447 lines
15 KiB
RPMSpec
447 lines
15 KiB
RPMSpec
%define build_devel 1
|
||
|
||
Name: iptables
|
||
Summary: Tools for managing Linux kernel packet filtering capabilities.
|
||
Version: 1.3.8
|
||
Release: 1
|
||
Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
|
||
Source1: iptables.init
|
||
Source2: iptables-config
|
||
Group: System Environment/Base
|
||
URL: http://www.netfilter.org/
|
||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||
License: GPL
|
||
BuildRequires: /usr/bin/perl
|
||
BuildRequires: libselinux-devel
|
||
Conflicts: kernel < 2.4.20
|
||
Requires(post,postun): chkconfig
|
||
Prefix: %{_prefix}
|
||
|
||
%package ipv6
|
||
Summary: IPv6 support for iptables.
|
||
Group: System Environment/Base
|
||
Requires: %{name} = %{version}
|
||
|
||
%if %{build_devel}
|
||
%package devel
|
||
Summary: Development package for iptables.
|
||
Group: System Environment/Base
|
||
Requires: %{name} = %{version}
|
||
%endif
|
||
|
||
%description
|
||
The iptables utility controls the network packet filtering code in the
|
||
Linux kernel. If you need to set up firewalls and/or IP masquerading,
|
||
you should install this package.
|
||
|
||
%description ipv6
|
||
The iptables package contains IPv6 (the next version of the IP
|
||
protocol) support for iptables. Iptables controls the Linux kernel
|
||
network packet filtering code, allowing you to set up firewalls and IP
|
||
masquerading.
|
||
|
||
Install iptables-ipv6 if you need to set up firewalling for your
|
||
network and you are using ipv6.
|
||
|
||
%if %{build_devel}
|
||
%description devel
|
||
The iptables utility controls the network packet filtering code in the
|
||
Linux kernel. If you need to set up firewalls and/or IP masquerading,
|
||
you should install this package.
|
||
%endif
|
||
|
||
%prep
|
||
rm -rf %{buildroot}
|
||
|
||
%setup -q
|
||
|
||
# Put it to a reasonable place
|
||
find . -type f -exec perl -pi -e "s,/usr/local,%{prefix},g" {} \;
|
||
|
||
# do not use ld -shared and _init
|
||
perl -pi -e "s/\(LD\) -shared/\(CC\) -shared/g" Rules.make
|
||
perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) my_init\(/g" extensions/*.c
|
||
perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) my_init\(/g" extensions/*.c
|
||
|
||
%build
|
||
TOPDIR=`pwd`
|
||
OPT="$RPM_OPT_FLAGS -I$TOPDIR/include -fPIC"
|
||
export DO_SELINUX=1
|
||
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib}
|
||
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} iptables-save iptables-restore
|
||
make COPT_FLAGS="$OPT" KERNEL_DIR=/usr LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
|
||
|
||
%install
|
||
export DO_SELINUX=1
|
||
make install DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
|
||
%if %{build_devel}
|
||
make install-devel DESTDIR=%{buildroot} KERNEL_DIR=/usr BINDIR=/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir}
|
||
%endif
|
||
cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
|
||
cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
|
||
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||
install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
|
||
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' -e 's;/proc/sys/net/ipv4;/proc/sys/net/ipv6;g' < %{SOURCE1} > ip6tables.init
|
||
install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
|
||
mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
|
||
install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
|
||
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
|
||
install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
|
||
# install devel header files
|
||
mkdir -p $RPM_BUILD_ROOT/usr/include
|
||
install -c include/ip*.h $RPM_BUILD_ROOT/usr/include/
|
||
|
||
|
||
%clean
|
||
rm -rf $RPM_BUILD_ROOT
|
||
|
||
%post
|
||
/sbin/chkconfig --add iptables
|
||
|
||
%preun
|
||
if [ "$1" = 0 ]; then
|
||
/sbin/chkconfig --del iptables
|
||
fi
|
||
|
||
%post ipv6
|
||
/sbin/chkconfig --add ip6tables
|
||
|
||
%preun ipv6
|
||
if [ "$1" = 0 ]; then
|
||
/sbin/chkconfig --del ip6tables
|
||
fi
|
||
|
||
%files
|
||
%defattr(-,root,root,0755)
|
||
%doc COPYING INSTALL INCOMPATIBILITIES
|
||
%config %attr(0755,root,root) /etc/rc.d/init.d/iptables
|
||
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
|
||
/sbin/iptables*
|
||
%{_mandir}/man8/iptables*
|
||
%dir /%{_lib}/iptables
|
||
/%{_lib}/iptables/libipt*
|
||
|
||
%files ipv6
|
||
%defattr(-,root,root,0755)
|
||
%config %attr(0755,root,root) /etc/rc.d/init.d/ip6tables
|
||
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
|
||
/sbin/ip6tables*
|
||
%{_mandir}/man8/ip6tables*
|
||
/%{_lib}/iptables/libip6t*
|
||
|
||
%if %{build_devel}
|
||
%files devel
|
||
%defattr(-,root,root,0755)
|
||
%{_includedir}/ip*.h
|
||
%{_includedir}/libipq.h
|
||
%{_libdir}/libipq.a
|
||
%{_mandir}/man3/*
|
||
%endif
|
||
|
||
%changelog
|
||
* Fri Jul 13 2007 Steve Conklin <sconklin@redhat.com> - 1.3.8-1
|
||
- New version 1.3.8
|
||
|
||
* Mon Apr 23 2007 Jeremy Katz <katzj@redhat.com> - 1.3.7-2
|
||
- fix error when ipv6 support isn't loaded in the kernel (#236888)
|
||
|
||
* Wed Jan 10 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1.1
|
||
- fixed installation of secmark modules
|
||
|
||
* Tue Jan 9 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1
|
||
- new verison 1.3.7
|
||
- iptc is not a public interface and therefore not installed anymore
|
||
- dropped upstream secmark patch
|
||
|
||
* Thu Sep 19 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-2
|
||
- added secmark iptables patches (#201573)
|
||
|
||
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2.1
|
||
- rebuild
|
||
|
||
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2
|
||
- bump again for double-long bug on ppc(64)
|
||
|
||
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.1
|
||
- rebuilt for new gcc4.1 snapshot and glibc changes
|
||
|
||
* Thu Feb 2 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-1
|
||
- new version 1.3.5
|
||
- fixed init script to set policy for raw tables, too (#179094)
|
||
|
||
* Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 1.3.4-3
|
||
- added important iptables header files to devel package
|
||
|
||
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
||
- rebuilt
|
||
|
||
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-2
|
||
- fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and
|
||
replace "_init" with "__attribute((constructor)) my_init"
|
||
|
||
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1.1
|
||
- rebuild due to unresolved symbols in shared libraries
|
||
|
||
* Fri Nov 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1
|
||
- new version 1.3.4
|
||
- dropped free_opts patch (upstream fixed)
|
||
- made libipq PIC (#158623)
|
||
- additional configuration options for iptables startup script (#172929)
|
||
Thanks to Jan Gruenwald for the patch
|
||
- spec file cleanup (dropped linux_header define and usage)
|
||
|
||
* Mon Jul 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.2-1
|
||
- new version 1.3.2 with additional patch for the misplaced free_opts call
|
||
from Marcus Sundberg
|
||
|
||
* Wed May 11 2005 Thomas Woerner <twoerner@redhat.com> 1.3.1-1
|
||
- new version 1.3.1
|
||
|
||
* Fri Mar 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-2
|
||
- Remove unnecessary explicit kernel dep (#146142)
|
||
- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb
|
||
for the patch
|
||
- Adapted iptables-config to reference to modprobe.conf (#150143)
|
||
- Remove misleading message (#140154): Thanks to Ulrich Drepper
|
||
for the patch
|
||
|
||
* Mon Feb 21 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-1
|
||
- new version 1.3.0
|
||
|
||
* Thu Nov 11 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.2
|
||
- fixed autoload problem in iptables and ip6tables (CAN-2004-0986)
|
||
|
||
* Fri Sep 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.1
|
||
- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731)
|
||
- modified config file to match this change and un-commented variables with
|
||
default values
|
||
|
||
* Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3
|
||
- applied second part of cleanup patch from (#131848): thanks to Steve Grubb
|
||
for the patch
|
||
|
||
* Wed Aug 25 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-2
|
||
- fixed free bug in iptables (#128322)
|
||
|
||
* Tue Jun 22 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-1
|
||
- new version 1.2.11
|
||
|
||
* Thu Jun 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.10-1
|
||
- new version 1.2.10
|
||
|
||
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
||
- rebuilt
|
||
|
||
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
|
||
- rebuilt
|
||
|
||
* Thu Feb 26 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-2.3
|
||
- fixed iptables-restore -c fault if there are no counters (#116421)
|
||
|
||
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
||
- rebuilt
|
||
|
||
* Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.9-1.2
|
||
- Close File descriptors to prevent SELinux error message
|
||
|
||
* Wed Jan 7 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.1
|
||
- rebuild
|
||
|
||
* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1
|
||
- vew version 1.2.9
|
||
- new config options in ipXtables-config:
|
||
IPTABLES_MODULES_UNLOAD
|
||
- more documentation in ipXtables-config
|
||
- fix for netlink security issue in libipq (devel package)
|
||
- print fix for libipt_icmp (#109546)
|
||
|
||
* Thu Oct 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-13
|
||
- marked all messages in iptables init script for translation (#107462)
|
||
- enabled devel package (#105884, #106101)
|
||
- bumped build for fedora for libipt_recent.so (#106002)
|
||
|
||
* Tue Sep 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-12.1
|
||
- fixed lost udp port range in ip6tables-save (#104484)
|
||
- fixed non numeric multiport port output in ipXtables-savs
|
||
|
||
* Mon Sep 22 2003 Florian La Roche <Florian.LaRoche@redhat.de> 1.2.8-11
|
||
- do not link against -lnsl
|
||
|
||
* Wed Sep 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-10
|
||
- made variables in rmmod_r local
|
||
|
||
* Tue Jul 22 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-9
|
||
- fixed permission for init script
|
||
|
||
* Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-8
|
||
- fixed save when iptables file is missing and iptables-config permissions
|
||
|
||
* Tue Jul 8 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7
|
||
- fixes for ip6tables: module unloading, setting policy only for existing
|
||
tables
|
||
|
||
* Thu Jul 3 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6
|
||
- IPTABLES_SAVE_COUNTER defaults to no, now
|
||
- install config file in /etc/sysconfig
|
||
- exchange unload of ip_tables and ip_conntrack
|
||
- fixed start function
|
||
|
||
* Wed Jul 2 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5
|
||
- new config option IPTABLES_SAVE_ON_RESTART
|
||
- init script: new status, save and restart
|
||
- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374
|
||
|
||
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4
|
||
- new config option IPTABLES_STATUS_NUMERIC
|
||
- cleared IPTABLES_MODULES in iptables-config
|
||
|
||
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3
|
||
- new init scripts
|
||
|
||
* Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
|
||
- remove check for very old kernel versions in init scripts
|
||
- sync up both init scripts and remove some further ugly things
|
||
- add some docu into rpm
|
||
|
||
* Thu Jun 26 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2
|
||
- rebuild
|
||
|
||
* Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
|
||
- update to 1.2.8
|
||
|
||
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
||
- rebuilt
|
||
|
||
* Mon Jan 13 2003 Bill Nottingham <notting@redhat.com> 1.2.7a-1
|
||
- update to 1.2.7a
|
||
- add a plethora of bugfixes courtesy Michael Schwendt <mschewndt@yahoo.com>
|
||
|
||
* Fri Dec 13 2002 Elliot Lee <sopwith@redhat.com> 1.2.6a-3
|
||
- Fix multilib
|
||
|
||
* Wed Aug 07 2002 Karsten Hopp <karsten@redhat.de>
|
||
- fixed iptables and ip6tables initscript output, based on #70511
|
||
- check return status of all iptables calls, not just the last one
|
||
in a 'for' loop.
|
||
|
||
* Mon Jul 29 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.6a-1
|
||
- 1.2.6a (bugfix release, #69747)
|
||
|
||
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
||
- automated rebuild
|
||
|
||
* Thu May 23 2002 Tim Powers <timp@redhat.com>
|
||
- automated rebuild
|
||
|
||
* Mon Mar 4 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-3
|
||
- Add some fixes from CVS, fixing bug #60465
|
||
|
||
* Tue Feb 12 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-2
|
||
- Merge ip6tables improvements from Ian Prowell <iprowell@prowell.org>
|
||
#59402
|
||
- Update URL (#59354)
|
||
- Use /sbin/chkconfig rather than chkconfig in %postun script
|
||
|
||
* Fri Jan 11 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-1
|
||
- 1.2.5
|
||
|
||
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
|
||
- automated rebuild
|
||
|
||
* Mon Nov 5 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-2
|
||
- Fix %preun script
|
||
|
||
* Tue Oct 30 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-1
|
||
- Update to 1.2.4 (various fixes, including security fixes; among others:
|
||
#42990, #50500, #53325, #54280)
|
||
- Fix init script (#31133)
|
||
|
||
* Mon Sep 3 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.3-1
|
||
- 1.2.3 (5 security fixes, some other fixes)
|
||
- Fix updating (#53032)
|
||
|
||
* Mon Aug 27 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-4
|
||
- Fix #50990
|
||
- Add some fixes from current CVS; should fix #52620
|
||
|
||
* Mon Jul 16 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-3
|
||
- Add some fixes from the current CVS tree; fixes #49154 and some IPv6
|
||
issues
|
||
|
||
* Tue Jun 26 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-2
|
||
- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt
|
||
<mschwendt@yahoo.com>
|
||
|
||
* Tue May 8 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-1
|
||
- 1.2.2
|
||
|
||
* Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- 1.2.1a, fixes #28412, #31136, #31460, #31133
|
||
|
||
* Thu Mar 1 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- Yet another initscript fix (#30173)
|
||
- Fix the fixes; they fixed some issues but broke more important
|
||
stuff :/ (#30176)
|
||
|
||
* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- Fix up initscript (#27962)
|
||
- Add fixes from CVS to iptables-{restore,save}, fixing #28412
|
||
|
||
* Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
|
||
- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
|
||
|
||
* Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
|
||
- fix bugzilla #25986 (initscript not marked as config file)
|
||
- fix bugzilla #25962 (iptables-restore)
|
||
- mv chkconfig --del from postun to preun
|
||
|
||
* Thu Feb 1 2001 Trond Eivind Glomsr<73>d <teg@redhat.com>
|
||
- Fix check for ipchains
|
||
|
||
* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- Some fixes to init scripts
|
||
|
||
* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- Add some fixes from CVS, fixes among other things Bug #24732
|
||
|
||
* Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- Add missing man pages, fix up init script (Bug #17676)
|
||
|
||
* Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
|
||
- add init script
|
||
|
||
* Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- 1.2
|
||
- fix up ipv6 split
|
||
- add init script
|
||
- Move the plugins from /usr/lib/iptables to /lib/iptables.
|
||
This needs to work before /usr is mounted...
|
||
- Use -O1 on alpha (compiler bug)
|
||
|
||
* Sat Jan 6 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- 1.1.2
|
||
- Add IPv6 support (in separate package)
|
||
|
||
* Thu Aug 17 2000 Bill Nottingham <notting@redhat.com>
|
||
- build everywhere
|
||
|
||
* Tue Jul 25 2000 Bernhard Rosenkraenzer <bero@redhat.com>
|
||
- 1.1.1
|
||
|
||
* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
|
||
- automatic rebuild
|
||
|
||
* Tue Jun 27 2000 Preston Brown <pbrown@redhat.com>
|
||
- move iptables to /sbin.
|
||
- excludearch alpha for now, not building there because of compiler bug(?)
|
||
|
||
* Fri Jun 9 2000 Bill Nottingham <notting@redhat.com>
|
||
- don't obsolete ipchains either
|
||
- update to 1.1.0
|
||
|
||
* Mon Jun 4 2000 Bill Nottingham <notting@redhat.com>
|
||
- remove explicit kernel requirement
|
||
|
||
* Tue May 2 2000 Bernhard Rosenkr<6B>nzer <bero@redhat.com>
|
||
- initial package
|