e32b2a47a38a74c4c5743da42257a0c2bce18a9701a90e68b0214ace0cea541d50086a1d66ac826cb8170aad40459f5b17cffe183bd02c628465cb151d
+AUX systemd/ip6tables-restore.service 395 SHA256 679ba8327bf037e991ff07d8cf910009c67026b0faf8112d75c945b64f4b64de SHA512 e41f7bc55b2b58452b993ccb42014b5bc2701aeeef46eee845a2b016b334299ff4e6d11ba22f3aaff47195f1049dc7fd4be41a7055911420230107b1ee4c6ba3 WHIRLPOOL 232d90f8591358fe853c8c4b569b2825ba02ced59d390232a7f7fb535e3bfbbcb70972938506cbead5e6b57845310f5a91c1fd225898f185cffb96ba7d4d97f3
+AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6
+AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0
+AUX systemd/iptables-restore.service 391 SHA256 ace3b2085700bde96f0597e8c6f3b8524c28d4f9b6c924deb09b164a5b8e979c SHA512 222a088d487f8e5c199aec4a3619f8c8ee620ffca13c35fd3da8daf926db25fa5203226a6f4a2c426622d935ffd57c02ad4ff5edbca922f8168e29fc3e52c516 WHIRLPOOL 507cfef3650fcce3a17d56edfb39110d08397bbd96c88cb21c2cdb74c69b920142f0f68f71312ae7a6013057e0ab500546a0075806dd424fc85b9aebdb76b5f4
+AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db
+AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3
+EBUILD iptables-nftables-1.4.21-r1.ebuild 2848 SHA256 69eafd2e4492103fe0d77577d3bda56b5702d841375aaacfe3757a0926d8bef1 SHA512 963457133a1ddf5dae0bae0f161b19c157b6981294d9934b4d2b6749b676d0890ac288641b053f9cf09c208eb515ac2c2ea3a3518ca42b5d170441adc4b03fd2 WHIRLPOOL 68491592b2265057f143b9606da842a9490253534c219d0243be05b68a4fd42bb8555f519b6620cddbc5251e73474a6f3146ca706d5ec87ea49f8f4d416847df
diff --git a/net-firewall/iptables-nftables/files/systemd/ip6tables-restore.service b/net-firewall/iptables-nftables/files/systemd/ip6tables-restore.service
new file mode 100644
index 00000000..88415fa3
--- /dev/null
+++ b/net-firewall/iptables-nftables/files/systemd/ip6tables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore ip6tables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=ip6tables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network.target
+Conflicts=shutdown.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables-nftables/files/systemd/ip6tables-store.service b/net-firewall/iptables-nftables/files/systemd/ip6tables-store.service
new file mode 100644
index 00000000..99753783
--- /dev/null
+++ b/net-firewall/iptables-nftables/files/systemd/ip6tables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store ip6tables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables-nftables/files/systemd/ip6tables.service b/net-firewall/iptables-nftables/files/systemd/ip6tables.service
new file mode 100644
index 00000000..0a6d7fa1
--- /dev/null
+++ b/net-firewall/iptables-nftables/files/systemd/ip6tables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore ip6tables firewall rules
+
+[Install]
+Also=ip6tables-store.service
+Also=ip6tables-restore.service
diff --git a/net-firewall/iptables-nftables/files/systemd/iptables-restore.service b/net-firewall/iptables-nftables/files/systemd/iptables-restore.service
new file mode 100644
index 00000000..9d568d78
--- /dev/null
+++ b/net-firewall/iptables-nftables/files/systemd/iptables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore iptables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=iptables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network.target
+Conflicts=shutdown.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables-nftables/files/systemd/iptables-store.service b/net-firewall/iptables-nftables/files/systemd/iptables-store.service
new file mode 100644
index 00000000..aa16e75e
--- /dev/null
+++ b/net-firewall/iptables-nftables/files/systemd/iptables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store iptables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables-nftables/files/systemd/iptables.service b/net-firewall/iptables-nftables/files/systemd/iptables.service
new file mode 100644
index 00000000..3643a3e3
--- /dev/null
+++ b/net-firewall/iptables-nftables/files/systemd/iptables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore iptables firewall rules
+
+[Install]
+Also=iptables-store.service
+Also=iptables-restore.service
diff --git a/net-firewall/iptables-nftables/iptables-nftables-1.4.21-r1.ebuild b/net-firewall/iptables-nftables/iptables-nftables-1.4.21-r1.ebuild
new file mode 100644
index 00000000..98bb9cd1
--- /dev/null
+++ b/net-firewall/iptables-nftables/iptables-nftables-1.4.21-r1.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.21-r1.ebuild,v 1.9 2014/08/02 18:06:48 ago Exp $
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit autotools eutils git-r3 multilib systemd toolchain-funcs
+
+# iptables-nftables was merged into iptables...
+#REPO="${PN}"
+# ... and no longer has its own branch...
+#BRANCH="nft-compat"
+REPO="iptables"
+BRANCH="master"
+COMMIT="03091e55a0d949e35a723dadbd6fd0f78ddf3a8c"
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools, with nftables compatibility"
+HOMEPAGE="http://www.netfilter.org/projects/nftables/"
+EGIT_REPO_URI="git://git.netfilter.org/${REPO}.git"
+#EGIT_BRANCH="${BRANCH}"
+EGIT_COMMIT="${COMMIT}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86"
+IUSE="ipv6 netlink static-libs systemd"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+	net-libs/libnetfilter_conntrack
+	net-libs/libnftnl
+	net-libs/libpcap
+	!net-firewall/iptables
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	eautoreconf
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		--enable-libipq \
+		--enable-bpf-compiler \
+		--enable-nfsynproxy \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/iptables-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/iptables-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	if use systemd; then
+		systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+		if use ipv6 ; then
+			systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+		fi
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+	prune_libtool_files --all
+}
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
new file mode 100644
index 00000000..38e95289
--- /dev/null
+++ b/net-firewall/iptables/Manifest
@@ -0,0 +1,10 @@
+AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10
+AUX iptables-1.4.13-r1.init 2891 SHA256 13047698e03079b754957e1e548ce7505dfb2c73c9a31f87e061140603ab0e44 SHA512 c35d4fc3d08e6fe3c567a5fe4b8dc0679c87c01c5d90e9a08b68039e4e846043a1f1ae47bc37bc718af761b9287394e8edfa3681d5ae23d666fc9de60a8c8302 WHIRLPOOL 7007ab6e5524b7d1e6e3c17ed0a7c40c6e7034510ecad2e442a2863a819a72f5f1cda58c5b6ad331b36c6c5c40980f344364593246d46cf95c1527a24115b829
+AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b
+AUX systemd/ip6tables-restore.service 395 SHA256 679ba8327bf037e991ff07d8cf910009c67026b0faf8112d75c945b64f4b64de SHA512 e41f7bc55b2b58452b993ccb42014b5bc2701aeeef46eee845a2b016b334299ff4e6d11ba22f3aaff47195f1049dc7fd4be41a7055911420230107b1ee4c6ba3 WHIRLPOOL 232d90f8591358fe853c8c4b569b2825ba02ced59d390232a7f7fb535e3bfbbcb70972938506cbead5e6b57845310f5a91c1fd225898f185cffb96ba7d4d97f3
+AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6
+AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0
+AUX systemd/iptables-restore.service 391 SHA256 ace3b2085700bde96f0597e8c6f3b8524c28d4f9b6c924deb09b164a5b8e979c SHA512 222a088d487f8e5c199aec4a3619f8c8ee620ffca13c35fd3da8daf926db25fa5203226a6f4a2c426622d935ffd57c02ad4ff5edbca922f8168e29fc3e52c516 WHIRLPOOL 507cfef3650fcce3a17d56edfb39110d08397bbd96c88cb21c2cdb74c69b920142f0f68f71312ae7a6013057e0ab500546a0075806dd424fc85b9aebdb76b5f4
+AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db
+AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3
+EBUILD iptables-9999.ebuild 2703 SHA256 7c209a09754fe267fdbd9e3f96b67fb4da7eb5126f01a88828438ce56f69f2ea SHA512 35c8bb92356825d29749d0c472252fac6984b9742122f0c6d263c87f4a425f4ae461e935221dd6a949d59bc63d59de2cd983a7ec4ca049f940a318d2390cfb50 WHIRLPOOL fabd80f234b1ae88afda8c548ff0f231d9c257e1901a05fa89f93a4c83f951f3575dc058d1d9aff3286e534645a1e8efe95d347e38178e93042f04f90f7ee23c
diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd
new file mode 100644
index 00000000..3bb36989
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/ip6tables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init
new file mode 100644
index 00000000..a63d0768
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init
@@ -0,0 +1,130 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13-r1.init,v 1.3 2013/04/27 17:29:09 vapier Exp $
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+iptables|ip6tables) ;;
+*) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	need localmount #434774
+	before net
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	checkrules || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+checkrules() {
+	ebegin "Checking rules"
+	${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+check() {
+	# Short name for users of init.d script.
+	checkrules
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	checkpath -q -d "$(dirname "${iptables_save}")"
+	checkpath -q -m 0600 -f "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	if service_started ${iptables_name}; then
+		rc-service ${iptables_name} stop
+	fi
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd
new file mode 100644
index 00000000..7225374c
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service
new file mode 100644
index 00000000..88415fa3
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore ip6tables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=ip6tables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network.target
+Conflicts=shutdown.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables/files/systemd/ip6tables-store.service b/net-firewall/iptables/files/systemd/ip6tables-store.service
new file mode 100644
index 00000000..99753783
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store ip6tables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables/files/systemd/ip6tables.service b/net-firewall/iptables/files/systemd/ip6tables.service
new file mode 100644
index 00000000..0a6d7fa1
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore ip6tables firewall rules
+
+[Install]
+Also=ip6tables-store.service
+Also=ip6tables-restore.service
diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service
new file mode 100644
index 00000000..9d568d78
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore iptables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=iptables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network.target
+Conflicts=shutdown.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables/files/systemd/iptables-store.service b/net-firewall/iptables/files/systemd/iptables-store.service
new file mode 100644
index 00000000..aa16e75e
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store iptables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables/files/systemd/iptables.service b/net-firewall/iptables/files/systemd/iptables.service
new file mode 100644
index 00000000..3643a3e3
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore iptables firewall rules
+
+[Install]
+Also=iptables-store.service
+Also=iptables-restore.service
diff --git a/net-firewall/iptables-nftables/iptables-nftables-9999.ebuild b/net-firewall/iptables/iptables-9999.ebuild
index 46eaf484..8b5e5c14 100644
--- a/net-firewall/iptables-nftables/iptables-nftables-9999.ebuild
+++ b/net-firewall/iptables/iptables-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="5"
@@ -13,14 +13,13 @@ inherit autotools eutils git-r3 multilib systemd toolchain-funcs
 # ... and no longer has its own branch...
 #BRANCH="nft-compat"
 REPO="iptables"
-BRANCH="master"
-COMMIT="03091e55a0d949e35a723dadbd6fd0f78ddf3a8c"
+BRANCH="master" # ipset # xlate2
 
 DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools, with nftables compatibility"
 HOMEPAGE="http://www.netfilter.org/projects/nftables/"
 EGIT_REPO_URI="git://git.netfilter.org/${REPO}.git"
-#EGIT_BRANCH="${BRANCH}"
-EGIT_COMMIT="${COMMIT}"
+EGIT_BRANCH="${BRANCH}"
+#EGIT_COMMIT="${COMMIT}"
 
 LICENSE="GPL-2"
 SLOT="0"
author	Stuart Shelton <stuart@shelton.me>	2015-04-22 00:37:17 +0100
committer	Stuart Shelton <stuart@shelton.me>	2015-04-22 00:37:17 +0100
commit	25f26e00099f5475672dddb6658926265276a7a7 (patch)
tree	47eb04d1041553d49ae5f6b0bbb1a886d238f806 /net-firewall
parent	Move app-admin/eselect-php to app-eselect/eselect-php, add app-eselect/eselec... (diff)
download	srcshelton-25f26e00099f5475672dddb6658926265276a7a7.tar.gz srcshelton-25f26e00099f5475672dddb6658926265276a7a7.tar.bz2 srcshelton-25f26e00099f5475672dddb6658926265276a7a7.zip