rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity

auto-import changelog data from iptables-1.2.1a-1.src.rpm

Browse Source 
Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.2.1a, fixes #28412, #31136, #31460, #31133
Thu Mar 01 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Yet another initscript fix (#30173)
- Fix the fixes; they fixed some issues but broke more important stuff :/
    (#30176)
Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Fix up initscript (#27962)
- Add fixes from CVS to iptables-{restore,save}, fixing #28412
Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
- fix bugzilla #25986 (initscript not marked as config file)
- fix bugzilla #25962 (iptables-restore)
- mv chkconfig --del from postun to preun
Thu Feb 01 2001 Trond Eivind Glomsrd <teg@redhat.com>
- Fix check for ipchains
Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Some fixes to init scripts
Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Add some fixes from CVS, fixes among other things Bug #24732
Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Add missing man pages, fix up init script (Bug #17676)
Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
- add init script
Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.2
- fix up ipv6 split
- add init script
- Move the plugins from /usr/lib/iptables to /lib/iptables. This needs to
    work before /usr is mounted...
- Use -O1 on alpha (compiler bug)
Sat Jan 06 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.1.2
- Add IPv6 support (in separate package)
This commit is contained in:
cvsdist 2004-09-09 06:19:38 +00:00
parent 82b9fbf5dd
commit bfa5afa17b
4 changed files with 273 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
iptables-1.1.1.tar.bz2 iptables-1.2.1a.tar.bz2

172
iptables.init Executable file
View File

@ -0,0 +1,172 @@
#!/bin/sh
#
# Startup script to implement /etc/sysconfig/iptables pre-defined rules.
#
# chkconfig: 2345 08 92
#
# description: Automates a packet filtering firewall with iptables.
#
# by bero@redhat.com, based on the ipchains script:
# Script Author: Joshua Jensen <joshua@redhat.com>
# -- hacked up by gafton with help from notting
# modified by Anton Altaparmakov <aia21@cam.ac.uk>:
# modified by Nils Philippsen <nils@redhat.de>
#
# config: /etc/sysconfig/iptables
# Source 'em up
. /etc/init.d/functions
IPTABLES_CONFIG=/etc/sysconfig/iptables
if [ ! -x /sbin/iptables ]; then
exit 0
fi
KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
if [ "$KERNELMAJ" -lt 2 ] ; then
exit 0
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
exit 0
fi
if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
# Don't do both
exit 0
fi
start() {
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
# If we don't clear these first, we might be adding to
# pre-existing rules.
action $"Flushing all current rules and user defined chains:" iptables -F
action $"Clearing all current rules and user defined chains:" iptables -X
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do iptables -t $i -F; done && \
success $"Flushing all current rules and user defined chains:" || \
failure $"Flushing all current rules and user defined chains:"
for i in $chains; do iptables -t $i -X; done && \
success $"Clearing all current rules and user defined chains:" || \
failure $"Clearing all current rules and user defined chains:"
for i in $chains; do iptables -t $i -Z; done
echo $"Applying iptables firewall rules: "
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c && \
success $"Applying iptables firewall rules" || \
failure $"Applying iptables firewall rules"
echo
touch /var/lock/subsys/iptables
fi
}
stop() {
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do iptables -t $i -F; done && \
success $"Flushing all chains:" || \
failure $"Flushing all chains:"
for i in $chains; do iptables -t $i -X; done && \
success $"Removing user defined chains:" || \
failure $"Removing user defined chains:"
echo -n $"Resetting built-in chains to the default ACCEPT policy:"
iptables -P INPUT ACCEPT && \
iptables -P OUTPUT ACCEPT && \
iptables -P FORWARD ACCEPT && \
iptables -t nat -P PREROUTING ACCEPT && \
iptables -t nat -P POSTROUTING ACCEPT && \
iptables -t nat -P OUTPUT ACCEPT && \
iptables -t mangle -P PREROUTING ACCEPT && \
iptables -t mangle -P OUTPUT ACCEPT && \
success $"Resetting built-in chains to the default ACCEPT policy" || \
failure $"Resetting built-in chains to the default ACCEPT policy"
echo
rm -f /var/lock/subsys/iptables
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;
condrestart)
[ -e /var/lock/subsys/iptables ] && start
;;
status)
echo $"Table: filter"
iptables --list
echo $"Table: nat"
iptables -t nat --list
echo $"Table: mangle"
iptables -t mangle --list
;;
panic)
echo -n $"Changing target policies to DROP: "
iptables -P INPUT DROP && \
iptables -P FORWARD DROP && \
iptables -P OUTPUT DROP && \
iptables -t nat -P PREROUTING DROP && \
iptables -t nat -P POSTROUTING DROP && \
iptables -t nat -P OUTPUT DROP && \
iptables -t mangle -P PREROUTING DROP && \
iptables -t mangle -P OUTPUT DROP && \
success $"Changing target policies to DROP" || \
failure $"Changing target policies to DROP"
echo
iptables -F INPUT && \
iptables -F FORWARD && \
iptables -F OUTPUT && \
iptables -t nat -F PREROUTING && \
iptables -t nat -F POSTROUTING && \
iptables -t nat -F OUTPUT && \
iptables -t mangle -F PREROUTING && \
iptables -t mangle -F OUTPUT && \
success $"Flushing all chains:" || \
failure $"Flushing all chains:"
iptables -X INPUT && \
iptables -X FORWARD && \
iptables -X OUTPUT && \
iptables -t nat -X PREROUTING && \
iptables -t nat -X POSTROUTING && \
iptables -t nat -X OUTPUT && \
iptables -t mangle -X PREROUTING && \
iptables -t mangle -X OUTPUT && \
success $"Removing user defined chains:" || \
failure $"Removing user defined chains:"
;;
save)
echo -n $"Saving current rules to $IPTABLES_CONFIG: "
touch $IPTABLES_CONFIG
chmod 600 $IPTABLES_CONFIG
/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \
success $"Saving current rules to $IPTABLES_CONFIG" || \
failure $"Saving current rules to $IPTABLES_CONFIG"
echo
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
exit 1
esac
exit 0

111
iptables.spec
View File

@ -1,19 +1,23 @@
Name: iptables Name: iptables
Summary: Tools for managing Linux kernel packet filtering capabilities. Summary: Tools for managing Linux kernel packet filtering capabilities.
Version: 1.1.1 Version: 1.2.1a
Release: 2 Release: 1
Source: http://netfilter.kernelnotes.org/%{name}-%{version}.tar.bz2 Source: http://netfilter.kernelnotes.org/%{name}-%{version}.tar.bz2
Source1: iptables.init
Group: System Environment/Base Group: System Environment/Base
URL: http://netfilter.kernelnotes.org/ URL: http://netfilter.kernelnotes.org/
BuildRoot: %{_tmppath}/%{name}-buildroot BuildRoot: %{_tmppath}/%{name}-buildroot
License: GPL License: GPL
BuildPrereq: /usr/bin/perl BuildPrereq: /usr/bin/perl
#Requires: kernel >= 2.3.99 Requires: kernel >= 2.4.0
Requires(post,postun): chkconfig
# Obsoletes: ipchains # Obsoletes: ipchains
Prefix: %{_prefix} Prefix: %{_prefix}
Patch: iptables-nopatchcheck.patch
# ICE %package ipv6
ExcludeArch: alpha Summary: IPv6 support for iptables
Group: System Environment/Base
Requires: %{name} = %{version}
%description %description
iptables controls the Linux kernel network packet filtering code. iptables controls the Linux kernel network packet filtering code.
@ -22,31 +26,112 @@ It allows you to set up firewalls and IP masquerading, etc.
Install iptables if you need to set up firewalling for your Install iptables if you need to set up firewalling for your
network. network.
%description ipv6
IPv6 support for iptables.
iptables controls the Linux kernel network packet filtering code.
It allows you to set up firewalls and IP masquerading, etc.
IPv6 is the next version of the IP protocol.
Install iptables-ipv6 if you need to set up firewalling for your
network and you're using ipv6.
%prep %prep
rm -rf %{buildroot} rm -rf %{buildroot}
%setup -q %setup -q
%patch -p1
# Put it to a reasonable place # Put it to a reasonable place
perl -pi -e "s,/usr/local,%{prefix},g" * */* perl -pi -e "s,/usr/local,%{prefix},g" * */*
%build %build
make COPT_FLAGS="$RPM_OPT_FLAGS" %ifarch alpha
OPT=`echo $RPM_OPT_FLAGS | sed -e "s/-O./-O1/"`
%else
OPT="$RPM_OPT_FLAGS"
%endif
make COPT_FLAGS="$OPT" LIBDIR=/lib
make COPT_FLAGS="$OPT" LIBDIR=/lib iptables-save iptables-restore
%install %install
make install DESTDIR=%{buildroot} BINDIR=/sbin MANDIR=%{_mandir} make install DESTDIR=%{buildroot} BINDIR=/sbin LIBDIR=/lib MANDIR=%{_mandir}
cp iptables-save $RPM_BUILD_ROOT/sbin
cp iptables-restore $RPM_BUILD_ROOT/sbin
cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
%clean %clean
rm -rf $RPM_BUILD_ROOT $RPM_BUILD_DIR/file.list.%{name} rm -rf $RPM_BUILD_ROOT $RPM_BUILD_DIR/%{name}-%{version}
%post
chkconfig --add iptables
%preun
chkconfig --del iptables
%files %files
%defattr(-,root,root,0755) %defattr(-,root,root,0755)
/sbin/iptables %config /etc/rc.d/init.d/iptables
/sbin/iptables*
%{_mandir}/*/* %{_mandir}/*/*
%dir %{prefix}/lib/iptables %dir /lib/iptables
%{prefix}/lib/iptables/* /lib/iptables/libipt*
%files ipv6
%defattr(-,root,root,0755)
/sbin/ip6tables
/lib/iptables/libip6t*
%changelog %changelog
* Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.2.1a, fixes #28412, #31136, #31460, #31133
* Thu Mar 1 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Yet another initscript fix (#30173)
- Fix the fixes; they fixed some issues but broke more important
stuff :/ (#30176)
* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Fix up initscript (#27962)
- Add fixes from CVS to iptables-{restore,save}, fixing #28412
* Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
* Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
- fix bugzilla #25986 (initscript not marked as config file)
- fix bugzilla #25962 (iptables-restore)
- mv chkconfig --del from postun to preun
* Thu Feb 1 2001 Trond Eivind Glomsrød <teg@redhat.com>
- Fix check for ipchains
* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Some fixes to init scripts
* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Add some fixes from CVS, fixes among other things Bug #24732
* Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Add missing man pages, fix up init script (Bug #17676)
* Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
- add init script
* Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.2
- fix up ipv6 split
- add init script
- Move the plugins from /usr/lib/iptables to /lib/iptables.
This needs to work before /usr is mounted...
- Use -O1 on alpha (compiler bug)
* Sat Jan 6 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.1.2
- Add IPv6 support (in separate package)
* Thu Aug 17 2000 Bill Nottingham <notting@redhat.com> * Thu Aug 17 2000 Bill Nottingham <notting@redhat.com>
- build everywhere - build everywhere

2
sources
View File

@ -1 +1 @@
a7c6adeffb21dfcb2a79b0f5825cf547 iptables-1.1.1.tar.bz2 a7196af43f81c33467e658365a043037 iptables-1.2.1a.tar.bz2