Portage is a package management system used by Gentoo Linux
# ChangeLog for net-firewall/iptables
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.173 2008/07/03 19:13:04 bluebird Exp $
02 Jul 2008; Friedrich Oslage
iptables-1.4.0-r1.ebuild:
Stable on sparc, bug #209222
01 Jul 2008; Jeroen Roovers
Stable for HPPA (bug #209222).
29 Jun 2008; Christian Faulhammer
iptables-1.4.0-r1.ebuild:
stable x86, bug 209222
29 Jun 2008; Markus Rothe
Stable on ppc64; bug #209222
*iptables-1.4.1.1 (28 Jun 2008)
28 Jun 2008; Mike Frysinger
Version bump #229185 by Sergey Dryabzhinsky.
14 Jun 2008; Zac Medico
iptables-1.3.6.ebuild, iptables-1.3.6-r1.ebuild, iptables-1.3.7.ebuild,
iptables-1.3.8.ebuild, iptables-1.3.8-r1.ebuild, iptables-1.3.8-r2.ebuild,
iptables-1.3.8-r3.ebuild, iptables-1.4.0.ebuild:
Bug #226505 - For compatibility with phase execution order in
>=portage-2.1.5, call has_version inside pkg_preinst instead of
pkg_postinst.
09 Jun 2008; Mike Frysinger
+files/iptables-1.4.0-in6-glibc-2.8.patch, iptables-1.4.0-r1.ebuild:
Use the correct API for accessing ip6 structs #225505 by Jose daLuz.
14 Mar 2008; Steve Dibb
amd64 stable, bug 208147
06 Feb 2008; Raúl Porcel
alpha/ia64/sparc stable wrt #208147
01 Feb 2008; Markus Meier
x86 stable, bug #208147
31 Jan 2008; Jeroen Roovers
Stable for HPPA (bug #208147).
31 Jan 2008; nixnut
Stable on ppc wrt bug 208147
30 Jan 2008; Brent Baude
Marking iptables-1.3.8-r3 ppc64 for bug 208147
11 Jan 2008;
l7-filter related code cleaned. Fixed build build problem with monolitic
kernels and any of imq, l7filter or extesion USE flags enabled, bug 205127,
thank Guillaume Castagnino
long time not in the tree hence removed related obsolete ewarn.
10 Jan 2008; nixnut
Stable on ppc wrt bug 201909
08 Jan 2008;
IMQ patches updated for iptables 1.4.x. Added myself into metadata for
l7filter and imq extensions.
*iptables-1.4.0-r1 (30 Dec 2007)
30 Dec 2007; Mike Frysinger
+files/iptables-1.4.0-dev-files.patch, +iptables-1.4.0-r1.ebuild:
Install dev headers/libs again #203744.
27 Dec 2007; Mike Frysinger
Punt USE=imq. Use user-custom patch dir in /etc/.
24 Dec 2007;
Updated l7-filter patches for iptables-1.4.x.
*iptables-1.4.0 (24 Dec 2007)
24 Dec 2007; Mike Frysinger
Version bump #203161 by Nebojsa Trpkovic.
*iptables-1.3.8-r3 (24 Dec 2007)
24 Dec 2007;
Update for l7-filter patch to version 2.17, bug 195671, reported by
17 Dec 2007; Raúl Porcel
alpha/ia64/sparc stable wrt #201909
15 Dec 2007; Samuli Suominen
amd64 stable wrt #201909
14 Dec 2007; Jeroen Roovers
Stable for HPPA (bug #201909).
12 Dec 2007; Markus Rothe
Stable on ppc64; bug #201909
11 Dec 2007; Christian Faulhammer
iptables-1.3.8-r2.ebuild:
stable x86, bug 201909
06 Oct 2007; Tom Gall
stable on ppc64 bug #190198
17 Sep 2007; Chris Gianelloni
iptables-1.3.8-r1.ebuild:
Stable on amd64 wrt bug #190198.
30 Aug 2007; Raúl Porcel
alpha/ia64 stable wrt #190198
30 Aug 2007; Christian Birchinger
iptables-1.3.8-r1.ebuild:
Added sparc stable keyword
30 Aug 2007; Jeroen Roovers
Stable for HPPA (bug #190198).
28 Aug 2007; Jurek Bartuszek
x86 stable (bug #190198)
28 Aug 2007; nixnut
Stable on ppc wrt bug 190198
*iptables-1.3.8-r2 (25 Aug 2007)
25 Aug 2007; Mike Frysinger
Make sure we set KERNEL_DIR to right include path for linux-headers #188873
by Darren Dale and start pushing crappy patchset addons to the user so
maintenance is their problem #155243.
13 Aug 2007; Tobias Scherbaum
iptables-1.3.7.ebuild:
ppc. stable
09 Aug 2007; Daniel Black
iptables-1.3.8-r1.ebuild:
latest l7 version - no patch change appart from naming it correctly
*iptables-1.3.8-r1 (07 Jul 2007)
07 Jul 2007; Daniel Black
+iptables-1.3.8-r1.ebuild:
l7 & imq patch update as per bug ##184164 thanks to cilly
*iptables-1.3.8 (25 Jun 2007)
25 Jun 2007; Mike Frysinger
Version bump #183146 by Blu3.
12 May 2007; Joshua Kinard
Stable on mips.
09 May 2007; Roy Marples
+files/iptables-1.3.7-test-dir.patch, iptables-1.3.7.ebuild:
Fix Makefile for non bash shells.
06 May 2007; Marius Mauch
iptables-1.3.6.ebuild, iptables-1.3.6-r1.ebuild, iptables-1.3.7.ebuild:
Replacing einfo with elog/ewarn
08 Apr 2007; Mike Frysinger
+files/iptables-1.3.7-kernel-dir.patch, iptables-1.3.7.ebuild:
By default, let the toolchain worry about kernel header location #172209 by
Karl Hiramoto.
04 Apr 2007; Gustavo Zacarias
Stable on sparc
10 Mar 2007; Roy Marples
Remove bashisms from init script, #170085 thanks to Natanael Copa.
08 Mar 2007; Gustavo Zacarias
+files/iptables-1.3.7-sparc64.patch, iptables-1.3.7.ebuild:
Fix for #166201
28 Feb 2007; Daniel Black
+files/1.3.5-files/iptables-1.3.5-linux-headers.patch,
iptables-1.3.5-r4.ebuild:
fix USE=extensions problem with linux-headers - bug #156723. Thanks for the
tip Paul Hewlett in bug #165590
06 Feb 2007; Daniel Black
-files/1.2.11-files/iptables-layer7-0.9.0.patch,
-files/1.2.11-files/grsecurity-1.2.8-iptables.patch,
-files/ip6tables-1.2.9-r1.confd, -files/iptables-1.2.9-r1.confd,
-files/1.2.11-files/install_all_dev_files.patch,
-files/ip6tables-1.2.9-r1.init, -files/1.2.11-files/round-robin.patch,
-files/1.2.11-files/iptables-1.2.9-imq1.diff,
-files/iptables-1.2.9-r1.init, -files/1.2.11-files/CAN-2004-0986.patch,
-files/1.2.11-files/install_ipv6_apps.patch, -iptables-1.2.11-r3.ebuild,
-iptables-1.3.5-r1.ebuild, -iptables-1.3.5-r2.ebuild,
-iptables-1.3.5-r3.ebuild:
cleanout
06 Feb 2007; Daniel Black
l7 now at 2.9 - no code change just different tarball. Bumping to avoid
extra downloads or something. Bug #161809 thanks cilly
20 Jan 2007; Alexander H. Færøy
iptables-1.3.5-r4.ebuild:
Stable on MIPS; bug #149643
30 Dec 2006; Mike Frysinger
+files/iptables-1.3.7-more-exact-check-grep.patch, iptables-1.3.7.ebuild:
Dont abort check target when uname contains -g #159162 by Sergey Borodich.
22 Dec 2006; Daniel Black
l7filter - changed to 2.8 patch - exactly the same as 2.6 but this way the
user doesn't need to download both versions of l7-filter to get it working.
*iptables-1.3.7 (14 Dec 2006)
14 Dec 2006; Mike Frysinger
Version bump #157850 by Blu3.
11 Nov 2006; Mike Frysinger
files/ip6tables-1.3.2.confd, files/iptables-1.3.2.confd,
files/iptables-1.3.2.init:
Set policy to ACCEPT before flushing chains in init.d stop() as proposed by
Max Hacking #154269.
21 Oct 2006; Thomas Cort
Stable on alpha wrt Bug #149643.
14 Oct 2006; Aron Griffis
Mark 1.3.5-r4 stable on ia64. #149643
*iptables-1.3.6-r1 (07 Oct 2006)
07 Oct 2006; Mike Frysinger
Update l7-filter support #150124.
03 Oct 2006; Chris Gianelloni
iptables-1.3.5-r4.ebuild:
Stable on x86 wrt bug #141688.
03 Oct 2006; Simon Stelling
stable on amd64
01 Oct 2006; Tobias Scherbaum
iptables-1.3.5-r4.ebuild:
hppa stable, bug #149643
01 Oct 2006; Markus Rothe
Stable on ppc64; bug #149643
30 Sep 2006;
Stable on ppc wrt bug 149643
30 Sep 2006; Jason Wever
Stable on SPARC wrt bug #149643.
*iptables-1.3.6 (30 Sep 2006)
30 Sep 2006; Mike Frysinger
Version bump #149438 by Brett.
23 Sep 2006; Mike Frysinger
+files/1.3.5-files/iptables-1.3.5-log-prefix-no-empty-strings.patch,
iptables-1.3.5-r4.ebuild:
Fix silly segfault when using --log-prefix="" #148169 by tla.
04 Sep 2006; Joshua Kinard
Marked stable on mips.
28 Jul 2006; Martin Schlemmer
iptables-1.3.5-r4.ebuild:
Fix USE=extensions to actually build the extra extensions.
*iptables-1.3.5-r4 (28 Jul 2006)
28 Jul 2006; Martin Schlemmer
+iptables-1.3.5-r4.ebuild:
Add extensions USE flag back for misc patch-o-matic extensions. Bump
l7filter patch to 2.3.
*iptables-1.3.5-r3 (09 Jul 2006)
09 Jul 2006; Daniel Black
+files/1.3.5-files/iptables-1.3.5-errno.patch, +iptables-1.3.5-r3.ebuild:
separated extensions patch as promised to vapier/hansmi/wolf31o2(?). Added
upstream patch for errnum (bug #139726) thanks to Rance Hall and upstream
dev Daniel
12 Jun 2006; Chris Gianelloni
iptables-1.3.5-r1.ebuild:
Stable on x86 wrt bug #135380.
11 Jun 2006; Simon Stelling
stable on amd64
10 Jun 2006;
Stable on ppc; bug #135380
09 Jun 2006; Guy Martin
Stable on hppa.
08 Jun 2006; Jason Wever
Stable on SPARC wrt bug #135380.
08 Jun 2006; Thomas Cort
Stable on alpha wrt Bug #135380.
08 Jun 2006; Markus Rothe
Stable on ppc64; bug #135380
*iptables-1.3.5-r2 (04 Jun 2006)
04 Jun 2006; Daniel Black
update l7-filter patch version
*iptables-1.3.5-r1 (02 May 2006)
02 May 2006; Daniel Black
+iptables-1.3.5-r1.ebuild:
layer7 filtering patch version bump.
*iptables-1.3.5 (04 Feb 2006)
04 Feb 2006; Mike Frysinger
Version bump #121392 by Michail Baikov.
06 Jan 2006; Daniel Black
changing l7 filter from 2.0_beta to 2.0 - only change in the iptables patch
was an error message change
18 Dec 2005; Markus Rothe
Stable on ppc64
09 Dec 2005; Bryan Østergaard
19 Nov 2005; Marcus D. Hanwell
Stable on amd64.
18 Nov 2005; Michael Hanselmann
Stable on hppa, ppc.
14 Nov 2005; Gustavo Zacarias
Stable on sparc
13 Nov 2005; Mark Loeser
Stable on x86; bug #112351
*iptables-1.3.4 (05 Nov 2005)
05 Nov 2005; Mike Frysinger
Version bump to fix #110758 by Brian Kroth.
15 Oct 2005; Daniel Black
-files/1.2.7a-files/01_all_grsecurity.patch.bz2,
-files/1.2.7a-files/02_all_imq.patch.bz2,
-files/1.2.7a-files/03_all_mac_fix.patch.bz2,
-files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2,
-files/1.2.9-files/01_all_grsecurity.patch.bz2,
-files/1.2.9-files/02_all_imq.patch.bz2,
-files/1.2.9-files/03_hppa_gentoo.patch.bz2,
-files/1.2.9-files/04_all_install_ipv6_apps.patch.bz2,
-files/1.2.9-files/05_all_install_all_dev_files.patch.bz2,
-files/1.2.9-files/06_all_l7.patch.bz2,
-files/1.2.9-files/sparc64_limit_fix.patch.bz2, -files/ip6tables.confd,
-files/iptables-1.2.7a-hppa.diff, -files/sparc64_limit_fix.patch.bz2,
-files/ip6tables.init, -files/iptables-1.2.9-hppa.patch.bz2,
-files/iptables.confd, -files/iptables.init, -iptables-1.2.7a-r3.ebuild,
-iptables-1.2.9.ebuild, -iptables-1.2.9-r1.ebuild,
-iptables-1.2.9-r4.ebuild, -iptables-1.3.1-r4.ebuild,
-iptables-1.3.3.ebuild:
cleanout of old version and patches
*iptables-1.3.3-r2 (25 Sep 2005)
25 Sep 2005; Daniel Black
updated to use l7-filter-2.0-beta
*iptables-1.3.3-r1 (17 Sep 2005)
17 Sep 2005; Daniel Black
+iptables-1.3.3-r1.ebuild:
updated to use l7-filter-1.5 - bug #106009
15 Sep 2005; Aron Griffis
Mark 1.3.2 stable on alpha
03 Sep 2005; Markus Rothe
Stable on ppc64
02 Sep 2005; Michael Hanselmann
Stable on ppc.
18 Aug 2005; Gustavo Zacarias
Stable on sparc
*iptables-1.3.3 (16 Aug 2005)
16 Aug 2005; Robin H. Johnson
Bug #102682, version bump.
08 Aug 2005; Aaron Walker
iptables-1.3.2.ebuild:
Re-added ~mips for bug 91285.
*iptables-1.3.2 (12 Jul 2005)
12 Jul 2005; Mike Frysinger
+files/ip6tables-1.3.2.confd, +files/iptables-1.3.2.confd,
+files/iptables-1.3.2.init, +iptables-1.3.2.ebuild:
Version bump #98641 by Lars (Polynomial-C). Unified the iptables/ip6tables
init.d scripts. Added a new 'panic' option to init.d #72033 by Colin
Kingsley. Warn about issues upgrading from 1.2.x to 1.3.x #92535 by Volkov
Peter.
*iptables-1.3.1-r4 (05 May 2005)
05 May 2005; Mike Frysinger
files/iptables-1.2.9-r1.init, files/iptables.init, metadata.xml,
-iptables-1.3.1-r3.ebuild, +iptables-1.3.1-r4.ebuild:
Make sure /var/lib/iptables/rules-saves is only read/writable by root #91468
by eromang.
03 May 2005; Stephanie Lockwood-Childs
iptables-1.3.1-r3.ebuild:
mark ~ppc wrt #91285
03 May 2005; Herbie Hopkins
Multilib fixes.
03 May 2005; Omkhar Arasaratnam
iptables-1.3.1-r3.ebuild:
Keyworded ~ppc64 wrt #91285
03 May 2005; Jan Brinkmann
iptables-1.3.1-r3.ebuild:
(re-)added ~amd64 to KEYWORDS wrt #91285
03 May 2005; Gustavo Zacarias
iptables-1.3.1-r3.ebuild:
Keyworded ~sparc wrt #91285
*iptables-1.3.1-r3 (03 May 2005)
03 May 2005; Robin H. Johnson
iptables-1.3.1-r2.ebuild, +iptables-1.3.1-r3.ebuild
Clean up 1.3.1 ebuilds, and forcable mark as KEYWORDS=~x86 ONLY, as I want
arches to test it first.
*iptables-1.3.1-r2 (21 Apr 2005)
21 Apr 2005; Daniel Black
-iptables-1.3.1-r1.ebuild, +iptables-1.3.1-r2.ebuild:
As per bug #89500 removed old iptables-1.3* due to memory leak in the l7
filter section. Revision bump includes l7 filter 1.2.
28 Mar 2005; Jeremy Huddleston
iptables-1.2.11-r3.ebuild, iptables-1.3.1-r1.ebuild:
Use proper toolchain compiler.
28 Mar 2005; Daniel Black
iptables-1.3.1.ebuild:
added conditional unpack on l7-filter thanks to Marcelo Góes (vanquirius)
*iptables-1.3.1-r1 (23 Mar 2005)
23 Mar 2005; Daniel Black
+iptables-1.3.1-r1.ebuild:
revision bump to support l7-filter-1.1. Doco fixes included
*iptables-1.3.1 (09 Mar 2005)
09 Mar 2005; Robin H. Johnson
+files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1.bz2,
+files/1.3.1-files/install_all_dev_files.patch-1.3.1.bz2,
+files/1.3.1-files/install_ipv6_apps.patch.bz2,
+files/1.3.1-files/iptables-1.3.1-compilefix.patch,
+iptables-1.3.1.ebuild:
Bug #80556, initial work, lots of changes here. This is hardmasked for
testing still. It didn't compile against my mm-sources kernel, but does
compile against a stock kernel.
29 Dec 2004; Ciaran McCreesh
Change encoding to UTF-8 for GLEP 31 compliance
09 Nov 2004; Aron Griffis
stable on ia64
08 Nov 2004; Markus Rothe
Stable on ppc64; bug #70240
08 Nov 2004; Simon Stelling
stable for security reasons (bug #70240)
08 Nov 2004; Bryan Østergaard
iptables-1.2.11-r3.ebuild:
Stable on alpha, bug 70240.
08 Nov 2004;
stable on ppc gsla: 70240
07 Nov 2004; Olivier Crete
Stable on x86 per security bug #70240
07 Nov 2004; Jason Wever
Stable on sparc wrt security bug #70240.
07 Nov 2004; Joshua Kinard
Marked stable on mips.
07 Nov 2004; Joshua Kinard
Marked stable on mips.
*iptables-1.2.11-r3 (06 Nov 2004)
06 Nov 2004;
+iptables-1.2.11-r3.ebuild:
security bump. Exception handling error. bug 70240
10 Sep 2004; Daniel Ahlberg
files/1.2.11-files/round-robin.patch:
Added round-robin patch, closing #60979.
05 Sep 2004; Guy Martin
-files/1.2.11-files/hppa.patch.bz2, iptables-1.2.11-r2.ebuild:
Stable on hppa. Removed no more needed hppa patch.
29 Aug 2004; Tom Gall
stable on ppc64, bug #60780
22 Aug 2004; Seemant Kulleen
iptables-1.2.9-r1.ebuild, iptables-1.2.9-r4.ebuild, iptables-1.2.9.ebuild:
fix spelling error. Thanks to: Kurt McKee
#61325
22 Aug 2004; Bryan Østergaard
Stable on alpha.
20 Aug 2004; Gustavo Zacarias
iptables-1.2.11-r2.ebuild:
Stable on sparc
18 Aug 2004; Daniel Ahlberg
files/ip6tables-1.2.9-r1.confd, files/ip6tables-1.2.9-r1.init,
files/iptables-1.2.9-r1.confd, files/iptables-1.2.9-r1.init:
Enable saving state when stopping service, closing #60680.
Unmasking on x86 and amd64.
10 Jul 2004; Daniel Ahlberg
Fix typo in init file, closing #56537.
05 Jul 2004; Michal Januszewski
iptables-1.2.11-r2.ebuild:
Fixed problems with iptables installing into /usr/local/sbin/.
04 Jul 2004; Daniel Ahlberg
+ Fix installation path, initscript and config script. Closing #55978.
+ Fix dependencies. Closing #55605
04 Jul 2004; Daniel Ahlberg
+ Fix dependencies. Closing #55605
03 Jul 2004; Seemant Kulleen
sed statement fix, thanks to x1bncwn in #gentoo
*iptables-1.2.9-r4 (03 Jul 2004)
*iptables-1.2.11-r2 (03 Jul 2004)
03 Jul 2004; Daniel Ahlberg
iptables-1.2.9-r3.ebuild:
For some reason iptables may decide to compile in the src_install section
too, make sure it compiles against the correct KERNEL_DIR. Closing #55489.
02 Jul 2004; Jeremy Huddleston
iptables-1.2.11-r1.ebuild, iptables-1.2.7a-r3.ebuild,
iptables-1.2.9-r1.ebuild, iptables-1.2.9-r3.ebuild, iptables-1.2.9.ebuild:
|| die's to make install to avoid problems like we see in bug #55489.
02 Jul 2004; Lars Weiler
Stable on ppc as iptables-1.2.7a-r3 does not compile any more.
28 Jun 2004; Daniel Ahlberg
iptables-1.2.9-r3.ebuild:
Revision bump these so they propagate correctly.
*iptables-1.2.11-r1 (28 Jun 2004)
28 Jun 2004; Daniel Ahlberg
Version bump and updated IMQ and l7 patches. Closing #54067 and #55308.
*iptables-1.2.9-r3 (28 Jun 2004)
28 Jun 2004; Daniel Ahlberg
New revision with a new local use flag that toggles the applying of
3rd party patches and building against linux sources. Without the new
use flag no 3rd party extensions patches will be applied and iptables
will be built against linux-headers.
Be aware that iptables doesn't always build against the newest kernels
and manual patching may be required.
Closing #54440
28 Jun 2004; Daniel Ahlberg
iptables-1.2.9-r1.ebuild, iptables-1.2.9.ebuild:
Step back to an earlier date to clean up the mess,
change "Gentoo Technologies Inc" to "Gentoo Foundation".
09 Jun 2004; Aron Griffis
iptables-1.2.9-r1.ebuild, iptables-1.2.9.ebuild:
Fix use invocation and replace unnecessary subshell with if..then..fi
07 Jun 2004; Daniel Ahlberg
+ Only run check_KV if /usr/src/liunx is a symlink or a directory, possible
fix for #46817.
+ Handle extensionpatches that was added for 1.2.9-r1. Closing #51418.
10 May 2004; Daniel Ahlberg
CFLAGS must have -O flag, closing #44204
*iptables-1.2.9-r1 (25 Apr 2004)
25 Apr 2004; Daniel Ahlberg
+ Depend on virtual/linux-sources.
+ Add static build support.
+ Install all headers, patch contributed by Thomas Jacob
+ l7-filter support, closing #39761.
+ Made initscript run before net, closing #27087.
+ Removed ipforwarding from initscripts as it doesn't belong here and added einfo about it.
+ Removed some old ebuilds.
21 Apr 2004; Daniel Ahlberg
iptables-1.2.7a-r4.ebuild, iptables-1.2.8.ebuild:
Added IUSE=
09 Mar 2004;
stable on alpha and ia64
09 Mar 2004; Daniel Ahlberg
+ Added einfo about kernel 2.4.21, closing #25919.
+ Install ip6tables-save and ip6tables-restore, closing #39833.
+ Really enable IPv6, closing #41624.
28 Jan 2004;
stable on hppa and sparc
23 Jan 2004; Daniel Ahlberg
Add reload support to initscript. Closing #21801.
Added note about saving your rules if upgrading. Closing #35135.
Unmasked, closing #34910.
21 Nov 2003; Daniel Ahlberg
Replae -O0 with -O2, same as the the lack of -O flag problem. Closing #33899.
*iptables-1.2.9 (04 Nov 2003)
04 Nov 2003; Daniel Ahlberg
Version bump.
*iptables-1.2.8-r2 (15 Oct 2003)
15 Oct 2003; John Mylchreest
fixes bug #22223
21 Sep 2003; Matthew Rickard
"-fstack-protector" breaks "iptables -p icmp". We will
filter this flag until this is fixed properly.
19 Sep 2003; Daniel Ahlberg
Closing #29087.
06 May 2003; Christian Birchinger
iptables-1.2.8-r1.ebuild:
Added stable sparc keyword
05 May 2003; Daniel Ahlberg
Unmasked on x86.
*iptables-1.2.8-r1 (04 May 2003)
02 Jul 2003; Guy Martin
iptables-1.2.8-r1.ebuild :
Bzipped 03_hppa_gentoo.patch.bz2 which was not. Marked stable for hppa.
04 May 2003; Daniel Ahlberg
files/iptables.confd, files/ip6tables.init
files/ip6tables.confd :
Fixed ipv6 support. Closes #17155.
04 May 2003; Daniel Ahlberg
doh! uncompressed patch.
04 May 2003; Daniel Ahlberg
Removed auto saving of rules when stopping iptables. Closing #15333
and #13673.
02 May 2003; Daniel Ahlberg
Force -O2 if no -O flag is set. Remove 03_all_no_optimize_fix.patch.bz2.
19 Apr 2003; Daniel Ahlberg
Removed 03_all_mac_fix.patch.bz2 becuse it was fixed in 1.2.8.
*iptables-1.2.8 (19 Apr 2003)
19 Apr 2003; Daniel Ahlberg
Version bump.
*iptables-1.2.7a-r4 (10 Apr 2003)
19 apr 2003; Preston A. Elder
Enabled -r4 for x86
10 apr 2003; Preston A. Elder
Added compilation of development tools
*iptables-1.2.7a-r3 (11 Mar 2003)
15 Mar 2003; Jason Wever
files/sparc64_limit_fix.patch.bz2:
Added sparc64_limit_fix.patch.bz2 back into the files directory as it got lost
in the moving of iptables from sys-apps to net-firewall.
15 Mar 2003; Jan Seidel
Added mips to KEYWORDS
11 Mar 2003; Martin Holzer
files/grsecurity-1.2.7a-iptables.patch, files/iptables-1.2.6a-imq.diff-3,
files/iptables-1.2.7a-gentoo.diff, files/iptables-1.2.7a-hppa.diff,
files/iptables-1.2.7a-imq.diff-3, files/iptables.confd, files/iptables.init,
files/1.2.7a-files/01_all_grsecurity.patch.bz2,
files/1.2.7a-files/02_all_imq.patch.bz2,
files/1.2.7a-files/03_all_mac_fix.patch.bz2,
files/1.2.7a-files/04_all_no_optimize_fix.patch.bz2:
moved from sys-apps/iptables to net-firewall/iptables
21 Feb 2003; Zach Welch
Added arm keyword
17 Feb 2003; Guy Martin
Added patch and keyword for hppa.
*iptables-1.2.7a-r3 (09 Jan 2003)
11 Mar 2003; Zach Welch
change sys-kernel/linux-headers to new virtual/os-headers
09 Feb 2003; Seemant Kulleen
iptables-1.2.7a-r3.ebuild :
Sed expression delimiter from / to :, closing bug #15006 by Blu3
06 Feb 2003; Mark Guertin
Added ppc keyword
10 Jan 2003; Joshua Brindle
unmasked for x86, sparc, alpha re: bug #13466
fixed sed string re: bug #13644
09 Jan 2003; Christian Birchinger
Added new revsion with sparc64 limit rule fixes.
09 Jan 2003; Daniel Ahlberg
Readded save() function, closes #7752.
08 Jan 2003; Daniel Ahlberg
Forgot to remove save() function from initscript.
08 Jan 2003; Daniel Ahlberg
Closes #13466.
07 Jan 2003; Daniel Ahlberg
Cleaned out old files.
*iptables-1.2.7a-r2 (07 Jan 2003)
07 Jan 2003; Daniel Ahlberg
files/iptables.confd :
Closes #13366, #13144 and #10424. Added new patching method and made installation prettier.
*iptables-1.2.7a-r1 (10 Dec 2002)
10 Dec 2002; Joshua Beindle
Added grsecurity stealth module patch
06 Dec 2002; Rodney Rees
*iptables-1.2.7a (27 Aug 2002)
20 Nov 2002; Daniel Ahlberg
Added patch for iptables-restore. Contributed by fridtjof@fbunet.de in #10736.
25 Sep 2002; Daniel Ahlberg
Closes #8046.
23 Sep 2002; Jack Morgan
Added sparc/sparc64 keywords
09 Sep 2002; Daniel Ahlberg
Cleaned up configurationfiles and ebuild, added blocke's changes to -r1 into this version.
08 Sep 2002; Bruce A. Locke
Fix #2355. Forwarding is disabled on script stop and only turned on
during script start if conf.d/iptables settings are enabled.
01 Sep 2002; Daniel Ahlberg
Added better handling of stopping iptables as described in #6949.
Suggested and submitted by Frederic Jolliton
30 Aug 2002; Daniel Ahlberg
Added the IMQ patch to 1.2.7a.
27 Aug 2002; Daniel Ahlberg
upstream version to fix the bugs introduced in 1.2.7.
*iptables-1.2.6a-r3
08 Sep 2002; Bruce A. Locke
Fix #2335. Forwarding is disabled on script stop and only turned on
during script start if conf.d/iptables settings are enabled.
*iptables-1.2.6a-r2 (29 Aug 2002)
29 Aug 2002; Daniel Robbins
adding support for IMQ (intermediate queueing device.) See
http://luxik.cdi.cz/~patrick/imq/ for more information.
*iptables-1.2.7.ebuild (17 Aug 2002)
17 Aug 2002; Daniel Ahlberg
bump. Christian Parpart
attention.
*iptables-1.2.6a-r1.ebuild (14 July 2002)
14 Jul 2002; phoen][x
Added KEYWORDS.
14 Jul 2002; phoen][x
Added KEYWORDS.
*iptables-1.2.4-r1.ebuild (14 July 2002)
14 Jul 2002; phoen][x
Added KEYWORDS, SLOT.
*iptables-1.2.6a (13 Apr 2002)
13 Apr 2002; Seemant Kulleen
gaarde@yahoo.com (Paul Belt) in bug #1670 submitted the update.
*iptables-1.2.5-r1 (20 Mar 2002)
14 Jul 2002; phoen][x
Added KEYWORDS, SLOT.
14 Jul 2002; phoen][x
Added KEYWORDS.
20 Mar 2002; Daniel Robbins
kernel sources to compile. Before, we got away without them since we had a
/usr/include/linux/autoconf.h. Now we don't, and this means that we need a
source tree handy. Sad but true, and apparently the right thing to do.
*iptables-1.2.5 (1 Feb 2002)
1 Feb 2002; G.Bevin
Added initial ChangeLog which should be updated whenever the package is
updated in any way. This changelog is targetted to users. This means that the
comments should well explained and written in clean English. The details about
writing correct changelogs are explained in the skel.ChangeLog file which you
can find in the root directory of the portage repository.
AUX 1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 1315 RMD160 3665aaa6788261f16372c1e34810fe99fd60453c SHA1 b3c88dc5ceebc15aca73fcc02afdf8d0fa6a389f SHA256 f86e32f84af0e68b927b712a60e5d02d1bc27972537f476c71a311711fdcfc12
AUX 1.3.1-files/install_all_dev_files.patch-1.3.1 2748 RMD160 9df4ee7b0a26e83b02ef6cbe071d00841d9a070b SHA1 c854c1d520a923d1616ba1d374bfa5729a122767 SHA256 c61769413e3a71e008f927b0639d26db6586f921f371a89b3db0e892d064af28
AUX 1.3.1-files/install_ipv6_apps.patch 826 RMD160 505c5832d20fad96839936da900a12b5f4209045 SHA1 6e5808694e17002f2312ea9a45b46fb577694a83 SHA256 0a7f666962e586b2be8d2d3d2947497b3e3837c78b57056ce065455518c78722
AUX 1.3.1-files/iptables-1.3.1-compilefix.patch 358 RMD160 359adb7cc1876e664a69bba472fa97155df808ab SHA1 977b9685e03b8f4653abcb1f7fab70695d0c5ef5 SHA256 b0e802e86e601f5229a8f1bbbdfbe4c97b13ede4931e5ee2d73f176c7f121e99
AUX 1.3.5-files/iptables-1.3.5-errno.patch 689 RMD160 67ce38c86fbef574e8f7d2f4ebffbecff35bf59f SHA1 7a45e68e5d332529ab5697886417cff59ef53fe1 SHA256 09eff37038db0fd66cb68f5e84dd93c031445f29e3a50afe18d3d389fe5cded1
AUX 1.3.5-files/iptables-1.3.5-linux-headers.patch 326 RMD160 f2b26ab8603ff910bc10a9fe478635ccb2982a0a SHA1 06c78ad9156aa5f0c06c0bb7933eb36258ca4ad3 SHA256 deb8a15c8368fa0d790d684a9dcfb5dc0e7e37b5786f59f66ef0d112c5fd3059
AUX 1.3.5-files/iptables-1.3.5-log-prefix-no-empty-strings.patch 1607 RMD160 9624733334644b55136724a665e15afa7156f86a SHA1 5cc4fd5fabb44fe72c8a3695e0bd63d06b28c1bd SHA256 5c7617471f98413f1af9ab2846336cbcdf8b2449402967a03b460683aa225bec
AUX ip6tables-1.3.2.confd 293 RMD160 2e5399355a930ab3c804c9cc46fe37763555a97e SHA1 0e82dbe8538f9168bb97939a03b73dd291e82760 SHA256 c93827ac2b8fdd83e2c36788053ee7567ceb13b3cbc5fcf40d186500e05c8104
AUX iptables-1.3.2.confd 290 RMD160 cb180068f86a608b16d850635ae909ea7b9cc059 SHA1 cb56dba4799eb3998b28e492c61265574c37d522 SHA256 351e123ba9e0ec7db2bcff42849aa627d29a3b2e77a47b82386f5e3a7e21bd30
AUX iptables-1.3.2.init 2570 RMD160 84d06807fae0455009476cfa63dfcda9fe016dc3 SHA1 da7c4fca4049c4d3f45e32d29403c8bb05047f15 SHA256 1137517483c0d312e3d396d953e9ee197b84f64ed17adfd48f25dbb60e114697
AUX iptables-1.3.7-kernel-dir.patch 552 RMD160 4d4b4444c5eb91b7bd24829b1d564263a540d5ef SHA1 8949bcafbc899878023a68b16452557a49a88f63 SHA256 13e7108c871fc4203abea57f711010a125fd1856c68f94a5dfd40613f8f27d6a
AUX iptables-1.3.7-more-exact-check-grep.patch 602 RMD160 80c80f9d2a2567b164932adc1e9ddb1392b34791 SHA1 5bb693f7ddc641b793334d072b106ab998f4202e SHA256 aa26f352dc2b870363b7de1586105a4bf19eb9a6c6703a23f64ef9656017021d
AUX iptables-1.3.7-sparc64.patch 629 RMD160 15655e9ef5047055f9930de11d313e7e9377f083 SHA1 7ca7c7d54840c94a3bd4054f0e0ef38067937b49 SHA256 cd76d6b43d55f77df0af7ad493df3f6f07756b1e410121a2a6045a97b7ce7647
AUX iptables-1.3.7-test-dir.patch 890 RMD160 9767d237580dfe162f1377dd65bc928b57db8c19 SHA1 4782ddbc85e832b84020adb477224f713aae5784 SHA256 1ad36b68840396e45ca71fe93984caaaac105fddf102fda92fe24067206bccf1
AUX iptables-1.4.0-dev-files.patch 1523 RMD160 ad3dd979f20f87d78bc19f6cf906bc2fc6206389 SHA1 c0f8e615c65dd43e9b25bcf3c7f44e9f32b7b6fd SHA256 bce920b13a4b94411f23177fb03ca19084508c6121de634d7de1df19bb468afa
AUX iptables-1.4.0-in6-glibc-2.8.patch 707 RMD160 fe02ae798356522734237fee1bd4b6c9efa47437 SHA1 5c929e66e1176dd3aba6bb4bae8964d2c0bc9891 SHA256 d6bd6fb4fc9002a9aad2bd41830d50610486c200ea5ff104bb691f5da8ff62a8
DIST iptables-1.3.0-imq1.diff 5369 RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 SHA1 bdf665cacc985fceaadf119ae7a756caca1589ad SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b
DIST iptables-1.3.5.tar.bz2 191820 RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 SHA1 6dbeeee13517fa02852960b6f6e51115c7548a09 SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c
DIST iptables-1.3.6-imq.diff 5723 RMD160 7158923558f9ad82973cda9dbec2c10b86e13e9c SHA1 1a2d7d9bcb10e7d4e69f445d4882ab598b57855e SHA256 f507319d01dd1810b497e0700a67d8f9668dd1363b1f8e1b09097cf2bbc26ab7
DIST iptables-1.3.6.tar.bz2 185438 RMD160 54d9777f2116ad57253446c42619c726f68ae8f0 SHA1 d0c873b4ce1a928424f38fa8419c96be22fef5d0 SHA256 4394c3de8c55776e54a36a6fcd4f9eeed381f451883049f8268c34c3482f5f1b
DIST iptables-1.3.7.tar.bz2 196205 RMD160 8109f2d58eb33905bbbbc0cf871abc8172e7ddc0 SHA1 2f25e7a81fb3e81f92b0121d9dcd5a536854dc60 SHA256 0e00cea0029eaf7923a4a901265d5aa8159804b520fda9c12df54d350073ce02
DIST iptables-1.3.8.tar.bz2 172584 RMD160 851b223eef0ca008ad1f375aa0ebdab46ff6f886 SHA1 948f361b194e989b39de4cfa3e95dbe634269ed0 SHA256 c5c8a091ed9a1fa2dab86b4d87719064b50c202e8503046f50f299a361e6211c
DIST iptables-1.4.0-imq.diff 5345 RMD160 71e012358cb0ed274feb46f862d300cf0d877818 SHA1 8e243b15c20400402d60f627a40b08957ac96c10 SHA256 e23d5bce7845cbe6fecf9e93e4e8e329948adb8282efec932d629b3bb4cb9c82
DIST iptables-1.4.0.tar.bz2 181610 RMD160 6f6a29cbe0e55261607acc1183e04482c444286e SHA1 b61064885ab20b62d6ac2a590ea429117248d9d7 SHA256 fd9a978035e6a8f73344f986c84a222dc4ac3706b901e0c1ecae9647db5e5d52
DIST iptables-1.4.1.1.tar.bz2 436366 RMD160 3986c7023b82037acb931c06e792f019b927fbd3 SHA1 61a8680b2aa578d1ff8d242b9ddf6b682c60eba7 SHA256 f9e11ccdf60a9f118bbee8d80dc76cf7c0c649f0e18fa34a8450df271a70b582
DIST netfilter-layer7-v2.13.tar.gz 159622 RMD160 fbb27da483636729ca0cbf04d88f8b5bcfe95bce SHA1 30d6a046d11b3256192d96c45d88c41953642c86 SHA256 41ca603d745018e0d60e90ab042e8d23abbe7db428c06800b9f15e0d727493a6
DIST netfilter-layer7-v2.17.tar.gz 160408 RMD160 9823d7b411e18160dc8501a6a5d2129f75e727e1 SHA1 fd05e5b5027ec5c143f2f63f5e48c05ffea8d50f SHA256 2e2893757a3b22f2786ead2045efae1d6a52942a89d0159c39ba907531b60c01
DIST netfilter-layer7-v2.3.tar.gz 105587 RMD160 4c5c5315cf1f193c9ceb605d8d9d9328b515c64d SHA1 cfbe80a6c5725732e4935692e4b0cf5b42abd4f0 SHA256 4a5e4475d05c8d0998e56d12e8e27eb9acf23ce80a53000783b2f609a6bb33aa
DIST netfilter-layer7-v2.6.tar.gz 122514 RMD160 31b68ae3baa0a340f2e4a555fd5124c3b977629d SHA1 6120eae8bd405d35d079774d191830d137643147 SHA256 c5a842c037e915eb72576e5861f0b048837719f1edf448775d9218b42c48e0aa
DIST netfilter-layer7-v2.9.tar.gz 122497 RMD160 0398b8b61b24eb5d28309a53af0279e9f201318d SHA1 c4a1d92855ad51413fbd7229fe9decfe45aac084 SHA256 7db0e22297f7ecec41bb973733d6970bab922b4c54f779239616fa26a2315969
EBUILD iptables-1.3.5-r4.ebuild 5914 RMD160 52cbd6a104a6112c7a51334f383548c7a180b99c SHA1 6ce861bbc3a1b7ced8618fd60be4c59238537e55 SHA256 fb6457335c56d2be78ac1bdf1c799bbe6fe1b4f470670c5453e3bcc5b087ea06
EBUILD iptables-1.3.6-r1.ebuild 5789 RMD160 f29ea64894fdea9d558fe780109a5bb89b26ed6a SHA1 4e6b5df961575561260b74b6e87ed2e79d189085 SHA256 46e64a82f6a1d41baf86571134be3b8f01c77cafd52fa1c97d830117e7a62e28
EBUILD iptables-1.3.6.ebuild 5787 RMD160 1c64853e182b8ce800126d23c0cfad85f2688715 SHA1 212dd0a2c39d3d7c2dc1e8e156e1df95164db121 SHA256 175b04e547e2abc407d78827e66c874225b90d2c49d37fb43cf9433e5f682f1b
EBUILD iptables-1.3.7.ebuild 5931 RMD160 8e8a4810edb09c47836473b2b60cf6a01deba92b SHA1 455adacfac9e03f16125ba7bfced0faa74e39069 SHA256 f062c011807873a1a7bee175b30e605125a741d3c7c093e75ffb2369815acb1a
EBUILD iptables-1.3.8-r1.ebuild 6289 RMD160 92795ad9ef062ccae3e5ceb07785fc9ca3cd9ba4 SHA1 35540ddbdf14c5538e737424d1f1c36110bdbdc6 SHA256 a68e23811f563dd336ad6cf7700a6a63509b7dff61bd94580bef56459958cea1
EBUILD iptables-1.3.8-r2.ebuild 7120 RMD160 dfa304a41ce108a880d112644ac1f7e8fe22e186 SHA1 f2602e509f3eeff29d53a11ca4538eac2d20eea0 SHA256 2e608672368b336c0f75bdf477d4d20cf5cd6338f4326f5c3a55054fd0d1da02
EBUILD iptables-1.3.8-r3.ebuild 7128 RMD160 64d5bb2f5e8eb5421c930b6d8df0e19dfb83a67a SHA1 c1166af8498cba39492296559245a7bf57bc80d3 SHA256 8085bd074ab9b190e0274d73df311335300644b6a731718667efdba0454a66bc
EBUILD iptables-1.3.8.ebuild 5725 RMD160 4584b79966009a9ddf034a5b3f0dbeff90586091 SHA1 86713d6b1b1bf9cf4af5df87b1ca404eef6f46ea SHA256 7bcd00072be49f1c6f34d4ec80564f1f7357ab1eb7e1725d3833a109aa6a3343
EBUILD iptables-1.4.0-r1.ebuild 6244 RMD160 2268fee8da462fdf96dec9f5007230a4cd493942 SHA1 212469e1b679acc6817171527e53b57c250b96fd SHA256 25422aa6d63071cf5ba83214b2859db6737333b1a3c3a4b2be28a51d0fbe9c15
EBUILD iptables-1.4.0.ebuild 6045 RMD160 db798d096d84c86c29e8bf5324a5a3eafffaf66a SHA1 29c876d6721ac91853b1086934c7699a9b5a4e3d SHA256 7c1b1aee43540940ee8499b5f6ffae79eeb6704fe6d6aaac40a5d7439e73477d
EBUILD iptables-1.4.1.1.ebuild 1646 RMD160 3e0c302b1e766445b91c8bf9798089e4efa91381 SHA1 a0d2be782633920f1816a96685e43f13863ae03c SHA256 044362f3b320f1bcea7bc0ed2932bef9b47a294eb784c3f21852b895a9c57614
MISC ChangeLog 33017 RMD160 d9c7751ef15863dc544377b66f46ff13dce1b3a6 SHA1 b5816fe05d7ae0533f69af1d8fc98d4de5e0e1b2 SHA256 8bb8c46ca1408e87d6159ad8048e63ac7d1ce8bebde819438d9c68e0f5f7e1c5
MISC metadata.xml 1015 RMD160 0bb4f52ba327423420cdcc23db5cee7063c44d57 SHA1 5b4bae641caf5a6e8b55e1f152097b439ec64fed SHA256 5f5208578deb289580374039a678ee613fe0ed13fe131e24b82a4c5b3ee72a9c
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.5-r4.ebuild,v 1.17 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV="2.3"
L7_P="netfilter-layer7-v${L7_PV}"
L7_PATCH="iptables-layer7-${L7_PV}.patch"
IMQ_PATCH="iptables-1.3.0-imq1.diff"
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if use l7filter && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
use l7filter && unpack ${L7_P}.tar.gz
cd "${S}"
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch
epatch "${FILESDIR}"/1.3.5-files/${P}-errno.patch #139726
epatch "${FILESDIR}"/1.3.5-files/${P}-log-prefix-no-empty-strings.patch #148169
use extensions && epatch "${FILESDIR}"/1.3.5-files/${P}-linux-headers.patch #165590
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
chmod +x extensions/{.IMQ-test*,.childlevel-test*}
fi
if use l7filter ; then
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR="/usr"
diemsg="failure"
else
diemsg="failure - with l7filter or imq patch added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
elog "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.6-r1.ebuild,v 1.3 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV="2.6"
L7_P="netfilter-layer7-v${L7_PV}"
L7_PATCH="iptables-layer7-${L7_PV}.patch"
IMQ_PATCH="iptables-1.3.0-imq1.diff"
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if use l7filter && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
use l7filter && unpack ${L7_P}.tar.gz
cd "${S}"
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch
epatch "${FILESDIR}"/1.3.5-files/${PN}-1.3.5-log-prefix-no-empty-strings.patch #148169
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
chmod +x extensions/{.IMQ-test*,.childlevel-test*}
fi
if use l7filter ; then
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR="/usr"
diemsg="failure"
else
diemsg="failure - with l7filter or imq patch added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
echo
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.6.ebuild,v 1.3 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV="2.3"
L7_P="netfilter-layer7-v${L7_PV}"
L7_PATCH="iptables-layer7-${L7_PV}.patch"
IMQ_PATCH="iptables-1.3.0-imq1.diff"
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if use l7filter && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
use l7filter && unpack ${L7_P}.tar.gz
cd "${S}"
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch
epatch "${FILESDIR}"/1.3.5-files/${PN}-1.3.5-log-prefix-no-empty-strings.patch #148169
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
chmod +x extensions/{.IMQ-test*,.childlevel-test*}
fi
if use l7filter ; then
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR="/usr"
diemsg="failure"
else
diemsg="failure - with l7filter or imq patch added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.7.ebuild,v 1.12 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV="2.9"
L7_P="netfilter-layer7-v${L7_PV}"
L7_PATCH="iptables-layer7-${L7_PV}.patch"
IMQ_PATCH="iptables-1.3.0-imq1.diff"
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k mips ppc ~ppc64 ~s390 ~sh sparc ~x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if use l7filter && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
use l7filter && unpack ${L7_P}.tar.gz
cd "${S}"
epatch "${FILESDIR}"/${P}-more-exact-check-grep.patch #159162
epatch "${FILESDIR}"/${P}-sparc64.patch #166201
epatch "${FILESDIR}"/${P}-kernel-dir.patch #172209
epatch "${FILESDIR}"/${P}-test-dir.patch # Find include/asm without bash
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
chmod +x extensions/{.IMQ-test*,.childlevel-test*}
fi
if use l7filter ; then
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR=""
diemsg="failure"
else
diemsg="failure - with l7filter or imq patch added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r1.ebuild,v 1.11 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV=2.13
L7_P=netfilter-layer7-v${L7_PV}
IMQ_PATCH=iptables-1.3.6-imq.diff
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if kernel_is ge 2 6 20
then
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c
else
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c
fi
if use l7filter && \
[ ! -f "${L7FILE}" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
if use l7filter
then
unpack ${L7_P}.tar.gz
fi
cd "${S}"
epatch "${FILESDIR}"/${PN}-1.3.7-sparc64.patch #166201
epatch "${FILESDIR}"/${PN}-1.3.7-kernel-dir.patch #172209
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do
mv ${OA} ${OA}.orig
tr '\015' '\012' < ${OA}.orig > ${OA}
rm ${OA}.orig
done
chmod +x extensions/.IMQ-test*
fi
if use l7filter ; then
#yes choosing 2.6.20 was deliberate - upstream mistake possibly
if kernel_is ge 2 6 20
then
L7_PATCH=iptables-for-kernel-2.6.20forward-layer7-${L7_PV}.patch
else
L7_PATCH=iptables-for-kernel-pre2.6.20-layer7-${L7_PV}.patch
fi
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR=""
diemsg="failure"
else
diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
# cannot work with the following according to Makefile near check:
# -g -pg -DIPTC_DEBUG
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r2.ebuild,v 1.12 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV=2.13
L7_P=netfilter-layer7-v${L7_PV}
IMQ_PATCH=iptables-1.3.6-imq.diff
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if kernel_is ge 2 6 20
then
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c
else
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c
fi
if use l7filter && \
[ ! -f "${L7FILE}" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
if use l7filter
then
unpack ${L7_P}.tar.gz
fi
cd "${S}"
epatch "${FILESDIR}"/${PN}-1.3.7-sparc64.patch #166201
epatch "${FILESDIR}"/${PN}-1.3.7-kernel-dir.patch #172209
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do
EPATCH_SOURCE=${base}/${CTARGET}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check}
if [[ -d ${EPATCH_SOURCE} ]] ; then
EPATCH_SUFFIX="patch"
EPATCH_FORCE="yes" \
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \
epatch
break
fi
done
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do
mv ${OA} ${OA}.orig
tr '\015' '\012' < ${OA}.orig > ${OA}
rm ${OA}.orig
done
chmod +x extensions/.IMQ-test*
fi
if use l7filter ; then
#yes choosing 2.6.20 was deliberate - upstream mistake possibly
if kernel_is ge 2 6 20
then
L7_PATCH=iptables-for-kernel-2.6.20forward-layer7-${L7_PV}.patch
else
L7_PATCH=iptables-for-kernel-pre2.6.20-layer7-${L7_PV}.patch
fi
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR=$(
# ugh -- iptables has scripts which check for the existence of
# files so we need to give it the right path to our toolchains
# include dir where the linux headers are.
# FYI IPTABLES: YOU FAIL
echo '#include
)
diemsg="failure"
else
diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
# cannot work with the following according to Makefile near check:
# -g -pg -DIPTC_DEBUG
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.8-r3.ebuild,v 1.10 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV=2.17
L7_P=netfilter-layer7-v${L7_PV}
IMQ_PATCH=iptables-1.3.6-imq.diff
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if kernel_is ge 2 6 20
then
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c
else
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c
fi
if use l7filter && \
[ ! -f "${L7FILE}" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
if use l7filter
then
unpack ${L7_P}.tar.gz
fi
cd "${S}"
epatch "${FILESDIR}"/${PN}-1.3.7-sparc64.patch #166201
epatch "${FILESDIR}"/${PN}-1.3.7-kernel-dir.patch #172209
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do
EPATCH_SOURCE=${base}/${CTARGET}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check}
if [[ -d ${EPATCH_SOURCE} ]] ; then
EPATCH_SUFFIX="patch"
EPATCH_FORCE="yes" \
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \
epatch
break
fi
done
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
for OA in extensions/.IMQ-test extensions/.IMQ-test6 ; do
mv ${OA} ${OA}.orig
tr '\015' '\012' < ${OA}.orig > ${OA}
rm ${OA}.orig
done
chmod +x extensions/.IMQ-test*
fi
if use l7filter ; then
#yes choosing 2.6.20 was deliberate - upstream mistake possibly
if kernel_is ge 2 6 20
then
L7_PATCH=iptables-1.3-for-kernel-2.6.20forward-layer7-${L7_PV}.patch
else
L7_PATCH=iptables-1.3-for-kernel-pre2.6.20-layer7-${L7_PV}.patch
fi
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR=$(
# ugh -- iptables has scripts which check for the existence of
# files so we need to give it the right path to our toolchains
# include dir where the linux headers are.
# FYI IPTABLES: YOU FAIL
echo '#include
)
diemsg="failure"
else
diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
# cannot work with the following according to Makefile near check:
# -g -pg -DIPTC_DEBUG
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.8.ebuild,v 1.3 2008/06/14 14:04:51 zmedico Exp $
inherit eutils flag-o-matic toolchain-funcs linux-info
L7_PV="2.9"
L7_P="netfilter-layer7-v${L7_PV}"
L7_PATCH="iptables-layer7-${L7_PV}.patch"
IMQ_PATCH="iptables-1.3.0-imq1.diff"
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if use l7filter && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
use l7filter && unpack ${L7_P}.tar.gz
cd "${S}"
epatch "${FILESDIR}"/${PN}-1.3.7-sparc64.patch #166201
epatch "${FILESDIR}"/${PN}-1.3.7-kernel-dir.patch #172209
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
EPATCH_OPTS="-p1" \
epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
chmod +x extensions/{.IMQ-test*,.childlevel-test*}
fi
if use l7filter ; then
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
# the net directory is moving around so account for new/old locations
cd "${S}"/extensions
local x
for x in .*-test* ; do
sed -e 's:net/ipv[46]/netfilter:net/netfilter:g' ${x} > .new-${x}
if cmp ${x} .new-${x} > /dev/null ; then
rm -f .new-${x}
else
chmod a+rx .new-${x}
fi
done
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR=""
diemsg="failure"
else
diemsg="failure - with l7filter or imq patch added"
fi
export diemsg
}
src_compile() {
src_defs
# iptables will NOT work correctly unless -O[123] are present!
replace-flags -O0 -O2
get-flag -O || append-flags -O2
emake -j1 \
COPT_FLAGS="${CFLAGS}" ${myconf} \
KERNEL_DIR="${KERNEL_DIR}" \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
make ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.0-r1.ebuild,v 1.8 2008/07/03 19:13:04 bluebird Exp $
inherit eutils toolchain-funcs linux-info
L7_PV=2.17
L7_P=netfilter-layer7-v${L7_PV}
IMQ_PATCH=iptables-1.4.0-imq.diff
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
imq? ( http://www.actusa.net/~linuximq/${IMQ_PATCH} )
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc x86"
IUSE="extensions imq ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )
imq? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use imq || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if use l7filter ; then
if kernel_is lt 2 6 20 ; then
eerror "Currently there is no l7-filter patch available for iptables-1.4.x"
eerror "and kernel version before 2.6.20."
eerror "If you need to compile iptables 1.4.x against Linux 2.6.19.x"
eerror "or earlier, with l7-filter patch, please, report upstream."
die "No patch available."
fi
[ ! -f "${KERNEL_DIR}/include/linux/netfilter/xt_layer7.h" ] && \
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this."
fi
if use imq && \
[ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
eerror "For IMQ support add a patch from http://www.actusa.net/~linuximq/ or from"
eerror "http://www.linuximq.net/patches.html (for older kernels) to your kernel."
die "Please, patch your kernel to support IMQ."
fi
}
src_unpack() {
unpack ${P}.tar.bz2
if use l7filter ; then
unpack ${L7_P}.tar.gz
fi
cd "${S}"
epatch "${FILESDIR}"/${P}-dev-files.patch
epatch "${FILESDIR}"/${P}-in6-glibc-2.8.patch #225505
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do
EPATCH_SOURCE=${base}/${CTARGET}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check}
if [[ -d ${EPATCH_SOURCE} ]] ; then
EPATCH_SUFFIX="patch"
EPATCH_FORCE="yes" \
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \
epatch
break
fi
done
if use imq ; then
EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
chmod +x extensions/.IMQ-test*
fi
if use l7filter ; then
EPATCH_OPTS="-p1" epatch \
"${WORKDIR}"/${L7_P}/iptables-1.4-for-kernel-2.6.20forward-layer7-${L7_PV}.patch
chmod +x extensions/.layer7-test
fi
if ! use extensions ; then
cat <<-EOF > "${S}"/include/linux/compiler.h
#define __user
EOF
fi
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use imq && ! use extensions ; then
export KERNEL_DIR=$(
# ugh -- iptables has scripts which check for the existence of
# files so we need to give it the right path to our toolchains
# include dir where the linux headers are.
# FYI IPTABLES: YOU FAIL
echo '#include
)
export KBUILD_OUTPUT=${KERNEL_DIR}
diemsg="failure"
else
export KERNEL_DIR
diemsg="failure - with l7filter and/or imq patch and/or other miscellanious patches added"
fi
export diemsg
}
src_compile() {
src_defs
emake \
COPT_FLAGS="${CFLAGS}" ${myconf} \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
emake ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.0.ebuild,v 1.5 2008/06/14 14:04:51 zmedico Exp $
inherit eutils toolchain-funcs linux-info
L7_PV=2.17
L7_P=netfilter-layer7-v${L7_PV}
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/ http://l7-filter.sf.net/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="extensions ipv6 l7filter static"
DEPEND="virtual/os-headers
l7filter? ( virtual/linux-sources )"
RDEPEND=""
pkg_setup() {
if use l7filter || use extensions ; then
ewarn "WARNING: 3rd party extensions has been enabled."
ewarn "This means that iptables will use your currently installed"
ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
ewarn
if use extensions ; then
ewarn "You may have to patch your kernel to allow iptables to build."
ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
ewarn "for your kernel."
ewarn
fi
linux-info_pkg_setup
fi
if kernel_is ge 2 6 20
then
L7FILE=${KERNEL_DIR}/net/netfilter/xt_layer7.c
else
L7FILE=${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c
fi
if use l7filter && \
[ ! -f "${L7FILE}" ]; then
die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
fi
}
src_unpack() {
unpack ${P}.tar.bz2
if use l7filter
then
unpack ${L7_P}.tar.gz
fi
cd "${S}"
# this provide's grsec's stealth match
EPATCH_OPTS="-p0" \
epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
sed -i \
-e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
extensions/Makefile || die "failed to enable stealth extension"
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do
EPATCH_SOURCE=${base}/${CTARGET}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check}
if [[ -d ${EPATCH_SOURCE} ]] ; then
EPATCH_SUFFIX="patch"
EPATCH_FORCE="yes" \
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \
epatch
break
fi
done
if use l7filter ; then
#yes choosing 2.6.20 was deliberate - upstream mistake possibly
if kernel_is ge 2 6 20
then
L7_PATCH=iptables-1.4-for-kernel-2.6.20forward-layer7-${L7_PV}.patch
else
eerror "Currently there is no l7-filter patch available for this"
eerror "kernel iptables-1.4 and kernel version pre 2.6.20."
eerror "If you need to compile iptables 1.4.x against Linux 2.6.19.x"
eerror "or earlier, with l7-filter patch, please, report upstream."
die "No patch available."
fi
EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
chmod +x extensions/.layer7-test*
fi
if ! use extensions ; then
cat <<-EOF > "${S}"/include/linux/compiler.h
#define __user
EOF
fi
}
src_defs() {
# these are used in both of src_compile and src_install
myconf=""
myconf="${myconf} PREFIX="
myconf="${myconf} LIBDIR=/$(get_libdir)"
myconf="${myconf} BINDIR=/sbin"
myconf="${myconf} MANDIR=/usr/share/man"
myconf="${myconf} INCDIR=/usr/include"
# iptables and libraries are now installed to /sbin and /lib, so that
# systems with remote network-mounted /usr filesystems can get their
# network interfaces up and running correctly without /usr.
use ipv6 || myconf="${myconf} DO_IPV6=0"
use static && myconf="${myconf} NO_SHARED_LIBS=0"
export myconf
if ! use l7filter && ! use extensions ; then
export KERNEL_DIR=$(
# ugh -- iptables has scripts which check for the existence of
# files so we need to give it the right path to our toolchains
# include dir where the linux headers are.
# FYI IPTABLES: YOU FAIL
echo '#include
)
export KBUILD_OUTPUT=${KERNEL_DIR}
diemsg="failure"
else
diemsg="failure - with l7filter and/or other miscellanious patches added"
fi
export diemsg
}
src_compile() {
src_defs
emake \
COPT_FLAGS="${CFLAGS}" ${myconf} \
CC="$(tc-getCC)" \
|| die "${diemsg}"
}
src_install() {
src_defs
emake ${myconf} \
DESTDIR="${D}" \
KERNEL_DIR="${KERNEL_DIR}" \
install install-devel || die "${diemsg}"
dodir /usr/$(get_libdir)
mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
if use ipv6 ; then
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
fi
}
pkg_preinst() {
has_version "=${CATEGORY}/${PN}-1.2*"
upgrade_from_1_2_x=$?
}
pkg_postinst() {
elog "This package now includes an initscript which loads and saves"
elog "rules stored in /var/lib/iptables/rules-save"
use ipv6 && elog "and /var/lib/ip6tables/rules-save"
elog "This location can be changed in /etc/conf.d/iptables"
elog
elog "If you are using the iptables initsscript you should save your"
elog "rules using the new iptables version before rebooting."
elog
elog "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
elog "iptables."
elog
ewarn "!!! ipforwarding is not a part of the iptables initscripts."
ewarn
ewarn "To enable ipforwarding at bootup:"
ewarn "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
if use ipv6 ; then
ewarn "and/or"
ewarn " net.ipv6.ip_forward = 1"
ewarn "for ipv6."
fi
if [[ $upgrade_from_1_2_x = 0 ]] ; then
ewarn
ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
ewarn "http://bugs.gentoo.org/92535"
fi
}
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.1.1.ebuild,v 1.1 2008/06/28 17:32:24 vapier Exp $
inherit eutils toolchain-funcs linux-info
DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
HOMEPAGE="http://www.iptables.org/"
SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE=""
DEPEND="virtual/os-headers"
RDEPEND=""
src_unpack() {
unpack ${P}.tar.bz2
cd "${S}"
local check base=${PORTAGE_CONFIGROOT}/etc/portage/patches
for check in {${CATEGORY}/${PF},${CATEGORY}/${P},${CATEGORY}/${PN}}; do
EPATCH_SOURCE=${base}/${CTARGET}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${CHOST}/${check}
[[ -r ${EPATCH_SOURCE} ]] || EPATCH_SOURCE=${base}/${check}
if [[ -d ${EPATCH_SOURCE} ]] ; then
EPATCH_SUFFIX="patch"
EPATCH_FORCE="yes" \
EPATCH_MULTI_MSG="Applying user patches from ${EPATCH_SOURCE} ..." \
epatch
break
fi
done
}
src_compile() {
econf \
--sbindir=/sbin \
--libexecdir=/$(get_libdir) \
--without-kernel \
--enable-devel \
--enable-libipq \
|| die
emake || die
}
src_install() {
emake install DESTDIR="${D}" || die
keepdir /var/lib/iptables
newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
keepdir /var/lib/ip6tables
newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
}
iptables is the userspace command line program used to set up, maintain, and
inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a
part of packet filtering framework which allows the stateless and stateful
packet filtering, all kinds of network address and port translation, and is a
flexible and extensible infrastructure with multiple layers of API's for 3rd
party extensions. The iptables package also includes ip6tables. ip6tables is
used for configuring the IPv6 packet filter.
Note that some extensions (e.g. imq and l7filter) are not included into
official kernel sources so you have to patch the sources before installation.