Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 374300 Details for
Bug 506390
net-firewall/ufw-0.34_pre805 with python-3.4 - USE_PYTHON variable contains invalid value '3.4'
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
net-firewall/ufw: clean up old versions
ufw-drop-old.patch (text/plain), 41.76 KB, created by
SÅ‚awomir Nizio
on 2014-04-05 13:39:24 UTC
(
hide
)
Description:
net-firewall/ufw: clean up old versions
Filename:
MIME Type:
Creator:
SÅ‚awomir Nizio
Created:
2014-04-05 13:39:24 UTC
Size:
41.76 KB
patch
obsolete
>diff -Naur ufw.orig/files/ufw-0.31.1-conntrack.patch ufw/files/ufw-0.31.1-conntrack.patch >--- ufw.orig/files/ufw-0.31.1-conntrack.patch 2014-04-05 15:07:11.663905955 +0200 >+++ ufw/files/ufw-0.31.1-conntrack.patch 1970-01-01 01:00:00.000000000 +0100 >@@ -1,201 +0,0 @@ >-use conntrack instead of state >-https://bugs.launchpad.net/ufw/+bug/1065297 >- >-This is a version for ufw 0.31.1. >-diff --git a/conf/before.rules b/conf/before.rules >-index bc11f36..9917b87 100644 >---- a/conf/before.rules >-+++ b/conf/before.rules >-@@ -22,12 +22,12 @@ >- -A ufw-before-output -o lo -j ACCEPT >- >- # quickly process packets for which we already have a connection >---A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT >---A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT >-+-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >-+-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >- >- # drop INVALID packets (logs these in loglevel medium and higher) >---A ufw-before-input -m state --state INVALID -j ufw-logging-deny >---A ufw-before-input -m state --state INVALID -j DROP >-+-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny >-+-A ufw-before-input -m conntrack --ctstate INVALID -j DROP >- >- # ok icmp codes >- -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT >-diff --git a/conf/before6.rules b/conf/before6.rules >-index fb1a8f1..8b7e4ff 100644 >---- a/conf/before6.rules >-+++ b/conf/before6.rules >-@@ -34,16 +34,16 @@ >- -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT >- >- # quickly process packets for which we already have a connection >---A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT >---A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT >-+-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >-+-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >- >- # for multicast ping replies from link-local addresses (these don't have an >- # associated connection and would otherwise be marked INVALID) >- -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -s fe80::/10 -j ACCEPT >- >- # drop INVALID packets (logs these in loglevel medium and higher) >---A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny >---A ufw6-before-input -m state --state INVALID -j DROP >-+-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny >-+-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP >- >- # ok icmp codes >- -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT >-diff --git a/doc/ufw-framework.8 b/doc/ufw-framework.8 >-index d9e3d5a..bfc83e2 100644 >---- a/doc/ufw-framework.8 >-+++ b/doc/ufw-framework.8 >-@@ -167,9 +167,9 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: >- net.ipv4.ip_forward=1 >- .TP >- Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: >-- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ >-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate RELATED,ESTABLISHED \\ >- \-j ACCEPT >-- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ >-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ >- \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT >- .TP >- Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: >-@@ -209,13 +209,13 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: >- net.ipv4.ip_forward=1 >- .TP >- Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: >-- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ >-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate RELATED,ESTABLISHED \\ >- \-j ACCEPT >- >-- \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m state \\ >-- \-\-state NEW \-j ACCEPT >-+ \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m conntrack \\ >-+ \-\-ctstate NEW \-j ACCEPT >- >-- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ >-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ >- \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT >- >- \-A ufw\-before\-forward \-o eth0 \-d 10.0.0.0/8 \-j REJECT >-diff --git a/src/backend_iptables.py b/src/backend_iptables.py >-index 340beba..4459a3b 100644 >---- a/src/backend_iptables.py >-+++ b/src/backend_iptables.py >-@@ -551,7 +551,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend): >- lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \ >- policy) >- if not pat_logall.search(s): >-- lstr = '-m state --state NEW ' + lstr >-+ lstr = '-m conntrack --ctstate NEW ' + lstr >- snippets[i] = pat_log.sub(r'\1-j \2\4', s) >- snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \ >- '-user-logging-' + suffix, s)) >-@@ -567,9 +567,9 @@ class UFWBackendIptables(ufw.backend.UFWBackend): >- pat_limit = re.compile(r' -j LIMIT') >- for i, s in enumerate(snippets): >- if pat_limit.search(s): >-- tmp1 = pat_limit.sub(' -m state --state NEW -m recent --set', \ >-+ tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \ >- s) >-- tmp2 = pat_limit.sub(' -m state --state NEW -m recent' + \ >-+ tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \ >- ' --update --seconds 30 --hitcount 6' + \ >- ' -j ' + prefix + '-user-limit', s) >- tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s) >-@@ -1178,12 +1178,12 @@ class UFWBackendIptables(ufw.backend.UFWBackend): >- prefix = "[UFW BLOCK] " >- if self.loglevels[level] < self.loglevels["medium"]: >- # only log INVALID in medium and higher >-- rules_t.append([c, ['-I', c, '-m', 'state', \ >-- '--state', 'INVALID', \ >-+ rules_t.append([c, ['-I', c, '-m', 'conntrack', \ >-+ '--ctstate', 'INVALID', \ >- '-j', 'RETURN'] + largs, '']) >- else: >-- rules_t.append([c, ['-A', c, '-m', 'state', \ >-- '--state', 'INVALID', \ >-+ rules_t.append([c, ['-A', c, '-m', 'conntrack', \ >-+ '--ctstate', 'INVALID', \ >- '-j', 'LOG', \ >- '--log-prefix', \ >- "[UFW AUDIT INVALID] "] + \ >-@@ -1202,7 +1202,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend): >- >- # loglevel medium logs all new packets with limit >- if self.loglevels[level] < self.loglevels["high"]: >-- largs = ['-m', 'state', '--state', 'NEW'] + limit_args >-+ largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args >- >- prefix = "[UFW AUDIT] " >- for c in self.chains['before']: >-diff --git a/src/ufw-init-functions b/src/ufw-init-functions >-index f4783e7..c5e0319 100755 >---- a/src/ufw-init-functions >-+++ b/src/ufw-init-functions >-@@ -251,15 +251,15 @@ ufw_start() { >- # add tracking policy >- if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then >- printf "*filter\n"\ >--"-A ufw${type}-track-input -p tcp -m state --state NEW -j ACCEPT\n"\ >--"-A ufw${type}-track-input -p udp -m state --state NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ >- "COMMIT\n" | $exe-restore -n || error="yes" >- fi >- >- if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then >- printf "*filter\n"\ >--"-A ufw${type}-track-output -p tcp -m state --state NEW -j ACCEPT\n"\ >--"-A ufw${type}-track-output -p udp -m state --state NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ >- "COMMIT\n" | $exe-restore -n || error="yes" >- fi >- >-diff --git a/tests/check-requirements b/tests/check-requirements >-index dbb26ec..d3ad1f8 100755 >---- a/tests/check-requirements >-+++ b/tests/check-requirements >-@@ -152,32 +152,32 @@ for i in "" 6; do >- done >- >- echo -n "hashlimit: " >-- runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT >-+ runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT >- >- echo -n "limit: " >- runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT >- >- for j in NEW RELATED ESTABLISHED INVALID; do >- echo -n "state ($j): " >-- runcmd $exe -A $c -m state --state $j >-+ runcmd $exe -A $c -m conntrack --ctstate $j >- done >- >- echo -n "state (new, recent set): " >- if [ "$i" = "6" ]; then >- echo "skipped -- IPv6 'limit' not supported by ufw yet" >- else >-- runcmd $exe -A $c -m state --state NEW -m recent --set >-+ runcmd $exe -A $c -m conntrack --ctstate NEW -m recent --set >- fi >- >- echo -n "state (new, recent update): " >- if [ "$i" = "6" ]; then >- echo "skipped -- IPv6 'limit' not supported by ufw yet" >- else >-- runcmd $exe -A $c -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT >-+ runcmd $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT >- fi >- >- echo -n "state (new, limit): " >-- runcmd $exe -A $c -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT >-+ runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT >- >- echo -n "interface (input): " >- runcmd $exe -A $c -i eth0 -j ACCEPT >diff -Naur ufw.orig/files/ufw-0.33-conntrack.patch ufw/files/ufw-0.33-conntrack.patch >--- ufw.orig/files/ufw-0.33-conntrack.patch 2014-04-05 15:07:11.662905955 +0200 >+++ ufw/files/ufw-0.33-conntrack.patch 1970-01-01 01:00:00.000000000 +0100 >@@ -1,187 +0,0 @@ >-use conntrack instead of state >-https://bugs.launchpad.net/ufw/+bug/1065297 >-diff -urp ufw-0.33.orig/conf/before6.rules ufw-0.33/conf/before6.rules >---- ufw-0.33.orig/conf/before6.rules 2012-10-10 22:26:26.021931270 +0200 >-+++ ufw-0.33/conf/before6.rules 2012-10-10 22:38:58.803605951 +0200 >-@@ -34,16 +34,16 @@ >- -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT >- >- # quickly process packets for which we already have a connection >---A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT >---A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT >-+-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >-+-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >- >- # for multicast ping replies from link-local addresses (these don't have an >- # associated connection and would otherwise be marked INVALID) >- -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -s fe80::/10 -j ACCEPT >- >- # drop INVALID packets (logs these in loglevel medium and higher) >---A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny >---A ufw6-before-input -m state --state INVALID -j DROP >-+-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny >-+-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP >- >- # ok icmp codes >- -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT >-diff -urp ufw-0.33.orig/conf/before.rules ufw-0.33/conf/before.rules >---- ufw-0.33.orig/conf/before.rules 2012-10-10 22:26:26.021931270 +0200 >-+++ ufw-0.33/conf/before.rules 2012-10-10 22:38:17.442349148 +0200 >-@@ -22,12 +22,12 @@ >- -A ufw-before-output -o lo -j ACCEPT >- >- # quickly process packets for which we already have a connection >---A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT >---A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT >-+-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >-+-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >- >- # drop INVALID packets (logs these in loglevel medium and higher) >---A ufw-before-input -m state --state INVALID -j ufw-logging-deny >---A ufw-before-input -m state --state INVALID -j DROP >-+-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny >-+-A ufw-before-input -m conntrack --ctstate INVALID -j DROP >- >- # ok icmp codes >- -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT >-diff -urp ufw-0.33.orig/doc/ufw-framework.8 ufw-0.33/doc/ufw-framework.8 >---- ufw-0.33.orig/doc/ufw-framework.8 2012-10-10 22:26:26.020931143 +0200 >-+++ ufw-0.33/doc/ufw-framework.8 2012-10-10 23:06:21.407372442 +0200 >-@@ -167,9 +167,9 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to >- net.ipv4.ip_forward=1 >- .TP >- Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: >-- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ >-- \-j ACCEPT >-- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ >-+ \-A ufw\-before\-forward \-m conntrack \\ >-+ \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT >-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ >- \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT >- .TP >- Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: >-@@ -209,13 +209,13 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to >- net.ipv4.ip_forward=1 >- .TP >- Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: >-- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ >-- \-j ACCEPT >-+ \-A ufw\-before\-forward \-m conntrack \\ >-+ \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT >- >-- \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m state \\ >-- \-\-state NEW \-j ACCEPT >-+ \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \\ >-+ \-m conntrack \-\-ctstate NEW \-j ACCEPT >- >-- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ >-+ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ >- \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT >- >- \-A ufw\-before\-forward \-o eth0 \-d 10.0.0.0/8 \-j REJECT >-diff -urp ufw-0.33.orig/src/backend_iptables.py ufw-0.33/src/backend_iptables.py >---- ufw-0.33.orig/src/backend_iptables.py 2012-10-10 22:26:26.022931397 +0200 >-+++ ufw-0.33/src/backend_iptables.py 2012-10-10 22:29:53.981361845 +0200 >-@@ -558,7 +558,7 @@ class UFWBackendIptables(ufw.backend.UFW >- lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \ >- policy) >- if not pat_logall.search(s): >-- lstr = '-m state --state NEW ' + lstr >-+ lstr = '-m conntrack --ctstate NEW ' + lstr >- snippets[i] = pat_log.sub(r'\1-j \2\4', s) >- snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \ >- '-user-logging-' + suffix, s)) >-@@ -574,9 +574,9 @@ class UFWBackendIptables(ufw.backend.UFW >- pat_limit = re.compile(r' -j LIMIT') >- for i, s in enumerate(snippets): >- if pat_limit.search(s): >-- tmp1 = pat_limit.sub(' -m state --state NEW -m recent --set', \ >-+ tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \ >- s) >-- tmp2 = pat_limit.sub(' -m state --state NEW -m recent' + \ >-+ tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \ >- ' --update --seconds 30 --hitcount 6' + \ >- ' -j ' + prefix + '-user-limit', s) >- tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s) >-@@ -1196,12 +1196,12 @@ class UFWBackendIptables(ufw.backend.UFW >- prefix = "[UFW BLOCK] " >- if self.loglevels[level] < self.loglevels["medium"]: >- # only log INVALID in medium and higher >-- rules_t.append([c, ['-I', c, '-m', 'state', \ >-- '--state', 'INVALID', \ >-+ rules_t.append([c, ['-I', c, '-m', 'conntrack', \ >-+ '--ctstate', 'INVALID', \ >- '-j', 'RETURN'] + largs, '']) >- else: >-- rules_t.append([c, ['-A', c, '-m', 'state', \ >-- '--state', 'INVALID', \ >-+ rules_t.append([c, ['-A', c, '-m', 'conntrack', \ >-+ '--ctstate', 'INVALID', \ >- '-j', 'LOG', \ >- '--log-prefix', \ >- "[UFW AUDIT INVALID] "] + \ >-@@ -1220,7 +1220,7 @@ class UFWBackendIptables(ufw.backend.UFW >- >- # loglevel medium logs all new packets with limit >- if self.loglevels[level] < self.loglevels["high"]: >-- largs = ['-m', 'state', '--state', 'NEW'] + limit_args >-+ largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args >- >- prefix = "[UFW AUDIT] " >- for c in self.chains['before']: >-diff -urp ufw-0.33.orig/src/ufw-init-functions ufw-0.33/src/ufw-init-functions >---- ufw-0.33.orig/src/ufw-init-functions 2012-10-10 22:26:26.023931524 +0200 >-+++ ufw-0.33/src/ufw-init-functions 2012-10-10 22:48:38.305257627 +0200 >-@@ -251,15 +251,15 @@ ufw_start() { >- # add tracking policy >- if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then >- printf "*filter\n"\ >--"-A ufw${type}-track-input -p tcp -m state --state NEW -j ACCEPT\n"\ >--"-A ufw${type}-track-input -p udp -m state --state NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ >- "COMMIT\n" | $exe-restore -n || error="yes" >- fi >- >- if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then >- printf "*filter\n"\ >--"-A ufw${type}-track-output -p tcp -m state --state NEW -j ACCEPT\n"\ >--"-A ufw${type}-track-output -p udp -m state --state NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ >-+"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ >- "COMMIT\n" | $exe-restore -n || error="yes" >- fi >- >-diff -urp ufw-0.33.orig/tests/check-requirements ufw-0.33/tests/check-requirements >---- ufw-0.33.orig/tests/check-requirements 2012-10-10 22:26:25.944921482 +0200 >-+++ ufw-0.33/tests/check-requirements 2012-10-10 22:41:54.378920671 +0200 >-@@ -167,24 +167,24 @@ for i in "" 6; do >- done >- >- echo -n "hashlimit: " >-- runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT >-+ runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT >- >- echo -n "limit: " >- runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT >- >- for j in NEW RELATED ESTABLISHED INVALID; do >- echo -n "state ($j): " >-- runcmd $exe -A $c -m state --state $j >-+ runcmd $exe -A $c -m conntrack --ctstate $j >- done >- >- echo -n "state (new, recent set): " >-- runcmd runtime $exe -A $c -m state --state NEW -m recent --set >-+ runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --set >- >- echo -n "state (new, recent update): " >-- runcmd runtime $exe -A $c -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT >-+ runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT >- >- echo -n "state (new, limit): " >-- runcmd $exe -A $c -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT >-+ runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT >- >- echo -n "interface (input): " >- runcmd $exe -A $c -i eth0 -j ACCEPT >diff -Naur ufw.orig/files/ufw-dont-check-iptables.patch ufw/files/ufw-dont-check-iptables.patch >--- ufw.orig/files/ufw-dont-check-iptables.patch 2014-04-05 15:07:11.663905955 +0200 >+++ ufw/files/ufw-dont-check-iptables.patch 1970-01-01 01:00:00.000000000 +0100 >@@ -1,45 +0,0 @@ >---- setup.py 2011-03-22 19:00:03.000000000 +0100 >-+++ setup.py 2011-06-10 19:28:41.798000241 +0200 >-@@ -224,41 +224,7 @@ >- os.unlink(os.path.join('staging', 'ufw-init')) >- os.unlink(os.path.join('staging', 'ufw-init-functions')) >- >--iptables_exe = '' >--iptables_dir = '' >-- >--for e in ['iptables']: >-- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ >-- '/usr/local/bin']: >-- if e == "iptables": >-- if os.path.exists(os.path.join(dir, e)): >-- iptables_dir = dir >-- iptables_exe = os.path.join(iptables_dir, "iptables") >-- print "Found '%s'" % iptables_exe >-- else: >-- continue >-- >-- if iptables_exe != "": >-- break >-- >-- >--if iptables_exe == '': >-- print >> sys.stderr, "ERROR: could not find required binary 'iptables'" >-- sys.exit(1) >-- >--for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: >-- if not os.path.exists(os.path.join(iptables_dir, e)): >-- print >> sys.stderr, "ERROR: could not find required binary '%s'" % (e) >-- sys.exit(1) >-- >--(rc, out) = cmd([iptables_exe, '-V']) >--if rc != 0: >-- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ >-- (iptables_exe)) >--version = re.sub('^v', '', re.split('\s', out)[1]) >--print "Found '%s' version '%s'" % (iptables_exe, version) >--if version < "1.4": >-- print >> sys.stderr, "WARN: version '%s' has limited IPv6 support. See README for details." % (version) >-+iptables_dir = '/sbin' >- >- setup (name='ufw', >- version=ufw_version, >diff -Naur ufw.orig/Manifest ufw/Manifest >--- ufw.orig/Manifest 2014-04-05 15:07:11.691905955 +0200 >+++ ufw/Manifest 2014-04-05 15:26:51.173892698 +0200 >@@ -1,30 +1,13 @@ >------BEGIN PGP SIGNED MESSAGE----- >-Hash: SHA256 >- > AUX rsyslog/ufw.logrotate 178 SHA256 02d1a00ca68446fbe056a4c3aede319f77b3262e26092cc04ea46de8923d03f8 SHA512 d381a34b23d8656c316af69c07d49042d6c4def4cea3e51367210bce20681376fd0259a95b6b9403171c5d80732927a8880f3d401e13e6f76b505324eecb146b WHIRLPOOL 10b63f8966ad7ad0894a18216a0102fc8a102b14c8f9fb468a4a8d61ae13b1ec3176c7bb9ffb852f8aaa4ac7874584a8f8f5a2d6e98fa3fb56f5945e9bd99139 > AUX syslog-ng/syslog-ng.example 381 SHA256 70a795c1b20e2cdef38565d74b9de042c6666f860a2fd1b3bdc6f31dd451bc68 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e WHIRLPOOL 44874c68257b6f9a53e7fd1affc6ccf2492d9ec09a4700a17239fb3e413e2dcf2ede87eafb1e253d965c27a1c5ead36c413c8c84ec3ed55f5cf2191b927aacbe > AUX syslog-ng/ufw.logrotate 269 SHA256 cddd86613bde19b45f0f935c65bb43721f69aefc14e7d629612b23ea3b5c5c97 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d WHIRLPOOL 5da4f8c615667d829ea4eb318ec01b712adf69002dcf8c3df7deba8fa3e49e426b1c00e468805ba571ed2f2ce05fa81b7e2ac83e7231de3f3305d6ce190264e5 >-AUX ufw-0.31.1-conntrack.patch 9842 SHA256 e91af8e88c896fd2e05b4143f361a72bc8ae78c8ab0c5afb8a26ea416f7bb631 SHA512 c7fab58aec12f47a492e8ad94e2ffbb471daf6292b6c9272396754cc25a6d2a164f3c383fd7e933a0d624d55a5b4b7a385a1fd31ef74162b7e819284c25a4fd7 WHIRLPOOL 96aa69e0aad4df20b14231edda6434f95be144d302484ef71bec4b6d6d4518714a852d1844d5aa33eaa7845a70659ab42006881297eecc5237f7c93b3907af9b > AUX ufw-0.31.1-move-path.patch 7071 SHA256 88a7b20696b731bac01b3c5d88b0353842b1228d3239cfebe1f2a47c1bdb6768 SHA512 66382ded35437e563c874dc01417a2735a2aa136a1e670fd3707c3311516a6d9a0e62a20679a4f5dcaa2edc0225535cf2410d7f86676b1e10eb309ecc3e24bc2 WHIRLPOOL 89e3165900def8380cade3eb62fc351be9e43c8055f4b71c356f3aa5356b0c57154e18485d94e0ca86462da7c55b1b4755de379a88f1958d313b93c0ec723715 > AUX ufw-0.31.1-python-abis.patch 1872 SHA256 1e3094135d71e7e7129b2d268d79c73990f0a6f61f2bb6456d3f3654b4975463 SHA512 fbe65a6775426c66cd82382e62eea3a2179d68a0b6c617cc468e7076e2f58493baffde686b65e6bf3a89ea7fdda48a5a42d152b1be388c943408532f47d4402a WHIRLPOOL 62e68d1ef8aaa4963765599ca6701af18bcdef8f6a20607ce433b5294baa9c5ba75b3d41266d9a8bd82febe3a3ac75c6fcb2326fbc5cafa31634ec96a4407b10 >-AUX ufw-0.33-conntrack.patch 10055 SHA256 e034feba3bdeca0d4e9aed0555d88838e49804542174b988f9a7fbf8b8dc759d SHA512 7de6358ec0bf6696c4c26aab2729b9160e16ce44a67b5b634ad935fb4bf218b1b79d599f9d679f8f2a147861d865a098729fe3dbc0db110135bf5a78acfd6d53 WHIRLPOOL a3d543abf0ac1d6ca11a4754ab296c9e6f28809e8b746986524aa5d0e162f78d5a5abd586ff172618e8d79354c43429de3cc0b0e9a3d1bf91d662071c3cd2cfc > AUX ufw-0.33-dont-check-iptables.patch 1659 SHA256 8a3ae20d399e83aa9c779dfed1f65d99b277263681b1a3e7e9e86143d5fabd0a SHA512 8f92d4b79f1caf01cb97ec64014c7607a410fb0a36e5e87376707c026d714a060ae554591b6e5b3834b671acd4145dcca68a9373aa41051ef60c9dd409dd008d WHIRLPOOL 8f897654bde85d84b17dc32507c5a469fe04eb2201acb55bfd02a76346620399dbcb9c7d0ce19f48285f6eec5de0a5d96420483d6a0b7a4c31a41fa329f91180 > AUX ufw-2.initd 2722 SHA256 657b5305923b2a5de9eb96931aaaa28d6e997ace6c40793d905887798094258c SHA512 54cb84ae5ce2c327a7a7b03deeed3d7507a4716ce929aa563d4fb5baa9aa73d95575ec7d5db7165345310869bd5a60b1033c6691f02a85ab94baa6b4a550daa7 WHIRLPOOL c19a21c93f0c63165715e8da4ab9b16a4596ccc3730118c1bbd7eb4de9a94b2b1475904818a2786b2490a07dee7d761da28ca6dc087926c27598d691cb333ce6 >-AUX ufw-dont-check-iptables.patch 1572 SHA256 2ea0f9525baa82386690577525631f468e56a0fbde0e7e5a65fba36c922ea96f SHA512 c072e924ed5c7df37d89dd9dc8ecb9a52f16fcd962a31d97f45cecefb971adcceabff183bec386be29f44942d12f8bce595ff4203e390ce464627458843b19cb WHIRLPOOL a1ee6799042353f32a1746b14017403994d60dc1ba7e67581ebdff3d93e37e72c7224708d2c0d1bef25ce311ad5c647cd5f0fa62ea4da60321e47f922f64c54d > AUX ufw.confd 219 SHA256 069aa7382b40aecebf26ef53f3f4c49890314e0357925c84b3c15f1d0b913be0 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 WHIRLPOOL e6c4537392921c63f8a57fab7ea269fbeea846468ef8968816d988556557495e8abb77aee9d60648a1483a599683613cf5ea832cbcf498a8828baa9abcd31752 > AUX ufw.service 329 SHA256 1c600d9b9425485a0536fdf77a39fbf94bfcaade686789d6c4f3f1aac08ffe69 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7 WHIRLPOOL a00069a5582b9c52b5ff9a9c88b03294140dd06596ea0fbcbd0e7f6de016b1eed97840728c932a82f18762c84c9e8849f86ee504b49931420f2d097bb9b0ebd6 >-DIST ufw-0.31.1.tar.gz 322448 SHA256 ccf5e00aa76841b9467ad9506fbf96373fb24a4b26bffd858ea1eb2522491dcb SHA512 3c9e61be7ba18ccdbd8195517f0b74a418b460f91b6efcdf0d883fc1dca2bc376ee317836882b67d2fd4825c2e5374d9c6a5da3d77f98794b64c98071d3ac0dc WHIRLPOOL 35064e73f892d6a94413f3560f5f0af945c972b673da4980af0a60576cc641810a74d76ed196935abaf9c2b395c2cc7250b6d27e710e284cbf2df014a6f0820d >-DIST ufw-0.33.tar.gz 332893 SHA256 5f85a8084ad3539b547bec097286948233188c971f498890316dec170bdd1da8 SHA512 a908d0a2c74bedef418b28f1701048bc9281f314ff747fb1e9497ddee341dbf86402215c470b605523b03a12b2dec812cd7342c310c04231dbed5b6f8e783309 WHIRLPOOL bdd09fbdc2514061b6971e06fa05d6fee04e29c2cecf0c12b237349071e88d188aa8a7bd5c54f5cf3cccd4ddf8d2e3d2bb6ed0db92538b7d76cea471d74848c1 > DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829 >-EBUILD ufw-0.31.1-r2.ebuild 5587 SHA256 8ff4d7fcf67686d85b18cc094c19c7625d9e980f3c6747cca04c796c3c997e3a SHA512 ecea06b997f91cbed3500e84678c65a3ecd6eca9acfc877888ddabf6d4cbefd95a8f8c66f5f9185c5d4a06d92a31b7780bc4adfaefffb4ec4b6907d49fb2edbb WHIRLPOOL da35894ce419296a4ad415f05f84fbdea701200be55bcf8acd975a040fa6e1eb983d6e27f2ee31290e6c7b30803d19accf2470015aa4c331ee3d1615dab09903 >-EBUILD ufw-0.33-r2.ebuild 5665 SHA256 77e14c04d236925a4608a55307dea92c137583a304d4cf685f87bcc114b3f26d SHA512 4614dcb6fd4f8d102fe344e7eac1f46d0c8ea8ed7153edd67111aab58e1f8c9ac37208da7fd5472dc6bad0081788d181e4062d58481f963663e9c9bc0993e043 WHIRLPOOL 6711f39ca765009e1a545787b18e11b67ec92a4dd11245c753b636c7ea865dbbbbd974fb542532f26a3dc119c0db0a3dc929549109b4b8fc5a6e76700c1ccdee > EBUILD ufw-0.34_pre805.ebuild 5415 SHA256 2a5191348122b729d4cefccb4f65e9714c704e61afff25dcedc530e12284c5a2 SHA512 378e32a0e135eafc33cb2134a26a0fa9590b86d9abd8008bb7086d0739a0e106f36cc127069d5145659dce9607734b6344804dc0b3914ae7efdc867885c1b504 WHIRLPOOL 13cdf52c7824fd06d407e0e3bd8333fda9dc7f6af2164b6cfe1ed95fab4ddf313df347c86793ee9e4d26b805bcd7118e4c38cce4cee2041ea5fe15900f51a788 > MISC ChangeLog 3412 SHA256 e40b5094a14577b02edf32e128c1007ffb3ed1e3428fd92752746bddd4031cfc SHA512 891a4f1369ae1926e65f4744544142f70c7ebb7ec9d1ac4d9f421f9c848e863743b2b593447c16b67bc30f1bb55b8ffae65e0d297344e09142cc0d36ffa1b536 WHIRLPOOL c360c1bb16cec63b6b8bcae25d5959427bcac9ac82186ab1f4b585c26ae0771179a026f8112e7ed9672cc6364d612a3a866e20180aeb65c6e4d592574309ac53 > MISC metadata.xml 568 SHA256 0fea99101adbd93b9a644642cf668a7cb5d6392c840b66b4c8aca504985c4033 SHA512 5ac4c205a5df4c0bf11f22d442457c5a50535ebf007fb01bb07e9480f9d854eb053bdd220519e37e0602e1d3ec0043bab7e1865bf9c2e8339b76538719285e96 WHIRLPOOL 122348f9b736392521b10685d03ce3105abec78c8a1378ed1e1b86f9bf6097b1b6be66ce172e1cc92e813c21c8722a4f44e52ee63bfd2c327c9e2c844faf1d13 >------BEGIN PGP SIGNATURE----- >-Version: GnuPG v2.0.19 (GNU/Linux) >- >-iEYEAREIAAYFAlGZ51wACgkQfaj9zK3JFuU8agCfaSghPqtPnfhwkx1lEMazNSq5 >-iyEAnjHVFS+FmCLVkeQ5tpq6WzXjjixH >-=Uc3e >------END PGP SIGNATURE----- >diff -Naur ufw.orig/ufw-0.31.1-r2.ebuild ufw/ufw-0.31.1-r2.ebuild >--- ufw.orig/ufw-0.31.1-r2.ebuild 2014-04-05 15:07:11.649905955 +0200 >+++ ufw/ufw-0.31.1-r2.ebuild 1970-01-01 01:00:00.000000000 +0100 >@@ -1,179 +0,0 @@ >-# Copyright 1999-2013 Gentoo Foundation >-# Distributed under the terms of the GNU General Public License v2 >-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.31.1-r2.ebuild,v 1.2 2013/05/20 09:05:50 lxnay Exp $ >- >-EAPI=4 >-PYTHON_DEPEND="2:2.5" >-SUPPORT_PYTHON_ABIS="1" >-RESTRICT_PYTHON_ABIS="3.* *-jython" >- >-inherit versionator bash-completion-r1 eutils linux-info distutils systemd >- >-MY_PV_12=$(get_version_component_range 1-2) >-DESCRIPTION="A program used to manage a netfilter firewall" >-HOMEPAGE="http://launchpad.net/ufw" >-SRC_URI="http://launchpad.net/ufw/${MY_PV_12}/${PV}/+download/${P}.tar.gz" >- >-LICENSE="GPL-3" >-SLOT="0" >-KEYWORDS="~amd64 ~x86" >-IUSE="examples ipv6" >- >-DEPEND="sys-devel/gettext" >-RDEPEND=">=net-firewall/iptables-1.4[ipv6?] >- !<kde-misc/kcm-ufw-0.4.2 >- !<net-firewall/ufw-frontends-0.3.2 >-" >- >-# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 >-RESTRICT="test" >- >-pkg_pretend() { >- local CONFIG_CHECK="~PROC_FS >- ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL >- ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT >- ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" >- >- if kernel_is -ge 2 6 39; then >- CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" >- else >- CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" >- fi >- >- check_extra_config >- >- # Check for default, useful optional features. >- if ! linux_config_exists; then >- ewarn "Cannot determine configuration of your kernel." >- return >- fi >- >- local nf_nat_ftp_ok="yes" >- local nf_conntrack_ftp_ok="yes" >- local nf_conntrack_netbios_ns_ok="yes" >- >- linux_chkconfig_present \ >- NF_NAT_FTP || nf_nat_ftp_ok="no" >- linux_chkconfig_present \ >- NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" >- linux_chkconfig_present \ >- NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" >- >- # This is better than an essay for each unset option... >- if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ >- || [[ ${nf_conntrack_netbios_ns_ok} = no ]] >- then >- echo >- local mod_msg="Kernel options listed below are not set. They are not" >- mod_msg+=" mandatory, but they are often useful." >- mod_msg+=" If you don't need some of them, please remove relevant" >- mod_msg+=" module name(s) from IPT_MODULES in" >- mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." >- mod_msg+=" Otherwise ufw may fail to start!" >- ewarn "${mod_msg}" >- if [[ ${nf_nat_ftp_ok} = no ]]; then >- ewarn "NF_NAT_FTP: for better support for active mode FTP." >- fi >- if [[ ${nf_conntrack_ftp_ok} = no ]]; then >- ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." >- fi >- if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then >- ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." >- fi >- fi >-} >- >-src_prepare() { >- # Remove warning about 'state' being obsolete in iptables 1.4.16.2. >- epatch "${FILESDIR}"/${P}-conntrack.patch >- # Allow to remove unnecessary build time dependency >- # on net-firewall/iptables. >- epatch "${FILESDIR}"/${PN}-dont-check-iptables.patch >- # Move files away from /lib/ufw. >- epatch "${FILESDIR}"/${P}-move-path.patch >- # Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the >- # file). >- epatch "${FILESDIR}"/${P}-python-abis.patch >- >- # Set as enabled by default. User can enable or disable >- # the service by adding or removing it to/from a runlevel. >- sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ >- || die "sed failed (ufw.conf)" >- >- sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die >- >- # If LINGUAS is set install selected translations only. >- if [[ -n ${LINGUAS+set} ]]; then >- _EMPTY_LOCALE_LIST="yes" >- pushd locales/po > /dev/null || die >- >- local lang >- for lang in *.po; do >- if ! has "${lang%.po}" ${LINGUAS}; then >- rm "${lang}" || die >- else >- _EMPTY_LOCALE_LIST="no" >- fi >- done >- >- popd > /dev/null || die >- else >- _EMPTY_LOCALE_LIST="no" >- fi >-} >- >-src_install() { >- newconfd "${FILESDIR}"/ufw.confd ufw >- newinitd "${FILESDIR}"/ufw-2.initd ufw >- systemd_dounit "${FILESDIR}/ufw.service" >- >- exeinto /usr/share/${PN} >- doexe tests/check-requirements >- >- # users normally would want it >- insinto /usr/share/doc/${PF}/logging/syslog-ng >- doins "${FILESDIR}"/syslog-ng/* >- >- insinto /usr/share/doc/${PF}/logging/rsyslog >- doins "${FILESDIR}"/rsyslog/* >- doins doc/rsyslog.example >- >- if use examples; then >- insinto /usr/share/doc/${PF}/examples >- doins examples/* >- fi >- distutils_src_install >- [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo >- newbashcomp shell-completion/bash ${PN} >-} >- >-pkg_postinst() { >- distutils_pkg_postinst >- if [[ -z ${REPLACING_VERSIONS} ]]; then >- echo >- elog "To enable ufw, add it to boot sequence and activate it:" >- elog "-- # rc-update add ufw boot" >- elog "-- # /etc/init.d/ufw start" >- echo >- elog "If you want to keep ufw logs in a separate file, take a look at" >- elog "/usr/share/doc/${PF}/logging." >- fi >- # Make sure it gets displayed also when one downgrades from >= 0.33*, >- # because this message isn't displayed for 0.33* (and possibly newer >- # ones in the future) as it's not relevant there. >- if [[ -z ${REPLACING_VERSIONS} ]] \ >- || [[ ${REPLACING_VERSIONS} = 0.33 ]] \ >- || [[ ${REPLACING_VERSIONS} > 0.33 ]] \ >- || [[ ${REPLACING_VERSIONS} < 0.31.1-r2 ]] >- then >- echo >- elog "Starting from ufw-0.31.1-r2, /usr/share/ufw/check-requirements" >- elog "script is installed. It is useful for debugging problems with" >- elog "ufw. However one should keep in mind that the script assumes" >- elog "IPv6 is enabled on kernel and net-firewall/iptables," >- elog "and fails when it's not." >- fi >- echo >- ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" >- ewarn "default. See README, Remote Management section for more information." >-} >diff -Naur ufw.orig/ufw-0.33-r2.ebuild ufw/ufw-0.33-r2.ebuild >--- ufw.orig/ufw-0.33-r2.ebuild 2014-04-05 15:07:11.649905955 +0200 >+++ ufw/ufw-0.33-r2.ebuild 1970-01-01 01:00:00.000000000 +0100 >@@ -1,184 +0,0 @@ >-# Copyright 1999-2013 Gentoo Foundation >-# Distributed under the terms of the GNU General Public License v2 >-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ufw/ufw-0.33-r2.ebuild,v 1.2 2013/05/20 09:05:50 lxnay Exp $ >- >-EAPI=4 >-PYTHON_DEPEND="2:2.6 3:3.1" >-SUPPORT_PYTHON_ABIS="1" >-RESTRICT_PYTHON_ABIS="2.5 *-jython" >- >-inherit versionator bash-completion-r1 eutils linux-info distutils systemd >- >-MY_PV_12=$(get_version_component_range 1-2) >-DESCRIPTION="A program used to manage a netfilter firewall" >-HOMEPAGE="http://launchpad.net/ufw" >-SRC_URI="http://launchpad.net/ufw/${MY_PV_12}/${PV}/+download/${P}.tar.gz" >- >-LICENSE="GPL-3" >-SLOT="0" >-KEYWORDS="~amd64 ~x86" >-IUSE="examples" >- >-DEPEND="sys-devel/gettext" >-# ipv6 forced: bug 437266 >-RDEPEND=">=net-firewall/iptables-1.4[ipv6] >- !<kde-misc/kcm-ufw-0.4.2 >- !<net-firewall/ufw-frontends-0.3.2 >-" >- >-# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 >-RESTRICT="test" >- >-pkg_pretend() { >- local CONFIG_CHECK="~PROC_FS >- ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL >- ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT >- ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" >- >- if kernel_is -ge 2 6 39; then >- CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" >- else >- CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" >- fi >- >- check_extra_config >- >- # Check for default, useful optional features. >- if ! linux_config_exists; then >- ewarn "Cannot determine configuration of your kernel." >- return >- fi >- >- if ! linux_chkconfig_present IPV6; then >- echo >- ewarn "This version of ufw requires that IPv6 is enabled." >- ewarn "If you don't want it, install ${CATEGORY}/${PN}-0.31.1." >- ewarn "More information can be found in bug 437266." >- fi >- >- local nf_nat_ftp_ok="yes" >- local nf_conntrack_ftp_ok="yes" >- local nf_conntrack_netbios_ns_ok="yes" >- >- linux_chkconfig_present \ >- NF_NAT_FTP || nf_nat_ftp_ok="no" >- linux_chkconfig_present \ >- NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" >- linux_chkconfig_present \ >- NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" >- >- # This is better than an essay for each unset option... >- if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ >- || [[ ${nf_conntrack_netbios_ns_ok} = no ]] >- then >- echo >- local mod_msg="Kernel options listed below are not set. They are not" >- mod_msg+=" mandatory, but they are often useful." >- mod_msg+=" If you don't need some of them, please remove relevant" >- mod_msg+=" module name(s) from IPT_MODULES in" >- mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." >- mod_msg+=" Otherwise ufw may fail to start!" >- ewarn "${mod_msg}" >- if [[ ${nf_nat_ftp_ok} = no ]]; then >- ewarn "NF_NAT_FTP: for better support for active mode FTP." >- fi >- if [[ ${nf_conntrack_ftp_ok} = no ]]; then >- ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." >- fi >- if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then >- ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." >- fi >- fi >-} >- >-src_prepare() { >- # Remove warning about 'state' being obsolete in iptables 1.4.16.2. >- epatch "${FILESDIR}"/${P}-conntrack.patch >- # Allow to remove unnecessary build time dependency >- # on net-firewall/iptables. >- epatch "${FILESDIR}"/${P}-dont-check-iptables.patch >- # Move files away from /lib/ufw. >- epatch "${FILESDIR}"/${PN}-0.31.1-move-path.patch >- # Contains fixes related to SUPPORT_PYTHON_ABIS="1" (see comment in the >- # file). >- epatch "${FILESDIR}"/${PN}-0.31.1-python-abis.patch >- >- # Set as enabled by default. User can enable or disable >- # the service by adding or removing it to/from a runlevel. >- sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ >- || die "sed failed (ufw.conf)" >- >- #sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die >- >- # If LINGUAS is set install selected translations only. >- if [[ -n ${LINGUAS+set} ]]; then >- _EMPTY_LOCALE_LIST="yes" >- pushd locales/po > /dev/null || die >- >- local lang >- for lang in *.po; do >- if ! has "${lang%.po}" ${LINGUAS}; then >- rm "${lang}" || die >- else >- _EMPTY_LOCALE_LIST="no" >- fi >- done >- >- popd > /dev/null || die >- else >- _EMPTY_LOCALE_LIST="no" >- fi >-} >- >-src_install() { >- newconfd "${FILESDIR}"/ufw.confd ufw >- newinitd "${FILESDIR}"/ufw-2.initd ufw >- systemd_dounit "${FILESDIR}/ufw.service" >- >- exeinto /usr/share/${PN} >- doexe tests/check-requirements >- >- # users normally would want it >- insinto /usr/share/doc/${PF}/logging/syslog-ng >- doins "${FILESDIR}"/syslog-ng/* >- >- insinto /usr/share/doc/${PF}/logging/rsyslog >- doins "${FILESDIR}"/rsyslog/* >- doins doc/rsyslog.example >- >- if use examples; then >- insinto /usr/share/doc/${PF}/examples >- doins examples/* >- fi >- distutils_src_install >- [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo >- newbashcomp shell-completion/bash ${PN} >-} >- >-pkg_postinst() { >- distutils_pkg_postinst >- if [[ -z ${REPLACING_VERSIONS} ]]; then >- echo >- elog "To enable ufw, add it to boot sequence and activate it:" >- elog "-- # rc-update add ufw boot" >- elog "-- # /etc/init.d/ufw start" >- echo >- elog "If you want to keep ufw logs in a separate file, take a look at" >- elog "/usr/share/doc/${PF}/logging." >- fi >- if [[ -z ${REPLACING_VERSIONS} ]] \ >- || [[ ${REPLACING_VERSIONS} < 0.33-r2 ]]; >- then >- # etc-update etc. should show when the file needs updating >- # but let's inform about the change >- echo >- elog "Because of bug 437266 this version doesn't have ipv6 USE" >- elog "flag, so in case it's needed, please adjust 'IPV6' setting" >- elog "in /etc/default/ufw manually. (IPv6 is enabled there by default.)" >- # TODO: add message about check-requirements script when this >- # bug is fixed >- fi >- echo >- ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" >- ewarn "default. See README, Remote Management section for more information." >-}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=374300">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 506390
: 374300 |
374302
|
374304
