diff options
| author |   Stuart Shelton <stuart@shelton.me> | 2016-11-24 02:18:44 +0000 |
|---|---|---|
| committer | Stuart Shelton <stuart@shelton.me> | 2016-11-24 02:18:44 +0000 |
| commit | f17c73440ab01d68f1ee25d2a41f322434d1b67e (patch) | |
| tree | 013928d57110a63f7fcf80d81400db523b4a2554 /net-firewall | |
| parent | Update sys-devel/gcc-4.9.4 (diff) | |
| download | srcshelton-f17c73440ab01d68f1ee25d2a41f322434d1b67e.tar.gz srcshelton-f17c73440ab01d68f1ee25d2a41f322434d1b67e.tar.bz2 srcshelton-f17c73440ab01d68f1ee25d2a41f322434d1b67e.zip | |
Update files which haven't been tracking upstream
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/conntrack-tools/Manifest | 2 | ||||
| -rw-r--r-- | net-firewall/conntrack-tools/files/conntrackd.initd-r3 | 2 | ||||
| -rw-r--r-- | net-firewall/ebtables/Manifest | 4 | ||||
| -rw-r--r-- | net-firewall/ebtables/files/ebtables.confd-r1 | 3 | ||||
| -rw-r--r-- | net-firewall/ebtables/files/ebtables.initd-r1 | 4 | ||||
| -rw-r--r-- | net-firewall/iptables/Manifest | 6 | ||||
| -rwxr-xr-x | net-firewall/iptables/files/iptables.init | 4 | ||||
| -rw-r--r-- | net-firewall/iptables/files/systemd/ip6tables-restore.service | 4 | ||||
| -rw-r--r-- | net-firewall/iptables/files/systemd/iptables-restore.service | 4 | ||||
| -rw-r--r-- | net-firewall/nftables/Manifest | 2 | ||||
| -rw-r--r-- | net-firewall/nftables/files/nftables.init | 226 |
11 files changed, 108 insertions, 153 deletions
diff --git a/net-firewall/conntrack-tools/Manifest b/net-firewall/conntrack-tools/Manifest index d897970c..2709ff9d 100644 --- a/net-firewall/conntrack-tools/Manifest +++ b/net-firewall/conntrack-tools/Manifest @@ -1,4 +1,4 @@ AUX conntrackd.confd-r2 441 SHA256 f125578f9f4a79c8202beb15e55a87a59030e3c7d96c7a17ecbaf66e7801e687 SHA512 8ebce88006c750dc899a6a104f73c8a180f8909ffb1af4fc2feb4586f177ea59206f1fb47a9cc8fb6d47d187e4cd5fb7310f90a29a57674a539e5e7b770221a0 WHIRLPOOL c80790b66b24dca7be678141a68f1a880b8e6991bf2667d2a95047d5ee98cd1558cf9c47abff909c6fa0461f67a17c2399ed29b678a1f0210945329bd6a7d362 -AUX conntrackd.initd-r3 2239 SHA256 163057f137040111394aaeaecb325ed09d8d94088dcfbbd4f0d8e7ae2b102b1f SHA512 8e84b2aa9dbbeaf1434ba7f90086b1cf6ddaa2e09f296a78f514ad17bcdc7a480294cd80bf0bb54374bb5e898bb30e752ceb659c6a4a03077077813c874a7098 WHIRLPOOL f2cc1aab46532f3e2ff08f20d128a45e3718368fe8511450360f3ba0c4ff7ee167e66ef6fbe95ae868eb6238b37bb75ee9664541d46277f06b8948d194bf19df +AUX conntrackd.initd-r3 2240 SHA256 7eaa9b0e0c281e863b5dea768a56bc2ed0033acc4bfb03666d90ef5576bf4aee SHA512 82210b081cc912d5b1096f9f1b26fc0750ff9455c67980a01acf86f1423686f1bd871f28c0e9a05aedae83745c72ce23ce3b2d338e1b90413ff258e2d56cc047 WHIRLPOOL 0256b4061f73c13e6b5683328046d97a84c15234ec9a065d3eda3f01fb7b0b48fa28bbb6266bcf5bbde6ca4de1cd4815568f3658d0f36bdee90d19abe3bb0537 DIST conntrack-tools-1.4.2.tar.bz2 472074 SHA256 e5c423dc077f9ca8767eaa6cf40446943905711c6a8fe27f9cc1977d4d6aa11e SHA512 1fed742593caf8bbac96a58df8f7e806d1c0f1dfea8fc601d65aa89b4243b1022949a2bf03ab0ca25994a13e50b3b1ee43a31827e0dc4da1399801ddac623d56 WHIRLPOOL 7405e8b812c98c06bdcdbfea983178f5830001cf247b9a63aac6e19e2497b1bf2bdf8c7c6445dad60f5463eff6cc0ea58d14eca2990b2b3b3f54032daca85572 EBUILD conntrack-tools-1.4.2.ebuild 1862 SHA256 031fb50e1f9551550d2a97adc33ae8f4b14991709b63ed6670ea3960b7d21a8e SHA512 9903d65ea46f838b8baa1a4d5f338451a855e302e46475071016ac886aa61c7ed98a7e2368bf5ec511f816c4ce45b50c0f3720b486a56f6aed3bb9a4d676e2af WHIRLPOOL b9ff84432ef5477d5570d4b5dd011692dafefa75b48b7b6328d7d846fe52472905355cfac25dd2e2abfdcf9a853c7c049bf7ccb417cb37142e89837bf86ea0dc diff --git a/net-firewall/conntrack-tools/files/conntrackd.initd-r3 b/net-firewall/conntrack-tools/files/conntrackd.initd-r3 index 5ca45f13..9202cf83 100644 --- a/net-firewall/conntrack-tools/files/conntrackd.initd-r3 +++ b/net-firewall/conntrack-tools/files/conntrackd.initd-r3 @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest index c90c215c..d3a3a3f3 100644 --- a/net-firewall/ebtables/Manifest +++ b/net-firewall/ebtables/Manifest @@ -2,6 +2,6 @@ AUX ebtables-2.0.10.4-ebt_among.c.patch 2287 SHA256 c0f3e8fcd2507f03625ab3878b71 AUX ebtables-2.0.10.4-ebt_standard.c.patch 406 SHA256 bdec13847d7e98c2adce63dc826bd63d2a1e6d56a9f371499a270be7f4758b5a SHA512 bea1283fbb1b59e2acfd14fe201d8b6e1c027bebbaf3dba3cf255d15f0c75696185e6b4ae1634e441967392c84079887b8c2142bcfbcd87ea36287e7b4a6cb63 WHIRLPOOL 8319069fe449df2feb02a7bd31f5581a8e8d058093243d75d5742b6151554db9c4bae33c0cab530c9112ebc267dc8797612d9542a618cf79e4d9abfb0907c469 AUX ebtables-2.0.10.4-libebtc.c.patch 579 SHA256 f09857f807fc089954c916d25f87e5ed8943e14320c51b5a5d87bc996cec30d8 SHA512 07c6d6b11c48ca9bd485414651d7b0d98d9e21e36b711d4af6a5d052867d72dcf0caaa6c4b44a0e62cc622a6bb4af8739521851ab8b37e3b0e58d0811a1279d3 WHIRLPOOL d7d44c96a7be406583fc8e16211069f576cfc635497e370acf5b49c5694d6424d84c75031d98bf48848293f662c7f5142e6912063251201064fdb5e6dff9bc7c AUX ebtables-2.0.8.1-ebt-save.diff 1089 SHA256 b4d7022a616152ca439d2b09f14fda8a3ef479b823c2da44eb0e9e22b256be90 SHA512 904cb936ca6fc39dc4fa6e287ef70df9e1dacbd9dc464f839f25213f5525d4020f819dd893b784c5f611f1185c05ffbaa49423afcd6db2ef328950408a07e6a7 WHIRLPOOL df0664bc20dcd36bf640c8c88dea1e7d17b55c686403bceb77f5416b95ce0e2fc3292755e5986822b794628fc31aff25f7dab4d70d742fc93e78bac9fcdea4b2 -AUX ebtables.confd-r1 477 SHA256 666ba2b2ed0886a603ad36d0773192887b11b50def2465512ee18204675f42cb SHA512 4e44656d761e70afe1fba103dbfdd428e4bf9b98d17f7982a9a10e443916bdf5c526851f20bafb2450a37b069eee99b4179ed28b5f4c8884a3bab19155dd748d WHIRLPOOL 1f084ccfb6c2d1a817fd8db747cd60426502d9782ad74662b7e9f43cd737d92c8e7814d662b9f2a7b91ccdbd987791b38a61fee20509d9c2f0d693a4169f9247 -AUX ebtables.initd-r1 2212 SHA256 6b41df5a341c0f13c528a8b1433699cadeac406439ec9f92ff2063dcee65f508 SHA512 7e6f13a0c72378175f6cef369d8d4bf6ae354208fe4614fd35cf1d70f3aee00f61d1190310bdf54f0c9adc6c131bdd5fac9055453cd91adc34b1ffb130b56d61 WHIRLPOOL b07846ee35603749ba34c0ac7cf87a71bd41a0620257b0aacc9a3a094f9afe129798f6cf361496d24fe218ec88615b129f18fb28e84d45146a5a093f5d13c451 +AUX ebtables.confd-r1 418 SHA256 11c5b4974a1e80bd6ba440dd88ff778d3f50fab4afb149fdc8dff182ed224598 SHA512 71ffed2306ba5f03962217c266cbb0c84f914a946a3e4241fc7220545ad89efa50835165d82e2400b9037976b2d5abe468e6d1f0ba62eb3ed98df807b1544268 WHIRLPOOL f0eae1732288d867c717b3a8b71a6bdd114fbbbce2fc6727f7dd20a8e9bdd1e33ac1c7eebaf8b3e265cafc22450b16a63f5d6ca20868761d4ba05a888a775238 +AUX ebtables.initd-r1 2143 SHA256 838bc12f50cd29275fa2cff25c1d514a8ed6bf60f74e4f3a94a58e5c8ad1caac SHA512 ea6c381096faa9a150db501a0e18d1fdffd5d274e5a79f010d90fc18ee9a187776ff448328e37bc81445086faafb213c81cbbc1117d4465022fb341c9540a170 WHIRLPOOL d351d451a32d1c912b8d89d6af9289de027c017dc11b6c387bab30f52aa5c5d5e5d57da19e54c9f815aca4f4d1326cca9bb0a0c018f476875ab1e692b79a4132 EBUILD ebtables-9999.ebuild 2564 SHA256 fe1134d19fbe836e26a29b03de8d98e40e21dc5c0c4c5e6cd886db40e609ca26 SHA512 590a9d15967a4a901c72bd359929f10da3f18bcfc54fefd1bc5e271f5fddd38f36b2d92a2c9e81950364e7a5d3f4dd534f2c2b9a220ea9e8ab79da177c484233 WHIRLPOOL 7a525d7bfff58a30fc8c8d72850db236c1b90bea901d850130f682314beb841a146549c7e8344158721df7f7eb544a8ea53c4b49e5d32da99a307d9fdd4fefdd diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1 index 0c64dcd9..39d05dc2 100644 --- a/net-firewall/ebtables/files/ebtables.confd-r1 +++ b/net-firewall/ebtables/files/ebtables.confd-r1 @@ -4,9 +4,6 @@ # service shutdown EBTABLES_SAVE="/var/lib/ebtables/rules-save" -# Options to pass to ebtables-save and ebtables-restore -# - # Alow save traffic counters along with rules? EBTABLES_SAVE_COUNTER="yes" diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1 index bc73f121..c99007f7 100644 --- a/net-firewall/ebtables/files/ebtables.initd-r1 +++ b/net-firewall/ebtables/files/ebtables.initd-r1 @@ -1,7 +1,7 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd-r1,v 1.2 2012/12/19 16:00:36 qnikst Exp $ +# $Id: d3c82de34827f9da8f60d993ebc2974454031813 $ extra_commands="save panic" extra_started_commands="reload" diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest index fc0d29fd..41671b7e 100644 --- a/net-firewall/iptables/Manifest +++ b/net-firewall/iptables/Manifest @@ -2,11 +2,11 @@ AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69 AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b AUX iptables-1.4.21-configure.patch 1066 SHA256 73454c278b48fae5debcdb72ada8f2d60a36b5134cb1052b1a332b83169cbdc0 SHA512 45445d1460072ed19ba617be983be82094fdd0535a25de4f6159173de4a08be9bee9da13c7aeea419291beb92402ca25efba3a0e269510e221f7eacc8bcd5176 WHIRLPOOL 55c56c9e0711409c54b8635dc9b480be885c852b60ac336a32b3a48586c85ba5b7b9a0b4d2d427f7d646dfdc4d49c9fe6957ed39eac5cdd7de3526249f99e6ed AUX iptables-1.4.21-static-connlabel-config.patch 2195 SHA256 e03de480a940b0ac386bba2ec681f724ba39f5e53153398e061f2d74ae491c49 SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1 WHIRLPOOL c1b79bb8e9a915d27940b443c564d0d00ccbd31728b8519bd18a6957ca7085c19dd09592d94a4aecee48102303a000130eba85710ad1de1533ef783ef1c28811 -AUX iptables.init 3153 SHA256 e27ff5dd149133df9087c5a262bdfed50a1c4883573c5c205160e7320855d65f SHA512 84689d326ace1fea6176034e3fd073e2842321a3da3568439f1255d0768ce3bd010be4c531182d0b705f7faa3d95d88645960535de6a412c720800073be18bf0 WHIRLPOOL bfe3e64ebf0c6e96f9e1a8bd8f5ba4145bec8f580db52b062579ee8b34e2963f4666e82b4dac661c37dc0f493040ff57b946afb02d3dc929ce9fde3a653914f4 -AUX systemd/ip6tables-restore.service 395 SHA256 679ba8327bf037e991ff07d8cf910009c67026b0faf8112d75c945b64f4b64de SHA512 e41f7bc55b2b58452b993ccb42014b5bc2701aeeef46eee845a2b016b334299ff4e6d11ba22f3aaff47195f1049dc7fd4be41a7055911420230107b1ee4c6ba3 WHIRLPOOL 232d90f8591358fe853c8c4b569b2825ba02ced59d390232a7f7fb535e3bfbbcb70972938506cbead5e6b57845310f5a91c1fd225898f185cffb96ba7d4d97f3 +AUX iptables.init 3154 SHA256 c1c675b2a4b9c1b3cd57abca8580ff0890982cd58026df76283df0653beda088 SHA512 29866951496ca7984e8b75d87d91a8a5cf4537a23d5b19b65fea19b655eb3e65e7a84a117868194666a297f5ed5ad8ecea8a6cf05f3733996840c8dae83f009b WHIRLPOOL 29282387335b5eb5b1777acb081e36e73ecf8bf1f9302faab44fb253404a84dc37130c98935d3e00179bd627ce436714b11069644dcfd67a35b93ff97ccb5e32 +AUX systemd/ip6tables-restore.service 398 SHA256 611fb01a539f421a06d443ac5bec4ee412699021bb8f99bcc52056b825b72baa SHA512 4df4f73b14e123c463003656631d1affa431f722c9f598cdde6a63a531432aa3f97635b32c59aa2e1ddc4b45f500169c88da1c055fccac6c8ce89db23d015a7a WHIRLPOOL eabe0338f58a300ea53c15e09e35f8c1eb10ac9574213fbe30aff75eb350eaa676f0c927a14e24e7b2eaad6b69124645ff0df995204e65f2a23f0bc00d5d2e1c AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6 AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0 -AUX systemd/iptables-restore.service 391 SHA256 ace3b2085700bde96f0597e8c6f3b8524c28d4f9b6c924deb09b164a5b8e979c SHA512 222a088d487f8e5c199aec4a3619f8c8ee620ffca13c35fd3da8daf926db25fa5203226a6f4a2c426622d935ffd57c02ad4ff5edbca922f8168e29fc3e52c516 WHIRLPOOL 507cfef3650fcce3a17d56edfb39110d08397bbd96c88cb21c2cdb74c69b920142f0f68f71312ae7a6013057e0ab500546a0075806dd424fc85b9aebdb76b5f4 +AUX systemd/iptables-restore.service 394 SHA256 611debe959039341f2ee93c276290046365622e4a168c98a9f39684bee9565de SHA512 f0d042b487beaaa0dab0884ccb12c1cb63f9f5949b58187dcd4fcdb28a5b9874fd7b9cc8c14862f8a311a6e4016e2472edc51a776904c9940e1280da7dd3c01b WHIRLPOOL 8fc540b450347ea78e56d03591be2d22bbccadbe65dfe021c23231f9efcda3405d5555a6d5b93f38fbf5cc16855d397da104a873a5dd0fa01270d3b542f9403d AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3 DIST iptables-1.6.0.tar.bz2 608288 SHA256 4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60 SHA512 60360910db76e3265fb7b6456a55b91708263bde9c4e5b9cadf3832d2e2a9db3e6cb60c82e278ea0672618bd5c9566c374e00d19d35a2e8f330116c3ab6aaf51 WHIRLPOOL e5ab2398b0650883d31ea144777a6b00904a4e02434f0420037aa54cfc5e47359b95604e945ae3a1abbf3037c37aea2143d3a5457a500e12f1c1139b11655015 diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init index 06d295f9..d0e275ac 100755 --- a/net-firewall/iptables/files/iptables.init +++ b/net-firewall/iptables/files/iptables.init @@ -1,7 +1,7 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id: f396ea2ef148bafdb609cc4fe8986e6203d2f747 $ +# $Id: de9f39f74a180bc23527df90225f7133028ed583 $ extra_commands="check save panic" extra_started_commands="reload" diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service index 88415fa3..c149e92b 100644 --- a/net-firewall/iptables/files/systemd/ip6tables-restore.service +++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service @@ -3,8 +3,8 @@ Description=Restore ip6tables firewall rules # if both are queued for some reason, don't store before restoring :) Before=ip6tables-store.service # sounds reasonable to have firewall up before any of the services go up -Before=network.target -Conflicts=shutdown.target +Before=network-pre.target +Wants=network-pre.target [Service] Type=oneshot diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service index 9d568d78..2474ee3e 100644 --- a/net-firewall/iptables/files/systemd/iptables-restore.service +++ b/net-firewall/iptables/files/systemd/iptables-restore.service @@ -3,8 +3,8 @@ Description=Restore iptables firewall rules # if both are queued for some reason, don't store before restoring :) Before=iptables-store.service # sounds reasonable to have firewall up before any of the services go up -Before=network.target -Conflicts=shutdown.target +Before=network-pre.target +Wants=network-pre.target [Service] Type=oneshot diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index c50b8685..28e84c4a 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -3,7 +3,7 @@ AUX nftables-0.4.1-nftables.8 30461 SHA256 97ba96a0dce959d9d2a5e26f7e7d27a2e3e33 AUX nftables-0.4.2-nftables.8 30927 SHA256 0f1b98148486dcd42c9febda555ce395c8937b1ae78f58be36e4656dfaa71104 SHA512 6513bd82fed18391e8eb0cfadb225cd08e4597b4ab3b4b438eac3ed70c1824378cff42d7e0782be38262cac12d716dd68d2e985913ac6d3681fb50b7013f2b61 WHIRLPOOL 242da52c6209d8e537cf812a7568da1538fb36a86898f10df4e65120728a04fd976ea479c6f59cf90969cb958b628d8c25a5aa0b6ea07a25274bf1bb7bc53a57 AUX nftables.8 9645 SHA256 bec3d7dcdc424691269852c9c322bb6ad770b6cfec4939920e32fa67ca8caac2 SHA512 aaf74c4bf0a854f3993b7ed5b9cecd436baa0bfc6b5ff119574d45c2504e5e772fc7cf41e1108b7f9cc013132c0bc0a86c6262cbfa870e639ad40ae93e25e4dc WHIRLPOOL e1c082fc3a56a9a0eb4782dfd9253857668052025d471e5124fc836246bc33b794f6d2293c46e2d5b0d8d1761b454ec8c21eb627ed95e97f07fe47f704dcdae2 AUX nftables.confd 655 SHA256 d5e3077345dfea02849a70aea220396322a10c3808f0303b988119adbc56fdbd SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 WHIRLPOOL e39d13f996e620aa82714cb18e4f57624faa302f2259a44cc065804edf95fe07a314f744d17a76be6941c3771da6b233a19ae5b6b2f63783847121c63339197f -AUX nftables.init 4299 SHA256 293d5a0ef687c69fffdce912a833cf5812272c0baae9f59d603ada8efa5828a6 SHA512 ec43cc630b45ea2726044b30925e04f16fdb48ff2ee1871c112fde5b406f47c75b53ce05db4dfab8558156da96e9bf484ebab1f00f5cda20bbe8597c63b178fe WHIRLPOOL 0209ae515a046e5222f59832a80bf10663acaad28b5ac13771035575fcfda761049544b5428bbffe5aefc096fd6e1ab09fc1c6efbb368d45fd97636731857189 +AUX nftables.init 2356 SHA256 5451ea13c9f44ca8ad0e4835ee9ea465cb52f8a86ab1e83cd9460c4f691b5680 SHA512 c4795879d619f345dcac10f66738da3027b29de70be28d268929beed2c40c16bcd2e8a1f112b8c2376a441b5139d68b0f8599dc5427371f3bfaa04afde90eff0 WHIRLPOOL 71fb5eebcef64a31614d02c45836dc11edc46c7748f59718516ef98a0ce791bb57a005cee47df90c61ae40d6e1fbfcd10164679c8406918aff3c6c270a70ba97 DIST nftables-0.2.tar.bz2 154821 SHA256 2b947f1ed5b66e042fbda7e5bb8353e9697a1c2cec4ea99ccbc822d2e89c505f SHA512 319f3de619634a31ed5903f87623cdf6f9f8f69124cd451d659ecc87121c97a7b9cc352a591d37a24b41c8b0a71c2da77928cdf0858f7f1269c2c1336784cf43 WHIRLPOOL 97c49af74660e5993cbbca81336fa1c7def81ca9e44d39c3405fb060713d472933172e98c59f9ae094cb8e8d5467ab540f69225798eacaf5c64cbb02ae9612e4 DIST nftables-0.3.tar.bz2 160585 SHA256 4d372645442d89675c7148b8a0a112c4825b57edf8bad15ddf9a08c220229c2f SHA512 76e280e6c42ad3c1d70d0b16c2d488ba92ffae1611241a9949f537da143f613ba06d5b2d7fbc40f0b51ac26a4e35cb93954816bab99dc0f485ef5797e1fcf1a0 WHIRLPOOL 019478f5be2204e9d48df47fab0cd6c07650accbc10c0857cea22c407965db71986c3f03e07b205ac80aa1cfaf4550d25896d1f25ec7f2b859fd24d5a2f774e5 DIST nftables-0.4.tar.bz2 362120 SHA256 f6ca69b75c68915f9f3a3972274ec68354dfbbcfc0b9fc55c813a0525c351d3c SHA512 0932cf987da602285fbf7c7f61328b0d74d687889c2d4a5bd2bd7fe11e8b99433bc5ee53ebbddadf2c90e40acdcb28f6babf07e11feedff815c571c3b782dffc WHIRLPOOL 1604010f260247c2fd98d33ca931eb0be6f38097937983aadfbdf2eb44fd3827212d00e6e6351821ccd8a2696fc696d9e7ec102d447387f930b8fb2afadc22a8 diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init index c7263930..2476b811 100644 --- a/net-firewall/nftables/files/nftables.init +++ b/net-firewall/nftables/files/nftables.init @@ -1,166 +1,124 @@ -#!/sbin/runscript -# Copyright 2014 Nicholas Vinson -# Copyright 1999-2014 Gentoo Foundation +#!/sbin/openrc-run +# Copyright 2014-2016 Nicholas Vinson +# Copyright 1999-2016 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 extra_commands="clear list panic save" extra_started_commands="reload" depend() { - need localmount #434774 - before net + need localmount #434774 + before net } checkkernel() { - if ! nft list tables >/dev/null 2>&1; then - eerror "Your kernel lacks nftables support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 + if ! nft list tables >/dev/null 2>&1; then + eerror "Your kernel lacks nftables support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 } checkconfig() { - if [ ! -f ${NFTABLES_SAVE} ]; then - eerror "Not starting nftables. First create some rules then run:" - eerror "rc-service nftables save" - return 1 - fi - return 0 -} - -getfamilies() { - local families - for l3f in ip arp ip6 bridge inet; do - if nft list tables ${l3f} > /dev/null 2>&1; then - families="${families}${l3f} " - fi - done - echo ${families} -} - -clearNFT() { - local l3f line table chain - - for l3f in $(getfamilies); do - nft list tables ${l3f} | while read line; do - table=$(echo ${line} | sed "s/table[ \t]*//") - nft flush table ${l3f} ${table} - nft list table ${l3f} ${table} | while read l; do - chain=$(echo $l | grep -o 'chain [^[:space:]]\+' |\ - cut -d ' ' -f2) - if [ -n "${chain}" ]; then - nft flush chain ${l3f} ${table} ${chain} - nft delete chain ${l3f} ${table} ${chain} - fi - done - nft delete table ${l3f} ${table} - done - done -} - -addpanictable() { - local l3f=$1 - nft add table ${l3f} panic - nft add chain ${l3f} panic input \{ type filter hook input priority 0\; \} - nft add chain ${l3f} panic output \{ type filter hook output priority 0\; \} - nft add chain ${l3f} panic forward \{ type filter hook forward priority 0\; \} - nft add rule ${l3f} panic input drop - nft add rule ${l3f} panic output drop - nft add rule ${l3f} panic forward drop + if [ ! -f ${NFTABLES_SAVE} ]; then + eerror "Not starting nftables. First create some rules then run:" + eerror "rc-service nftables save" + return 1 + fi + return 0 } start_pre() { - checkkernel || return 1 - checkconfig || return 1 + checkkernel || return 1 + checkconfig || return 1 return 0 } -start() { - ebegin "Loading nftables state and starting firewall" - clearNFT - nft -f ${NFTABLES_SAVE} - eend $? -} - -stop() { - if yesno ${SAVE_ON_STOP:-yes}; then - save || return 1 - fi - - ebegin "Stopping firewall" - clearNFT - eend $? -} - -reload() { - checkkernel || return 1 - # checkrules || return 1 - ebegin "Flushing firewall" - clearNFT - - start -} - clear() { - clearNFT + /usr/libexec/nftables/nftables.sh clear || return 1 + return 0 } list() { - local l3f + /usr/libexec/nftables/nftables.sh list || return 1 + return 0 +} - for l3f in $(getfamilies); do - nft list tables ${l3f} | while read line; do - line=$(echo ${line} | sed "s/table/table ${l3f}/") - echo "$(nft list ${line})" - done - done +panic() { + checkkernel || return 1 + if service_started ${RC_SVCNAME}; then + rc-service ${RC_SVCNAME} stop + fi + + ebegin "Dropping all packets" + clear + if nft create table ip filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi + if nft create table ip6 filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip6 filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi } save() { - ebegin "Saving nftables state" - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" - checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - - local l3f line tmp_save="${NFTABLES_SAVE}.tmp" + ebegin "Saving nftables state" + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" + checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE} + return $? +} - touch "${tmp_save}" - for l3f in $(getfamilies); do - nft list tables ${l3f} | while read line; do - line=$(echo ${line} | sed "s/table/table ${l3f}/") - # The below substitution fixes an issue where nft -n output may not - # always be parsable by nft -f. For example, nft -n might print - # - # ip6 saddr ::1 ip6 daddr ::1 counter packets 0 bytes 0 accept - # - # but nft -f refuses to parse that string with error: - # - # In file included from internal:0:0-0: - # /var/lib/nftables/rules-save:1:1-2: Error: Could not process rule: - # Invalid argument - # table ip6 filter { - # ^^ - echo "$(nft ${SAVE_OPTIONS} list ${line} |\ - sed 's/\(::[0-9a-fA-F]\+\)\([^/]\)/\1\/128\2/g')" >> "${tmp_save}" - done - done - mv "${tmp_save}" "${NFTABLES_SAVE}" +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + clear + start } -panic() { - checkkernel || return 1 - if service_started ${RC_SVCNAME}; then - rc-service ${RC_SVCNAME} stop - fi +start() { + ebegin "Loading nftables state and starting firewall" + clear + /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE} + eend $? +} - ebegin "Dropping all packets" - clearNFT +stop() { + if yesno ${SAVE_ON_STOP:-yes}; then + save || return 1 + fi - local l3f - for l3f in $(getfamilies); do - case ${l3f} in - ip) addpanictable ${l3f} ;; - ip6) addpanictable ${l3f} ;; - esac - done + ebegin "Stopping firewall" + clear + eend $? } |