From bfa5afa17b1e7873602d94ae3a00d19358b03aae Mon Sep 17 00:00:00 2001
From: cvsdist <cvsdist@fedoraproject.org>
Date: Thu, 9 Sep 2004 06:19:38 +0000
Subject: [PATCH] =?UTF-8?q?auto-import=20changelog=20data=20from=20iptable?=
 =?UTF-8?q?s-1.2.1a-1.src.rpm=20Wed=20Mar=2021=202001=20Bernhard=20Rosenkr?=
 =?UTF-8?q?aenzer=20<bero@redhat.com>=20-=201.2.1a,=20fixes=20#28412,=20#3?=
 =?UTF-8?q?1136,=20#31460,=20#31133=20Thu=20Mar=2001=202001=20Bernhard=20R?=
 =?UTF-8?q?osenkraenzer=20<bero@redhat.com>=20-=20Yet=20another=20initscri?=
 =?UTF-8?q?pt=20fix=20(#30173)=20-=20Fix=20the=20fixes;=20they=20fixed=20s?=
 =?UTF-8?q?ome=20issues=20but=20broke=20more=20important=20stuff=20:/=20?=
 =?UTF-8?q?=20=20=20=20(#30176)=20Tue=20Feb=2027=202001=20Bernhard=20Rosen?=
 =?UTF-8?q?kraenzer=20<bero@redhat.com>=20-=20Fix=20up=20initscript=20(#27?=
 =?UTF-8?q?962)=20-=20Add=20fixes=20from=20CVS=20to=20iptables-{restore,sa?=
 =?UTF-8?q?ve},=20fixing=20#28412=20Fri=20Feb=2009=202001=20Karsten=20Hopp?=
 =?UTF-8?q?=20<karsten@redhat.de>=20-=20create=20/etc/sysconfig/iptables?=
 =?UTF-8?q?=20mode=20600=20(same=20problem=20as=20#24245)=20Mon=20Feb=2005?=
 =?UTF-8?q?=202001=20Karsten=20Hopp=20<karsten@redhat.de>=20-=20fix=20bugz?=
 =?UTF-8?q?illa=20#25986=20(initscript=20not=20marked=20as=20config=20file?=
 =?UTF-8?q?)=20-=20fix=20bugzilla=20#25962=20(iptables-restore)=20-=20mv?=
 =?UTF-8?q?=20chkconfig=20--del=20from=20postun=20to=20preun=20Thu=20Feb?=
 =?UTF-8?q?=2001=202001=20Trond=20Eivind=20Glomsr=F8d=20<teg@redhat.com>?=
 =?UTF-8?q?=20-=20Fix=20check=20for=20ipchains=20Mon=20Jan=2029=202001=20B?=
 =?UTF-8?q?ernhard=20Rosenkraenzer=20<bero@redhat.com>=20-=20Some=20fixes?=
 =?UTF-8?q?=20to=20init=20scripts=20Wed=20Jan=2024=202001=20Bernhard=20Ros?=
 =?UTF-8?q?enkraenzer=20<bero@redhat.com>=20-=20Add=20some=20fixes=20from?=
 =?UTF-8?q?=20CVS,=20fixes=20among=20other=20things=20Bug=20#24732=20Wed?=
 =?UTF-8?q?=20Jan=2017=202001=20Bernhard=20Rosenkraenzer=20<bero@redhat.co?=
 =?UTF-8?q?m>=20-=20Add=20missing=20man=20pages,=20fix=20up=20init=20scrip?=
 =?UTF-8?q?t=20(Bug=20#17676)=20Mon=20Jan=2015=202001=20Bill=20Nottingham?=
 =?UTF-8?q?=20<notting@redhat.com>=20-=20add=20init=20script=20Mon=20Jan?=
 =?UTF-8?q?=2015=202001=20Bernhard=20Rosenkraenzer=20<bero@redhat.com>=20-?=
 =?UTF-8?q?=201.2=20-=20fix=20up=20ipv6=20split=20-=20add=20init=20script?=
 =?UTF-8?q?=20-=20Move=20the=20plugins=20from=20/usr/lib/iptables=20to=20/?=
 =?UTF-8?q?lib/iptables.=20This=20needs=20to=20=20=20=20=20work=20before?=
 =?UTF-8?q?=20/usr=20is=20mounted...=20-=20Use=20-O1=20on=20alpha=20(compi?=
 =?UTF-8?q?ler=20bug)=20Sat=20Jan=2006=202001=20Bernhard=20Rosenkraenzer?=
 =?UTF-8?q?=20<bero@redhat.com>=20-=201.1.2=20-=20Add=20IPv6=20support=20(?=
 =?UTF-8?q?in=20separate=20package)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .cvsignore    |   2 +-
 iptables.init | 172 ++++++++++++++++++++++++++++++++++++++++++++++++++
 iptables.spec | 113 +++++++++++++++++++++++++++++----
 sources       |   2 +-
 4 files changed, 273 insertions(+), 16 deletions(-)
 create mode 100755 iptables.init

diff --git a/.cvsignore b/.cvsignore
index 7efef37..6b6080a 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-iptables-1.1.1.tar.bz2
+iptables-1.2.1a.tar.bz2
diff --git a/iptables.init b/iptables.init
new file mode 100755
index 0000000..e87132b
--- /dev/null
+++ b/iptables.init
@@ -0,0 +1,172 @@
+#!/bin/sh
+#
+# Startup script to implement /etc/sysconfig/iptables pre-defined rules.
+#
+# chkconfig: 2345 08 92
+#
+# description: Automates a packet filtering firewall with iptables.
+#
+# by bero@redhat.com, based on the ipchains script:
+# Script Author:	Joshua Jensen <joshua@redhat.com>
+#   -- hacked up by gafton with help from notting
+# modified by Anton Altaparmakov <aia21@cam.ac.uk>:
+# modified by Nils Philippsen <nils@redhat.de>
+#
+# config: /etc/sysconfig/iptables
+
+# Source 'em up
+. /etc/init.d/functions
+
+IPTABLES_CONFIG=/etc/sysconfig/iptables
+
+if [ ! -x /sbin/iptables ]; then
+	exit 0
+fi
+
+KERNELMAJ=`uname -r | sed                   -e 's,\..*,,'`
+KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
+
+if [ "$KERNELMAJ" -lt 2 ] ; then
+	exit 0
+fi
+if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
+	exit 0
+fi
+
+
+
+if  /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
+	# Don't do both
+	exit 0
+fi
+
+start() {
+	# don't do squat if we don't have the config file
+	if [ -f $IPTABLES_CONFIG ]; then
+	    # If we don't clear these first, we might be adding to
+	    #  pre-existing rules.
+	    action $"Flushing all current rules and user defined chains:" iptables -F
+	    action $"Clearing all current rules and user defined chains:" iptables -X
+	    chains=`cat /proc/net/ip_tables_names 2>/dev/null`
+            for i in $chains; do iptables -t $i -F; done && \
+              success $"Flushing all current rules and user defined chains:" || \
+              failure $"Flushing all current rules and user defined chains:"	    
+            for i in $chains; do iptables -t $i -X; done && \
+              success $"Clearing all current rules and user defined chains:" || \
+              failure $"Clearing all current rules and user defined chains:"
+
+            for i in $chains; do iptables -t $i -Z; done
+
+	    echo $"Applying iptables firewall rules: "
+		grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c && \
+		    success $"Applying iptables firewall rules" || \
+		    failure $"Applying iptables firewall rules"
+	    echo
+	    touch /var/lock/subsys/iptables
+	fi
+}
+
+stop() {
+	chains=`cat /proc/net/ip_tables_names 2>/dev/null`
+        for i in $chains; do iptables -t $i -F; done && \
+                success $"Flushing all chains:" || \
+                failure $"Flushing all chains:"
+        for i in $chains; do iptables -t $i -X; done && \
+                success $"Removing user defined chains:" || \
+                failure $"Removing user defined chains:"
+        echo -n $"Resetting built-in chains to the default ACCEPT policy:"
+	iptables -P INPUT ACCEPT && \
+	   iptables -P OUTPUT ACCEPT && \
+	   iptables -P FORWARD ACCEPT && \
+	   iptables -t nat -P PREROUTING ACCEPT && \
+	   iptables -t nat -P POSTROUTING ACCEPT && \
+	   iptables -t nat -P OUTPUT ACCEPT && \
+           iptables -t mangle -P PREROUTING ACCEPT && \
+           iptables -t mangle -P OUTPUT ACCEPT && \
+	   success $"Resetting built-in chains to the default ACCEPT policy" || \
+	   failure $"Resetting built-in chains to the default ACCEPT policy"
+	echo
+	rm -f /var/lock/subsys/iptables
+}
+
+case "$1" in
+  start)
+	start
+	;;
+
+  stop)
+	stop
+	;;
+
+  restart)
+	# "restart" is really just "start" as this isn't a daemon,
+	#  and "start" clears any pre-defined rules anyway.
+	#  This is really only here to make those who expect it happy
+	start
+	;;
+
+  condrestart)
+	[ -e /var/lock/subsys/iptables ] && start
+	;;
+
+  status)
+	echo $"Table: filter"
+	iptables --list
+	echo $"Table: nat"
+	iptables -t nat --list
+	echo $"Table: mangle"
+	iptables -t mangle --list
+	;;
+
+  panic)
+	echo -n $"Changing target policies to DROP: "	
+	iptables -P INPUT DROP && \
+	    iptables -P FORWARD DROP && \
+	    iptables -P OUTPUT DROP && \
+	    iptables -t nat -P PREROUTING DROP && \
+	    iptables -t nat -P POSTROUTING DROP && \
+	    iptables -t nat -P OUTPUT DROP && \
+	    iptables -t mangle -P PREROUTING DROP && \
+	    iptables -t mangle -P OUTPUT DROP && \
+	    success $"Changing target policies to DROP" || \
+	    failure $"Changing target policies to DROP"
+	echo
+        iptables -F INPUT && \
+                iptables -F FORWARD && \
+                iptables -F OUTPUT && \
+                iptables -t nat -F PREROUTING && \
+                iptables -t nat -F POSTROUTING && \
+                iptables -t nat -F OUTPUT && \
+                iptables -t mangle -F PREROUTING && \
+                iptables -t mangle -F OUTPUT && \
+                success $"Flushing all chains:" || \
+                failure $"Flushing all chains:"
+        iptables -X INPUT && \
+                iptables -X FORWARD && \
+                iptables -X OUTPUT && \
+                iptables -t nat -X PREROUTING && \
+                iptables -t nat -X POSTROUTING && \
+                iptables -t nat -X OUTPUT && \
+                iptables -t mangle -X PREROUTING && \
+                iptables -t mangle -X OUTPUT && \
+                success $"Removing user defined chains:" || \
+                failure $"Removing user defined chains:"
+        ;;
+
+  save)
+	echo -n $"Saving current rules to $IPTABLES_CONFIG: "
+	touch $IPTABLES_CONFIG
+	chmod 600 $IPTABLES_CONFIG
+	/sbin/iptables-save -c > $IPTABLES_CONFIG  2>/dev/null && \
+	  success $"Saving current rules to $IPTABLES_CONFIG" || \
+	  failure $"Saving current rules to $IPTABLES_CONFIG"
+	echo
+	;;
+
+  *)
+	echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
+	exit 1
+esac
+
+exit 0
+
diff --git a/iptables.spec b/iptables.spec
index 30b8369..63032b9 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,19 +1,23 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities.
-Version: 1.1.1
-Release: 2
+Version: 1.2.1a
+Release: 1
 Source: http://netfilter.kernelnotes.org/%{name}-%{version}.tar.bz2
+Source1: iptables.init
 Group: System Environment/Base
 URL: http://netfilter.kernelnotes.org/
 BuildRoot: %{_tmppath}/%{name}-buildroot
 License: GPL
 BuildPrereq: /usr/bin/perl
-#Requires: kernel >= 2.3.99
-#Obsoletes: ipchains
+Requires: kernel >= 2.4.0
+Requires(post,postun): chkconfig
+# Obsoletes: ipchains
 Prefix: %{_prefix}
-Patch: iptables-nopatchcheck.patch
-# ICE
-ExcludeArch: alpha
+
+%package ipv6
+Summary: IPv6 support for iptables
+Group: System Environment/Base
+Requires: %{name} = %{version}
 
 %description
 iptables controls the Linux kernel network packet filtering code.
@@ -22,31 +26,112 @@ It allows you to set up firewalls and IP masquerading, etc.
 Install iptables if you need to set up firewalling for your
 network.
 
+%description ipv6
+IPv6 support for iptables.
+
+iptables controls the Linux kernel network packet filtering code.
+It allows you to set up firewalls and IP masquerading, etc.
+
+IPv6 is the next version of the IP protocol.
+
+Install iptables-ipv6 if you need to set up firewalling for your
+network and you're using ipv6.
+
+
 %prep
 rm -rf %{buildroot}
 
 %setup -q
-%patch -p1
 # Put it to a reasonable place
 perl -pi -e "s,/usr/local,%{prefix},g" * */*
 
 %build
-make COPT_FLAGS="$RPM_OPT_FLAGS"
+%ifarch alpha
+OPT=`echo $RPM_OPT_FLAGS | sed -e "s/-O./-O1/"`
+%else
+OPT="$RPM_OPT_FLAGS"
+%endif
+make COPT_FLAGS="$OPT" LIBDIR=/lib
+make COPT_FLAGS="$OPT" LIBDIR=/lib iptables-save iptables-restore
 
 %install
-make install DESTDIR=%{buildroot} BINDIR=/sbin MANDIR=%{_mandir}
+make install DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=/lib MANDIR=%{_mandir}
+cp iptables-save $RPM_BUILD_ROOT/sbin
+cp iptables-restore $RPM_BUILD_ROOT/sbin
+cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
+mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
 
 %clean
-rm -rf $RPM_BUILD_ROOT $RPM_BUILD_DIR/file.list.%{name}
+rm -rf $RPM_BUILD_ROOT $RPM_BUILD_DIR/%{name}-%{version}
+
+%post
+chkconfig --add iptables
+
+%preun
+chkconfig --del iptables
 
 %files
 %defattr(-,root,root,0755)
-/sbin/iptables
+%config /etc/rc.d/init.d/iptables
+/sbin/iptables*
 %{_mandir}/*/*
-%dir %{prefix}/lib/iptables
-%{prefix}/lib/iptables/*
+%dir /lib/iptables
+/lib/iptables/libipt*
+
+%files ipv6
+%defattr(-,root,root,0755)
+/sbin/ip6tables
+/lib/iptables/libip6t*
 
 %changelog
+* Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- 1.2.1a, fixes #28412, #31136, #31460, #31133
+
+* Thu Mar  1 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Yet another initscript fix (#30173)
+- Fix the fixes; they fixed some issues but broke more important
+  stuff :/ (#30176)
+
+* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Fix up initscript (#27962)
+- Add fixes from CVS to iptables-{restore,save}, fixing #28412
+
+* Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
+- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
+
+* Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
+- fix bugzilla #25986 (initscript not marked as config file)
+- fix bugzilla #25962 (iptables-restore)
+- mv chkconfig --del from postun to preun
+
+* Thu Feb  1 2001 Trond Eivind Glomsrød <teg@redhat.com>
+- Fix check for ipchains
+
+* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Some fixes to init scripts
+
+* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Add some fixes from CVS, fixes among other things Bug #24732
+
+* Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Add missing man pages, fix up init script (Bug #17676)
+
+* Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
+- add init script
+
+* Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- 1.2
+- fix up ipv6 split
+- add init script
+- Move the plugins from /usr/lib/iptables to /lib/iptables.
+  This needs to work before /usr is mounted...
+- Use -O1 on alpha (compiler bug)
+
+* Sat Jan  6 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- 1.1.2
+- Add IPv6 support (in separate package)
+
 * Thu Aug 17 2000 Bill Nottingham <notting@redhat.com>
 - build everywhere
 
diff --git a/sources b/sources
index 00f861a..9281f1c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a7c6adeffb21dfcb2a79b0f5825cf547  iptables-1.1.1.tar.bz2
+a7196af43f81c33467e658365a043037  iptables-1.2.1a.tar.bz2