diff --git a/srcpkgs/iptables/files/empty-filter.rules b/srcpkgs/iptables/files/empty-filter.rules new file mode 100644 index 0000000000..5a4de48762 --- /dev/null +++ b/srcpkgs/iptables/files/empty-filter.rules @@ -0,0 +1,6 @@ +# Empty iptables filter table rule file +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT diff --git a/srcpkgs/iptables/files/empty-mangle.rules b/srcpkgs/iptables/files/empty-mangle.rules new file mode 100644 index 0000000000..49d493c4d0 --- /dev/null +++ b/srcpkgs/iptables/files/empty-mangle.rules @@ -0,0 +1,8 @@ +# Empty iptables mangle table rules file +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT diff --git a/srcpkgs/iptables/files/empty-nat.rules b/srcpkgs/iptables/files/empty-nat.rules new file mode 100644 index 0000000000..437e96411f --- /dev/null +++ b/srcpkgs/iptables/files/empty-nat.rules @@ -0,0 +1,7 @@ +# Empty iptables nat table rules file +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT diff --git a/srcpkgs/iptables/files/empty-raw.rules b/srcpkgs/iptables/files/empty-raw.rules new file mode 100644 index 0000000000..8dc50d23ee --- /dev/null +++ b/srcpkgs/iptables/files/empty-raw.rules @@ -0,0 +1,5 @@ +# Empty iptables raw table rules file +*raw +:PREROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT diff --git a/srcpkgs/iptables/files/empty-security.rules b/srcpkgs/iptables/files/empty-security.rules new file mode 100644 index 0000000000..4531fa13fb --- /dev/null +++ b/srcpkgs/iptables/files/empty-security.rules @@ -0,0 +1,6 @@ +# Empty iptables security table rules file +*security +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT diff --git a/srcpkgs/iptables/template b/srcpkgs/iptables/template index 001f453d1a..48ad910809 100644 --- a/srcpkgs/iptables/template +++ b/srcpkgs/iptables/template @@ -1,17 +1,16 @@ # Template file for 'iptables' pkgname=iptables -version=1.4.11.1 +version=1.4.12 distfiles="http://www.iptables.org/projects/iptables/files/$pkgname-$version.tar.bz2" build_style=custom-install short_desc="Linux IPv[46] packet filtering ruleset" maintainer="Juan RP " homepage="http://www.netfilter.org/" license="GPL-2" -checksum=170c294698ca573477b1b2a3815e1563bf9929d182efef6cf0331a6e955c9ade +checksum=3e07a0beb746b580fbcfb04b3842ef0bd94a2f281786552f586415b26a7e971c long_desc=" iptables is the userspace command line program used to configure the Linux - 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system - administrators. + IPv4 packet filtering ruleset. It is targeted towards system administrators. Since Network Address Translation is also configured from the packet filter ruleset, iptables is used for this, too. @@ -19,7 +18,6 @@ long_desc=" The iptables package also includes ip6tables. ip6tables is used for configuring the IPv6 packet filter." -keep_empty_dirs=yes openrc_services="iptables default false" conf_files=" /etc/conf.d/iptables @@ -52,15 +50,18 @@ do_install() vinstall ${FILESDIR}/iptables.confd 644 etc/conf.d iptables vinstall ${FILESDIR}/ip6tables.confd 644 etc/conf.d ip6tables vinstall ${FILESDIR}/iptables.rc 755 etc/init.d iptables - for f in $(${FILESDIR}/*.rules); do - vinstall ${f} 644 etc/iptables + for f in empty.rules simple_firewall.rules; do + vinstall ${FILESDIR}/${f} 644 etc/iptables + done + for f in filter mangle nat raw security; do + vinstall ${FILESDIR}/empty-${f}.rules 644 \ + var/lib/iptables empty-${f}.rules done - vmkdir var/lib/iptables # Override wrong symlinks from xtables_multi. for f in iptables iptables-restore iptables-save ip6tables \ ip6tables-restore ip6tables-save; do - ln -sf /sbin/xtables-multi ${DESTDIR}/sbin/${f} + cd ${DESTDIR}/sbin && ln -sf xtables-multi ${f} done - ln -sf /sbin/xtables-multi ${DESTDIR}/usr/bin/iptables-xml + cd ${DESTDIR}/usr/bin && ln -sf ../../sbin/xtables-multi iptables-xml }