diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables.init similarity index 88% rename from net-firewall/iptables/files/iptables-1.4.13-r1.init rename to net-firewall/iptables/files/iptables.init index a63d076..f396ea2 100644 --- a/net-firewall/iptables/files/iptables-1.4.13-r1.init +++ b/net-firewall/iptables/files/iptables.init @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13-r1.init,v 1.3 2013/04/27 17:29:09 vapier Exp $ +# $Id$ extra_commands="check save panic" extra_started_commands="reload" @@ -35,7 +35,7 @@ set_table_policy() { esac local chain for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} + ${iptables_bin} -w -t ${table} -P ${chain} ${policy} done } @@ -73,8 +73,8 @@ stop() { for a in $(cat ${iptables_proc}) ; do set_table_policy $a ACCEPT - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a done eend $? } @@ -85,8 +85,8 @@ reload() { ebegin "Flushing firewall" local a for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a done eend $? @@ -121,8 +121,8 @@ panic() { local a ebegin "Dropping all packets" for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a set_table_policy $a DROP done diff --git a/net-firewall/iptables/iptables-9999.ebuild b/net-firewall/iptables/iptables-9999.ebuild index d02af67..cc7b683 100644 --- a/net-firewall/iptables/iptables-9999.ebuild +++ b/net-firewall/iptables/iptables-9999.ebuild @@ -1,31 +1,34 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 +# $Id$ EAPI="5" # Force users doing their own patches to install their own tools AUTOTOOLS_AUTO_DEPEND=no -inherit autotools eutils git-r3 multilib systemd toolchain-funcs +inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic git-r3 -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools, with nftables compatibility" -HOMEPAGE="http://www.netfilter.org/projects/nftables/" +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" EGIT_REPO_URI="git://git.netfilter.org/iptables.git" LICENSE="GPL-2" -SLOT="0" +# Subslot tracks libxtables as that's the one other packages generally link +# against and iptables changes. Will have to revisit if other sonames change. +SLOT="0/10" KEYWORDS="" -IUSE="ipv6 netlink static-libs" +IUSE="conntrack ipv6 netlink pcap static-libs" RDEPEND=" + conntrack? ( net-libs/libnetfilter_conntrack ) netlink? ( net-libs/libnfnetlink ) + pcap? ( net-libs/libpcap ) + net-libs/libnftnl " DEPEND="${RDEPEND} virtual/os-headers virtual/pkgconfig - net-libs/libnetfilter_conntrack - net-libs/libnftnl - net-libs/libpcap " src_prepare() { @@ -39,8 +42,12 @@ src_configure() { # Some libs use $(AR) rather than libtool to build #444282 tc-export AR + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + sed -i \ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ configure || die econf \ @@ -48,9 +55,7 @@ src_configure() { --libexecdir="${EPREFIX}/$(get_libdir)" \ --enable-devel \ --enable-shared \ - --enable-libipq \ - --enable-bpf-compiler \ - --enable-nfsynproxy \ + $(use_enable pcap bpf-compiler) \ $(use_enable static-libs static) \ $(use_enable ipv6) } @@ -76,11 +81,11 @@ src_install() { doins include/iptables/internal.h keepdir /var/lib/iptables - newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newinitd "${FILESDIR}"/${PN}.init iptables newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables if use ipv6 ; then keepdir /var/lib/ip6tables - newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables fi @@ -89,7 +94,7 @@ src_install() { systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service fi - # Move important libs to /lib + # Move important libs to /lib #332175 gen_usr_ldscript -a ip{4,6}tc iptc xtables prune_libtool_files