diff options
| author |   Daniel Black <dragonheart@gentoo.org> | 2007-02-06 13:10:41 +0000 |
|---|---|---|
| committer | Daniel Black <dragonheart@gentoo.org> | 2007-02-06 13:10:41 +0000 |
| commit | 82875868d074b7b24eb7748b6894356c990c8f8c (patch) | |
| tree | 86484045abd3f0dcea90c0e01f25fa658105ba61 /net-firewall | |
| parent | stable on amd64 wrt security bug 159419 (diff) | |
| download | gentoo-2-82875868d074b7b24eb7748b6894356c990c8f8c.tar.gz gentoo-2-82875868d074b7b24eb7748b6894356c990c8f8c.tar.bz2 gentoo-2-82875868d074b7b24eb7748b6894356c990c8f8c.zip | |
cleanout
(Portage version: 2.1.2-r7)
Diffstat (limited to 'net-firewall')
20 files changed, 14 insertions, 1700 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog index d94abb49a25c..155055fdb62a 100644 --- a/net-firewall/iptables/ChangeLog +++ b/net-firewall/iptables/ChangeLog @@ -1,6 +1,19 @@ # ChangeLog for net-firewall/iptables # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.125 2007/02/06 12:21:22 dragonheart Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.126 2007/02/06 13:10:41 dragonheart Exp $ + + 06 Feb 2007; Daniel Black <dragonheart@gentoo.org> + -files/1.2.11-files/iptables-layer7-0.9.0.patch, + -files/1.2.11-files/grsecurity-1.2.8-iptables.patch, + -files/ip6tables-1.2.9-r1.confd, -files/iptables-1.2.9-r1.confd, + -files/1.2.11-files/install_all_dev_files.patch, + -files/ip6tables-1.2.9-r1.init, -files/1.2.11-files/round-robin.patch, + -files/1.2.11-files/iptables-1.2.9-imq1.diff, + -files/iptables-1.2.9-r1.init, -files/1.2.11-files/CAN-2004-0986.patch, + -files/1.2.11-files/install_ipv6_apps.patch, -iptables-1.2.11-r3.ebuild, + -iptables-1.3.5-r1.ebuild, -iptables-1.3.5-r2.ebuild, + -iptables-1.3.5-r3.ebuild: + cleanout 06 Feb 2007; Daniel Black <dragonheart@gentoo.org> iptables-1.3.7.ebuild: l7 now at 2.9 - no code change just different tarball. Bumping to avoid diff --git a/net-firewall/iptables/files/1.2.11-files/CAN-2004-0986.patch b/net-firewall/iptables/files/1.2.11-files/CAN-2004-0986.patch deleted file mode 100644 index 14a65e2dd190..000000000000 --- a/net-firewall/iptables/files/1.2.11-files/CAN-2004-0986.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- old/iptables_profectio/iptables.c (revision 3243) -+++ new/iptables_profectio/iptables.c (working copy) -@@ -1593,15 +1593,17 @@ - int procfile; - char *ret; - -+#define PROCFILE_BUFSIZ 1024 - procfile = open(PROC_SYS_MODPROBE, O_RDONLY); - if (procfile < 0) - return NULL; - -- ret = malloc(1024); -+ ret = (char *) malloc(PROCFILE_BUFSIZ); - if (ret) { -- switch (read(procfile, ret, 1024)) { -+ memset(ret, 0, PROCFILE_BUFSIZ); -+ switch (read(procfile, ret, PROCFILE_BUFSIZ)) { - case -1: goto fail; -- case 1024: goto fail; /* Partial read. Wierd */ -+ case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */ - } - if (ret[strlen(ret)-1]=='\n') - ret[strlen(ret)-1]=0; - ---- old/iptables_profectio/ip6tables.c (revision 3243) -+++ new/iptables_profectio/ip6tables.c (working copy) -@@ -1595,15 +1595,17 @@ - int procfile; - char *ret; - -+#define PROCFILE_BUFSIZ 1024 - procfile = open(PROC_SYS_MODPROBE, O_RDONLY); - if (procfile < 0) - return NULL; - -- ret = malloc(1024); -+ ret = malloc(PROCFILE_BUFSIZ); - if (ret) { -- switch (read(procfile, ret, 1024)) { -+ memset(ret, 0, PROCFILE_BUFSIZ); -+ switch (read(procfile, ret, PROCFILE_BUFSIZ)) { - case -1: goto fail; -- case 1024: goto fail; /* Partial read. Wierd */ -+ case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */ - } - if (ret[strlen(ret)-1]=='\n') - ret[strlen(ret)-1]=0; - diff --git a/net-firewall/iptables/files/1.2.11-files/grsecurity-1.2.8-iptables.patch b/net-firewall/iptables/files/1.2.11-files/grsecurity-1.2.8-iptables.patch deleted file mode 100644 index 929d77438c45..000000000000 --- a/net-firewall/iptables/files/1.2.11-files/grsecurity-1.2.8-iptables.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- extensions/libipt_stealth.c -+++ extensions/libipt_stealth.c -@@ -0,0 +1,64 @@ -+/* Shared library add-on to iptables to add stealth support. -+ * Copyright (C) 2002 Brad Spengler <spender@grsecurity.net> -+ * This netfilter module is licensed under the GNU GPL. -+ */ -+ -+#include <stdio.h> -+#include <netdb.h> -+#include <stdlib.h> -+#include <getopt.h> -+#include <iptables.h> -+ -+/* Function which prints out usage message. */ -+static void -+help(void) -+{ -+ printf("stealth v%s takes no options\n\n", IPTABLES_VERSION); -+} -+ -+static struct option opts[] = { -+ {0} -+}; -+ -+/* Initialize the match. */ -+static void -+init(struct ipt_entry_match *m, unsigned int *nfcache) -+{ -+ *nfcache |= NFC_UNKNOWN; -+} -+ -+static int -+parse(int c, char **argv, int invert, unsigned int *flags, -+ const struct ipt_entry *entry, -+ unsigned int *nfcache, -+ struct ipt_entry_match **match) -+{ -+ return 0; -+} -+ -+static void -+final_check(unsigned int flags) -+{ -+ return; -+} -+ -+static -+struct iptables_match stealth = { -+ NULL, -+ "stealth", -+ IPTABLES_VERSION, -+ IPT_ALIGN(0), -+ IPT_ALIGN(0), -+ &help, -+ &init, -+ &parse, -+ &final_check, -+ NULL, -+ NULL, -+ opts -+}; -+ -+void _init(void) -+{ -+ register_match(&stealth); -+} diff --git a/net-firewall/iptables/files/1.2.11-files/install_all_dev_files.patch b/net-firewall/iptables/files/1.2.11-files/install_all_dev_files.patch deleted file mode 100644 index 410f15023845..000000000000 --- a/net-firewall/iptables/files/1.2.11-files/install_all_dev_files.patch +++ /dev/null @@ -1,79 +0,0 @@ ---- Makefile -+++ Makefile -@@ -38,18 +38,22 @@ - CFLAGS += -DNO_SHARED_LIBS=1 - endif - --EXTRAS+=iptables iptables.o iptables.8 -+EXTRAS+=iptables iptables.o iptables.8 libiptables.a - EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8 -+DEVEL_HEADERS+=include/iptables.h include/iptables_common.h -+DEVEL_LIBS+=libiptables.a - - # No longer experimental. - EXTRAS+=iptables-save iptables-restore - EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 - - ifeq ($(DO_IPV6), 1) --EXTRAS+=ip6tables ip6tables.o ip6tables.8 -+EXTRAS+=ip6tables ip6tables.o ip6tables.8 libip6tables.a - EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8 - EXTRAS+=ip6tables-save ip6tables-restore - EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8 -+DEVEL_HEADERS+=include/ip6tables.h -+DEVEL_LIBS+=libip6tables.a - endif - - # Sparc64 hack -@@ -111,6 +115,8 @@ - print-extensions: - @[ -n "$(OPTIONALS)" ] && echo Extensions found: $(OPTIONALS) - -+libiptables.a: libiptables.a(iptables.o) -+ - iptables.o: iptables.c - $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $< - -@@ -135,6 +141,8 @@ - @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) - cp $< $@ - -+libip6tables.a: libip6tables.a(ip6tables.o) -+ - ip6tables.o: ip6tables.c - $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $< - -@@ -183,7 +191,7 @@ - .PHONY: install-devel-headers - install-devel-headers: $(DEVEL_HEADERS) - @[ -d $(DESTDIR)$(INCDIR) ] || mkdir -p $(DESTDIR)$(INCDIR) -- @cp -v $(DEVEL_HEADERS) $(DESTDIR)$(INCDIR) -+ @cp -v --parents $(DEVEL_HEADERS) `echo $(DESTDIR)$(INCDIR) | sed -e "s:/include/\?::"` - - .PHONY: install-devel-libs - install-devel-libs: $(DEVEL_LIBS) ---- libipq/Makefile -+++ libipq/Makefile -@@ -17,7 +17,7 @@ - - DEVEL_LIBS+=libipq/libipq.a - --DEVEL_HEADERS+=include/libipq/libipq.h -+DEVEL_HEADERS+=include/libipq/libipq.h include/libipq/ip_queue_64.h - - ifndef TOPLEVEL_INCLUDED - local: ---- libiptc/Makefile -+++ libiptc/Makefile -@@ -16,8 +16,11 @@ - ifeq ($(DO_IPV6), 1) - EXTRA_DEPENDS+= libiptc/libip6tc.d - libiptc/libiptc.a: libiptc/libiptc.a(libiptc/libip6tc.o) -+DEVEL_HEADERS+=include/libiptc/libip6tc.h - endif - -+DEVEL_HEADERS+=include/libiptc/libiptc.h include/libiptc/ipt_kernel_headers.h -+ - libiptc/libip4tc.d libiptc/libip6tc.d: %.d: %.c - @-$(CC) -M -MG $(CFLAGS) $< | sed -e 's@^.*\.o:@$*.d libiptc/libiptc.a($*.o):@' > $@ - endif diff --git a/net-firewall/iptables/files/1.2.11-files/install_ipv6_apps.patch b/net-firewall/iptables/files/1.2.11-files/install_ipv6_apps.patch deleted file mode 100644 index ac5357283575..000000000000 --- a/net-firewall/iptables/files/1.2.11-files/install_ipv6_apps.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- Makefile -+++ Makefile -@@ -63,8 +63,8 @@ - ifeq ($(DO_IPV6), 1) - EXTRAS+=ip6tables ip6tables.o - EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8 --EXTRAS_EXP+=ip6tables-save ip6tables-restore --EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8 -+EXTRAS+=ip6tables-save ip6tables-restore -+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8 - endif - - # Sparc64 hack diff --git a/net-firewall/iptables/files/1.2.11-files/iptables-1.2.9-imq1.diff b/net-firewall/iptables/files/1.2.11-files/iptables-1.2.9-imq1.diff deleted file mode 100644 index 903e38f16498..000000000000 --- a/net-firewall/iptables/files/1.2.11-files/iptables-1.2.9-imq1.diff +++ /dev/null @@ -1,222 +0,0 @@ ---- extensions.orig/.IMQ-test6 Thu Jan 1 01:00:00 1970 -+++ extensions/.IMQ-test6 Mon Jun 16 10:12:47 2003 -@@ -0,0 +1,3 @@ -+#!/bin/sh -+# True if IMQ target patch is applied. -+[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ ---- extensions.orig/libip6t_IMQ.c Thu Jan 1 01:00:00 1970 -+++ extensions/libip6t_IMQ.c Mon Jun 16 10:12:47 2003 -@@ -0,0 +1,102 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <ip6tables.h> -+#include <linux/netfilter_ipv6/ip6_tables.h> -+#include <linux/netfilter_ipv6/ip6t_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void -+help(void) -+{ -+ printf( -+"IMQ target v%s options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n", -+IPTABLES_VERSION); -+} -+ -+static struct option opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void -+init(struct ip6t_entry_target *t, unsigned int *nfcache) -+{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data; -+ -+ mr->todev = 0; -+ *nfcache |= NFC_UNKNOWN; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int -+parse(int c, char **argv, int invert, unsigned int *flags, -+ const struct ip6t_entry *entry, -+ struct ip6t_entry_target **target) -+{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+ if (check_inverse(optarg, &invert, NULL, 0)) -+ exit_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+ mr->todev=atoi(optarg); -+ break; -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+static void -+final_check(unsigned int flags) -+{ -+} -+ -+/* Prints out the targinfo. */ -+static void -+print(const struct ip6t_ip6 *ip, -+ const struct ip6t_entry_target *target, -+ int numeric) -+{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void -+save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target) -+{ -+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data; -+ -+ printf("--todev %u", mr->todev); -+} -+ -+static -+struct ip6tables_target imq -+= { NULL, -+ "IMQ", -+ IPTABLES_VERSION, -+ IP6T_ALIGN(sizeof(struct ip6t_imq_info)), -+ IP6T_ALIGN(sizeof(struct ip6t_imq_info)), -+ &help, -+ &init, -+ &parse, -+ &final_check, -+ &print, -+ &save, -+ opts -+}; -+ -+void _init(void) -+{ -+ register_target6(&imq); -+} ---- extensions.orig/.IMQ-test Thu Jan 1 01:00:00 1970 -+++ extensions/.IMQ-test Mon Jun 16 10:12:47 2003 -@@ -0,0 +1,3 @@ -+#!/bin/sh -+# True if IMQ target patch is applied. -+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ ---- extensions.orig/libipt_IMQ.c Thu Jan 1 01:00:00 1970 -+++ extensions/libipt_IMQ.c Mon Jun 16 10:12:47 2003 -@@ -0,0 +1,102 @@ -+/* Shared library add-on to iptables to add IMQ target support. */ -+#include <stdio.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+ -+#include <iptables.h> -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_IMQ.h> -+ -+/* Function which prints out usage message. */ -+static void -+help(void) -+{ -+ printf( -+"IMQ target v%s options:\n" -+" --todev <N> enqueue to imq<N>, defaults to 0\n", -+IPTABLES_VERSION); -+} -+ -+static struct option opts[] = { -+ { "todev", 1, 0, '1' }, -+ { 0 } -+}; -+ -+/* Initialize the target. */ -+static void -+init(struct ipt_entry_target *t, unsigned int *nfcache) -+{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data; -+ -+ mr->todev = 0; -+ *nfcache |= NFC_UNKNOWN; -+} -+ -+/* Function which parses command options; returns true if it -+ ate an option */ -+static int -+parse(int c, char **argv, int invert, unsigned int *flags, -+ const struct ipt_entry *entry, -+ struct ipt_entry_target **target) -+{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data; -+ -+ switch(c) { -+ case '1': -+ if (check_inverse(optarg, &invert, NULL, 0)) -+ exit_error(PARAMETER_PROBLEM, -+ "Unexpected `!' after --todev"); -+ mr->todev=atoi(optarg); -+ break; -+ default: -+ return 0; -+ } -+ return 1; -+} -+ -+static void -+final_check(unsigned int flags) -+{ -+} -+ -+/* Prints out the targinfo. */ -+static void -+print(const struct ipt_ip *ip, -+ const struct ipt_entry_target *target, -+ int numeric) -+{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; -+ -+ printf("IMQ: todev %u ", mr->todev); -+} -+ -+/* Saves the union ipt_targinfo in parsable form to stdout. */ -+static void -+save(const struct ipt_ip *ip, const struct ipt_entry_target *target) -+{ -+ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data; -+ -+ printf("--todev %u", mr->todev); -+} -+ -+static -+struct iptables_target imq -+= { NULL, -+ "IMQ", -+ IPTABLES_VERSION, -+ IPT_ALIGN(sizeof(struct ipt_imq_info)), -+ IPT_ALIGN(sizeof(struct ipt_imq_info)), -+ &help, -+ &init, -+ &parse, -+ &final_check, -+ &print, -+ &save, -+ opts -+}; -+ -+void _init(void) -+{ -+ register_target(&imq); -+} diff --git a/net-firewall/iptables/files/1.2.11-files/iptables-layer7-0.9.0.patch b/net-firewall/iptables/files/1.2.11-files/iptables-layer7-0.9.0.patch deleted file mode 100644 index 1fee2e03c448..000000000000 --- a/net-firewall/iptables/files/1.2.11-files/iptables-layer7-0.9.0.patch +++ /dev/null @@ -1,384 +0,0 @@ ---- extensions/.layer7-test -+++ extensions/.layer7-test -@@ -0,0 +1,2 @@ -+#! /bin/sh -+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7 ---- extensions/libipt_layer7.c -+++ extensions/libipt_layer7.c -@@ -0,0 +1,360 @@ -+/* -+ Shared library add-on to iptables to add layer 7 matching support. -+ -+ By Matthew Strait <quadong@users.sf.net>, Oct 2003. -+ -+ http://l7-filter.sf.net -+ -+ This program is free software; you can redistribute it and/or -+ modify it under the terms of the GNU General Public License -+ as published by the Free Software Foundation; either version -+ 2 of the License, or (at your option) any later version. -+ http://www.gnu.org/licenses/gpl.txt -+ -+ Based on libipt_string.c (C) 2000 Emmanuel Roger <winfield@freegates.be> -+*/ -+ -+#define _GNU_SOURCE -+#include <stdio.h> -+#include <netdb.h> -+#include <string.h> -+#include <stdlib.h> -+#include <getopt.h> -+#include <ctype.h> -+#include <dirent.h> -+ -+#include <iptables.h> -+#include <linux/netfilter_ipv4/ipt_layer7.h> -+ -+#define MAX_FN_LEN 256 -+ -+static char l7dir[MAX_FN_LEN] = "\0"; -+ -+/* Function which prints out usage message. */ -+static void help(void) -+{ -+ printf( -+ "LAYER7 match v%s options:\n" -+ "--l7dir <directory> : Look for patterns here instead of /etc/l7-protocols/\n" -+ " (--l7dir must be specified before --l7proto if used!)\n" -+ "--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n", -+ IPTABLES_VERSION); -+ fputc('\n', stdout); -+} -+ -+static struct option opts[] = { -+ { .name = "l7proto", .has_arg = 1, .flag = 0, .val = '1' }, -+ { .name = "l7dir", .has_arg = 1, .flag = 0, .val = '2' }, -+ { .name = 0 } -+}; -+ -+/* Initialize the match. */ -+static void init(struct ipt_entry_match *m, unsigned int *nfcache) -+{ -+ *nfcache |= NFC_UNKNOWN; -+} -+ -+/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */ -+int parse_protocol_file(char * filename, const unsigned char * protoname, struct ipt_layer7_info *info) -+{ -+ FILE * f; -+ char * line = NULL; -+ int len = 0; -+ -+ enum { protocol, pattern, done } datatype = protocol; -+ -+ f = fopen(filename, "r"); -+ -+ if(!f) -+ { -+ //fprintf(stderr, "Can't open %s\n", filename); -+ return 0; -+ } -+ -+ while(getline(&line, &len, f) != -1) -+ { -+ if(strlen(line) < 2 || line[0] == '#') -+ continue; -+ -+ /* strip the pesky newline... */ -+ if(line[strlen(line) - 1] == '\n') -+ line[strlen(line) - 1] = '\0'; -+ -+ if(datatype == protocol) -+ { -+ if(strcmp(line, protoname)) -+ exit_error(OTHER_PROBLEM, -+ "Protocol name (%s) doesn't match file name (%s). Bailing out\n", -+ protoname, filename); -+ -+ if(strlen(line) >= MAX_PROTOCOL_LEN) -+ exit_error(PARAMETER_PROBLEM, -+ "Protocol name in %s too long!", filename); -+ strncpy(info->protocol, line, MAX_PROTOCOL_LEN); -+ -+ datatype = pattern; -+ } -+ else if(datatype == pattern) -+ { -+ if(strlen(line) >= MAX_PATTERN_LEN) -+ exit_error(PARAMETER_PROBLEM, "Pattern in %s too long!", filename); -+ strncpy(info->pattern, line, MAX_PATTERN_LEN); -+ -+ datatype = done; -+ break; -+ } -+ else -+ exit_error(OTHER_PROBLEM, "Internal error"); -+ } -+ -+ if(datatype != done) -+ exit_error(OTHER_PROBLEM, "Failed to get all needed data from %s", filename); -+ -+ if(line) free(line); -+ fclose(f); -+ -+ return 1; -+ -+/* -+ fprintf(stderr, "protocol: %s\npattern: %s\n\n", -+ info->protocol, -+ info->pattern); -+*/ -+} -+ -+static int hex2dec(char c) -+{ -+ switch (c) -+ { -+ case '0' ... '9': -+ return c - '0'; -+ case 'a' ... 'f': -+ return c - 'a' + 10; -+ case 'A' ... 'F': -+ return c - 'A' + 10; -+ default: -+ exit_error(OTHER_PROBLEM, "hex2dec: bad value!\n"); -+ return 0; -+ } -+} -+ -+/* takes a string with \xHH escapes and returns one with the characters -+they stand for */ -+static char * pre_process(char * s) -+{ -+ char * result = malloc(strlen(s) + 1); -+ int sindex = 0, rindex = 0; -+ while( sindex < strlen(s) ) -+ { -+ if( sindex + 3 < strlen(s) && -+ s[sindex] == '\\' && s[sindex+1] == 'x' && -+ isxdigit(s[sindex + 2]) && isxdigit(s[sindex + 3]) ) -+ { -+ /* carefully remember to call tolower here... */ -+ result[rindex] = tolower( hex2dec(s[sindex + 2])*16 + -+ hex2dec(s[sindex + 3] ) ); -+ sindex += 3; /* 4 total */ -+ } -+ else -+ result[rindex] = tolower(s[sindex]); -+ -+ sindex++; -+ rindex++; -+ } -+ result[rindex] = '\0'; -+ -+ return result; -+} -+ -+#define MAX_SUBDIRS 128 -+char ** readl7dir(char * dirname) -+{ -+ DIR * scratchdir; -+ struct dirent ** namelist; -+ char ** subdirs = malloc(MAX_SUBDIRS * sizeof(char *)); -+ -+ int n, d = 1; -+ subdirs[0] = ""; -+ -+ n = scandir(dirname, &namelist, 0, alphasort); -+ -+ if (n < 0) -+ { -+ perror("scandir"); -+ exit_error(OTHER_PROBLEM, "Couldn't open %s\n", dirname); -+ } -+ else -+ { -+ while(n--) -+ { -+ char fulldirname[MAX_FN_LEN]; -+ -+ snprintf(fulldirname, MAX_FN_LEN, "%s/%s", dirname, namelist[n]->d_name); -+ -+ if((scratchdir = opendir(fulldirname)) != NULL) -+ { -+ closedir(scratchdir); -+ -+ if(!strcmp(namelist[n]->d_name, ".") || -+ !strcmp(namelist[n]->d_name, "..")) -+ /* do nothing */ ; -+ else -+ { -+ subdirs[d] = malloc(strlen(namelist[n]->d_name) + 1); -+ strcpy(subdirs[d], namelist[n]->d_name); -+ d++; -+ if(d >= MAX_SUBDIRS - 1) -+ { -+ fprintf(stderr, -+ "Too many subdirectories, skipping the rest!\n"); -+ break; -+ } -+ } -+ } -+ free(namelist[n]); -+ } -+ free(namelist); -+ } -+ -+ subdirs[d] = NULL; -+ -+ return subdirs; -+} -+ -+static void -+parse_layer7_protocol(const unsigned char *s, struct ipt_layer7_info *info) -+{ -+ char filename[MAX_FN_LEN]; -+ char * dir = NULL; -+ char ** subdirs; -+ int n = 0, done = 0; -+ -+ if(strlen(l7dir) > 0) -+ dir = l7dir; -+ else -+ dir = "/etc/l7-protocols"; -+ -+ subdirs = readl7dir(dir); -+ -+ while(subdirs[n] != NULL) -+ { -+ int c = snprintf(filename, MAX_FN_LEN, "%s/%s/%s.pat", dir, subdirs[n], s); -+ -+ //fprintf(stderr, "Trying to find pattern in %s ... ", filename); -+ -+ if(c > MAX_FN_LEN) -+ { -+ exit_error(OTHER_PROBLEM, -+ "Filename beginning with %s is too long!\n", filename); -+ } -+ -+ /* read in the pattern from the file */ -+ if(parse_protocol_file(filename, s, info)) -+ { -+ //fprintf(stderr, "found\n"); -+ done = 1; -+ break; -+ } -+ -+ //fprintf(stderr, "not found\n"); -+ -+ n++; -+ } -+ -+ if(!done) -+ exit_error(OTHER_PROBLEM, -+ "Couldn't find a pattern definition file for %s.\n", s); -+ -+ /* process \xHH escapes and tolower everything. (our regex lib has no -+ case insensitivity option.) */ -+ strncpy(info->pattern, pre_process(info->pattern), MAX_PATTERN_LEN); -+} -+ -+/* Function which parses command options; returns true if it ate an option */ -+static int parse(int c, char **argv, int invert, unsigned int *flags, -+ const struct ipt_entry *entry, unsigned int *nfcache, -+ struct ipt_entry_match **match) -+{ -+ struct ipt_layer7_info *layer7info = -+ (struct ipt_layer7_info *)(*match)->data; -+ -+ switch (c) { -+ case '1': -+ check_inverse(optarg, &invert, &optind, 0); -+ parse_layer7_protocol(argv[optind-1], layer7info); -+ if (invert) -+ layer7info->invert = 1; -+ *flags = 1; -+ break; -+ -+ case '2': -+ /* not going to use this, but maybe we need to strip a ! anyway (?) */ -+ check_inverse(optarg, &invert, &optind, 0); -+ -+ if(strlen(argv[optind-1]) >= MAX_FN_LEN) -+ exit_error(PARAMETER_PROBLEM, "directory name too long\n"); -+ -+ strncpy(l7dir, argv[optind-1], MAX_FN_LEN); -+ -+ *flags = 1; -+ break; -+ -+ default: -+ return 0; -+ } -+ -+ return 1; -+} -+ -+/* Final check; must have specified --pattern. */ -+static void final_check(unsigned int flags) -+{ -+ if (!flags) -+ exit_error(PARAMETER_PROBLEM, -+ "LAYER7 match: You must specify `--pattern'"); -+} -+ -+static void print_protocol(char s[], int invert, int numeric) -+{ -+ fputs("l7proto ", stdout); -+ if (invert) fputc('!', stdout); -+ printf("%s ", s); -+} -+ -+/* Prints out the matchinfo. */ -+static void print(const struct ipt_ip *ip, -+ const struct ipt_entry_match *match, -+ int numeric) -+{ -+ printf("LAYER7 "); -+ -+ print_protocol(((struct ipt_layer7_info *)match->data)->protocol, -+ ((struct ipt_layer7_info *)match->data)->invert, numeric); -+} -+/* Saves the union ipt_matchinfo in parsable form to stdout. */ -+static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) -+{ -+ const struct ipt_layer7_info *info = -+ (const struct ipt_layer7_info*) match->data; -+ -+ printf("--l7proto %s%s ", (info->invert) ? "! ": "", info->protocol); -+} -+ -+static struct iptables_match layer7 = { -+ .name = "layer7", -+ .version = IPTABLES_VERSION, -+ .size = IPT_ALIGN(sizeof(struct ipt_layer7_info)), -+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_layer7_info)), -+ .help = &help, -+ .init = &init, -+ .parse = &parse, -+ .final_check = &final_check, -+ .print = &print, -+ .save = &save, -+ .extra_opts = opts -+}; -+ -+void _init(void) -+{ -+ register_match(&layer7); -+} ---- extensions/libipt_layer7.man -+++ extensions/libipt_layer7.man -@@ -0,0 +1,13 @@ -+This module matches packets based on the application layer data of -+their connections. It uses regular expression matching to compare -+the application layer data to regular expressions found it the layer7 -+configuration files. This is an experimental module which can be found at -+http://l7-filter.sf.net. It takes two options. -+.TP -+.BI "--l7proto " "\fIprotocol\fP" -+Match the specified protocol. The protocol name must match a file -+name in /etc/l7-protocols/ -+.TP -+.BI "--l7dir " "\fIdirectory\fP" -+Use \fIdirectory\fP instead of /etc/l7-protocols/ -+ diff --git a/net-firewall/iptables/files/1.2.11-files/round-robin.patch b/net-firewall/iptables/files/1.2.11-files/round-robin.patch deleted file mode 100644 index fcc339965425..000000000000 --- a/net-firewall/iptables/files/1.2.11-files/round-robin.patch +++ /dev/null @@ -1,28 +0,0 @@ -RCS file: /data/cvspublic/iptables/iptables.c,v -retrieving revision 1.68 -retrieving revision 1.70 ---- iptables/iptables.c 2004/05/26 16:04:48 1.68 -+++ iptables/iptables.c 2004/08/03 22:38:39 1.70 -@@ -551,7 +551,7 @@ - - while (host->h_addr_list[*naddr] != (char *) NULL) - (*naddr)++; -- addr = fw_calloc(*naddr, sizeof(struct in_addr)); -+ addr = fw_calloc(*naddr, sizeof(struct in_addr) * *naddr); - for (i = 0; i < *naddr; i++) - inaddrcpy(&(addr[i]), - (struct in_addr *) host->h_addr_list[i]); -@@ -2339,11 +2339,8 @@ - e = NULL; - } - -- for (c = 0; c < nsaddrs; c++) -- free(&saddrs[c]); -- -- for (c = 0; c < ndaddrs; c++) -- free(&daddrs[c]); -+ free(saddrs); -+ free(daddrs); - - if (opts != original_opts) { - free(opts); diff --git a/net-firewall/iptables/files/digest-iptables-1.2.11-r3 b/net-firewall/iptables/files/digest-iptables-1.2.11-r3 deleted file mode 100644 index 8c31eeb69b8e..000000000000 --- a/net-firewall/iptables/files/digest-iptables-1.2.11-r3 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 0a5f5f226e41ce408a895bec995e8c05 iptables-1.2.11.tar.bz2 156988 -RMD160 66e0fa391444a1e169feaf2fc67b5f8622ec1d89 iptables-1.2.11.tar.bz2 156988 -SHA256 be7bd67232fddbe3ce81f40f5b79123380a2e67cd166ec06e650842f8acb373d iptables-1.2.11.tar.bz2 156988 diff --git a/net-firewall/iptables/files/digest-iptables-1.3.5-r1 b/net-firewall/iptables/files/digest-iptables-1.3.5-r1 deleted file mode 100644 index cdf27e110210..000000000000 --- a/net-firewall/iptables/files/digest-iptables-1.3.5-r1 +++ /dev/null @@ -1,9 +0,0 @@ -MD5 9adae8be9562775a176fc1b275b3cb29 iptables-1.3.0-imq1.diff 5369 -RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 iptables-1.3.0-imq1.diff 5369 -SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b iptables-1.3.0-imq1.diff 5369 -MD5 00fb916fa8040ca992a5ace56d905ea5 iptables-1.3.5.tar.bz2 191820 -RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 iptables-1.3.5.tar.bz2 191820 -SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c iptables-1.3.5.tar.bz2 191820 -MD5 551626a158c2a2cbfd937d27ecc7fac1 netfilter-layer7-v2.1.tar.gz 89247 -RMD160 cd2d455a16761b4fe2318d6d8a5671a535176d62 netfilter-layer7-v2.1.tar.gz 89247 -SHA256 5022e8a349135f67045f4add47405af0d626c90a5e8b86ee01745755946e1390 netfilter-layer7-v2.1.tar.gz 89247 diff --git a/net-firewall/iptables/files/digest-iptables-1.3.5-r2 b/net-firewall/iptables/files/digest-iptables-1.3.5-r2 deleted file mode 100644 index cb7e3908a25a..000000000000 --- a/net-firewall/iptables/files/digest-iptables-1.3.5-r2 +++ /dev/null @@ -1,9 +0,0 @@ -MD5 9adae8be9562775a176fc1b275b3cb29 iptables-1.3.0-imq1.diff 5369 -RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 iptables-1.3.0-imq1.diff 5369 -SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b iptables-1.3.0-imq1.diff 5369 -MD5 00fb916fa8040ca992a5ace56d905ea5 iptables-1.3.5.tar.bz2 191820 -RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 iptables-1.3.5.tar.bz2 191820 -SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c iptables-1.3.5.tar.bz2 191820 -MD5 b590a0f6fe809f8e1852ee96687644f9 netfilter-layer7-v2.2.tar.gz 88944 -RMD160 cf421e6ef4acf5b9107feacaee6566d55ad21683 netfilter-layer7-v2.2.tar.gz 88944 -SHA256 e82cc356ece2bea3da2bb4b467063a96337ced4bde6127a44f0296245e74d57d netfilter-layer7-v2.2.tar.gz 88944 diff --git a/net-firewall/iptables/files/digest-iptables-1.3.5-r3 b/net-firewall/iptables/files/digest-iptables-1.3.5-r3 deleted file mode 100644 index cb7e3908a25a..000000000000 --- a/net-firewall/iptables/files/digest-iptables-1.3.5-r3 +++ /dev/null @@ -1,9 +0,0 @@ -MD5 9adae8be9562775a176fc1b275b3cb29 iptables-1.3.0-imq1.diff 5369 -RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 iptables-1.3.0-imq1.diff 5369 -SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b iptables-1.3.0-imq1.diff 5369 -MD5 00fb916fa8040ca992a5ace56d905ea5 iptables-1.3.5.tar.bz2 191820 -RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 iptables-1.3.5.tar.bz2 191820 -SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c iptables-1.3.5.tar.bz2 191820 -MD5 b590a0f6fe809f8e1852ee96687644f9 netfilter-layer7-v2.2.tar.gz 88944 -RMD160 cf421e6ef4acf5b9107feacaee6566d55ad21683 netfilter-layer7-v2.2.tar.gz 88944 -SHA256 e82cc356ece2bea3da2bb4b467063a96337ced4bde6127a44f0296245e74d57d netfilter-layer7-v2.2.tar.gz 88944 diff --git a/net-firewall/iptables/files/ip6tables-1.2.9-r1.confd b/net-firewall/iptables/files/ip6tables-1.2.9-r1.confd deleted file mode 100644 index ef8e61552dd6..000000000000 --- a/net-firewall/iptables/files/ip6tables-1.2.9-r1.confd +++ /dev/null @@ -1,9 +0,0 @@ -# Location in which iptables initscript will save set rules on -# service shutdown -IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" - -#Options to pass to iptables-save and iptables-restore -SAVE_RESTORE_OPTIONS="-c" - -#Save state on stopping iptables -SAVE_ON_STOP="yes" diff --git a/net-firewall/iptables/files/ip6tables-1.2.9-r1.init b/net-firewall/iptables/files/ip6tables-1.2.9-r1.init deleted file mode 100644 index 7e53cbbf195f..000000000000 --- a/net-firewall/iptables/files/ip6tables-1.2.9-r1.init +++ /dev/null @@ -1,73 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/ip6tables-1.2.9-r1.init,v 1.5 2005/06/26 09:06:28 vapier Exp $ - -opts="save reload" - -depend() { - before net - use logger -} - -checkrules() { - if [ ! -f ${IP6TABLES_SAVE} ] - then - eerror "Not starting ip6tables. First create some rules then run" - eerror "/etc/init.d/ip6tables save" - return 1 - fi -} - -start() { - checkrules || return 1 - ebegin "Loading ip6tables state and starting firewall" - einfo "Restoring ip6tables ruleset" - /sbin/ip6tables-restore ${SAVE_RESTORE_OPTIONS} < ${IP6TABLES_SAVE} - eend $? -} - -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ]; then - save || return 1 - fi - ebegin "Stopping firewall" - for a in `cat /proc/net/ip6_tables_names`; do - ip6tables -F -t $a - ip6tables -X -t $a - - if [ $a == nat ]; then - /sbin/ip6tables -t nat -P PREROUTING ACCEPT - /sbin/ip6tables -t nat -P POSTROUTING ACCEPT - /sbin/ip6tables -t nat -P OUTPUT ACCEPT - elif [ $a == mangle ]; then - /sbin/ip6tables -t mangle -P PREROUTING ACCEPT - /sbin/ip6tables -t mangle -P INPUT ACCEPT - /sbin/ip6tables -t mangle -P FORWARD ACCEPT - /sbin/ip6tables -t mangle -P OUTPUT ACCEPT - /sbin/ip6tables -t mangle -P POSTROUTING ACCEPT - elif [ $a == filter ]; then - /sbin/ip6tables -t filter -P INPUT ACCEPT - /sbin/ip6tables -t filter -P FORWARD ACCEPT - /sbin/ip6tables -t filter -P OUTPUT ACCEPT - fi - done - eend $? -} - -reload() { - ebegin "Flushing firewall" - for a in `cat /proc/net/ip_tables_names`; do - /sbin/ip6tables -F -t $a - /sbin/ip6tables -X -t $a - done - eend $? - - start -} - -save() { - ebegin "Saving ip6tables state" - /sbin/ip6tables-save ${SAVE_RESTORE_OPTIONS} > ${IP6TABLES_SAVE} - eend $? -} diff --git a/net-firewall/iptables/files/iptables-1.2.9-r1.confd b/net-firewall/iptables/files/iptables-1.2.9-r1.confd deleted file mode 100644 index a2d070fc48e3..000000000000 --- a/net-firewall/iptables/files/iptables-1.2.9-r1.confd +++ /dev/null @@ -1,9 +0,0 @@ -# Location in which iptables initscript will save set rules on -# service shutdown -IPTABLES_SAVE="/var/lib/iptables/rules-save" - -#Options to pass to iptables-save and iptables-restore -SAVE_RESTORE_OPTIONS="-c" - -#Save state on stopping iptables -SAVE_ON_STOP="yes" diff --git a/net-firewall/iptables/files/iptables-1.2.9-r1.init b/net-firewall/iptables/files/iptables-1.2.9-r1.init deleted file mode 100644 index 0f427cca027c..000000000000 --- a/net-firewall/iptables/files/iptables-1.2.9-r1.init +++ /dev/null @@ -1,76 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.2.9-r1.init,v 1.6 2005/06/26 09:06:28 vapier Exp $ - -opts="save reload" - -depend() { - before net - use logger -} - -checkrules() { - if [ ! -f ${IPTABLES_SAVE} ] - then - eerror "Not starting iptables. First create some rules then run" - eerror "/etc/init.d/iptables save" - return 1 - fi -} - -start() { - checkrules || return 1 - ebegin "Loading iptables state and starting firewall" - einfo "Restoring iptables ruleset" - /sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE} - eend $? -} - -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ]; then - save || return 1 - fi - ebegin "Stopping firewall" - for a in `cat /proc/net/ip_tables_names`; do - /sbin/iptables -F -t $a - /sbin/iptables -X -t $a - - if [ $a == nat ]; then - /sbin/iptables -t nat -P PREROUTING ACCEPT - /sbin/iptables -t nat -P POSTROUTING ACCEPT - /sbin/iptables -t nat -P OUTPUT ACCEPT - elif [ $a == mangle ]; then - /sbin/iptables -t mangle -P PREROUTING ACCEPT - /sbin/iptables -t mangle -P INPUT ACCEPT - /sbin/iptables -t mangle -P FORWARD ACCEPT - /sbin/iptables -t mangle -P OUTPUT ACCEPT - /sbin/iptables -t mangle -P POSTROUTING ACCEPT - elif [ $a == filter ]; then - /sbin/iptables -t filter -P INPUT ACCEPT - /sbin/iptables -t filter -P FORWARD ACCEPT - /sbin/iptables -t filter -P OUTPUT ACCEPT - fi - done - eend $? -} - -reload() { - ebegin "Flushing firewall" - for a in `cat /proc/net/ip_tables_names`; do - /sbin/iptables -F -t $a - /sbin/iptables -X -t $a - done; - eend $? - - start -} - -save() { - local ret - ebegin "Saving iptables state" - /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE} - ret=$? - chmod 0600 ${IPTABLES_SAVE} - eend ${ret} -} diff --git a/net-firewall/iptables/iptables-1.2.11-r3.ebuild b/net-firewall/iptables/iptables-1.2.11-r3.ebuild deleted file mode 100644 index 0f2ad4370d6b..000000000000 --- a/net-firewall/iptables/iptables-1.2.11-r3.ebuild +++ /dev/null @@ -1,169 +0,0 @@ -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.11-r3.ebuild,v 1.17 2006/10/04 14:14:35 vapier Exp $ - -inherit eutils flag-o-matic toolchain-funcs linux-info - -#extensions versions - -DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" -HOMEPAGE="http://www.iptables.org/" -SRC_URI="http://www.iptables.org/files/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86" -IUSE="ipv6 static extensions" - -DEPEND="virtual/os-headers - extensions? ( virtual/linux-sources )" -RDEPEND="" - -pkg_setup() { - if use extensions ; then - einfo "WARNING: 3rd party extensions has been enabled." - einfo "This means that iptables will use your currently installed" - einfo "kernel in /usr/src/linux as headers for iptables." - einfo - einfo "You may have to patch your kernel to allow iptables to build." - einfo "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ for patches" - einfo "for your kernel." - linux-info_pkg_setup - fi -} - - -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}"/${PV}-files/grsecurity-1.2.8-iptables.patch - epatch "${FILESDIR}"/${PV}-files/install_ipv6_apps.patch - epatch "${FILESDIR}"/${PV}-files/install_all_dev_files.patch - epatch "${FILESDIR}"/${PV}-files/round-robin.patch - epatch "${FILESDIR}"/${PV}-files/CAN-2004-0986.patch ; # security bug 70240 - sed -i "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" extensions/Makefile - - if use extensions; then - epatch "${FILESDIR}"/${PV}-files/iptables-1.2.9-imq1.diff - epatch "${FILESDIR}"/${PV}-files/iptables-layer7-0.9.0.patch - - chmod +x extensions/.IMQ-test* - chmod +x extensions/.childlevel-test* - chmod +x extensions/.layer7-test* - - fi -} - -src_compile() { - replace-flags -O0 -O2 - - if [ -z `get-flag O` ]; then - append-flags -O2 - fi - - # prevent it from causing ICMP errors. - # http://bugs.gentoo.org/show_bug.cgi?id=23645 - filter-flags "-fstack-protector" - - # iptables and libraries are now installed to /sbin and /lib, so that - # systems with remote network-mounted /usr filesystems can get their - # network interfaces up and running correctly without /usr. - - use ipv6 || myconf="${myconf} DO_IPV6=0" - use static && myconf="${myconf} NO_SHARED_LIBS=0" - - if use extensions; then - make COPT_FLAGS="${CFLAGS}" ${myconf} \ - PREFIX= \ - LIBDIR=/lib \ - BINDIR=/sbin \ - MANDIR=/usr/share/man \ - INCDIR=/usr/include \ - KERNEL_DIR=/usr/src/linux \ - CC="$(tc-getCC)" \ - || die "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables" - else - make COPT_FLAGS="${CFLAGS}" ${myconf} \ - PREFIX= \ - LIBDIR=/lib \ - BINDIR=/sbin \ - MANDIR=/usr/share/man \ - INCDIR=/usr/include \ - KERNEL_DIR=/usr \ - CC="$(tc-getCC)" \ - || die - fi -} - -src_install() { - if use extensions; then - make DESTDIR=${D} ${myconf} \ - PREFIX= \ - LIBDIR=/lib \ - BINDIR=/sbin \ - MANDIR=/usr/share/man \ - INCDIR=/usr/include \ - KERNEL_DIR=/usr/src/linux \ - install || die "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables" - - make DESTDIR=${D} ${myconf} \ - PREFIX= \ - LIBDIR=/usr/lib \ - BINDIR=/sbin \ - MANDIR=/usr/share/man \ - INCDIR=/usr/include \ - KERNEL_DIR=/usr/src/linux \ - install-devel || die "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables" - else - make DESTDIR=${D} ${myconf} \ - LIBDIR=/lib \ - BINDIR=/sbin \ - MANDIR=/usr/share/man \ - INCDIR=/usr/include \ - KERNEL_DIR=/usr \ - install || die - - make DESTDIR=${D} ${myconf} \ - LIBDIR=/usr/lib \ - BINDIR=/sbin \ - MANDIR=/usr/share/man \ - INCDIR=/usr/include \ - KERNEL_DIR=/usr \ - install-devel || die - fi - - dodoc COPYING - dodir /var/lib/iptables ; keepdir /var/lib/iptables - newinitd "${FILESDIR}"/${PN}-1.2.9-r1.init iptables - newconfd "${FILESDIR}"/${PN}-1.2.9-r1.confd iptables - - if use ipv6; then - dodir /var/lib/ip6tables ; keepdir /var/lib/ip6tables - newinitd "${FILESDIR}"/${PN/iptables/ip6tables}-1.2.9-r1.init ip6tables - newconfd "${FILESDIR}"/${PN/iptables/ip6tables}-1.2.9-r1.confd ip6tables - fi -} - -pkg_postinst() { - einfo "This package now includes an initscript which loads and saves" - einfo "rules stored in /var/lib/iptables/rules-save" - use ipv6 && einfo "and /var/lib/ip6tables/rules-save" - einfo "This location can be changed in /etc/conf.d/iptables" - einfo - einfo "If you are using the iptables initsscript you should save your" - einfo "rules using the new iptables version before rebooting." - einfo - einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" - einfo "iptables." - einfo - ewarn "!!! ipforwarding is now not a part of the iptables initscripts." - einfo - einfo "To enable ipforwarding at bootup:" - einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" - if use ipv6 ; then - einfo "and/or" - einfo " net.ipv6.ip_forward = 1" - einfo "for ipv6." - fi -} diff --git a/net-firewall/iptables/iptables-1.3.5-r1.ebuild b/net-firewall/iptables/iptables-1.3.5-r1.ebuild deleted file mode 100644 index 71ceaf34bf03..000000000000 --- a/net-firewall/iptables/iptables-1.3.5-r1.ebuild +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.5-r1.ebuild,v 1.10 2006/09/04 05:50:25 kumba Exp $ - -inherit eutils flag-o-matic toolchain-funcs linux-info - -L7_PV="2.1" -L7_P="netfilter-layer7-v${L7_PV}" -L7_PATCH="iptables-layer7-${L7_PV}.patch" -IMQ_PATCH="iptables-1.3.0-imq1.diff" - -DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" -HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/" -SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2 - extensions? ( - http://www.linuximq.net/patchs/${IMQ_PATCH} - mirror://sourceforge/l7-filter/${L7_P}.tar.gz - )" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86" -IUSE="ipv6 static extensions" - -DEPEND="virtual/os-headers - extensions? ( virtual/linux-sources )" -RDEPEND="" - -pkg_setup() { - if use extensions ; then - ewarn "WARNING: 3rd party extensions has been enabled." - ewarn "This means that iptables will use your currently installed" - ewarn "kernel in ${KERNEL_DIR} as headers for iptables." - ewarn - ewarn "You may have to patch your kernel to allow iptables to build." - ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches" - ewarn "for your kernel." - ewarn - ewarn "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" - linux-info_pkg_setup - fi -} - -src_unpack() { - unpack ${P}.tar.bz2 - use extensions && unpack ${L7_P}.tar.gz - cd "${S}" - - EPATCH_OPTS="-p0" \ - epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch - EPATCH_OPTS="-p1" \ - epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1 - - # this provide's grsec's stealth match - EPATCH_OPTS="-p0" \ - epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 - sed -i \ - -e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \ - extensions/Makefile || die "failed to enable stealth extension" - - EPATCH_OPTS="-p1" \ - epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch - - if use extensions ; then - EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH} - EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH} - chmod +x extensions/{.IMQ-test*,.childlevel-test*,.layer7-test*} - fi -} - - -src_defs() { - # these are used in both of src_compile and src_install - myconf="${myconf} PREFIX=" - myconf="${myconf} LIBDIR=/$(get_libdir)" - myconf="${myconf} BINDIR=/sbin" - myconf="${myconf} MANDIR=/usr/share/man" - myconf="${myconf} INCDIR=/usr/include" - # iptables and libraries are now installed to /sbin and /lib, so that - # systems with remote network-mounted /usr filesystems can get their - # network interfaces up and running correctly without /usr. - use ipv6 || myconf="${myconf} DO_IPV6=0" - use static && myconf="${myconf} NO_SHARED_LIBS=0" - export myconf - if ! use extensions ; then - export KERNEL_DIR="/usr" - diemsg="" - else - diemsg="Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables" - fi - export diemsg -} - - -src_compile() { - src_defs - - # iptables will NOT work correctly unless -O[123] are present! - replace-flags -O0 -O2 - get-flag -O || append-flags -O2 - - # prevent it from causing ICMP errors. - # http://bugs.gentoo.org/show_bug.cgi?id=23645 - filter-flags -fstack-protector - - emake -j1 \ - COPT_FLAGS="${CFLAGS}" ${myconf} \ - KERNEL_DIR="${KERNEL_DIR}" \ - CC="$(tc-getCC)" \ - || die "${diemsg}" -} - -src_install() { - src_defs - make ${myconf} \ - DESTDIR="${D}" \ - KERNEL_DIR="${KERNEL_DIR}" \ - install install-devel || die "${diemsg}" - - dodir /usr/$(get_libdir) - mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir) - - keepdir /var/lib/iptables - newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables - newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables - - if use ipv6 ; then - keepdir /var/lib/ip6tables - newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables - newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables - fi -} - -pkg_postinst() { - einfo "This package now includes an initscript which loads and saves" - einfo "rules stored in /var/lib/iptables/rules-save" - use ipv6 && einfo "and /var/lib/ip6tables/rules-save" - einfo "This location can be changed in /etc/conf.d/iptables" - einfo - einfo "If you are using the iptables initsscript you should save your" - einfo "rules using the new iptables version before rebooting." - einfo - einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" - einfo "iptables." - einfo - ewarn "!!! ipforwarding is now not a part of the iptables initscripts." - einfo - einfo "To enable ipforwarding at bootup:" - einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" - if use ipv6 ; then - einfo "and/or" - einfo " net.ipv6.ip_forward = 1" - einfo "for ipv6." - fi - if has_version '=net-firewall/iptables-1.2*' ; then - echo - ewarn "When upgrading from iptables-1.2.x, you may be unable to remove" - ewarn "rules added with iptables-1.2.x. This is a known issue, please see:" - ewarn "http://bugs.gentoo.org/92535" - fi -} diff --git a/net-firewall/iptables/iptables-1.3.5-r2.ebuild b/net-firewall/iptables/iptables-1.3.5-r2.ebuild deleted file mode 100644 index 2a8703863130..000000000000 --- a/net-firewall/iptables/iptables-1.3.5-r2.ebuild +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.5-r2.ebuild,v 1.1 2006/06/04 13:18:37 dragonheart Exp $ - -inherit eutils flag-o-matic toolchain-funcs linux-info - -L7_PV="2.2" -L7_P="netfilter-layer7-v${L7_PV}" -L7_PATCH="iptables-layer7-${L7_PV}.patch" -IMQ_PATCH="iptables-1.3.0-imq1.diff" - -DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" -HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/" -SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2 - extensions? ( - http://www.linuximq.net/patchs/${IMQ_PATCH} - mirror://sourceforge/l7-filter/${L7_P}.tar.gz - )" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="ipv6 static extensions" - -DEPEND="virtual/os-headers - extensions? ( virtual/linux-sources )" -RDEPEND="" - -pkg_setup() { - if use extensions ; then - ewarn "WARNING: 3rd party extensions has been enabled." - ewarn "This means that iptables will use your currently installed" - ewarn "kernel in ${KERNEL_DIR} as headers for iptables." - ewarn - ewarn "You may have to patch your kernel to allow iptables to build." - ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches" - ewarn "for your kernel." - ewarn - ewarn "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" - linux-info_pkg_setup - fi -} - -src_unpack() { - unpack ${P}.tar.bz2 - use extensions && unpack ${L7_P}.tar.gz - cd "${S}" - - EPATCH_OPTS="-p0" \ - epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch - EPATCH_OPTS="-p1" \ - epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1 - - # this provide's grsec's stealth match - EPATCH_OPTS="-p0" \ - epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 - sed -i \ - -e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \ - extensions/Makefile || die "failed to enable stealth extension" - - EPATCH_OPTS="-p1" \ - epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch - - if use extensions ; then - EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH} - EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH} - chmod +x extensions/{.IMQ-test*,.childlevel-test*,.layer7-test*} - fi -} - - -src_defs() { - # these are used in both of src_compile and src_install - myconf="${myconf} PREFIX=" - myconf="${myconf} LIBDIR=/$(get_libdir)" - myconf="${myconf} BINDIR=/sbin" - myconf="${myconf} MANDIR=/usr/share/man" - myconf="${myconf} INCDIR=/usr/include" - # iptables and libraries are now installed to /sbin and /lib, so that - # systems with remote network-mounted /usr filesystems can get their - # network interfaces up and running correctly without /usr. - use ipv6 || myconf="${myconf} DO_IPV6=0" - use static && myconf="${myconf} NO_SHARED_LIBS=0" - export myconf - if ! use extensions ; then - export KERNEL_DIR="/usr" - diemsg="" - else - diemsg="Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables" - fi - export diemsg -} - - -src_compile() { - src_defs - - # iptables will NOT work correctly unless -O[123] are present! - replace-flags -O0 -O2 - get-flag -O || append-flags -O2 - - # prevent it from causing ICMP errors. - # http://bugs.gentoo.org/show_bug.cgi?id=23645 - filter-flags -fstack-protector - - emake -j1 \ - COPT_FLAGS="${CFLAGS}" ${myconf} \ - KERNEL_DIR="${KERNEL_DIR}" \ - CC="$(tc-getCC)" \ - || die "${diemsg}" -} - -src_install() { - src_defs - make ${myconf} \ - DESTDIR="${D}" \ - KERNEL_DIR="${KERNEL_DIR}" \ - install install-devel || die "${diemsg}" - - dodir /usr/$(get_libdir) - mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir) - - keepdir /var/lib/iptables - newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables - newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables - - if use ipv6 ; then - keepdir /var/lib/ip6tables - newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables - newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables - fi -} - -pkg_postinst() { - einfo "This package now includes an initscript which loads and saves" - einfo "rules stored in /var/lib/iptables/rules-save" - use ipv6 && einfo "and /var/lib/ip6tables/rules-save" - einfo "This location can be changed in /etc/conf.d/iptables" - einfo - einfo "If you are using the iptables initsscript you should save your" - einfo "rules using the new iptables version before rebooting." - einfo - einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" - einfo "iptables." - einfo - ewarn "!!! ipforwarding is now not a part of the iptables initscripts." - einfo - einfo "To enable ipforwarding at bootup:" - einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" - if use ipv6 ; then - einfo "and/or" - einfo " net.ipv6.ip_forward = 1" - einfo "for ipv6." - fi - if has_version '=net-firewall/iptables-1.2*' ; then - echo - ewarn "When upgrading from iptables-1.2.x, you may be unable to remove" - ewarn "rules added with iptables-1.2.x. This is a known issue, please see:" - ewarn "http://bugs.gentoo.org/92535" - fi -} diff --git a/net-firewall/iptables/iptables-1.3.5-r3.ebuild b/net-firewall/iptables/iptables-1.3.5-r3.ebuild deleted file mode 100644 index 244d6ffd309b..000000000000 --- a/net-firewall/iptables/iptables-1.3.5-r3.ebuild +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.5-r3.ebuild,v 1.1 2006/07/09 06:27:22 dragonheart Exp $ - -inherit eutils flag-o-matic toolchain-funcs linux-info - -L7_PV="2.2" -L7_P="netfilter-layer7-v${L7_PV}" -L7_PATCH="iptables-layer7-${L7_PV}.patch" -IMQ_PATCH="iptables-1.3.0-imq1.diff" - -DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" -HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/" -SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2 - imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} ) - l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="ipv6 static imq l7filter" - -DEPEND="virtual/os-headers - l7filter? ( virtual/linux-sources ) - imq? ( virtual/linux-sources )" -RDEPEND="" - -pkg_setup() { - if use l7filter || use imq; then - ewarn "WARNING: 3rd party extensions has been enabled." - ewarn "This means that iptables will use your currently installed" - ewarn "kernel in ${KERNEL_DIR} as headers for iptables." - ewarn - linux-info_pkg_setup - fi - - if use l7filter && \ - [ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then - die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" - fi - if use imq && \ - [ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then - die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel" - fi -} - -src_unpack() { - unpack ${P}.tar.bz2 - use l7filter && unpack ${L7_P}.tar.gz - cd "${S}" - - EPATCH_OPTS="-p0" \ - epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch - EPATCH_OPTS="-p1" \ - epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1 - - # this provide's grsec's stealth match - EPATCH_OPTS="-p0" \ - epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 - sed -i \ - -e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \ - extensions/Makefile || die "failed to enable stealth extension" - - EPATCH_OPTS="-p1" \ - epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch - - # bug #139726 - epatch "${FILESDIR}"/1.3.5-files/${P}-errno.patch - - if use imq ; then - EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH} - chmod +x extensions/{.IMQ-test*,.childlevel-test*} - fi - if use l7filter ; then - EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH} - chmod +x extensions/.layer7-test* - fi -} - - -src_defs() { - # these are used in both of src_compile and src_install - myconf="${myconf} PREFIX=" - myconf="${myconf} LIBDIR=/$(get_libdir)" - myconf="${myconf} BINDIR=/sbin" - myconf="${myconf} MANDIR=/usr/share/man" - myconf="${myconf} INCDIR=/usr/include" - # iptables and libraries are now installed to /sbin and /lib, so that - # systems with remote network-mounted /usr filesystems can get their - # network interfaces up and running correctly without /usr. - use ipv6 || myconf="${myconf} DO_IPV6=0" - use static && myconf="${myconf} NO_SHARED_LIBS=0" - export myconf - if ! use l7filter && ! use imq; then - export KERNEL_DIR="/usr" - diemsg="failure" - else - diemsg="failure - with l7filter or imq patch added" - fi - export diemsg -} - - -src_compile() { - src_defs - - # iptables will NOT work correctly unless -O[123] are present! - replace-flags -O0 -O2 - get-flag -O || append-flags -O2 - - # prevent it from causing ICMP errors. - # http://bugs.gentoo.org/show_bug.cgi?id=23645 - filter-flags -fstack-protector - - emake -j1 \ - COPT_FLAGS="${CFLAGS}" ${myconf} \ - KERNEL_DIR="${KERNEL_DIR}" \ - CC="$(tc-getCC)" \ - || die "${diemsg}" -} - -src_install() { - src_defs - make ${myconf} \ - DESTDIR="${D}" \ - KERNEL_DIR="${KERNEL_DIR}" \ - install install-devel || die "${diemsg}" - - dodir /usr/$(get_libdir) - mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir) - - keepdir /var/lib/iptables - newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables - newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables - - if use ipv6 ; then - keepdir /var/lib/ip6tables - newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables - newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables - fi -} - -pkg_postinst() { - einfo "This package now includes an initscript which loads and saves" - einfo "rules stored in /var/lib/iptables/rules-save" - use ipv6 && einfo "and /var/lib/ip6tables/rules-save" - einfo "This location can be changed in /etc/conf.d/iptables" - einfo - einfo "If you are using the iptables initsscript you should save your" - einfo "rules using the new iptables version before rebooting." - einfo - einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild" - einfo "iptables." - einfo - ewarn "!!! ipforwarding is not a part of the iptables initscripts." - einfo - einfo "To enable ipforwarding at bootup:" - einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1" - if use ipv6 ; then - einfo "and/or" - einfo " net.ipv6.ip_forward = 1" - einfo "for ipv6." - fi - if has_version '=net-firewall/iptables-1.2*' ; then - echo - ewarn "When upgrading from iptables-1.2.x, you may be unable to remove" - ewarn "rules added with iptables-1.2.x. This is a known issue, please see:" - ewarn "http://bugs.gentoo.org/92535" - fi -} |