diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
| commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
| tree | 0625f358789b5e015e49db139cc1dbc9be00428f /net-firewall/nftables | |
| parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) | |
gentoo resync : 25.11.2020
Diffstat (limited to 'net-firewall/nftables')
| -rw-r--r-- | net-firewall/nftables/Manifest | 17 | ||||
| -rw-r--r-- | net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch | 37 | ||||
| -rw-r--r-- | net-firewall/nftables/files/nftables-mk.init-r1 | 50 | ||||
| -rw-r--r-- | net-firewall/nftables/files/nftables.init-r1 | 154 | ||||
| -rw-r--r-- | net-firewall/nftables/nftables-0.9.3-r1.ebuild | 144 | ||||
| -rw-r--r-- | net-firewall/nftables/nftables-0.9.4-r1.ebuild | 147 | ||||
| -rw-r--r-- | net-firewall/nftables/nftables-0.9.6-r1.ebuild | 2 | ||||
| -rw-r--r-- | net-firewall/nftables/nftables-0.9.7-r1.ebuild (renamed from net-firewall/nftables/nftables-0.9.4-r2.ebuild) | 56 | ||||
| -rw-r--r-- | net-firewall/nftables/nftables-9999.ebuild | 4 |
9 files changed, 155 insertions, 456 deletions
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest index 49e887338b11..77a0f4f3c18c 100644 --- a/net-firewall/nftables/Manifest +++ b/net-firewall/nftables/Manifest @@ -1,22 +1,17 @@ AUX libexec/nftables-mk.sh 1070 BLAKE2B 30d8109d74e7d8c4f51c753f676f91a1902ad42f6d68662f1191ff73d2a43a1bf49fb795f3763705f8aeb0a4f22cab0006a943e01adb188f1ef9eb05125dfdbd SHA512 a14e48f014f75c7e611bf2a653d9760804754febd1ae4543f78abbfbe60c79f5aa07c5fd53fe26bb74b48fcb8cb8aa78274771212e41c42db031e8c8ba7e81d2 AUX libexec/nftables.sh 3665 BLAKE2B 74362a4425e974e74e7b895980002f0ded2ecbb4731bbf956edb56ffb9f1ad394802c4eeab3af3735eba4d8e71572a5663e564ce4e7fad76c9715043b90c1b43 SHA512 6cb1ac0928ae2da5c69764d45c52a661a6d72698bb9edd6a603580d2f9bd82b59f2a2661e7569ade3a3b729459d115004f251ad6a5eac8cdf1d38c65bfa9349e AUX man-pages/gen-manpages.bash 1797 BLAKE2B c93cc311570abd674a12eb88711cf01664f437b8dc0fb4de36194f36671d92c35e04fcff6c56adcb0e642f089169f63ef063736398584e5e7ce799bf55acf2ff SHA512 ea3291412ce13d9dd463403fcc11c665c9de63edaabdecaf55e051b52b0ff845c9c7d63a6c4c08e4d2d94428815fe11daf9b7390081b4e9de4774e188b9ea677 -AUX nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch 1132 BLAKE2B 49d938450bd0e7b09266c2e49ac09aa2bde5f4ab945478a1c973cc05368a9338a5aee222c9638bd44a27f6e81233f3843e672ef3177e25f8e851a2c10edfda36 SHA512 31dce9d6508f36d8411ea834cbb35989067a93b0af2366f278d12aaf30b6fd9b70995e6ad21836e4b44ba009a77900057139d292053533330826ec496009de24 AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602 AUX nftables-mk.init 2090 BLAKE2B 62f56586ca4ba0acbd3ac41f4904041d625388771bbafc32833055a5f3c00f251e1d9a04bb41dd672f33d13a0825f7e4470a30d7e874df1abd41508148ef42b0 SHA512 819b2d60b42207cb70d95b700557e873fe18c5f6e8437683240beb317f773cf8e18755086e24652a9bcff49c6f96af8cd9e3f3b62c9f433779eff4e3f3935197 -AUX nftables-mk.init-r1 2125 BLAKE2B 2c7af02866a36de3e4312005eb139805bf3a6100e1825d05232436fa206b2961e02b47ab71d9f94300c151b561b5ac00c919cd84db76df0ab6bcf618b2fbf8c8 SHA512 97b9a154c35a088a9c866e2be7689448439490f4cb26fe50ef49ab6900564ea231cba137f3585bcb51cb2344d6f7d3e8ca8a7ed2e06d144a8359fb9564361d24 +AUX nftables-mk.init-r1 1970 BLAKE2B 9ece7da364eac76ef2ac401f4cc3ed558e926e8f07ab43f084de819098e9543bda0a9a8d40375e4e01dd6e53b92d744acf8f3caaeab1c3678ca84b1f48d59685 SHA512 9f1e491ba5fd8a1173eb055bfa5a0de3c040c158e7d54848fcd373a5f4c4041df6fb9ddc5b0e8fdfd78243665c627b8767816bcf94dd142b441b21227206fef3 AUX nftables.confd 655 BLAKE2B 5512be1edd43e270941de3d9b66fda69e4afd7c7e6e970b232a044c2fd64f8e50b9b55a4fe670174c3eabf3d176ee0158c1043baec4b76b0802e7e97bc862fcf SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 AUX nftables.init 3069 BLAKE2B 68c6b2b81995bd909c00cc3527f891f04d0dd30532cd821c89b59fc7e3ea0dff0e98d767cee2c00a5462023fdf6f59e813dec7063768a34187f2404377e498f7 SHA512 ca761be0440945b21d5b002468baffb3299d0a3ac244aa895734dfdfaf442e7a73b757bcda99d958582064411d1b80b2cbcb4eb532bb219b4df407c9ed892661 -AUX nftables.init-r1 2125 BLAKE2B 2c7af02866a36de3e4312005eb139805bf3a6100e1825d05232436fa206b2961e02b47ab71d9f94300c151b561b5ac00c919cd84db76df0ab6bcf618b2fbf8c8 SHA512 97b9a154c35a088a9c866e2be7689448439490f4cb26fe50ef49ab6900564ea231cba137f3585bcb51cb2344d6f7d3e8ca8a7ed2e06d144a8359fb9564361d24 +AUX nftables.init-r1 2279 BLAKE2B 1c4c28ea5b6a22905b3ec7de8e54726933b579352ecd799b7641384a138ffa2d4a2deb87d84ef5d75a43ae30759f1550d611c2560096bb5083cae9bb834be2bb SHA512 2165223bfd4f300b9cc01f604347fc5167f68515174b0d116b667bd05f4baf8c2f931e482f632975a8be371c2147951d9407f397ea4dbcbac79a6738cbd23015 AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f11a8df6621c3c919e30a1ec1213f6db822c390609c01827fe9fc75c540effa3e3a7b6f93bd24e16ea19841bbfaab796ed SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0 -DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43 -DIST nftables-0.9.4-manpages.tar.xz 38580 BLAKE2B bb561c7824d032ecfff5c98af10c95af6f5188377f43de8398be7e503adff0441d49fa3e2cefcb646927cc1a4222957f0cc75d5ad4c770ef3a3f8cb8a677c5ce SHA512 1b94ff06ceccf75bbefbf64496d5fa0b492907d7ec5fe41f7808c6e239b2a0a42e88d61e35e22485abee7e4bd382178e962a7c5b113433247ca329cbfa408bca -DIST nftables-0.9.4.tar.bz2 792788 BLAKE2B 3f2d8ff3bcfe3ab815ee369c4937adef5e5730edee8ea59b32031732802e608bcb47ddd3e55303ad6c295158aff51b2f2c069d98600db83d732ff78836c7abb5 SHA512 cef5b5f26f3a2893a3eb1323f1f0ecfd6e2865e0eb040e9b7da5824e5be2274b888e661abe96e828add9e951f47303e30cb7c9238d267a031c0f99b5f3b6e2c0 DIST nftables-0.9.6.tar.bz2 859481 BLAKE2B 0ede36370d9f8b75d0179f8f28077124d47132413417382b737508c7ef81c7d2891e1934e69c1ef5af5450ac13c9a914d37bb62ebf40fb91fa048b4ec3a24c90 SHA512 ca6524ff1cb1e79d636afeb96f54e4699773e1cbda8e9a3ec5728f4d5b764c0df16b195cdcc0e304ae5643c8761b6b5a6685c737965a7415aec07aeb9f3dc5df -EBUILD nftables-0.9.3-r1.ebuild 3755 BLAKE2B 38553f667a6726ff06e3c92392357c73470d0cf79f2929ab2c96d7955dbd94259f966a86f5db2409aa1f6600bd88d8fb96959ccde7b99c462e3afd239e956e7c SHA512 45fd13e018453f1f9d78284454f677920a3fa11c7bad32670592d669836bc0465b54e2f949499e4a362e7a261911321a088d4d15abfadc7858ab7117454e3d72 -EBUILD nftables-0.9.4-r1.ebuild 3782 BLAKE2B aa3edaa13d0c0032819476c5fdfbe3a1119b815d8d167eafe48c49f36dd49780c80020045418e084ce1c6bdc5b56ffc7a511c50c356b6ccdb44c36ef41899465 SHA512 741af7b9f7b07ee5b6133170637ae819e5d8d190cda398087b7b26f7e7e377df975f2cc72f0b706707073e029b905a8284bb9a13875cda869ec7df9767faa55e -EBUILD nftables-0.9.4-r2.ebuild 4131 BLAKE2B d30066d0eef62040e79e2099bb1db6f49667177e0f7099f0a928ee87f80664b6069b26a6ba954b38e32179e6734b564290ae8466cd8f90d79b2ee1bbc3126d2b SHA512 f777309e620845e89d32596adcd270c2961111168d11d68d9b1cd75b97a60fb3213238b60d7190559eec478d9e08e09c89de8e54bb048c59a51cfb1b412831fc -EBUILD nftables-0.9.6-r1.ebuild 4232 BLAKE2B 5b5f45650c133f374ba23e550a96b0e44f114d754aeeb15368139de6746d558206a899aa5e5cf1af70631eee4feccbc944a1132e9e5b35ac18ad7fae9071cf45 SHA512 a7adb1f95aecb0e0ad9b8876b4b9b9a8768a9072f99ae1d36f4bfbf3716834d0cac70673c5df902b89300073de31f4bb6aee0f0f37b5c01d71dd0d3391f171d0 +DIST nftables-0.9.7.tar.bz2 872759 BLAKE2B 25218d97bd5a102b626a2c4beb37a59da2f6c1a8ead49b18375154ff88da536dfac7442aef2c10d2f6e20e6b51c5760a692960da35b82ab335a58e48189e3ae8 SHA512 174cf2d788dfd21f6709ccdc59060580aff904c3d906bac57d07c1b813b2cfdba895205d8342d722460b813f3504d598b82ac2d8a93af5964569b378b9598455 +EBUILD nftables-0.9.6-r1.ebuild 4231 BLAKE2B b1fdeb97da92be160d9822fa062d45926f28710c31f570e045984b3e89ec027e3c4b0e64e22b6538d1ebae3bdf5df3d65efb0fc969e5b9c75da9a61ec2d9b880 SHA512 d163480c49b3167da05cdd2384bbd3042fcdc6f4b0083a3bc07903286ab43abe169e3594536ca371430ef238fe07d76d3aab9662906422872a981b92ce0fad18 EBUILD nftables-0.9.6.ebuild 4225 BLAKE2B f1138e820093a380fd9e4410e7dee42be398e1e59b15da5f93ab108d2b872c56a76b773745d682ba44b3af1aad9dc9f14c118c7a2600c19121a969fbdfdb45ec SHA512 10ed38eb158b2a55831da59ae392da2b41c6e57e296a7ab015f7d890ae21beb5d2aa03c584bb6637213f0e2fa5b07c2638a4587df838949224001f00cd2116ac -EBUILD nftables-9999.ebuild 4422 BLAKE2B 2385d84bddc4a46e89d3bea0c8aadc9d0ec09ac8802110c72c44006f6271c0ef1bd54a26b4f78e79a2c769b28fb034da27348cbc30fce6b12ad2e1a0779d1db8 SHA512 5792064de6860d4004ca1d68f0c8db49e850cf4bb14307d857ffb9f4d3c047ea4a20357cc9c2282328feaa5b121707408991f7fbbec05e345ba24aa2a38d6d09 +EBUILD nftables-0.9.7-r1.ebuild 4232 BLAKE2B 86bad483fbfd191f1e98f875fa83849350fa1944f15f87fd0b6d64efc11bc7b447996765ce48f332d67ec1c8b3f3b2f333455c23c87430f69b8cfc8633ab9919 SHA512 380f8d040137eb8050c9d547bca641a6a3adcf57af2a9d3504bb269cc1a110a5bc3e9fa5c31462cb3983ffe42b690c25a276f6bb6ab7c8dc053dd9f2c382f0a2 +EBUILD nftables-9999.ebuild 4425 BLAKE2B 8c6d1c5f3541146a6819029a8037e8644eb1e35fafa7a654496ad704e950e611caabf2c1f57bb27f26d52cd48d488fa7a271223b6651003611abbf1e2bc28e25 SHA512 c4ddd1e32cbeeba681b9919a442d2fbfb7b2b9c17cbf0618803843ea984b20e8b6b4c77fe6c09b90433a004816ac2a8555794dfca5e622f00953bd25696be9fe MISC metadata.xml 918 BLAKE2B 8c2c39f04e2c5591ea06788788d244bddc1cdc25780810b2a19e131d43d0bdf964d2129c01605fc536451cb9a3354420a1c2f656dad45c56dec4f360a95fe473 SHA512 08de9d11f48dcb132eb5423de56b458dd4c4122329b84b56c252436c882b7670233f2217cc01755649f27e14ff9346cf99e3a742224567e712f5cb3678165dcf diff --git a/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch b/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch deleted file mode 100644 index 6eb708596255..000000000000 --- a/net-firewall/nftables/files/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3c83e2bca90b697e7c98f849319f1ad015dcdb86 Mon Sep 17 00:00:00 2001 -From: Matt Turner <mattst88@gmail.com> -Date: Tue, 7 Apr 2020 13:16:59 -0700 -Subject: [PATCH nftables 2/2] build: Allow building from tarballs without - yacc/lex - -The generated files are included in the tarballs already, but -configure.ac was coded to fail if yacc/lex were not found regardless. - -Signed-off-by: Matt Turner <mattst88@gmail.com> ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index a04d94bc..3496e410 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -29,13 +29,13 @@ AC_PROG_SED - AM_PROG_LEX - AC_PROG_YACC - --if test -z "$ac_cv_prog_YACC" -+if test -z "$ac_cv_prog_YACC" -a ! -f "${srcdir}/src/parser_bison.c" - then - echo "*** Error: No suitable bison/yacc found. ***" - echo " Please install the 'bison' package." - exit 1 - fi --if test -z "$ac_cv_prog_LEX" -+if test -z "$ac_cv_prog_LEX" -a ! -f "${srcdir}/src/scanner.c" - then - echo "*** Error: No suitable flex/lex found. ***" - echo " Please install the 'flex' package." --- -2.24.1 - diff --git a/net-firewall/nftables/files/nftables-mk.init-r1 b/net-firewall/nftables/files/nftables-mk.init-r1 index 45b2abdbda77..1f03301c0535 100644 --- a/net-firewall/nftables/files/nftables-mk.init-r1 +++ b/net-firewall/nftables/files/nftables-mk.init-r1 @@ -20,7 +20,7 @@ checkkernel() { } checkconfig() { - if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then + if [ -z "${NFTABLES_SAVE}" ] || [ ! -f "${NFTABLES_SAVE}" ] ; then eerror "Not starting nftables. First create some rules then run:" eerror "/etc/init.d/${SVCNAME} save" return 1 @@ -28,6 +28,11 @@ checkconfig() { return 0 } +_nftables() { + export NFTABLES_SAVE SAVE_OPTIONS + /usr/libexec/nftables/nftables.sh "${@}" +} + start_pre() { checkconfig || return 1 checkkernel || return 1 @@ -36,8 +41,8 @@ start_pre() { start() { ebegin "Loading ${SVCNAME} state and starting firewall" - /usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}" - eend $? + _nftables load "${NFTABLES_SAVE}" + eend ${?} } stop() { @@ -47,13 +52,13 @@ stop() { ebegin "Stopping firewall" if [ "${PANIC_ON_STOP}" = "hard" ]; then - /usr/libexec/nftables/nftables.sh panic + _nftables panic elif [ "${PANIC_ON_STOP}" = "soft" ]; then - /usr/libexec/nftables/nftables.sh soft_panic + _nftables soft_panic else - /usr/libexec/nftables/nftables.sh clear + _nftables clear fi - eend $? + eend ${?} } reload() { @@ -63,43 +68,42 @@ reload() { clear() { ebegin "Clearing rules" - /usr/libexec/nftables/nftables.sh clear - eend $? + _nftables clear + eend ${?} } list() { - /usr/libexec/nftables/nftables.sh list + _nftables list } check() { ebegin "Checking rules" - /usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}" - eend $? + _nftables check "${NFTABLES_SAVE}" + eend ${?} } save() { ebegin "Saving ${SVCNAME} state" checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - SAVE_OPTIONS="${SAVE_OPTIONS}" \ - /usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}" - eend $? + _nftables store "${NFTABLES_SAVE}" + eend ${?} } panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap + if service_started "${SVCNAME}"; then + rc-service "${SVCNAME}" zap fi ebegin "Dropping all packets" - /usr/libexec/nftables/nftables.sh panic - eend $? + _nftables panic + eend ${?} } soft_panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap + if service_started "${SVCNAME}"; then + rc-service "${SVCNAME}" zap fi ebegin "Dropping new connections" - /usr/libexec/nftables/nftables.sh soft_panic - eend $? + _nftables soft_panic + eend ${?} } diff --git a/net-firewall/nftables/files/nftables.init-r1 b/net-firewall/nftables/files/nftables.init-r1 index 45b2abdbda77..60f1632f4551 100644 --- a/net-firewall/nftables/files/nftables.init-r1 +++ b/net-firewall/nftables/files/nftables.init-r1 @@ -1,105 +1,129 @@ #!/sbin/openrc-run +# Copyright 2014-2017 Nicholas Vinson # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -extra_commands="check clear list panic save soft_panic" +extra_commands="clear list panic save" extra_started_commands="reload" - depend() { need localmount #434774 before net } -checkkernel() { - if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then - eerror "Your kernel lacks nftables support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 +_nftables() { + export NFTABLES_SAVE SAVE_OPTIONS + /usr/libexec/nftables/nftables.sh "${@}" } -checkconfig() { - if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then - eerror "Not starting nftables. First create some rules then run:" - eerror "/etc/init.d/${SVCNAME} save" - return 1 - fi +start_pre() { + checkkernel || return 1 + checkconfig || return 1 return 0 } -start_pre() { - checkconfig || return 1 - checkkernel || return 1 - check || return 1 +clear() { + _nftables clear || return 1 + return 0 } -start() { - ebegin "Loading ${SVCNAME} state and starting firewall" - /usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}" - eend $? +list() { + _nftables list || return 1 + return 0 } -stop() { - if [ "${SAVE_ON_STOP}" = "yes" ] ; then - save || return 1 +panic() { + checkkernel || return 1 + if service_started "${RC_SVCNAME}"; then + rc-service "${RC_SVCNAME}" stop fi - ebegin "Stopping firewall" - if [ "${PANIC_ON_STOP}" = "hard" ]; then - /usr/libexec/nftables/nftables.sh panic - elif [ "${PANIC_ON_STOP}" = "soft" ]; then - /usr/libexec/nftables/nftables.sh soft_panic - else - /usr/libexec/nftables/nftables.sh clear + ebegin "Dropping all packets" + clear + if nft create table ip filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi + if nft create table ip6 filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip6 filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF fi - eend $? } reload() { - start_pre || return 1 + checkkernel || return 1 + ebegin "Flushing firewall" + clear start } -clear() { - ebegin "Clearing rules" - /usr/libexec/nftables/nftables.sh clear - eend $? +save() { + ebegin "Saving nftables state" + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" + checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + export SAVE_OPTIONS + _nftables store "${NFTABLES_SAVE}" + return $? } -list() { - /usr/libexec/nftables/nftables.sh list +start() { + ebegin "Loading nftables state and starting firewall" + clear + _nftables load "${NFTABLES_SAVE}" + eend ${?} } -check() { - ebegin "Checking rules" - /usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}" - eend $? -} +stop() { + if yesno "${SAVE_ON_STOP:-yes}"; then + save || return 1 + fi -save() { - ebegin "Saving ${SVCNAME} state" - checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" - checkpath -q -m 0600 -f "${NFTABLES_SAVE}" - SAVE_OPTIONS="${SAVE_OPTIONS}" \ - /usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}" - eend $? + ebegin "Stopping firewall" + clear + eend ${?} } -panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap +checkconfig() { + if [ ! -f "${NFTABLES_SAVE}" ]; then + eerror "Not starting nftables. First create some rules then run:" + eerror "rc-service nftables save" + return 1 fi - ebegin "Dropping all packets" - /usr/libexec/nftables/nftables.sh panic - eend $? + return 0 } -soft_panic() { - if service_started ${SVCNAME}; then - rc-service ${SVCNAME} zap +checkkernel() { + if ! nft list tables >/dev/null 2>&1; then + eerror "Your kernel lacks nftables support, please load" + eerror "appropriate modules and try again." + return 1 fi - ebegin "Dropping new connections" - /usr/libexec/nftables/nftables.sh soft_panic - eend $? + return 0 } diff --git a/net-firewall/nftables/nftables-0.9.3-r1.ebuild b/net-firewall/nftables/nftables-0.9.3-r1.ebuild deleted file mode 100644 index 40a505c31ae9..000000000000 --- a/net-firewall/nftables/nftables-0.9.3-r1.ebuild +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" -#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~ia64 ~ppc64 ~sparc x86" -IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.3:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.5:0= - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND=" - doc? ( app-text/asciidoc ) - >=app-text/docbook2X-0.8.8-r4 - sys-devel/bison - sys-devel/flex - virtual/pkgconfig -" - -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -#S="${WORKDIR}/v${PV}" - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - ${@} -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python ; then - python_foreach_impl python_make - fi -} - -src_install() { - default - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - python_foreach_impl python_make install - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemd_enable_service basic.target ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart " - elog "the nftables-restore service must be manually started in order to " - elog "save those rules on shutdown." -} diff --git a/net-firewall/nftables/nftables-0.9.4-r1.ebuild b/net-firewall/nftables/nftables-0.9.4-r1.ebuild deleted file mode 100644 index 9cd3da3f64c2..000000000000 --- a/net-firewall/nftables/nftables-0.9.4-r1.ebuild +++ /dev/null @@ -1,147 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) - -inherit autotools linux-info python-r1 systemd - -DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" -HOMEPAGE="https://netfilter.org/projects/nftables/" -#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86" -IUSE="debug +doc +gmp json +modern-kernel python +readline static-libs xtables" - -RDEPEND=" - >=net-libs/libmnl-1.0.3:0= - gmp? ( dev-libs/gmp:0= ) - json? ( dev-libs/jansson ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.6:0= - xtables? ( >=net-firewall/iptables-1.6.1 ) -" - -DEPEND="${RDEPEND}" - -BDEPEND=" - doc? ( - app-text/asciidoc - >=app-text/docbook2X-0.8.8-r4 - ) - sys-devel/bison - sys-devel/flex - virtual/pkgconfig -" - -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -#S="${WORKDIR}/v${PV}" - -python_make() { - emake \ - -C py \ - abs_builddir="${S}" \ - DESTDIR="${D}" \ - PYTHON_BIN="${PYTHON}" \ - ${@} -} - -pkg_setup() { - if kernel_is ge 3 13; then - if use modern-kernel && kernel_is lt 3 18; then - eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly." - fi - CONFIG_CHECK="~NF_TABLES" - linux-info_pkg_setup - else - eerror "This package requires kernel version 3.13 or newer to work properly." - fi -} - -src_prepare() { - default - - # fix installation path for doc stuff - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \ - -i files/nftables/Makefile.am || die - sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \ - -i files/osf/Makefile.am || die - - eautoreconf -} - -src_configure() { - local myeconfargs=( - # We handle python separately - --disable-python - --sbindir="${EPREFIX}"/sbin - $(use_enable debug) - $(use_enable doc man-doc) - $(use_with !gmp mini_gmp) - $(use_with json) - $(use_with readline cli readline) - $(use_enable static-libs static) - $(use_with xtables) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - if use python ; then - python_foreach_impl python_make - fi -} - -src_install() { - default - - local mksuffix="$(usex modern-kernel '-mk' '')" - - exeinto /usr/libexec/${PN} - newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh - newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} - keepdir /var/lib/nftables - - systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service - - if use python ; then - python_foreach_impl python_make install - python_foreach_impl python_optimize - fi - - find "${ED}" -type f -name "*.la" -delete || die -} - -pkg_postinst() { - local save_file - save_file="${EROOT}/var/lib/nftables/rules-save" - - # In order for the nftables-restore systemd service to start - # the save_file must exist. - if [[ ! -f "${save_file}" ]]; then - ( umask 177; touch "${save_file}" ) - elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then - ewarn "Your system has dangerous permissions for ${save_file}" - ewarn "It is probably affected by bug #691326." - ewarn "You may need to fix the permissions of the file. To do so," - ewarn "you can run the command in the line below as root." - ewarn " 'chmod 600 \"${save_file}\"'" - fi - - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart " - elog "the nftables-restore service must be manually started in order to " - elog "save those rules on shutdown." -} diff --git a/net-firewall/nftables/nftables-0.9.6-r1.ebuild b/net-firewall/nftables/nftables-0.9.6-r1.ebuild index be001c0ddd6b..b04e5f2d0815 100644 --- a/net-firewall/nftables/nftables-0.9.6-r1.ebuild +++ b/net-firewall/nftables/nftables-0.9.6-r1.ebuild @@ -13,7 +13,7 @@ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86" +KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 sparc ~x86" IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" diff --git a/net-firewall/nftables/nftables-0.9.4-r2.ebuild b/net-firewall/nftables/nftables-0.9.7-r1.ebuild index cf8385c7c2b5..99305e2ed641 100644 --- a/net-firewall/nftables/nftables-0.9.4-r2.ebuild +++ b/net-firewall/nftables/nftables-0.9.7-r1.ebuild @@ -3,15 +3,13 @@ EAPI=7 -PYTHON_COMPAT=( python3_{6,7,8} ) +PYTHON_COMPAT=( python3_{6,7,8,9} ) inherit autotools linux-info python-r1 systemd DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" HOMEPAGE="https://netfilter.org/projects/nftables/" -#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" -SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2 - !doc? ( https://dev.gentoo.org/~chutzpah/dist/nftables/${P}-manpages.tar.xz )" +SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" @@ -19,12 +17,12 @@ KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86" IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" - >=net-libs/libmnl-1.0.3:0= + >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.1.8:0= gmp? ( dev-libs/gmp:0= ) json? ( dev-libs/jansson ) python? ( ${PYTHON_DEPS} ) readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.6:0= xtables? ( >=net-firewall/iptables-1.6.1 ) " @@ -38,15 +36,9 @@ BDEPEND=" virtual/pkgconfig " -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -#S="${WORKDIR}/v${PV}" - -PATCHES=( - # this has been sent upstream, see - # https://marc.info/?l=netfilter-devel&m=158629102300853 - "${FILESDIR}/nftables-0.9.4-Allow-building-from-tarballs-without-yacc-lex.patch" -) +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) +" python_make() { emake \ @@ -54,7 +46,7 @@ python_make() { abs_builddir="${S}" \ DESTDIR="${D}" \ PYTHON_BIN="${PYTHON}" \ - ${@} + "${@}" } pkg_setup() { @@ -100,7 +92,7 @@ src_configure() { src_compile() { default - if use python ; then + if use python; then python_foreach_impl python_make fi } @@ -109,7 +101,7 @@ src_install() { default if ! use doc; then - pushd "${WORKDIR}/${P}-manpages" >/dev/null || die + pushd doc >/dev/null || die doman *.? popd >/dev/null || die fi @@ -119,7 +111,7 @@ src_install() { exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} keepdir /var/lib/nftables systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service @@ -148,11 +140,23 @@ pkg_postinst() { ewarn " 'chmod 600 \"${save_file}\"'" fi - elog "If you wish to enable the firewall rules on boot (on systemd) you" - elog "will need to enable the nftables-restore service." - elog " 'systemctl enable ${PN}-restore.service'" - elog - elog "If you are creating firewall rules before the next system restart " - elog "the nftables-restore service must be manually started in order to " - elog "save those rules on shutdown." + if has_version 'sys-apps/systemd'; then + elog "If you wish to enable the firewall rules on boot (on systemd) you" + elog "will need to enable the nftables-restore service." + elog " 'systemctl enable ${PN}-restore.service'" + elog + elog "If you are creating firewall rules before the next system restart" + elog "the nftables-restore service must be manually started in order to" + elog "save those rules on shutdown." + fi + if has_version 'sys-apps/openrc'; then + elog "If you wish to enable the firewall rules on boot (on openrc) you" + elog "will need to enable the nftables service." + elog " 'rc-update add ${PN} default'" + elog + elog "If you are creating or updating the firewall rules and wish to save" + elog "them to be loaded on the next restart, use the \"save\" functionality" + elog "in the init script." + elog " 'rc-service ${PN} save'" + fi } diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild index 989c4f467e91..1cc0dea3eb82 100644 --- a/net-firewall/nftables/nftables-9999.ebuild +++ b/net-firewall/nftables/nftables-9999.ebuild @@ -29,11 +29,11 @@ IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables" RDEPEND=" >=net-libs/libmnl-1.0.4:0= + >=net-libs/libnftnl-1.1.8:0= gmp? ( dev-libs/gmp:0= ) json? ( dev-libs/jansson ) python? ( ${PYTHON_DEPS} ) readline? ( sys-libs/readline:0= ) - >=net-libs/libnftnl-1.1.8:0= xtables? ( >=net-firewall/iptables-1.6.1 ) " @@ -122,7 +122,7 @@ src_install() { exeinto /usr/libexec/${PN} newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN} - newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN} + newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN} keepdir /var/lib/nftables systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service |