rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity

auto-import changelog data from iptables-1.2.9-1.0.src.rpm

Browse Source 
Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.0
- vew version 1.2.9
- new config options in ipXtables-config: IPTABLES_MODULES_UNLOAD
- more documentation in ipXtables-config
- fix for netlink security issue in libipq (devel package)
- print fix for libipt_icmp (#109546)
This commit is contained in:
cvsdist 2004-09-09 06:25:10 +00:00
parent 6d58a1835a
commit 314b6dc7e4
6 changed files with 100 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
iptables-1.2.8.tar.bz2
iptables-1.2.9.tar.bz2

13
iptables-1.2.9-netlink.patch Normal file
View File

@ -0,0 +1,13 @@
--- iptables-1.2.9/libipq/libipq.c.netlink 2003-12-05 17:00:07.000000000 +0100
+++ iptables-1.2.9/libipq/libipq.c 2003-12-05 17:00:39.000000000 +0100
@@ -171,6 +171,10 @@
ipq_errno = IPQ_ERR_RECV;
return -1;
}
+ if (h->peer.nl_pid != 0) {
+ ipq_errno = IPQ_ERR_RECV;
+ return -1;
+ }
if (status == 0) {
ipq_errno = IPQ_ERR_NLEOF;
return -1;

34
iptables-config
View File

@ -1,19 +1,37 @@
# Additional iptables modules (nat helper)
# Default: -empty-
#IPTABLES_MODULES="ip_nat_ftp"
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modules.conf.
#IPTABLES_MODULES=""
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
#IPTABLES_MODULES_UNLOAD="yes"
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
#IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
#IPTABLES_SAVE_ON_RESTART="no"
# Save (and restore) rule counter.
# Value: yes|no, default: no
# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
#IPTABLES_SAVE_COUNTER="no"
# Numeric status output
# Value: yes|no, default: no
# Value: yes|no, default: no
# Print IP addresses and port numbers in numeric format in the status output.
#IPTABLES_STATUS_NUMERIC="no"

63
iptables.init
View File

@ -28,8 +28,14 @@ if lsmod 2>/dev/null | grep -q ipchains ; then
exit 0
fi
# Old or new modutils
/sbin/modprobe --version 2>&1 | grep -q module-init-tools \
&& NEW_MODUTILS=1 \
|| NEW_MODUTILS=0
# Default firewall configuration:
IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
@ -43,19 +49,27 @@ rmmod_r() {
# At first all referring modules will be unloaded, then the module itself.
local mod=$1
local ret=0
local ref=
# Get referring modules.
local ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
# New modutils have another output format.
[ $NEW_MODUTILS = 1 ] \
&& ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \
|| ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
# recursive call for all referring module
# recursive call for all referring modules
for i in $ref; do
rmmod_r $i
let ret+=$?;
done
# Unload module.
modprobe -r $mod > /dev/null 2>&1
let ret+=$?;
# The extra test is for 2.6: The module might have autocleaned,
# after all referring modules are unloaded.
if grep -q "^${mod}" /proc/modules ; then
modprobe -r $mod > /dev/null 2>&1
let ret+=$?;
fi
return $ret
}
@ -87,6 +101,7 @@ flush_n_delete() {
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
set_policy() {
@ -133,6 +148,7 @@ set_policy() {
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
start() {
@ -151,6 +167,7 @@ start() {
failure; echo; return 1
fi
# Load additional modules (helpers)
if [ -n "$IPTABLES_MODULES" ]; then
echo -n $"Loading additional $IPTABLES modules: "
ret=0
@ -164,6 +181,7 @@ start() {
fi
touch $VAR_SUBSYS_IPTABLES
return $ret
}
stop() {
@ -173,17 +191,19 @@ stop() {
flush_n_delete
set_policy ACCEPT
echo -n $"Unloading $IPTABLES modules: "
ret=0
rmmod_r ${IPV}_tables
let ret+=$?;
rmmod_r ${IPV}_conntrack
let ret+=$?;
[ $ret -eq 0 ] && success || failure
echo
if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
echo -n $"Unloading $IPTABLES modules: "
ret=0
rmmod_r ${IPV}_tables
let ret+=$?;
rmmod_r ${IPV}_conntrack
let ret+=$?;
[ $ret -eq 0 ] && success || failure
echo
fi
rm -f $VAR_SUBSYS_IPTABLES
return $ret
}
save() {
@ -220,18 +240,23 @@ save() {
[ $ret -eq 0 ] && success || failure
echo
rm -f $TMP_FILE
return $ret
}
status() {
# Do not print status if lockfile is missing and iptables modules are not
# loaded.
# Check if iptable module is loaded
if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
if [ ! -f "$VAR_SUBSYS_IPTABLES" ]; then
echo $"Firewall is stopped."
return 1
fi
# Check if firewall is configured (has tables)
if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
echo $"Firewall is not configured. "
return 1
fi
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
if [ -z "$tables" ]; then
echo $"Firewall is not configured. "
@ -245,6 +270,8 @@ status() {
echo $"Table: $table"
$IPTABLES -t $table --list $NUM && echo
done
return 0
}
restart() {
@ -257,26 +284,32 @@ case "$1" in
start)
stop
start
RETVAL=$?
;;
stop)
[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
stop
RETVAL=$?
;;
restart)
restart
RETVAL=$?
;;
condrestart)
[ -e "$VAR_SUBSYS_IPTABLES" ] && restart
;;
status)
status
RETVAL=$?
;;
panic)
flush_n_delete
set_policy DROP
RETVAL=$?
;;
save)
save
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
@ -284,4 +317,4 @@ case "$1" in
;;
esac
exit 0
exit $RETVAL

22
iptables.spec
View File

@ -3,19 +3,17 @@
Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities.
Version: 1.2.8
Release: 14
Version: 1.2.9
Release: 1.0
Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
%if %{linux_header}
Source3: netfilter-2.4.20.tar.gz
%endif
Patch0: iptables-1.2.8-numeric.patch
Patch1: iptables-1.2.8-save_ports.patch
Patch2: iptables-1.2.8-nolibnsl.patch
Patch3: iptables-1.2.8-print_type.patch
Patch4: iptables-1.2.8-netlink.patch
Patch4: iptables-1.2.9-netlink.patch
Group: System Environment/Base
URL: http://www.netfilter.org/
BuildRoot: %{_tmppath}/%{name}-buildroot
@ -67,8 +65,6 @@ cd include
tar -zxf %{SOURCE3}
cd ..
%endif
%patch0 -p1 -b .numeric
%patch1 -p1 -b .save_ports
%patch2 -p1 -b .nolibnsl
%patch3 -p1 -b .print_type
%patch4 -p1 -b .netlink
@ -120,7 +116,7 @@ fi
%files
%defattr(-,root,root,0755)
%doc COPYING KNOWN_BUGS
%doc COPYING INSTALL INCOMPATIBILITIES
%config %attr(0755,root,root) /etc/rc.d/init.d/iptables
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
/sbin/iptables*
@ -146,9 +142,13 @@ fi
%endif
%changelog
* Fri Dec 5 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-14
- fixed netlink security issue in libipq (devel package)
- fixed save in libipt_icmp (#109546)
* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.0
- vew version 1.2.9
- new config options in ipXtables-config:
IPTABLES_MODULES_UNLOAD
- more documentation in ipXtables-config
- fix for netlink security issue in libipq (devel package)
- print fix for libipt_icmp (#109546)
* Thu Oct 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-13
- marked all messages in iptables init script for translation (#107462)

2
sources
View File

@ -1 +1 @@
cf62ebdabf05ccc5479334cc04fa993c iptables-1.2.8.tar.bz2
8299db6ffbe98496d7f57dbb00f17e7d iptables-1.2.9.tar.bz2