auto-import changelog data from iptables-1.2.8-7.90.1.src.rpm
Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7.90.1 - fixed save when iptables file is missing and iptables-config permissions Tue Jul 08 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7 - fixes for ip6tables: module unloading, setting policy only for existing tables Thu Jul 03 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6 - IPTABLES_SAVE_COUNTER defaults to no, now - install config file in /etc/sysconfig - exchange unload of ip_tables and ip_conntrack - fixed start function Wed Jul 02 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5 - new config option IPTABLES_SAVE_ON_RESTART - init script: new status, save and restart - fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374 Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4 - new config option IPTABLES_STATUS_NUMERIC - cleared IPTABLES_MODULES in iptables-config Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3 - new init scripts Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de> - remove check for very old kernel versions in init scripts - sync up both init scripts and remove some further ugly things - add some docu into rpm Thu Jun 26 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2 - rebuild Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1 - update to 1.2.8
This commit is contained in:
parent
c17548c88e
commit
31d8898f82
@ -1 +1 @@
|
|||||||
iptables-1.2.7a.tar.bz2
|
iptables-1.2.8.tar.bz2
|
||||||
|
19
iptables-config
Normal file
19
iptables-config
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# Additional iptables modules (nat helper)
|
||||||
|
# Default: -empty-
|
||||||
|
#IPTABLES_MODULES="ip_nat_ftp"
|
||||||
|
|
||||||
|
# Save current firewall rules on stop.
|
||||||
|
# Value: yes|no, default: no
|
||||||
|
#IPTABLES_SAVE_ON_STOP="no"
|
||||||
|
|
||||||
|
# Save current firewall rules on restart.
|
||||||
|
# Value: yes|no, default: no
|
||||||
|
#IPTABLES_SAVE_ON_RESTART="no"
|
||||||
|
|
||||||
|
# Save (and restore) rule counter.
|
||||||
|
# Value: yes|no, default: no
|
||||||
|
#IPTABLES_SAVE_COUNTER="no"
|
||||||
|
|
||||||
|
# Numeric status output
|
||||||
|
# Value: yes|no, default: no
|
||||||
|
#IPTABLES_STATUS_NUMERIC="no"
|
379
iptables.init
379
iptables.init
@ -1,208 +1,287 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Startup script to implement /etc/sysconfig/iptables pre-defined rules.
|
# iptables Start iptables firewall
|
||||||
#
|
#
|
||||||
# chkconfig: 2345 08 92
|
# chkconfig: 2345 08 92
|
||||||
#
|
# description: Starts, stops and saves iptables firewall
|
||||||
# description: Automates a packet filtering firewall with iptables.
|
|
||||||
#
|
|
||||||
# by bero@redhat.com, based on the ipchains script:
|
|
||||||
# Script Author: Joshua Jensen <joshua@redhat.com>
|
|
||||||
# -- hacked up by gafton with help from notting
|
|
||||||
# modified by Anton Altaparmakov <aia21@cam.ac.uk>:
|
|
||||||
# modified by Nils Philippsen <nils@redhat.de>
|
|
||||||
#
|
#
|
||||||
# config: /etc/sysconfig/iptables
|
# config: /etc/sysconfig/iptables
|
||||||
|
# config: /etc/sysconfig/iptables-config
|
||||||
|
|
||||||
# Source 'em up
|
# Source function library.
|
||||||
. /etc/init.d/functions
|
. /etc/init.d/functions
|
||||||
|
|
||||||
IPTABLES_CONFIG=/etc/sysconfig/iptables
|
IPTABLES=iptables
|
||||||
|
IPTABLES_DATA=/etc/sysconfig/$IPTABLES
|
||||||
|
IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
|
||||||
|
IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
|
||||||
|
PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
|
||||||
|
VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
|
||||||
|
|
||||||
if [ ! -x /sbin/iptables ]; then
|
if [ ! -x /sbin/$IPTABLES ]; then
|
||||||
|
echo -n $"/sbin/$IPTABLES does not exist."; warning; echo
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
|
if lsmod 2>/dev/null | grep -q ipchains ; then
|
||||||
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
|
echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo
|
||||||
|
|
||||||
if [ "$KERNELMAJ" -lt 2 ] ; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
|
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Default firewall configuration:
|
||||||
|
IPTABLES_MODULES=""
|
||||||
|
IPTABLES_SAVE_ON_STOP="no"
|
||||||
|
IPTABLES_SAVE_ON_RESTART="no"
|
||||||
|
IPTABLES_SAVE_COUNTER="no"
|
||||||
|
IPTABLES_STATUS_NUMERIC="no"
|
||||||
|
|
||||||
|
# Load firewall configuration.
|
||||||
|
[ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
|
||||||
|
|
||||||
if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
|
rmmod_r() {
|
||||||
# Don't do both
|
# Unload module with all referring modules.
|
||||||
exit 0
|
# At first all referring modules will be unloaded, then the module itself.
|
||||||
fi
|
mod=$1
|
||||||
|
ret=0
|
||||||
|
|
||||||
iftable() {
|
# Get referring modules.
|
||||||
if fgrep -qsx $1 /proc/net/ip_tables_names; then
|
ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
|
||||||
iptables -t "$@"
|
|
||||||
fi
|
# recursive call for all referring module
|
||||||
|
for i in $ref; do
|
||||||
|
rmmod_r $i
|
||||||
|
let ret+=$?;
|
||||||
|
done
|
||||||
|
|
||||||
|
# Unload module.
|
||||||
|
modprobe -r $mod > /dev/null 2>&1
|
||||||
|
let ret+=$?;
|
||||||
|
|
||||||
|
return $ret
|
||||||
|
}
|
||||||
|
|
||||||
|
flush_n_delete() {
|
||||||
|
# Flush firewall rules and delete chains.
|
||||||
|
[ -e "$PROC_IPTABLES_NAMES" ] || return 1
|
||||||
|
|
||||||
|
# Check if firewall is configured (has tables)
|
||||||
|
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
|
||||||
|
[ -z "$tables" ] && return 1
|
||||||
|
|
||||||
|
echo -n $"Flushing firewall rules: "
|
||||||
|
ret=0
|
||||||
|
# For all tables
|
||||||
|
for i in $tables; do
|
||||||
|
# Flush firewall rules.
|
||||||
|
$IPTABLES -t $i -F;
|
||||||
|
let ret+=$?;
|
||||||
|
|
||||||
|
# Delete firewall chains.
|
||||||
|
$IPTABLES -t $i -X;
|
||||||
|
let ret+=$?;
|
||||||
|
|
||||||
|
# Set counter to zero.
|
||||||
|
$IPTABLES -t $i -Z;
|
||||||
|
let ret+=$?;
|
||||||
|
done
|
||||||
|
|
||||||
|
[ $ret -eq 0 ] && success || failure
|
||||||
|
echo
|
||||||
|
}
|
||||||
|
|
||||||
|
set_policy() {
|
||||||
|
# Set policy for configured tables.
|
||||||
|
policy=$1
|
||||||
|
|
||||||
|
# Check if iptable module is loaded
|
||||||
|
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
|
||||||
|
|
||||||
|
# Check if firewall is configured (has tables)
|
||||||
|
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
|
||||||
|
[ -z "$tables" ] && return 1
|
||||||
|
|
||||||
|
echo -n $"Setting chains to policy $policy: "
|
||||||
|
ret=0
|
||||||
|
for i in $tables; do
|
||||||
|
echo -n "$i "
|
||||||
|
case "$i" in
|
||||||
|
filter)
|
||||||
|
$IPTABLES -t filter -P INPUT $policy \
|
||||||
|
&& $IPTABLES -t filter -P OUTPUT $policy \
|
||||||
|
&& $IPTABLES -t filter -P FORWARD $policy \
|
||||||
|
|| let ret+=1
|
||||||
|
;;
|
||||||
|
nat)
|
||||||
|
$IPTABLES -t nat -P PREROUTING $policy \
|
||||||
|
&& $IPTABLES -t nat -P POSTROUTING $policy \
|
||||||
|
&& $IPTABLES -t nat -P OUTPUT $policy \
|
||||||
|
|| let ret+=1
|
||||||
|
;;
|
||||||
|
mangle)
|
||||||
|
$IPTABLES -t mangle -P PREROUTING $policy \
|
||||||
|
&& $IPTABLES -t mangle -P POSTROUTING $policy \
|
||||||
|
&& $IPTABLES -t mangle -P INPUT $policy \
|
||||||
|
&& $IPTABLES -t mangle -P OUTPUT $policy \
|
||||||
|
&& $IPTABLES -t mangle -P FORWARD $policy \
|
||||||
|
|| let ret+=1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
let ret+=1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
[ $ret -eq 0 ] && success || failure
|
||||||
|
echo
|
||||||
}
|
}
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
# don't do squat if we don't have the config file
|
# Do not start if there is no config file.
|
||||||
if [ -f $IPTABLES_CONFIG ]; then
|
[ -f "$IPTABLES_DATA" ] || return 1
|
||||||
# If we don't clear these first, we might be adding to
|
|
||||||
# pre-existing rules.
|
|
||||||
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
|
|
||||||
echo -n $"Flushing all current rules and user defined chains:"
|
|
||||||
let ret=0
|
|
||||||
for i in $chains; do iptables -t $i -F; let ret+=$?; done
|
|
||||||
iptables -F
|
|
||||||
let ret+=$?
|
|
||||||
if [ $ret -eq 0 ]; then
|
|
||||||
success
|
|
||||||
else
|
|
||||||
failure
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
echo -n $"Clearing all current rules and user defined chains:"
|
|
||||||
let ret=0
|
|
||||||
for i in $chains; do iptables -t $i -X; let ret+=$?; done
|
|
||||||
iptables -X
|
|
||||||
let ret+=$?
|
|
||||||
if [ $ret -eq 0 ]; then
|
|
||||||
success
|
|
||||||
else
|
|
||||||
failure
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
|
|
||||||
for i in $chains; do iptables -t $i -Z; done
|
echo -n $"Applying $IPTABLES firewall rules: "
|
||||||
|
|
||||||
echo -n $"Applying iptables firewall rules: "
|
OPT=
|
||||||
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c && \
|
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
|
||||||
success || \
|
|
||||||
failure
|
$IPTABLES-restore $OPT $IPTABLES_DATA
|
||||||
echo
|
if [ $? -eq 0 ]; then
|
||||||
touch /var/lock/subsys/iptables
|
success; echo
|
||||||
|
else
|
||||||
|
failure; echo; return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "$IPTABLES_MODULES" ]; then
|
||||||
|
echo -n $"Loading additional $IPTABLES modules: "
|
||||||
|
ret=0
|
||||||
|
for mod in $IPTABLES_MODULES; do
|
||||||
|
echo -n "$mod "
|
||||||
|
modprobe $mod > /dev/null 2>&1
|
||||||
|
let ret+=$?;
|
||||||
|
done
|
||||||
|
[ $ret -eq 0 ] && success || failure
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
|
||||||
|
touch $VAR_SUBSYS_IPTABLES
|
||||||
}
|
}
|
||||||
|
|
||||||
stop() {
|
stop() {
|
||||||
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
|
# Do not stop if iptables module is not loaded.
|
||||||
echo -n $"Flushing all chains:"
|
[ -e "$PROC_IPTABLES_NAMES" ] || return 1
|
||||||
let ret=0
|
|
||||||
for i in $chains; do iptables -t $i -F; let ret+=$?; done
|
flush_n_delete
|
||||||
iptables -F; let ret+=$?
|
set_policy ACCEPT
|
||||||
if [ $ret -eq 0 ]; then
|
|
||||||
success
|
echo -n $"Unloading $IPTABLES modules: "
|
||||||
else
|
ret=0
|
||||||
failure
|
rmmod_r ${IPV}_tables
|
||||||
fi
|
let ret+=$?;
|
||||||
|
rmmod_r ${IPV}_conntrack
|
||||||
|
let ret+=$?;
|
||||||
|
|
||||||
|
[ $ret -eq 0 ] && success || failure
|
||||||
echo
|
echo
|
||||||
|
|
||||||
echo -n $"Removing user defined chains:"
|
rm -f $VAR_SUBSYS_IPTABLES
|
||||||
let ret=0
|
}
|
||||||
for i in $chains; do iptables -t $i -X; let ret+=$?; done
|
|
||||||
iptables -X; let ret+=$?
|
save() {
|
||||||
|
# Check if iptable module is loaded
|
||||||
|
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
|
||||||
|
|
||||||
|
# Check if firewall is configured (has tables)
|
||||||
|
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
|
||||||
|
[ -z "$tables" ] && return 1
|
||||||
|
|
||||||
|
echo -n $"Saving firewall rules to $IPTABLES_DATA: "
|
||||||
|
|
||||||
|
OPT=
|
||||||
|
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
|
||||||
|
|
||||||
|
ret=0
|
||||||
|
TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
|
||||||
|
&& chmod 600 "$TMP_FILE" \
|
||||||
|
&& $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
|
||||||
|
&& size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
|
||||||
|
|| ret=1
|
||||||
if [ $ret -eq 0 ]; then
|
if [ $ret -eq 0 ]; then
|
||||||
success
|
if [ -e $IPTABLES_DATA ]; then
|
||||||
else
|
cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
|
||||||
failure
|
&& chmod 600 $IPTABLES_DATA.save \
|
||||||
|
|| ret=1
|
||||||
fi
|
fi
|
||||||
|
if [ $ret -eq 0 ]; then
|
||||||
|
cp -f $TMP_FILE $IPTABLES_DATA \
|
||||||
|
&& chmod 600 $IPTABLES_DATA \
|
||||||
|
|| ret=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
[ $ret -eq 0 ] && success || failure
|
||||||
echo
|
echo
|
||||||
echo -n $"Resetting built-in chains to the default ACCEPT policy:"
|
rm -f $TMP_FILE
|
||||||
iftable filter -P INPUT ACCEPT && \
|
}
|
||||||
iftable filter -P OUTPUT ACCEPT && \
|
|
||||||
iftable filter -P FORWARD ACCEPT && \
|
status() {
|
||||||
iftable nat -P PREROUTING ACCEPT && \
|
# Do not print status if lockfile is missing and iptables modules are not
|
||||||
iftable nat -P POSTROUTING ACCEPT && \
|
# loaded.
|
||||||
iftable nat -P OUTPUT ACCEPT && \
|
# Check if iptable module is loaded
|
||||||
iftable mangle -P PREROUTING ACCEPT && \
|
if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
|
||||||
iftable mangle -P POSTROUTING ACCEPT && \
|
echo "Firewall is stopped."
|
||||||
iftable mangle -P INPUT ACCEPT && \
|
return 1
|
||||||
iftable mangle -P OUTPUT ACCEPT && \
|
fi
|
||||||
iftable mangle -P FORWARD ACCEPT && \
|
|
||||||
success || \
|
# Check if firewall is configured (has tables)
|
||||||
failure
|
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
|
||||||
echo
|
if [ -z "$tables" ]; then
|
||||||
rm -f /var/lock/subsys/iptables
|
echo "Firewall is not configured. "
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
NUM=
|
||||||
|
[ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
|
||||||
|
|
||||||
|
for table in $tables; do
|
||||||
|
echo $"Table: $table"
|
||||||
|
$IPTABLES -t $table --list $NUM && echo
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
restart() {
|
||||||
|
[ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
|
||||||
|
stop
|
||||||
|
start
|
||||||
}
|
}
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
start)
|
start)
|
||||||
|
stop
|
||||||
start
|
start
|
||||||
;;
|
;;
|
||||||
|
|
||||||
stop)
|
stop)
|
||||||
|
[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
|
||||||
stop
|
stop
|
||||||
;;
|
;;
|
||||||
|
|
||||||
restart)
|
restart)
|
||||||
# "restart" is really just "start" as this isn't a daemon,
|
restart
|
||||||
# and "start" clears any pre-defined rules anyway.
|
|
||||||
# This is really only here to make those who expect it happy
|
|
||||||
start
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
condrestart)
|
condrestart)
|
||||||
[ -e /var/lock/subsys/iptables ] && start
|
[ -e "$VAR_SUBSYS_IPTABLES" ] && restart
|
||||||
;;
|
;;
|
||||||
|
|
||||||
status)
|
status)
|
||||||
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
|
status
|
||||||
for table in $tables; do
|
|
||||||
echo $"Table: $table"
|
|
||||||
iptables -t $table --list
|
|
||||||
done
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
panic)
|
panic)
|
||||||
echo -n $"Changing target policies to DROP: "
|
flush_n_delete
|
||||||
iftable filter -P INPUT DROP && \
|
set_policy DROP
|
||||||
iftable filter -P FORWARD DROP && \
|
|
||||||
iftable filter -P OUTPUT DROP && \
|
|
||||||
iftable nat -P PREROUTING DROP && \
|
|
||||||
iftable nat -P POSTROUTING DROP && \
|
|
||||||
iftable nat -P OUTPUT DROP && \
|
|
||||||
iftable mangle -P PREROUTING DROP && \
|
|
||||||
iftable mangle -P OUTPUT DROP && \
|
|
||||||
iftable mangle -P POSTROUTING DROP && \
|
|
||||||
iftable mangle -P INPUT DROP && \
|
|
||||||
iftable mangle -P FORWARD DROP && \
|
|
||||||
success || failure
|
|
||||||
echo
|
|
||||||
echo -n "Flushing all chains:"
|
|
||||||
iftable filter -F INPUT && \
|
|
||||||
iftable filter -F FORWARD && \
|
|
||||||
iftable filter -F OUTPUT && \
|
|
||||||
iftable nat -F PREROUTING && \
|
|
||||||
iftable nat -F POSTROUTING && \
|
|
||||||
iftable nat -F OUTPUT && \
|
|
||||||
iftable mangle -F PREROUTING && \
|
|
||||||
iftable mangle -F OUTPUT && \
|
|
||||||
success || failure
|
|
||||||
echo
|
|
||||||
echo -n "Removing user defined chains:"
|
|
||||||
iftable iftable filter -X && \
|
|
||||||
iftable nat -X && \
|
|
||||||
iftable mangle -X && \
|
|
||||||
success || failure
|
|
||||||
echo
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
save)
|
save)
|
||||||
echo -n $"Saving current rules to $IPTABLES_CONFIG: "
|
save
|
||||||
touch $IPTABLES_CONFIG
|
|
||||||
chmod 600 $IPTABLES_CONFIG
|
|
||||||
/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \
|
|
||||||
success $"Saving current rules to $IPTABLES_CONFIG" || \
|
|
||||||
failure $"Saving current rules to $IPTABLES_CONFIG"
|
|
||||||
echo
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
*)
|
*)
|
||||||
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
|
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
|
||||||
exit 1
|
exit 1
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
117
iptables.spec
117
iptables.spec
@ -1,22 +1,23 @@
|
|||||||
|
%define build_devel 0
|
||||||
|
%define linux_header 0
|
||||||
|
|
||||||
Name: iptables
|
Name: iptables
|
||||||
Summary: Tools for managing Linux kernel packet filtering capabilities.
|
Summary: Tools for managing Linux kernel packet filtering capabilities.
|
||||||
Version: 1.2.7a
|
Version: 1.2.8
|
||||||
Release: 2
|
Release: 7.90.1
|
||||||
Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
|
Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
|
||||||
Source1: iptables.init
|
Source1: iptables.init
|
||||||
Source2: ip6tables.init
|
Source2: iptables-config
|
||||||
Patch1: iptables-1.2.2-bug50990.patch
|
%if %{linux_header}
|
||||||
Patch2: iptables-1.2.7a-matchmac.patch
|
Source3: netfilter-2.4.20.tar.gz
|
||||||
Patch3: iptables-1.2.7a-tcpmss.patch
|
%endif
|
||||||
Patch4: iptables-1.2.7a-length.patch
|
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: http://www.netfilter.org/
|
URL: http://www.netfilter.org/
|
||||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||||
License: GPL
|
License: GPL
|
||||||
BuildPrereq: /usr/bin/perl
|
BuildPrereq: /usr/bin/perl
|
||||||
Requires: kernel >= 2.4.0
|
Requires: kernel >= 2.4.20
|
||||||
Requires(post,postun): chkconfig
|
Requires(post,postun): chkconfig
|
||||||
# Obsoletes: ipchains
|
|
||||||
Prefix: %{_prefix}
|
Prefix: %{_prefix}
|
||||||
|
|
||||||
%package ipv6
|
%package ipv6
|
||||||
@ -24,6 +25,13 @@ Summary: IPv6 support for iptables.
|
|||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Requires: %{name} = %{version}
|
Requires: %{name} = %{version}
|
||||||
|
|
||||||
|
%if %{build_devel}
|
||||||
|
%package devel
|
||||||
|
Summary: Development package for iptables.
|
||||||
|
Group: System Environment/Base
|
||||||
|
Requires: %{name} = %{version}
|
||||||
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The iptables utility controls the network packet filtering code in the
|
The iptables utility controls the network packet filtering code in the
|
||||||
Linux kernel. If you need to set up firewalls and/or IP masquerading,
|
Linux kernel. If you need to set up firewalls and/or IP masquerading,
|
||||||
@ -38,34 +46,51 @@ masquerading.
|
|||||||
Install iptables-ipv6 if you need to set up firewalling for your
|
Install iptables-ipv6 if you need to set up firewalling for your
|
||||||
network and you are using ipv6.
|
network and you are using ipv6.
|
||||||
|
|
||||||
|
%if %{build_devel}
|
||||||
|
%description devel
|
||||||
|
The iptables utility controls the network packet filtering code in the
|
||||||
|
Linux kernel. If you need to set up firewalls and/or IP masquerading,
|
||||||
|
you should install this package.
|
||||||
|
%endif
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
|
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1 -b .50990
|
%if %{linux_header}
|
||||||
%patch2 -p1 -b .mac
|
cd include
|
||||||
%patch3 -p1 -b .typo
|
tar -zxf %{SOURCE3}
|
||||||
%patch4 -p1 -b .length
|
cd ..
|
||||||
|
%endif
|
||||||
|
|
||||||
# Put it to a reasonable place
|
# Put it to a reasonable place
|
||||||
perl -pi -e "s,/usr/local,%{prefix},g" * */*
|
find . -type f -exec perl -pi -e "s,/usr/local,%{prefix},g" {} \;
|
||||||
|
|
||||||
%build
|
%build
|
||||||
OPT="$RPM_OPT_FLAGS"
|
TOPDIR=`pwd`
|
||||||
|
OPT="$RPM_OPT_FLAGS -I$TOPDIR/include"
|
||||||
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib}
|
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib}
|
||||||
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} iptables-save iptables-restore
|
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} iptables-save iptables-restore
|
||||||
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/{_lib} ip6tables-save ip6tables-restore
|
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
|
make install DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
|
||||||
|
%if %{build_devel}
|
||||||
|
make install-devel DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir}
|
||||||
|
%endif
|
||||||
cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
|
cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
|
||||||
cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
|
cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||||
install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
|
install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
|
||||||
install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
|
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
|
||||||
|
install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
|
||||||
|
install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
|
||||||
|
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
|
||||||
|
install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT $RPM_BUILD_DIR/%{name}-%{version}
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
%post
|
%post
|
||||||
/sbin/chkconfig --add iptables
|
/sbin/chkconfig --add iptables
|
||||||
@ -85,20 +110,68 @@ fi
|
|||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,0755)
|
%defattr(-,root,root,0755)
|
||||||
%config /etc/rc.d/init.d/iptables
|
%doc COPYING KNOWN_BUGS
|
||||||
|
%config %attr(0600,root,root) /etc/rc.d/init.d/iptables
|
||||||
|
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
|
||||||
/sbin/iptables*
|
/sbin/iptables*
|
||||||
%{_mandir}/*/iptables*
|
%{_mandir}/man8/iptables*
|
||||||
%dir /%{_lib}/iptables
|
%dir /%{_lib}/iptables
|
||||||
/%{_lib}/iptables/libipt*
|
/%{_lib}/iptables/libipt*
|
||||||
|
|
||||||
%files ipv6
|
%files ipv6
|
||||||
%defattr(-,root,root,0755)
|
%defattr(-,root,root,0755)
|
||||||
%config /etc/rc.d/init.d/ip6tables
|
%config %attr(0600,root,root) /etc/rc.d/init.d/ip6tables
|
||||||
|
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
|
||||||
/sbin/ip6tables*
|
/sbin/ip6tables*
|
||||||
|
%{_mandir}/man8/ip6tables*
|
||||||
/%{_lib}/iptables/libip6t*
|
/%{_lib}/iptables/libip6t*
|
||||||
%{_mandir}/*/ip6tables*
|
|
||||||
|
%if %{build_devel}
|
||||||
|
%files devel
|
||||||
|
%defattr(-,root,root,0755)
|
||||||
|
%{_includedir}/libipq.h
|
||||||
|
%{_libdir}/libipq.a
|
||||||
|
%{_libdir}/libiptc.a
|
||||||
|
%{_mandir}/man3/*
|
||||||
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7.90.1
|
||||||
|
- fixed save when iptables file is missing and iptables-config permissions
|
||||||
|
|
||||||
|
* Tue Jul 8 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7
|
||||||
|
- fixes for ip6tables: module unloading, setting policy only for existing
|
||||||
|
tables
|
||||||
|
|
||||||
|
* Thu Jul 3 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6
|
||||||
|
- IPTABLES_SAVE_COUNTER defaults to no, now
|
||||||
|
- install config file in /etc/sysconfig
|
||||||
|
- exchange unload of ip_tables and ip_conntrack
|
||||||
|
- fixed start function
|
||||||
|
|
||||||
|
* Wed Jul 2 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5
|
||||||
|
- new config option IPTABLES_SAVE_ON_RESTART
|
||||||
|
- init script: new status, save and restart
|
||||||
|
- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374
|
||||||
|
|
||||||
|
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4
|
||||||
|
- new config option IPTABLES_STATUS_NUMERIC
|
||||||
|
- cleared IPTABLES_MODULES in iptables-config
|
||||||
|
|
||||||
|
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3
|
||||||
|
- new init scripts
|
||||||
|
|
||||||
|
* Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
|
||||||
|
- remove check for very old kernel versions in init scripts
|
||||||
|
- sync up both init scripts and remove some further ugly things
|
||||||
|
- add some docu into rpm
|
||||||
|
|
||||||
|
* Thu Jun 26 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
|
||||||
|
- update to 1.2.8
|
||||||
|
|
||||||
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
||||||
- rebuilt
|
- rebuilt
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user