[net-firewall/iptables] sync with tree
This commit is contained in:
24
net-firewall/iptables/files/iptables-1.8.2-link.patch
Normal file
24
net-firewall/iptables/files/iptables-1.8.2-link.patch
Normal file
@@ -0,0 +1,24 @@
|
||||
From ee4fc7c558d9eb9c37035250046d4eac9af3fa28 Mon Sep 17 00:00:00 2001
|
||||
From: Sebastian Pipping <sebastian@pipping.org>
|
||||
Date: Thu, 27 Dec 2018 23:47:33 +0100
|
||||
Subject: [PATCH] Fix link errors for USE="conntrack static-libs" (bug #586106)
|
||||
|
||||
---
|
||||
iptables/Makefile.am | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/iptables/Makefile.am b/iptables/Makefile.am
|
||||
index 581dc32..2c3db86 100644
|
||||
--- a/iptables/Makefile.am
|
||||
+++ b/iptables/Makefile.am
|
||||
@@ -26,6 +26,7 @@ xtables_legacy_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a
|
||||
endif
|
||||
xtables_legacy_multi_SOURCES += xshared.c
|
||||
xtables_legacy_multi_LDADD += ../libxtables/libxtables.la -lm
|
||||
+xtables_legacy_multi_LDADD += ${libnetfilter_conntrack_LIBS}
|
||||
|
||||
# iptables using nf_tables api
|
||||
if ENABLE_NFTABLES
|
||||
--
|
||||
2.19.1
|
||||
|
||||
19
net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch
Normal file
19
net-firewall/iptables/files/iptables-1.8.4-no-symlinks.patch
Normal file
@@ -0,0 +1,19 @@
|
||||
diff --git a/iptables/Makefile.am b/iptables/Makefile.am
|
||||
index 71b1b1d4..30c77f9a 100644
|
||||
--- a/iptables/Makefile.am
|
||||
+++ b/iptables/Makefile.am
|
||||
@@ -71,12 +71,10 @@ CLEANFILES = iptables.8 xtables-monitor.8 \
|
||||
|
||||
vx_bin_links = iptables-xml
|
||||
if ENABLE_IPV4
|
||||
-v4_sbin_links = iptables-legacy iptables-legacy-restore iptables-legacy-save \
|
||||
- iptables iptables-restore iptables-save
|
||||
+v4_sbin_links = iptables-legacy iptables-legacy-restore iptables-legacy-save
|
||||
endif
|
||||
if ENABLE_IPV6
|
||||
-v6_sbin_links = ip6tables-legacy ip6tables-legacy-restore ip6tables-legacy-save \
|
||||
- ip6tables ip6tables-restore ip6tables-save
|
||||
+v6_sbin_links = ip6tables-legacy ip6tables-legacy-restore ip6tables-legacy-save
|
||||
endif
|
||||
if ENABLE_NFTABLES
|
||||
x_sbin_links = iptables-nft iptables-nft-restore iptables-nft-save \
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2018 Gentoo Authors
|
||||
# Copyright 1999-2022 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
extra_commands="check save panic"
|
||||
@@ -38,7 +38,7 @@ set_table_policy() {
|
||||
|
||||
local chain
|
||||
for chain in ${chains} ; do
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -t ${table} -P ${chain} ${policy}
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -t ${table} -P ${chain} ${policy}
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
done
|
||||
|
||||
@@ -69,7 +69,7 @@ start_pre() {
|
||||
|
||||
start() {
|
||||
ebegin "Loading ${iptables_name} state and starting firewall"
|
||||
${iptables_bin}-restore --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
|
||||
${iptables_bin}-restore --wait ${iptables_lock_wait_time} ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
|
||||
eend $?
|
||||
}
|
||||
|
||||
@@ -88,10 +88,10 @@ stop() {
|
||||
set_table_policy $a ACCEPT
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -F -t $a
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -X -t $a
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
done
|
||||
eend ${has_errors}
|
||||
@@ -103,10 +103,10 @@ reload() {
|
||||
ebegin "Flushing firewall"
|
||||
local has_errors=0 a
|
||||
for a in $(cat ${iptables_proc}) ; do
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -F -t $a
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -X -t $a
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
done
|
||||
eend ${has_errors}
|
||||
@@ -136,7 +136,7 @@ save() {
|
||||
panic() {
|
||||
# use iptables autoload capability to load at least all required
|
||||
# modules and filter table
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -S >/dev/null
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -S >/dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
eerror "${iptables_bin} failed to load"
|
||||
return 1
|
||||
@@ -149,10 +149,10 @@ panic() {
|
||||
local has_errors=0 a
|
||||
ebegin "Dropping all packets"
|
||||
for a in $(cat ${iptables_proc}) ; do
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -F -t $a
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -F -t $a
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} --wait-interval ${iptables_lock_wait_interval} -X -t $a
|
||||
${iptables_bin} --wait ${iptables_lock_wait_time} -X -t $a
|
||||
[ $? -ne 0 ] && has_errors=1
|
||||
|
||||
if [ "${a}" != "nat" ]; then
|
||||
Reference in New Issue
Block a user