From 1392835e930fffe5a55b212b5d9611865337528f Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 21 Jul 2011 15:53:48 +0200 Subject: [PATCH] - merged ipv6 sub package into main package - renamed init scripts to /usr/libexec/ip*tables.init --- iptables.service | 6 ++-- iptables.spec | 82 ++++++++++++++---------------------------------- 2 files changed, 27 insertions(+), 61 deletions(-) diff --git a/iptables.service b/iptables.service index 8730556..d87e306 100644 --- a/iptables.service +++ b/iptables.service @@ -1,13 +1,13 @@ [Unit] -Description=iptables Firewall for IPv4 +Description=IPv4 firewall with iptables After=syslog.target ConditionPathExists=/etc/sysconfig/iptables [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/libexec/iptables start -ExecStop=/usr/libexec/iptables stop +ExecStart=/usr/libexec/iptables.init start +ExecStop=/usr/libexec/iptables.init stop Environment=BOOTUP=serial Environment=CONSOLETYPE=serial StandardOutput=syslog diff --git a/iptables.spec b/iptables.spec index 43d7756..d81e661 100644 --- a/iptables.spec +++ b/iptables.spec @@ -15,7 +15,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities Version: 1.4.11.1 -Release: 3%{?dist} +Release: 4%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -38,28 +38,15 @@ Requires(postun): systemd-units Requires(post): chkconfig Requires(preun): chkconfig %endif +# provide also ipv6 sub package +Provides: %{name}-ipv6 = %{version}-%{release} +Obsoletes: %{name}-ipv6 < %{version}-%{release} %description The iptables utility controls the network packet filtering code in the Linux kernel. If you need to set up firewalls and/or IP masquerading, you should install this package. -%package ipv6 -Summary: IPv6 support for iptables -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} -Requires(post): chkconfig -Requires(preun): chkconfig - -%description ipv6 -The iptables package contains IPv6 (the next version of the IP -protocol) support for iptables. Iptables controls the Linux kernel -network packet filtering code, allowing you to set up firewalls and IP -masquerading. - -Install iptables-ipv6 if you need to set up firewalling for your -network and you are using ipv6. - %package devel Summary: Development package for iptables Group: System Environment/Base @@ -113,9 +100,9 @@ mv %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}/ # install init scripts and configuration files install -d -m 755 %{buildroot}%{script_path} -install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables +install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init -install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables +install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init install -d -m 755 %{buildroot}/etc/sysconfig install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config @@ -139,12 +126,15 @@ rm -rf %{buildroot} if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl daemon-reload >/dev/null 2>&1 || : /bin/systemctl enable iptables.service >/dev/null 2>&1 || : + /bin/systemctl enable ip6tables.service >/dev/null 2>&1 || : fi %preun if [ $1 -eq 0 ]; then # Package removal, not upgrade /bin/systemctl --no-reload disable iptables.service > /dev/null 2>&1 || : + /bin/systemctl --no-reload disable ip6tables.service > /dev/null 2>&1 || : /bin/systemctl stop iptables.service > /dev/null 2>&1 || : + /bin/systemctl stop ip6tables.service > /dev/null 2>&1 || : fi %postun @@ -152,6 +142,7 @@ fi /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart iptables.service >/dev/null 2>&1 || : + /bin/systemctl try-restart ip6tables.service >/dev/null 2>&1 || : fi %triggerun -- iptables < 1.4.11.1-3 @@ -165,26 +156,8 @@ fi /sbin/chkconfig --del iptables >/dev/null 2>&1 || : /bin/systemctl try-restart iptables.service >/dev/null 2>&1 || : -%post ipv6 -if [ $1 -eq 1 ] ; then # Initial installation - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /bin/systemctl enable ip6tables.service >/dev/null 2>&1 || : -fi - -%preun ipv6 -if [ $1 -eq 0 ]; then # Package removal, not upgrade - /bin/systemctl --no-reload disable ip6tables.service > /dev/null 2>&1 || : - /bin/systemctl stop ip6tables.service > /dev/null 2>&1 || : -fi - -%postun ipv6 -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall - /bin/systemctl try-restart ip6tables.service >/dev/null 2>&1 || : -fi - -%triggerun ipv6 -- ip6tables-ipv6 < 1.4.11.1-3 -# To apply saved runlevel, use systemd-sysv-convert --apply ip6tables +%triggerun -- iptables-ipv6 < 1.4.11.1-3 +# To apply saved runlevel, use systemd-sysv-convert --apply iptables %{_bindir}/systemd-sysv-convert --save ip6tables >/dev/null 2>&1 ||: # Autostart @@ -199,17 +172,11 @@ fi %post /sbin/ldconfig /sbin/chkconfig --add iptables +/sbin/chkconfig --add ip6tables %preun if [ $1 -eq 0 ]; then /sbin/chkconfig --del iptables -fi - -%post ipv6 -/sbin/chkconfig --add ip6tables - -%preun ipv6 -if [ $1 -eq 0 ]; then /sbin/chkconfig --del ip6tables fi @@ -221,34 +188,29 @@ fi %files %defattr(-,root,root) %doc COPYING INSTALL INCOMPATIBILITIES -%attr(0755,root,root) %{script_path}/iptables +%attr(0755,root,root) %{script_path}/iptables.init +%attr(0755,root,root) %{script_path}/ip6tables.init %config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config +%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config %if %{with systemd} /lib/systemd/system/iptables.service +/lib/systemd/system/ip6tables.service %endif /sbin/iptables* +/sbin/ip6tables* /sbin/xtables-multi /bin/iptables-xml %{_mandir}/man1/iptables-xml* %{_mandir}/man8/iptables* +%{_mandir}/man8/ip6tables* %dir /%{_lib}/xtables /%{_lib}/xtables/libipt* +/%{_lib}/xtables/libip6t* /%{_lib}/xtables/libxt* /%{_lib}/libip*tc.so.* /%{_lib}/libipq.so.* /%{_lib}/libxtables.so.* -%files ipv6 -%defattr(-,root,root) -%attr(0755,root,root) %{script_path}/ip6tables -%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config -%if %{with systemd} -/lib/systemd/system/ip6tables.service -%endif -/sbin/ip6tables* -%{_mandir}/man8/ip6tables* -/%{_lib}/xtables/libip6t* - %files devel %defattr(-,root,root) %dir %{_includedir}/iptables @@ -269,6 +231,10 @@ fi %{_libdir}/pkgconfig/xtables.pc %changelog +* Thu Jul 21 2011 Thomas Woerner 1.4.11.1-4 +- merged ipv6 sub package into main package +- renamed init scripts to /usr/libexec/ip*tables.init + * Fri Jul 15 2011 Thomas Woerner 1.4.11.1-3 - added support for native systemd file (rhbz#694738) - new iptables.service file