diff options
| author |   Stuart Shelton <stuart@shelton.me> | 2015-03-10 20:54:54 +0000 |
|---|---|---|
| committer | Stuart Shelton <stuart@shelton.me> | 2015-03-10 20:54:54 +0000 |
| commit | bbe0e33d3ec0e93890cc0c07ea9309c83c96b328 (patch) | |
| tree | 3dc032b5c8c2e5ba6da1f0aa69722cf5f2aa7f8b /net-firewall | |
| parent | Add media-libs/flac-1.3.0, media-libs/flac-1.3.0-r1, media-libs/flac-1.3.1-r1... (diff) | |
| download | srcshelton-bbe0e33d3ec0e93890cc0c07ea9309c83c96b328.tar.gz srcshelton-bbe0e33d3ec0e93890cc0c07ea9309c83c96b328.tar.bz2 srcshelton-bbe0e33d3ec0e93890cc0c07ea9309c83c96b328.zip | |
Add net-firewall/ebtables-9999 for >sys-kernel/linux-headers-3.16, update README.md
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/ebtables/Manifest | 4 | ||||
| -rw-r--r-- | net-firewall/ebtables/ebtables-9999.ebuild | 68 | ||||
| -rw-r--r-- | net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff | 31 | ||||
| -rw-r--r-- | net-firewall/ebtables/files/ebtables.confd-r1 | 18 | ||||
| -rw-r--r-- | net-firewall/ebtables/files/ebtables.initd-r1 | 103 |
5 files changed, 224 insertions, 0 deletions
diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest new file mode 100644 index 00000000..7be34ac4 --- /dev/null +++ b/net-firewall/ebtables/Manifest @@ -0,0 +1,4 @@ +AUX ebtables-2.0.8.1-ebt-save.diff 1089 SHA256 b4d7022a616152ca439d2b09f14fda8a3ef479b823c2da44eb0e9e22b256be90 SHA512 904cb936ca6fc39dc4fa6e287ef70df9e1dacbd9dc464f839f25213f5525d4020f819dd893b784c5f611f1185c05ffbaa49423afcd6db2ef328950408a07e6a7 WHIRLPOOL df0664bc20dcd36bf640c8c88dea1e7d17b55c686403bceb77f5416b95ce0e2fc3292755e5986822b794628fc31aff25f7dab4d70d742fc93e78bac9fcdea4b2 +AUX ebtables.confd-r1 477 SHA256 666ba2b2ed0886a603ad36d0773192887b11b50def2465512ee18204675f42cb SHA512 4e44656d761e70afe1fba103dbfdd428e4bf9b98d17f7982a9a10e443916bdf5c526851f20bafb2450a37b069eee99b4179ed28b5f4c8884a3bab19155dd748d WHIRLPOOL 1f084ccfb6c2d1a817fd8db747cd60426502d9782ad74662b7e9f43cd737d92c8e7814d662b9f2a7b91ccdbd987791b38a61fee20509d9c2f0d693a4169f9247 +AUX ebtables.initd-r1 2119 SHA256 a36c58b9dc8afc62dd67fd69ef924953ac1613e14a1c3bce4fd0e9394a78a227 SHA512 c37d4a03e00f8e2e5e08d1a25ec1035f7a8e0736752733cb8621a98bfc87780445e4694082ccb4ce8760bc51acd7b5a760672376bde13f292062526c8cb3bdbe WHIRLPOOL 2318d01056062cc04760f3c51af3cabd6d33d6f3692adb33fba033f44f5853a8cfed736e2dc77a78619a4af92f5673100cfe90517afc3e7262bb5ad7d2505bff +EBUILD ebtables-9999.ebuild 2121 SHA256 c8d76d71a31e9085b0b680cf3345d22b0cecfd3ec1fac69bda94a915b322af29 SHA512 ee1b2deca666561ef3d6b0dc633e08ae5949be480215ff1019ae3018fabae9a0363683dac6093c8c9d42c709e23b1192cf0018acf62bdadd45c3eef60ccfd9d2 WHIRLPOOL f021616f7e614b06f7a2ebe1915be9dd0bb2d1ffe5a451ff8d50e35506c38b1ef71b0b22ea8049eb71f79b6125919e95c1ed550c6a246f76088f044f5b4a054b diff --git a/net-firewall/ebtables/ebtables-9999.ebuild b/net-firewall/ebtables/ebtables-9999.ebuild new file mode 100644 index 00000000..bb8a6527 --- /dev/null +++ b/net-firewall/ebtables/ebtables-9999.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/ebtables-2.0.10.4.ebuild,v 1.5 2014/08/10 20:55:27 slyfox Exp $ + +EAPI="4" + +inherit git-r3 versionator eutils toolchain-funcs multilib flag-o-matic + +DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting" +HOMEPAGE="http://ebtables.sourceforge.net/" +EGIT_REPO_URI="git://git.netfilter.org/ebtables" +EGIT_COMMIT="f4bdc80ae8c1a79b4ab5dcb8431ad85aea618d66" + +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="static" +LICENSE="GPL-2" +SLOT="0" + +pkg_setup() { + if use static; then + ewarn "You've chosen static build which is useful for embedded devices." + ewarn "It has no init script. Make sure that's really what you want." + fi +} + +src_prepare() { + # Enhance ebtables-save to take table names as parameters bug #189315 + epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff" + + sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \ + -e "s,^BINDIR:=.*,BINDIR:=/sbin," \ + -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \ + -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \ + -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile +} + +src_compile() { + # This package uses _init functions to initialise extensions. With + # --as-needed this will not work. + append-ldflags $(no-as-needed) + # This package correctly aliases pointers, but gcc is unable to know that: + # unsigned char ip[4]; + # if (*((uint32_t*)ip) == 0) { + #append-cflags -Wno-strict-aliasing + emake \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + $(use static && echo static) +} + +src_install() { + if ! use static; then + make DESTDIR="${D}" install + rm \ + "${ED}"/usr/share/doc/"${P}"/ebtables \ + "${ED}"/usr/share/doc/"${P}"/ebtables-config \ + || die "Failed to remove bundled init script and config file" + keepdir /var/lib/ebtables/ + newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables + newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables + else + into / + newsbin static ebtables + insinto /etc + doins ethertypes + fi + dodoc ChangeLog || die +} diff --git a/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff new file mode 100644 index 00000000..cdfd8234 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff @@ -0,0 +1,31 @@ +--- ./ebtables-save.orig 2007-09-28 22:50:35.000000000 +0400 ++++ ./ebtables-save 2007-09-28 22:51:22.000000000 +0400 +@@ -12,6 +12,7 @@ + my $cnt = ""; + my $version = "1.0"; + my $table_name; ++my @table_names; + + # ======================================================== + # Process filter table +@@ -49,12 +50,19 @@ + } + # ======================================================== + ++if ($#ARGV + 1 == 0) { ++ @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`); ++} ++else { ++ @table_names = @ARGV; ++} ++# ======================================================== + unless (-x $ebtables) { exit -1 }; + print "# Generated by ebtables-save v$version on " . `date`; + if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") { + $cnt = "--Lc"; + } +-foreach $table_name (split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`)) { ++foreach $table_name (@table_names) { + $table =`$ebtables -t $table_name -L $cnt`; + unless ($? == 0) { print $table; exit -1 }; + &process_table($table); diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1 new file mode 100644 index 00000000..0c64dcd9 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.confd-r1 @@ -0,0 +1,18 @@ +# /etc/conf.d/ebtables + +# Location in which ebtables initscript will save set rules on +# service shutdown +EBTABLES_SAVE="/var/lib/ebtables/rules-save" + +# Options to pass to ebtables-save and ebtables-restore +# + +# Alow save traffic counters along with rules? +EBTABLES_SAVE_COUNTER="yes" + +# Setting 'noflush' prevents former chain contents from being +# removed prior to rule re-loading +#EBTABLES_RESTORE_OPTIONS="--noflush" + +# Save state on stopping ebtables +SAVE_ON_STOP="yes" diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1 new file mode 100644 index 00000000..06d9e8b9 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.initd-r1 @@ -0,0 +1,103 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd-r1,v 1.2 2012/12/19 16:00:36 qnikst Exp $ + +extra_commands="save panic" +extra_started_commands="reload" + +ebtables_bin="/sbin/ebtables" +ebtables_save=${EBTABLES_SAVE} + +depend() { + before net + use logger +} + +ebtables_tables() { + for table in filter nat broute; do + if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then + echo -n "${table} " + fi + done +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + broute) chains="BROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${ebtables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkconfig() { + if [ ! -f ${ebtables_save} ] ; then + eerror "Not starting ebtables. First create some rules then run:" + eerror "/etc/init.d/ebtables save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ebtables state and starting bridge firewall" + ${ebtables_bin}-restore ${EBTABLES_RESTORE_OPTIONS} < "${ebtables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + ebegin "Stopping bridge firewall" + local a + for a in $(ebtables_tables); do + set_table_policy $a ACCEPT + + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? +} + +reload() { + ebegin "Flushing bridge firewall" + local a + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? + + start +} + +save() { + ebegin "Saving ebtables state" + touch "${ebtables_save}" + chmod 0600 "${ebtables_save}" + export EBTABLES_SAVE_COUNTER + ${ebtables_bin}-save $(ebtables_tables) > "${ebtables_save}" + eend $? +} + +panic() { + service_started ebtables && svc_stop + + local a + ebegin "Dropping all packets forwarded on bridges" + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + + set_table_policy $a DROP + done + eend $? +} |