rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity

add default /etc/sysconfig/ip[6]tables (RHBZ#1034494)

Browse Source
This commit is contained in:
Jiri Popelka 2014-01-10 16:19:56 +01:00
parent 208299e925
commit 840a7d2d37
3 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
iptables.spec
View File

@ -13,6 +13,8 @@ Source1: iptables.init
Source2: iptables-config Source2: iptables-config
Source3: iptables.service Source3: iptables.service
Source4: iptables.save-legacy Source4: iptables.save-legacy
Source5: sysconfig_iptables
Source6: sysconfig_ip6tables
URL: http://www.netfilter.org/ URL: http://www.netfilter.org/
License: GPLv2 License: GPLv2
# libnfnetlink-devel is requires for nfnl_osf # libnfnetlink-devel is requires for nfnl_osf
@ -103,10 +105,12 @@ install -d -m 755 %{buildroot}%{script_path}
install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init
install -d -m 755 %{buildroot}/etc/sysconfig install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config install -c -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config install -c -m 755 ip6tables-config %{buildroot}%{_sysconfdir}/sysconfig/ip6tables-config
install -c -m 755 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/iptables
install -c -m 755 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
# install systemd service files # install systemd service files
install -d -m 755 %{buildroot}/%{_unitdir} install -d -m 755 %{buildroot}/%{_unitdir}
@ -138,8 +142,8 @@ install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/
%files %files
%doc COPYING INCOMPATIBILITIES %doc COPYING INCOMPATIBILITIES
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/iptables-config
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/sysconfig/ip6tables-config
%{_sbindir}/iptables* %{_sbindir}/iptables*
%{_sbindir}/ip6tables* %{_sbindir}/ip6tables*
%{_sbindir}/xtables-multi %{_sbindir}/xtables-multi
@ -172,6 +176,8 @@ install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/
%files services %files services
%attr(0755,root,root) %{script_path}/iptables.init %attr(0755,root,root) %{script_path}/iptables.init
%attr(0755,root,root) %{script_path}/ip6tables.init %attr(0755,root,root) %{script_path}/ip6tables.init
%config(noreplace) %{_sysconfdir}/sysconfig/iptables
%config(noreplace) %{_sysconfdir}/sysconfig/ip6tables
%dir %{script_path} %dir %{script_path}
%{_unitdir}/iptables.service %{_unitdir}/iptables.service
%{_unitdir}/ip6tables.service %{_unitdir}/ip6tables.service
@ -189,6 +195,7 @@ install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/
%changelog %changelog
* Fri Jan 10 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-4 * Fri Jan 10 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-4
- drop virtual provide for xtables.so.9 - drop virtual provide for xtables.so.9
- add default /etc/sysconfig/ip[6]tables (RHBZ#1034494)
* Thu Jan 09 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-3 * Thu Jan 09 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-3
- no need to support the pre-systemd things - no need to support the pre-systemd things

14
sysconfig_ip6tables Normal file
View File

@ -0,0 +1,14 @@
# sample configuration for ip6tables service
# you can edit this manually or use system-config-firewall
# requests to add additional ports/services will most likely be refused
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT

14
sysconfig_iptables Normal file
View File

@ -0,0 +1,14 @@
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# requests to add additional ports/services will most likely be refused
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT