Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 414592 Details for
Bug 560920
net-firewall/nftables-0.5 init script is broken
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git format patch output
0001-Fix-for-bug-560920.patch (text/plain), 8.79 KB, created by
Göktürk Yüksek
on 2015-10-15 08:45:08 UTC
(
hide
)
Description:
git format patch output
Filename:
MIME Type:
Creator:
Göktürk Yüksek
Created:
2015-10-15 08:45:08 UTC
Size:
8.79 KB
patch
obsolete
>From 49eac35941014356d4f1860fd256a2aa6e70c778 Mon Sep 17 00:00:00 2001 >From: Nicholas Vinson <nvinson234@gmail.com> >Date: Thu, 15 Oct 2015 03:09:24 -0400 >Subject: [PATCH] Fix for bug 560920 > >--- > net-firewall/nftables/files/nftables.init-r1 | 263 +++++++++++++++++++++++++++ > net-firewall/nftables/nftables-0.5-r1.ebuild | 57 ++++++ > 2 files changed, 320 insertions(+) > create mode 100644 net-firewall/nftables/files/nftables.init-r1 > create mode 100644 net-firewall/nftables/nftables-0.5-r1.ebuild > >diff --git a/net-firewall/nftables/files/nftables.init-r1 b/net-firewall/nftables/files/nftables.init-r1 >new file mode 100644 >index 0000000..05bb053 >--- /dev/null >+++ b/net-firewall/nftables/files/nftables.init-r1 >@@ -0,0 +1,263 @@ >+#!/sbin/runscript >+# Copyright 2014 Nicholas Vinson >+# Copyright 1999-2014 Gentoo Foundation >+# Distributed under the terms of the GNU General Public License v2 >+ >+extra_commands="clear list panic save" >+extra_started_commands="reload" >+depend() { >+ need localmount #434774 >+ before net >+} >+ >+start_pre() { >+ checkkernel || return 1 >+ checkconfig || return 1 >+ return 0 >+} >+ >+clear() { >+ if use_legacy; then >+ clear_legacy >+ return 0 >+ fi >+ >+ nft flush ruleset >+} >+ >+list() { >+ if use_legacy; then >+ list_legacy >+ return 0 >+ fi >+ >+ nft list ruleset >+} >+ >+panic() { >+ checkkernel || return 1 >+ if service_started ${RC_SVCNAME}; then >+ rc-service ${RC_SVCNAME} stop >+ fi >+ >+ ebegin "Dropping all packets" >+ clear >+ if nft create table ip filter >/dev/null 2>&1; then >+ #nft -f /var/lib/nftables/rules-panic.ip >+ nft -f /dev/stdin <<-EOF >+ table ip filter { >+ chain input { >+ type filter hook input priority 0; >+ drop >+ } >+ chain forward { >+ type filter hook forward priority 0; >+ drop >+ } >+ chain output { >+ type filter hook output priority 0; >+ drop >+ } >+ } >+ EOF >+ fi >+ if nft create table ip6 filter >/dev/null 2>&1; then >+ #nft -f /var/lib/nftables/rules-panic.ip6 >+ nft -f /dev/stdin <<-EOF >+ table ip6 filter { >+ chain input { >+ type filter hook input priority 0; >+ drop >+ } >+ chain forward { >+ type filter hook forward priority 0; >+ drop >+ } >+ chain output { >+ type filter hook output priority 0; >+ drop >+ } >+ } >+ EOF >+ fi >+} >+ >+reload() { >+ checkkernel || return 1 >+ ebegin "Flushing firewall" >+ clear >+ start >+} >+ >+save() { >+ ebegin "Saving nftables state" >+ checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" >+ checkpath -q -m 0600 -f "${NFTABLES_SAVE}" >+ >+ local tmp_save="${NFTABLES_SAVE}.tmp" >+ >+ if use_legacy; then >+ save_legacy ${tmp_save} >+ else >+ nft list ruleset > ${tmp_save} >+ fi >+ mv ${tmp_save} ${NFTABLES_SAVE} >+} >+ >+start() { >+ ebegin "Loading nftables state and starting firewall" >+ clear >+ nft -f ${NFTABLES_SAVE} >+ eend $? >+} >+ >+stop() { >+ if yesno ${SAVE_ON_STOP:-yes}; then >+ save || return 1 >+ fi >+ >+ ebegin "Stopping firewall" >+ clear >+ eend $? >+} >+ >+################################################################################ >+# >+# SUPPORT FUNCTIONS >+# >+################################################################################ >+checkconfig() { >+ if [ ! -f ${NFTABLES_SAVE} ]; then >+ eerror "Not starting nftables. First create some rules then run:" >+ eerror "rc-service nftables save" >+ return 1 >+ fi >+ return 0 >+} >+ >+checkkernel() { >+ if ! nft list tables >/dev/null 2>&1; then >+ eerror "Your kernel lacks nftables support, please load" >+ eerror "appropriate modules and try again." >+ return 1 >+ fi >+ return 0 >+} >+ >+use_legacy() { >+ local major_ver minor_ver >+ >+ major_ver=`uname -r | cut -d '.' -f1` >+ minor_ver=`uname -r | cut -d '.' -f2` >+ >+ [[ $major_ver -ge 4 || $major_ver -eq 3 && $minor_ver -ge 18 ]] && return 1 >+ return 0 >+} >+ >+################################################################################ >+# >+# LEGACY COMMAND FUNCTIONS >+# >+################################################################################ >+ >+clear_legacy() { >+ local l3f line table chain first_line >+ >+ first_line=1 >+ if manualwalk; then >+ for l3f in $(getfamilies); do >+ nft list tables ${l3f} | while read line; do >+ table=$(echo ${line} | sed "s/table[ \t]*//") >+ deletetable ${l3f} ${table} >+ done >+ done >+ else >+ nft list tables | while read line; do >+ l3f=$(echo ${line} | cut -d ' ' -f2) >+ table=$(echo ${line} | cut -d ' ' -f3) >+ deletetable ${l3f} ${table} >+ done >+ fi >+} >+ >+list_legacy() { >+ local l3f >+ >+ if manualwalk; then >+ for l3f in $(getfamilies); do >+ nft list tables ${l3f} | while read line; do >+ line=$(echo ${line} | sed "s/table/table ${l3f}/") >+ echo "$(nft list ${line})" >+ done >+ done >+ else >+ nft list tables | while read line; do >+ echo "$(nft list ${line})" >+ done >+ fi >+} >+ >+save_legacy() { >+ tmp_save=$1 >+ touch "${tmp_save}" >+ if manualwalk; then >+ for l3f in $(getfamilies); do >+ nft list tables ${l3f} | while read line; do >+ line=$(echo ${line} | sed "s/table/table ${l3f}/") >+ nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save} >+ done >+ done >+ else >+ nft list tables | while read line; do >+ nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}" >+ done >+ fi >+} >+ >+################################################################################ >+# >+# LEGACY SUPPORT FUNCTIONS >+# >+################################################################################ >+CHECK_TABLE_NAME="GENTOO_CHECK_TABLE" >+ >+getfamilies() { >+ local l3f families >+ >+ for l3f in ip arp ip6 bridge inet; do >+ if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then >+ families="${families}${l3f} " >+ nft delete table ${l3f} ${CHECK_TABLE_NAME} >+ fi >+ done >+ echo ${families} >+} >+ >+manualwalk() { >+ local result l3f=`getfamilies | cut -d ' ' -f1` >+ >+ nft create table ${l3f} ${CHECK_TABLE_NAME} >+ nft list tables | read line >+ if [ $(echo $line | wc -w) -lt 3 ]; then >+ result=0 >+ fi >+ result=1 >+ nft delete table ${l3f} ${CHECK_TABLE_NAME} >+ >+ return $result >+} >+ >+deletetable() { >+ # family is $1 >+ # table name is $2 >+ nft flush table $1 $2 >+ nft list table $1 $2 | while read l; do >+ chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2) >+ if [ -n "${chain}" ]; then >+ nft flush chain $1 $2 ${chain} >+ nft delete chain $1 $2 ${chain} >+ fi >+ done >+ nft delete table $1 $2 >+} >+ >diff --git a/net-firewall/nftables/nftables-0.5-r1.ebuild b/net-firewall/nftables/nftables-0.5-r1.ebuild >new file mode 100644 >index 0000000..77d1e4e >--- /dev/null >+++ b/net-firewall/nftables/nftables-0.5-r1.ebuild >@@ -0,0 +1,57 @@ >+# Copyright 1999-2015 Gentoo Foundation >+# Distributed under the terms of the GNU General Public License v2 >+# $Id$ >+ >+EAPI=5 >+ >+inherit autotools linux-info eutils >+ >+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" >+HOMEPAGE="http://netfilter.org/projects/nftables/" >+SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" >+ >+LICENSE="GPL-2" >+SLOT="0" >+KEYWORDS="~amd64 ~arm ~x86" >+IUSE="debug gmp +readline" >+ >+RDEPEND=">=net-libs/libmnl-1.0.3 >+ >=net-libs/libnftnl-1.0.5 >+ gmp? ( dev-libs/gmp ) >+ readline? ( sys-libs/readline )" >+DEPEND="${RDEPEND} >+ >=app-text/docbook2X-0.8.8-r4 >+ sys-devel/bison >+ sys-devel/flex" >+ >+S="${WORKDIR}"/v${PV} >+ >+pkg_setup() { >+ if kernel_is ge 3 13; then >+ CONFIG_CHECK="~NF_TABLES" >+ linux-info_pkg_setup >+ else >+ eerror "This package requires kernel version 3.13 or newer to work properly." >+ fi >+} >+ >+src_prepare() { >+ epatch_user >+ eautoreconf >+} >+ >+src_configure() { >+ econf \ >+ --sbindir="${EPREFIX}"/sbin \ >+ $(use_enable debug) \ >+ $(use_with readline cli) \ >+ $(use_with !gmp mini_gmp) >+} >+ >+src_install() { >+ default >+ >+ newconfd "${FILESDIR}"/${PN}.confd ${PN} >+ newinitd "${FILESDIR}"/${PN}.init-r1 ${PN} >+ keepdir /var/lib/nftables >+} >-- >2.4.9 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=414592">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 560920
:
412362
|
412986
|
412988
|
412990
|
413944
|
413946
|
413948
|
413950
|
413972
|
413974
|
413976
|
413978
|
413980
|
414588
|
414590
| 414592
