--- ufw.orig/files/ufw-0.31.1-conntrack.patch	2014-04-05 15:07:11.663905955 +0200
+++ ufw.orig/files/ufw-0.31.1-conntrack.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,201 +0,0 @@ 
-use conntrack instead of state
-https://bugs.launchpad.net/ufw/+bug/1065297
-
-This is a version for ufw 0.31.1.
-diff --git a/conf/before.rules b/conf/before.rules
-index bc11f36..9917b87 100644
---- a/conf/before.rules
-+++ b/conf/before.rules
-@@ -22,12 +22,12 @@
- -A ufw-before-output -o lo -j ACCEPT
- 
- # quickly process packets for which we already have a connection
---A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
---A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
-+-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-+-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- 
- # drop INVALID packets (logs these in loglevel medium and higher)
---A ufw-before-input -m state --state INVALID -j ufw-logging-deny
---A ufw-before-input -m state --state INVALID -j DROP
-+-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-+-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
- 
- # ok icmp codes
- -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-diff --git a/conf/before6.rules b/conf/before6.rules
-index fb1a8f1..8b7e4ff 100644
---- a/conf/before6.rules
-+++ b/conf/before6.rules
-@@ -34,16 +34,16 @@
- -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
- 
- # quickly process packets for which we already have a connection
---A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
---A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
-+-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-+-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- 
- # for multicast ping replies from link-local addresses (these don't have an
- # associated connection and would otherwise be marked INVALID)
- -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -s fe80::/10 -j ACCEPT
- 
- # drop INVALID packets (logs these in loglevel medium and higher)
---A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny
---A ufw6-before-input -m state --state INVALID -j DROP
-+-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
-+-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
- 
- # ok icmp codes
- -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-diff --git a/doc/ufw-framework.8 b/doc/ufw-framework.8
-index d9e3d5a..bfc83e2 100644
---- a/doc/ufw-framework.8
-+++ b/doc/ufw-framework.8
-@@ -167,9 +167,9 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have:
-  net.ipv4.ip_forward=1
- .TP
- Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules:
-- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\
-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate RELATED,ESTABLISHED \\
-    \-j ACCEPT
-- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\
-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\
-    \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT
- .TP
- Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section:
-@@ -209,13 +209,13 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have:
-   net.ipv4.ip_forward=1
- .TP
- Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules:
-- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\
-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate RELATED,ESTABLISHED \\
-    \-j ACCEPT
- 
-- \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m state \\
--   \-\-state NEW \-j ACCEPT
-+ \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m conntrack \\
-+   \-\-ctstate NEW \-j ACCEPT
- 
-- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\
-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\
-    \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT
- 
-  \-A ufw\-before\-forward \-o eth0 \-d 10.0.0.0/8 \-j REJECT
-diff --git a/src/backend_iptables.py b/src/backend_iptables.py
-index 340beba..4459a3b 100644
---- a/src/backend_iptables.py
-+++ b/src/backend_iptables.py
-@@ -551,7 +551,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
-                 lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \
-                        policy)
-                 if not pat_logall.search(s):
--                    lstr = '-m state --state NEW ' + lstr
-+                    lstr = '-m conntrack --ctstate NEW ' + lstr
-                 snippets[i] = pat_log.sub(r'\1-j \2\4', s)
-                 snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \
-                                                '-user-logging-' + suffix, s))
-@@ -567,9 +567,9 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
-         pat_limit = re.compile(r' -j LIMIT')
-         for i, s in enumerate(snippets):
-             if pat_limit.search(s):
--                tmp1 = pat_limit.sub(' -m state --state NEW -m recent --set', \
-+                tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \
-                                      s)
--                tmp2 = pat_limit.sub(' -m state --state NEW -m recent' + \
-+                tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \
-                                      ' --update --seconds 30 --hitcount 6' + \
-                                      ' -j ' + prefix + '-user-limit', s)
-                 tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s)
-@@ -1178,12 +1178,12 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
-                     prefix = "[UFW BLOCK] "
-                     if self.loglevels[level] < self.loglevels["medium"]:
-                         # only log INVALID in medium and higher
--                        rules_t.append([c, ['-I', c, '-m', 'state', \
--                                            '--state', 'INVALID', \
-+                        rules_t.append([c, ['-I', c, '-m', 'conntrack', \
-+                                            '--ctstate', 'INVALID', \
-                                             '-j', 'RETURN'] + largs, ''])
-                     else:
--                        rules_t.append([c, ['-A', c, '-m', 'state', \
--                                            '--state', 'INVALID', \
-+                        rules_t.append([c, ['-A', c, '-m', 'conntrack', \
-+                                            '--ctstate', 'INVALID', \
-                                             '-j', 'LOG', \
-                                             '--log-prefix', \
-                                             "[UFW AUDIT INVALID] "] + \
-@@ -1202,7 +1202,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
- 
-             # loglevel medium logs all new packets with limit
-             if self.loglevels[level] < self.loglevels["high"]:
--                largs = ['-m', 'state', '--state', 'NEW'] + limit_args
-+                largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args
- 
-             prefix = "[UFW AUDIT] "
-             for c in self.chains['before']:
-diff --git a/src/ufw-init-functions b/src/ufw-init-functions
-index f4783e7..c5e0319 100755
---- a/src/ufw-init-functions
-+++ b/src/ufw-init-functions
-@@ -251,15 +251,15 @@ ufw_start() {
-             # add tracking policy
-             if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then
-                 printf "*filter\n"\
--"-A ufw${type}-track-input -p tcp -m state --state NEW -j ACCEPT\n"\
--"-A ufw${type}-track-input -p udp -m state --state NEW -j ACCEPT\n"\
-+"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\
-+"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\
- "COMMIT\n" | $exe-restore -n || error="yes"
-             fi
- 
-             if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then
-                 printf "*filter\n"\
--"-A ufw${type}-track-output -p tcp -m state --state NEW -j ACCEPT\n"\
--"-A ufw${type}-track-output -p udp -m state --state NEW -j ACCEPT\n"\
-+"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\
-+"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\
- "COMMIT\n" | $exe-restore -n || error="yes"
-             fi
- 
-diff --git a/tests/check-requirements b/tests/check-requirements
-index dbb26ec..d3ad1f8 100755
---- a/tests/check-requirements
-+++ b/tests/check-requirements
-@@ -152,32 +152,32 @@ for i in "" 6; do
-     done
- 
-     echo -n "hashlimit: "
--    runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
-+    runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT
- 
-     echo -n "limit: "
-     runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT
- 
-     for j in NEW RELATED ESTABLISHED INVALID; do
-         echo -n "state ($j): "
--        runcmd $exe -A $c -m state --state $j
-+        runcmd $exe -A $c -m conntrack --ctstate $j
-     done
- 
-     echo -n "state (new, recent set): "
-     if [ "$i" = "6" ]; then
-         echo "skipped -- IPv6 'limit' not supported by ufw yet"
-     else
--        runcmd $exe -A $c -m state --state NEW -m recent --set
-+        runcmd $exe -A $c -m conntrack --ctstate NEW -m recent --set
-     fi
- 
-     echo -n "state (new, recent update): "
-     if [ "$i" = "6" ]; then
-         echo "skipped -- IPv6 'limit' not supported by ufw yet"
-     else
--        runcmd $exe -A $c -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT
-+        runcmd $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT
-     fi
- 
-     echo -n "state (new, limit): "
--    runcmd $exe -A $c -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT
-+    runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT
- 
-     echo -n "interface (input): "
-     runcmd $exe -A $c -i eth0 -j ACCEPT
--- ufw.orig/files/ufw-0.33-conntrack.patch	2014-04-05 15:07:11.662905955 +0200
+++ ufw.orig/files/ufw-0.33-conntrack.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,187 +0,0 @@ 
-use conntrack instead of state
-https://bugs.launchpad.net/ufw/+bug/1065297
-diff -urp ufw-0.33.orig/conf/before6.rules ufw-0.33/conf/before6.rules
--- ufw.orig/files/ufw-dont-check-iptables.patch	2014-04-05 15:07:11.663905955 +0200
+++ ufw.orig/files/ufw-dont-check-iptables.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,45 +0,0 @@ 
--- ufw.orig/Manifest	2014-04-05 15:07:11.691905955 +0200
+++ ufw.orig/Manifest	2014-04-05 15:26:51.173892698 +0200
@@ -1,30 +1,13 @@ 
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
 AUX rsyslog/ufw.logrotate 178 SHA256 02d1a00ca68446fbe056a4c3aede319f77b3262e26092cc04ea46de8923d03f8 SHA512 d381a34b23d8656c316af69c07d49042d6c4def4cea3e51367210bce20681376fd0259a95b6b9403171c5d80732927a8880f3d401e13e6f76b505324eecb146b WHIRLPOOL 10b63f8966ad7ad0894a18216a0102fc8a102b14c8f9fb468a4a8d61ae13b1ec3176c7bb9ffb852f8aaa4ac7874584a8f8f5a2d6e98fa3fb56f5945e9bd99139
 AUX syslog-ng/syslog-ng.example 381 SHA256 70a795c1b20e2cdef38565d74b9de042c6666f860a2fd1b3bdc6f31dd451bc68 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e WHIRLPOOL 44874c68257b6f9a53e7fd1affc6ccf2492d9ec09a4700a17239fb3e413e2dcf2ede87eafb1e253d965c27a1c5ead36c413c8c84ec3ed55f5cf2191b927aacbe
 AUX syslog-ng/ufw.logrotate 269 SHA256 cddd86613bde19b45f0f935c65bb43721f69aefc14e7d629612b23ea3b5c5c97 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d WHIRLPOOL 5da4f8c615667d829ea4eb318ec01b712adf69002dcf8c3df7deba8fa3e49e426b1c00e468805ba571ed2f2ce05fa81b7e2ac83e7231de3f3305d6ce190264e5
-AUX ufw-0.31.1-conntrack.patch 9842 SHA256 e91af8e88c896fd2e05b4143f361a72bc8ae78c8ab0c5afb8a26ea416f7bb631 SHA512 c7fab58aec12f47a492e8ad94e2ffbb471daf6292b6c9272396754cc25a6d2a164f3c383fd7e933a0d624d55a5b4b7a385a1fd31ef74162b7e819284c25a4fd7 WHIRLPOOL 96aa69e0aad4df20b14231edda6434f95be144d302484ef71bec4b6d6d4518714a852d1844d5aa33eaa7845a70659ab42006881297eecc5237f7c93b3907af9b
 AUX ufw-0.31.1-move-path.patch 7071 SHA256 88a7b20696b731bac01b3c5d88b0353842b1228d3239cfebe1f2a47c1bdb6768 SHA512 66382ded35437e563c874dc01417a2735a2aa136a1e670fd3707c3311516a6d9a0e62a20679a4f5dcaa2edc0225535cf2410d7f86676b1e10eb309ecc3e24bc2 WHIRLPOOL 89e3165900def8380cade3eb62fc351be9e43c8055f4b71c356f3aa5356b0c57154e18485d94e0ca86462da7c55b1b4755de379a88f1958d313b93c0ec723715
 AUX ufw-0.31.1-python-abis.patch 1872 SHA256 1e3094135d71e7e7129b2d268d79c73990f0a6f61f2bb6456d3f3654b4975463 SHA512 fbe65a6775426c66cd82382e62eea3a2179d68a0b6c617cc468e7076e2f58493baffde686b65e6bf3a89ea7fdda48a5a42d152b1be388c943408532f47d4402a WHIRLPOOL 62e68d1ef8aaa4963765599ca6701af18bcdef8f6a20607ce433b5294baa9c5ba75b3d41266d9a8bd82febe3a3ac75c6fcb2326fbc5cafa31634ec96a4407b10
-AUX ufw-0.33-conntrack.patch 10055 SHA256 e034feba3bdeca0d4e9aed0555d88838e49804542174b988f9a7fbf8b8dc759d SHA512 7de6358ec0bf6696c4c26aab2729b9160e16ce44a67b5b634ad935fb4bf218b1b79d599f9d679f8f2a147861d865a098729fe3dbc0db110135bf5a78acfd6d53 WHIRLPOOL a3d543abf0ac1d6ca11a4754ab296c9e6f28809e8b746986524aa5d0e162f78d5a5abd586ff172618e8d79354c43429de3cc0b0e9a3d1bf91d662071c3cd2cfc
 AUX ufw-0.33-dont-check-iptables.patch 1659 SHA256 8a3ae20d399e83aa9c779dfed1f65d99b277263681b1a3e7e9e86143d5fabd0a SHA512 8f92d4b79f1caf01cb97ec64014c7607a410fb0a36e5e87376707c026d714a060ae554591b6e5b3834b671acd4145dcca68a9373aa41051ef60c9dd409dd008d WHIRLPOOL 8f897654bde85d84b17dc32507c5a469fe04eb2201acb55bfd02a76346620399dbcb9c7d0ce19f48285f6eec5de0a5d96420483d6a0b7a4c31a41fa329f91180
 AUX ufw-2.initd 2722 SHA256 657b5305923b2a5de9eb96931aaaa28d6e997ace6c40793d905887798094258c SHA512 54cb84ae5ce2c327a7a7b03deeed3d7507a4716ce929aa563d4fb5baa9aa73d95575ec7d5db7165345310869bd5a60b1033c6691f02a85ab94baa6b4a550daa7 WHIRLPOOL c19a21c93f0c63165715e8da4ab9b16a4596ccc3730118c1bbd7eb4de9a94b2b1475904818a2786b2490a07dee7d761da28ca6dc087926c27598d691cb333ce6
-AUX ufw-dont-check-iptables.patch 1572 SHA256 2ea0f9525baa82386690577525631f468e56a0fbde0e7e5a65fba36c922ea96f SHA512 c072e924ed5c7df37d89dd9dc8ecb9a52f16fcd962a31d97f45cecefb971adcceabff183bec386be29f44942d12f8bce595ff4203e390ce464627458843b19cb WHIRLPOOL a1ee6799042353f32a1746b14017403994d60dc1ba7e67581ebdff3d93e37e72c7224708d2c0d1bef25ce311ad5c647cd5f0fa62ea4da60321e47f922f64c54d
 AUX ufw.confd 219 SHA256 069aa7382b40aecebf26ef53f3f4c49890314e0357925c84b3c15f1d0b913be0 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 WHIRLPOOL e6c4537392921c63f8a57fab7ea269fbeea846468ef8968816d988556557495e8abb77aee9d60648a1483a599683613cf5ea832cbcf498a8828baa9abcd31752
 AUX ufw.service 329 SHA256 1c600d9b9425485a0536fdf77a39fbf94bfcaade686789d6c4f3f1aac08ffe69 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7 WHIRLPOOL a00069a5582b9c52b5ff9a9c88b03294140dd06596ea0fbcbd0e7f6de016b1eed97840728c932a82f18762c84c9e8849f86ee504b49931420f2d097bb9b0ebd6
-DIST ufw-0.31.1.tar.gz 322448 SHA256 ccf5e00aa76841b9467ad9506fbf96373fb24a4b26bffd858ea1eb2522491dcb SHA512 3c9e61be7ba18ccdbd8195517f0b74a418b460f91b6efcdf0d883fc1dca2bc376ee317836882b67d2fd4825c2e5374d9c6a5da3d77f98794b64c98071d3ac0dc WHIRLPOOL 35064e73f892d6a94413f3560f5f0af945c972b673da4980af0a60576cc641810a74d76ed196935abaf9c2b395c2cc7250b6d27e710e284cbf2df014a6f0820d
-DIST ufw-0.33.tar.gz 332893 SHA256 5f85a8084ad3539b547bec097286948233188c971f498890316dec170bdd1da8 SHA512 a908d0a2c74bedef418b28f1701048bc9281f314ff747fb1e9497ddee341dbf86402215c470b605523b03a12b2dec812cd7342c310c04231dbed5b6f8e783309 WHIRLPOOL bdd09fbdc2514061b6971e06fa05d6fee04e29c2cecf0c12b237349071e88d188aa8a7bd5c54f5cf3cccd4ddf8d2e3d2bb6ed0db92538b7d76cea471d74848c1
 DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829
-EBUILD ufw-0.31.1-r2.ebuild 5587 SHA256 8ff4d7fcf67686d85b18cc094c19c7625d9e980f3c6747cca04c796c3c997e3a SHA512 ecea06b997f91cbed3500e84678c65a3ecd6eca9acfc877888ddabf6d4cbefd95a8f8c66f5f9185c5d4a06d92a31b7780bc4adfaefffb4ec4b6907d49fb2edbb WHIRLPOOL da35894ce419296a4ad415f05f84fbdea701200be55bcf8acd975a040fa6e1eb983d6e27f2ee31290e6c7b30803d19accf2470015aa4c331ee3d1615dab09903
-EBUILD ufw-0.33-r2.ebuild 5665 SHA256 77e14c04d236925a4608a55307dea92c137583a304d4cf685f87bcc114b3f26d SHA512 4614dcb6fd4f8d102fe344e7eac1f46d0c8ea8ed7153edd67111aab58e1f8c9ac37208da7fd5472dc6bad0081788d181e4062d58481f963663e9c9bc0993e043 WHIRLPOOL 6711f39ca765009e1a545787b18e11b67ec92a4dd11245c753b636c7ea865dbbbbd974fb542532f26a3dc119c0db0a3dc929549109b4b8fc5a6e76700c1ccdee
 EBUILD ufw-0.34_pre805.ebuild 5415 SHA256 2a5191348122b729d4cefccb4f65e9714c704e61afff25dcedc530e12284c5a2 SHA512 378e32a0e135eafc33cb2134a26a0fa9590b86d9abd8008bb7086d0739a0e106f36cc127069d5145659dce9607734b6344804dc0b3914ae7efdc867885c1b504 WHIRLPOOL 13cdf52c7824fd06d407e0e3bd8333fda9dc7f6af2164b6cfe1ed95fab4ddf313df347c86793ee9e4d26b805bcd7118e4c38cce4cee2041ea5fe15900f51a788
 MISC ChangeLog 3412 SHA256 e40b5094a14577b02edf32e128c1007ffb3ed1e3428fd92752746bddd4031cfc SHA512 891a4f1369ae1926e65f4744544142f70c7ebb7ec9d1ac4d9f421f9c848e863743b2b593447c16b67bc30f1bb55b8ffae65e0d297344e09142cc0d36ffa1b536 WHIRLPOOL c360c1bb16cec63b6b8bcae25d5959427bcac9ac82186ab1f4b585c26ae0771179a026f8112e7ed9672cc6364d612a3a866e20180aeb65c6e4d592574309ac53
 MISC metadata.xml 568 SHA256 0fea99101adbd93b9a644642cf668a7cb5d6392c840b66b4c8aca504985c4033 SHA512 5ac4c205a5df4c0bf11f22d442457c5a50535ebf007fb01bb07e9480f9d854eb053bdd220519e37e0602e1d3ec0043bab7e1865bf9c2e8339b76538719285e96 WHIRLPOOL 122348f9b736392521b10685d03ce3105abec78c8a1378ed1e1b86f9bf6097b1b6be66ce172e1cc92e813c21c8722a4f44e52ee63bfd2c327c9e2c844faf1d13
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
-
-iEYEAREIAAYFAlGZ51wACgkQfaj9zK3JFuU8agCfaSghPqtPnfhwkx1lEMazNSq5
-iyEAnjHVFS+FmCLVkeQ5tpq6WzXjjixH
-=Uc3e
------END PGP SIGNATURE-----
--- ufw.orig/ufw-0.31.1-r2.ebuild	2014-04-05 15:07:11.649905955 +0200
+++ ufw.orig/ufw-0.31.1-r2.ebuild	1970-01-01 01:00:00.000000000 +0100
@@ -1,179 +0,0 @@ 
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.31.1-r2.ebuild,v 1.2 2013/05/20 09:05:50 lxnay Exp $
-
-EAPI=4
-PYTHON_DEPEND="2:2.5"
-SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="3.* *-jython"
-
-inherit versionator bash-completion-r1 eutils linux-info distutils systemd
-
-MY_PV_12=$(get_version_component_range 1-2)
-DESCRIPTION="A program used to manage a netfilter firewall"
-HOMEPAGE="http://launchpad.net/ufw"
-SRC_URI="http://launchpad.net/ufw/${MY_PV_12}/${PV}/+download/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="examples ipv6"
-
-DEPEND="sys-devel/gettext"
-RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
-	!<kde-misc/kcm-ufw-0.4.2
-	!<net-firewall/ufw-frontends-0.3.2
-"
-
-# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
-RESTRICT="test"
-
-pkg_pretend() {
-	local CONFIG_CHECK="~PROC_FS
-		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
-		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
-		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
-
-	if kernel_is -ge 2 6 39; then
-		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
-	else
-		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
-	fi
-
-	check_extra_config
-
-	# Check for default, useful optional features.
-	if ! linux_config_exists; then
-		ewarn "Cannot determine configuration of your kernel."
-		return
-	fi
-
-	local nf_nat_ftp_ok="yes"
-	local nf_conntrack_ftp_ok="yes"
-	local nf_conntrack_netbios_ns_ok="yes"
-
-	linux_chkconfig_present \
-		NF_NAT_FTP || nf_nat_ftp_ok="no"
-	linux_chkconfig_present \
-		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
-	linux_chkconfig_present \
-		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
-
-	# This is better than an essay for each unset option...
-	if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
-		|| [[ ${nf_conntrack_netbios_ns_ok} = no ]]
-	then
-		echo
-		local mod_msg="Kernel options listed below are not set. They are not"
-		mod_msg+=" mandatory, but they are often useful."
-		mod_msg+=" If you don't need some of them, please remove relevant"
-		mod_msg+=" module name(s) from IPT_MODULES in"
-		mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
-		mod_msg+=" Otherwise ufw may fail to start!"
-		ewarn "${mod_msg}"
-		if [[ ${nf_nat_ftp_ok} = no ]]; then
-			ewarn "NF_NAT_FTP: for better support for active mode FTP."
-		fi
-		if [[ ${nf_conntrack_ftp_ok} = no ]]; then
-			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
-		fi
-		if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
-			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
-		fi
-	fi
-}
-
-src_prepare() {
-	# Remove warning about 'state' being obsolete in iptables 1.4.16.2.
-	epatch "${FILESDIR}"/${P}-conntrack.patch
-	# Allow to remove unnecessary build time dependency
-	# on net-firewall/iptables.
-	epatch "${FILESDIR}"/${PN}-dont-check-iptables.patch
-	# Move files away from /lib/ufw.
-	epatch "${FILESDIR}"/${P}-move-path.patch
-	# Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the
-	# file).
-	epatch "${FILESDIR}"/${P}-python-abis.patch
-
-	# Set as enabled by default. User can enable or disable
-	# the service by adding or removing it to/from a runlevel.
-	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
-		|| die "sed failed (ufw.conf)"
-
-	sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
-
-	# If LINGUAS is set install selected translations only.
-	if [[ -n ${LINGUAS+set} ]]; then
-		_EMPTY_LOCALE_LIST="yes"
-		pushd locales/po > /dev/null || die
-
-		local lang
-		for lang in *.po; do
-			if ! has "${lang%.po}" ${LINGUAS}; then
-				rm "${lang}" || die
-			else
-				_EMPTY_LOCALE_LIST="no"
-			fi
-		done
-
-		popd > /dev/null || die
-	else
-		_EMPTY_LOCALE_LIST="no"
-	fi
-}
-
-src_install() {
-	newconfd "${FILESDIR}"/ufw.confd ufw
-	newinitd "${FILESDIR}"/ufw-2.initd ufw
-	systemd_dounit "${FILESDIR}/ufw.service"
-
-	exeinto /usr/share/${PN}
-	doexe tests/check-requirements
-
-	# users normally would want it
-	insinto /usr/share/doc/${PF}/logging/syslog-ng
-	doins "${FILESDIR}"/syslog-ng/*
-
-	insinto /usr/share/doc/${PF}/logging/rsyslog
-	doins "${FILESDIR}"/rsyslog/*
-	doins doc/rsyslog.example
-
-	if use examples; then
-		insinto /usr/share/doc/${PF}/examples
-		doins examples/*
-	fi
-	distutils_src_install
-	[[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
-	newbashcomp shell-completion/bash ${PN}
-}
-
-pkg_postinst() {
-	distutils_pkg_postinst
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		echo
-		elog "To enable ufw, add it to boot sequence and activate it:"
-		elog "-- # rc-update add ufw boot"
-		elog "-- # /etc/init.d/ufw start"
-		echo
-		elog "If you want to keep ufw logs in a separate file, take a look at"
-		elog "/usr/share/doc/${PF}/logging."
-	fi
-	# Make sure it gets displayed also when one downgrades from >= 0.33*,
-	# because this message isn't displayed for 0.33* (and possibly newer
-	# ones in the future) as it's not relevant there.
-	if [[ -z ${REPLACING_VERSIONS} ]] \
-		|| [[ ${REPLACING_VERSIONS} = 0.33 ]] \
-		|| [[ ${REPLACING_VERSIONS} > 0.33 ]] \
-		|| [[ ${REPLACING_VERSIONS} < 0.31.1-r2 ]]
-	then
-		echo
-		elog "Starting from ufw-0.31.1-r2, /usr/share/ufw/check-requirements"
-		elog "script is installed. It is useful for debugging problems with"
-		elog "ufw. However one should keep in mind that the script assumes"
-		elog "IPv6 is enabled on kernel and net-firewall/iptables,"
-		elog "and fails when it's not."
-	fi
-	echo
-	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
-	ewarn "default. See README, Remote Management section for more information."
-}
--- ufw.orig/ufw-0.33-r2.ebuild	2014-04-05 15:07:11.649905955 +0200
+++ ufw.orig/ufw-0.33-r2.ebuild	1970-01-01 01:00:00.000000000 +0100
@@ -1,184 +0,0 @@ 
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.33-r2.ebuild,v 1.2 2013/05/20 09:05:50 lxnay Exp $
-
-EAPI=4
-PYTHON_DEPEND="2:2.6 3:3.1"
-SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="2.5 *-jython"
-
-inherit versionator bash-completion-r1 eutils linux-info distutils systemd
-
-MY_PV_12=$(get_version_component_range 1-2)
-DESCRIPTION="A program used to manage a netfilter firewall"
-HOMEPAGE="http://launchpad.net/ufw"
-SRC_URI="http://launchpad.net/ufw/${MY_PV_12}/${PV}/+download/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="examples"
-
-DEPEND="sys-devel/gettext"
-# ipv6 forced: bug 437266
-RDEPEND=">=net-firewall/iptables-1.4[ipv6]
-	!<kde-misc/kcm-ufw-0.4.2
-	!<net-firewall/ufw-frontends-0.3.2
-"
-
-# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
-RESTRICT="test"
-
-pkg_pretend() {
-	local CONFIG_CHECK="~PROC_FS
-		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
-		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
-		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
-
-	if kernel_is -ge 2 6 39; then
-		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
-	else
-		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
-	fi
-
-	check_extra_config
-
-	# Check for default, useful optional features.
-	if ! linux_config_exists; then
-		ewarn "Cannot determine configuration of your kernel."
-		return
-	fi
-
-	if ! linux_chkconfig_present IPV6; then
-		echo
-		ewarn "This version of ufw requires that IPv6 is enabled."
-		ewarn "If you don't want it, install ${CATEGORY}/${PN}-0.31.1."
-		ewarn "More information can be found in bug 437266."
-	fi
-
-	local nf_nat_ftp_ok="yes"
-	local nf_conntrack_ftp_ok="yes"
-	local nf_conntrack_netbios_ns_ok="yes"
-
-	linux_chkconfig_present \
-		NF_NAT_FTP || nf_nat_ftp_ok="no"
-	linux_chkconfig_present \
-		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
-	linux_chkconfig_present \
-		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
-
-	# This is better than an essay for each unset option...
-	if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
-		|| [[ ${nf_conntrack_netbios_ns_ok} = no ]]
-	then
-		echo
-		local mod_msg="Kernel options listed below are not set. They are not"
-		mod_msg+=" mandatory, but they are often useful."
-		mod_msg+=" If you don't need some of them, please remove relevant"
-		mod_msg+=" module name(s) from IPT_MODULES in"
-		mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
-		mod_msg+=" Otherwise ufw may fail to start!"
-		ewarn "${mod_msg}"
-		if [[ ${nf_nat_ftp_ok} = no ]]; then
-			ewarn "NF_NAT_FTP: for better support for active mode FTP."
-		fi
-		if [[ ${nf_conntrack_ftp_ok} = no ]]; then
-			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
-		fi
-		if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
-			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
-		fi
-	fi
-}
-
-src_prepare() {
-	# Remove warning about 'state' being obsolete in iptables 1.4.16.2.
-	epatch "${FILESDIR}"/${P}-conntrack.patch
-	# Allow to remove unnecessary build time dependency
-	# on net-firewall/iptables.
-	epatch "${FILESDIR}"/${P}-dont-check-iptables.patch
-	# Move files away from /lib/ufw.
-	epatch "${FILESDIR}"/${PN}-0.31.1-move-path.patch
-	# Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the
-	# file).
-	epatch "${FILESDIR}"/${PN}-0.31.1-python-abis.patch
-
-	# Set as enabled by default. User can enable or disable
-	# the service by adding or removing it to/from a runlevel.
-	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
-		|| die "sed failed (ufw.conf)"
-
-	#sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
-
-	# If LINGUAS is set install selected translations only.
-	if [[ -n ${LINGUAS+set} ]]; then
-		_EMPTY_LOCALE_LIST="yes"
-		pushd locales/po > /dev/null || die
-
-		local lang
-		for lang in *.po; do
-			if ! has "${lang%.po}" ${LINGUAS}; then
-				rm "${lang}" || die
-			else
-				_EMPTY_LOCALE_LIST="no"
-			fi
-		done
-
-		popd > /dev/null || die
-	else
-		_EMPTY_LOCALE_LIST="no"
-	fi
-}
-
-src_install() {
-	newconfd "${FILESDIR}"/ufw.confd ufw
-	newinitd "${FILESDIR}"/ufw-2.initd ufw
-	systemd_dounit "${FILESDIR}/ufw.service"
-
-	exeinto /usr/share/${PN}
-	doexe tests/check-requirements
-
-	# users normally would want it
-	insinto /usr/share/doc/${PF}/logging/syslog-ng
-	doins "${FILESDIR}"/syslog-ng/*
-
-	insinto /usr/share/doc/${PF}/logging/rsyslog
-	doins "${FILESDIR}"/rsyslog/*
-	doins doc/rsyslog.example
-
-	if use examples; then
-		insinto /usr/share/doc/${PF}/examples
-		doins examples/*
-	fi
-	distutils_src_install
-	[[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
-	newbashcomp shell-completion/bash ${PN}
-}
-
-pkg_postinst() {
-	distutils_pkg_postinst
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		echo
-		elog "To enable ufw, add it to boot sequence and activate it:"
-		elog "-- # rc-update add ufw boot"
-		elog "-- # /etc/init.d/ufw start"
-		echo
-		elog "If you want to keep ufw logs in a separate file, take a look at"
-		elog "/usr/share/doc/${PF}/logging."
-	fi
-	if [[ -z ${REPLACING_VERSIONS} ]] \
-		|| [[ ${REPLACING_VERSIONS} < 0.33-r2 ]];
-	then
-		# etc-update etc. should show when the file needs updating
-		# but let's inform about the change
-		echo
-		elog "Because of bug 437266 this version doesn't have ipv6 USE"
-		elog "flag, so in case it's needed, please adjust 'IPV6' setting"
-		elog "in /etc/default/ufw manually. (IPv6 is enabled there by default.)"
-		# TODO: add message about check-requirements script when this
-		# bug is fixed
-	fi
-	echo
-	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
-	ewarn "default. See README, Remote Management section for more information."
-}