Added iptables-1.4.7 build template.

--HG-- extra : convert_revision : 0dec638dfbf3583a0fb60e29c5ec475a5a724fd2
2010-04-13 01:15:32 +02:00 · 2010-04-13 01:15:32 +02:00 · 4bc904a3ca
commit 4bc904a3ca
parent ec6d3f3f71
10 changed files with 231 additions and 0 deletions
--- a/srcpkgs/iptables-devel
+++ b/srcpkgs/iptables-devel
@ -0,0 +1 @@
+iptables
--- a/srcpkgs/iptables/depends
+++ b/srcpkgs/iptables/depends
@ -0,0 +1,2 @@
+abi_depends=">=1.4.7"
+api_depends="${abi_depends}"
--- a/srcpkgs/iptables/files/empty.rules
+++ b/srcpkgs/iptables/files/empty.rules
@ -0,0 +1,6 @@
+# Empty iptables rule file
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
--- a/srcpkgs/iptables/files/ip6tables.confd
+++ b/srcpkgs/iptables/files/ip6tables.confd
@ -0,0 +1,11 @@
+# /etc/conf.d/ip6tables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
--- a/srcpkgs/iptables/files/iptables.confd
+++ b/srcpkgs/iptables/files/iptables.confd
@ -0,0 +1,11 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
--- a/srcpkgs/iptables/files/iptables.rc
+++ b/srcpkgs/iptables/files/iptables.rc
@ -0,0 +1,114 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.6 2007/03/12 21:49:04 vapier Exp $
+
+opts="save reload panic"
+
+iptables_name=${SVCNAME}
+if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
+	iptables_name="iptables"
+fi
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	before net
+	use logger
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	touch "${iptables_save}"
+	chmod 0600 "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	service_started ${iptables_name} && svc_stop
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
--- a/srcpkgs/iptables/files/simple_firewall.rules
+++ b/srcpkgs/iptables/files/simple_firewall.rules
@ -0,0 +1,11 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -p icmp -j ACCEPT 
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+-A INPUT -i lo -j ACCEPT 
+-A INPUT -p tcp -j REJECT --reject-with tcp-reset 
+-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable 
+-A INPUT -j REJECT --reject-with icmp-proto-unreachable 
+COMMIT
--- a/srcpkgs/iptables/iptables-devel.template
+++ b/srcpkgs/iptables/iptables-devel.template
@ -0,0 +1,19 @@
+# Template file for 'iptables-devel'.
+#
+short_desc="${sourcepkg} (development files)"
+long_desc="${long_desc}
+
+ This package contains files for development, headers, static libs, etc."
+
+Add_dependency run glibc-devel
+Add_dependency run kernel-headers
+Add_dependency run iptables
+
+do_install()
+{
+	mkdir -p ${DESTDIR}/usr/lib ${DESTDIR}/usr/share/man
+	mv ${SRCPKGDESTDIR}/usr/include ${DESTDIR}/usr
+	mv ${SRCPKGDESTDIR}/usr/lib/lib*.so ${DESTDIR}/usr/lib
+	mv ${SRCPKGDESTDIR}/usr/lib/pkgconfig ${DESTDIR}/usr/lib
+	mv ${SRCPKGDESTDIR}/usr/share/man/man3 ${DESTDIR}/usr/share/man
+}
--- a/srcpkgs/iptables/template
+++ b/srcpkgs/iptables/template
@ -0,0 +1,51 @@
+# Template file for 'iptables'
+pkgname=iptables
+version=1.4.7
+distfiles="http://www.iptables.org/projects/iptables/files/$pkgname-$version.tar.bz2"
+build_style=gnu_configure
+configure_args="--enable-devel --enable-libipq --sbindir=/sbin
+--with-kernel=/usr/src/kernel-headers-$(${XBPS_PKGDB_CMD} version kernel-headers)"
+short_desc="Linux IPv[46] packet filtering ruleset"
+maintainer="Juan RP <xtraeme@gmail.com>"
+checksum=9f61f389cabdde79e26ca78c336db1b6373b67f80f7cfcb3e9d9ff520b325452
+long_desc="
+ iptables is the userspace command line program used to configure the Linux
+ 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system
+ administrators.
+
+ Since Network Address Translation is also configured from the packet filter
+ ruleset, iptables is used for this, too.
+
+ The iptables package also includes ip6tables. ip6tables is used for
+ configuring the IPv6 packet filter."
+
+openrc_services="iptables default"
+conf_files="
+/etc/conf.d/iptables
+/etc/conf.d/ip6tables"
+
+subpackages="$pkgname-devel"
+
+Add_dependency run glibc
+Add_dependency build kernel-headers
+
+pre_configure()
+{
+	sed -i '87 i libxt_RATEEST.so: libxt_RATEEST.oo' \
+		${wrksrc}/extensions/GNUmakefile.in
+	sed -i '88 i \\t${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -lm -shared ${LDFLAGS} -o $@ $<;\n' \
+		${wrksrc}/extensions/GNUmakefile.in
+}
+
+post_install()
+{
+	install -d ${DESTDIR}/etc/{conf.d,iptables}
+	install -m644 ${FILESDIR}/iptables.confd ${DESTDIR}/etc/conf.d/iptables
+	install -m644 ${FILESDIR}/ip6tables.confd \
+		${DESTDIR}/etc/conf.d/ip6tables
+	install -D -m755 ${FILESDIR}/iptables.rc \
+		${DESTDIR}/etc/init.d/iptables
+	install -m644 ${FILESDIR}/*.rules ${DESTDIR}/etc/iptables
+	install -d ${DESTDIR}/var/lib/iptables
+	touch -f ${DESTDIR}/var/lib/iptables/.empty_on_purpose
+}
--- a/xbps-src/common/mapping_shlib_binpkg.txt
+++ b/xbps-src/common/mapping_shlib_binpkg.txt
@ -556,3 +556,8 @@ libegroupwise-1.2.so.13		evolution-data-server	evolution-data-server-devel
 libgdata-1.2.so			evolution-data-server	evolution-data-server-devel
 libgdata-google-1.2.so		evolution-data-server	evolution-data-server-devel
 libpcap.so			libpcap			libpcap-devel
+libiptc.so			iptables		iptables-devel
+libip6tc.so			iptables		iptables-devel
+libxtables.so			iptables		iptables-devel
+libip4tc.so			iptables		iptables-devel
+libipq.so			iptables		iptables-devel