summaryrefslogtreecommitdiff
path: root/net-firewall
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
committerV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
commit4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
treeba5f07bf3f9d22d82e54a462313f5d244036c768 /net-firewall
reinit the tree, so we can have metadata
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/arno-iptables-firewall/Manifest8
-rw-r--r--net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild90
-rw-r--r--net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1f_rc1.ebuild92
-rw-r--r--net-firewall/arno-iptables-firewall/files/arno-iptables-firewall27
-rw-r--r--net-firewall/arno-iptables-firewall/metadata.xml15
-rw-r--r--net-firewall/arptables/Manifest11
-rw-r--r--net-firewall/arptables/arptables-0.0.3.4-r2.ebuild38
-rw-r--r--net-firewall/arptables/arptables-0.0.4.ebuild32
-rw-r--r--net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch24
-rw-r--r--net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch13
-rw-r--r--net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch12
-rw-r--r--net-firewall/arptables/files/arptables-0.0.3.4-type.patch17
-rw-r--r--net-firewall/arptables/metadata.xml11
-rw-r--r--net-firewall/conntrack-tools/Manifest11
-rw-r--r--net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild82
-rw-r--r--net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild82
-rw-r--r--net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild85
-rw-r--r--net-firewall/conntrack-tools/files/conntrackd.confd-r214
-rw-r--r--net-firewall/conntrack-tools/files/conntrackd.initd-r377
-rw-r--r--net-firewall/conntrack-tools/metadata.xml13
-rw-r--r--net-firewall/dshieldpy/Manifest5
-rw-r--r--net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild36
-rw-r--r--net-firewall/dshieldpy/metadata.xml8
-rw-r--r--net-firewall/ebtables/Manifest9
-rw-r--r--net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild69
-rw-r--r--net-firewall/ebtables/ebtables-2.0.10.4.ebuild63
-rw-r--r--net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff31
-rw-r--r--net-firewall/ebtables/files/ebtables.confd-r111
-rw-r--r--net-firewall/ebtables/files/ebtables.initd-r1101
-rw-r--r--net-firewall/ebtables/metadata.xml14
-rw-r--r--net-firewall/ferm/Manifest7
-rw-r--r--net-firewall/ferm/ferm-2.4.1.ebuild36
-rw-r--r--net-firewall/ferm/ferm-2.4.ebuild36
-rw-r--r--net-firewall/ferm/metadata.xml15
-rw-r--r--net-firewall/firehol/Manifest12
-rw-r--r--net-firewall/firehol/files/firehol.conf.d2
-rw-r--r--net-firewall/firehol/files/firehol.initrd66
-rw-r--r--net-firewall/firehol/files/fireqos.conf.d2
-rw-r--r--net-firewall/firehol/files/fireqos.initrd44
-rw-r--r--net-firewall/firehol/firehol-3.1.3-r1.ebuild64
-rw-r--r--net-firewall/firehol/firehol-3.1.3.ebuild61
-rw-r--r--net-firewall/firehol/firehol-3.1.4.ebuild64
-rw-r--r--net-firewall/firehol/metadata.xml16
-rw-r--r--net-firewall/firewalld/Manifest6
-rw-r--r--net-firewall/firewalld/files/firewalld.init12
-rw-r--r--net-firewall/firewalld/firewalld-0.4.3.3.ebuild108
-rw-r--r--net-firewall/firewalld/metadata.xml11
-rw-r--r--net-firewall/fwanalog/Manifest5
-rw-r--r--net-firewall/fwanalog/fwanalog-0.6.4.ebuild38
-rw-r--r--net-firewall/fwanalog/metadata.xml5
-rw-r--r--net-firewall/fwbuilder/Manifest12
-rw-r--r--net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch11
-rw-r--r--net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch11
-rw-r--r--net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch51
-rw-r--r--net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild52
-rw-r--r--net-firewall/fwbuilder/fwbuilder-5.3.6.ebuild45
-rw-r--r--net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild71
-rw-r--r--net-firewall/fwbuilder/metadata.xml16
-rw-r--r--net-firewall/fwipsec/Manifest5
-rw-r--r--net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild28
-rw-r--r--net-firewall/fwipsec/metadata.xml8
-rw-r--r--net-firewall/fwknop/Manifest9
-rw-r--r--net-firewall/fwknop/files/fwknopd.confd21
-rw-r--r--net-firewall/fwknop/files/fwknopd.init91
-rw-r--r--net-firewall/fwknop/files/fwknopd.service12
-rw-r--r--net-firewall/fwknop/files/fwknopd.tmpfiles.conf1
-rw-r--r--net-firewall/fwknop/fwknop-2.6.9-r1.ebuild138
-rw-r--r--net-firewall/fwknop/metadata.xml26
-rw-r--r--net-firewall/gshield/Manifest6
-rw-r--r--net-firewall/gshield/files/gshield.init26
-rw-r--r--net-firewall/gshield/gshield-2.8-r4.ebuild46
-rw-r--r--net-firewall/gshield/metadata.xml8
-rw-r--r--net-firewall/ipkungfu/Manifest10
-rw-r--r--net-firewall/ipkungfu/files/ipkungfu.init19
-rw-r--r--net-firewall/ipkungfu/files/ipkungfu_noiseless.patch24
-rw-r--r--net-firewall/ipkungfu/files/nat_ftp.patch11
-rw-r--r--net-firewall/ipkungfu/ipkungfu-0.5.2-r2.ebuild57
-rw-r--r--net-firewall/ipkungfu/ipkungfu-0.6.1-r1.ebuild46
-rw-r--r--net-firewall/ipkungfu/metadata.xml8
-rw-r--r--net-firewall/ipset/Manifest29
-rw-r--r--net-firewall/ipset/files/ipset.confd16
-rw-r--r--net-firewall/ipset/files/ipset.initd-r259
-rw-r--r--net-firewall/ipset/files/ipset.initd-r395
-rw-r--r--net-firewall/ipset/files/ipset.initd-r495
-rw-r--r--net-firewall/ipset/ipset-6.15.ebuild111
-rw-r--r--net-firewall/ipset/ipset-6.16.1.ebuild110
-rw-r--r--net-firewall/ipset/ipset-6.16.ebuild110
-rw-r--r--net-firewall/ipset/ipset-6.17.ebuild110
-rw-r--r--net-firewall/ipset/ipset-6.19.ebuild110
-rw-r--r--net-firewall/ipset/ipset-6.20.1.ebuild113
-rw-r--r--net-firewall/ipset/ipset-6.21.1.ebuild113
-rw-r--r--net-firewall/ipset/ipset-6.24.ebuild98
-rw-r--r--net-firewall/ipset/ipset-6.29.ebuild98
-rw-r--r--net-firewall/ipset/ipset-6.30.ebuild97
-rw-r--r--net-firewall/ipset/ipset-6.32.ebuild97
-rw-r--r--net-firewall/ipset/metadata.xml7
-rw-r--r--net-firewall/ipt_netflow/Manifest10
-rw-r--r--net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch10
-rw-r--r--net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch137
-rw-r--r--net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch63
-rw-r--r--net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch61
-rw-r--r--net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild96
-rw-r--r--net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild102
-rw-r--r--net-firewall/ipt_netflow/metadata.xml18
-rw-r--r--net-firewall/iptables/Manifest22
-rw-r--r--net-firewall/iptables/files/ip6tables-1.4.13.confd19
-rw-r--r--net-firewall/iptables/files/iptables-1.4.13-r1.init129
-rw-r--r--net-firewall/iptables/files/iptables-1.4.13.confd19
-rw-r--r--net-firewall/iptables/files/iptables-1.4.21-configure.patch34
-rw-r--r--net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch77
-rwxr-xr-xnet-firewall/iptables/files/iptables.init129
-rw-r--r--net-firewall/iptables/files/systemd/ip6tables-restore.service14
-rw-r--r--net-firewall/iptables/files/systemd/ip6tables-store.service11
-rw-r--r--net-firewall/iptables/files/systemd/ip6tables.service6
-rw-r--r--net-firewall/iptables/files/systemd/iptables-restore.service14
-rw-r--r--net-firewall/iptables/files/systemd/iptables-store.service11
-rw-r--r--net-firewall/iptables/files/systemd/iptables.service6
-rw-r--r--net-firewall/iptables/iptables-1.4.21-r1.ebuild93
-rw-r--r--net-firewall/iptables/iptables-1.4.21-r4.ebuild104
-rw-r--r--net-firewall/iptables/iptables-1.6.0-r1.ebuild112
-rw-r--r--net-firewall/iptables/iptables-1.6.1-r1.ebuild112
-rw-r--r--net-firewall/iptables/metadata.xml29
-rw-r--r--net-firewall/itval/Manifest5
-rw-r--r--net-firewall/itval/itval-1.2_p20121104.ebuild36
-rw-r--r--net-firewall/itval/metadata.xml11
-rw-r--r--net-firewall/lutelwall/Manifest6
-rw-r--r--net-firewall/lutelwall/files/lutelwall25
-rw-r--r--net-firewall/lutelwall/lutelwall-0.99.ebuild32
-rw-r--r--net-firewall/lutelwall/metadata.xml23
-rw-r--r--net-firewall/metadata.xml35
-rw-r--r--net-firewall/nfacct/Manifest7
-rw-r--r--net-firewall/nfacct/metadata.xml8
-rw-r--r--net-firewall/nfacct/nfacct-1.0.1.ebuild21
-rw-r--r--net-firewall/nfacct/nfacct-1.0.2.ebuild24
-rw-r--r--net-firewall/nftables/Manifest13
-rwxr-xr-xnet-firewall/nftables/files/libexec/nftables.sh149
-rw-r--r--net-firewall/nftables/files/nftables-0.5-pdf-doc.patch52
-rw-r--r--net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch14
-rw-r--r--net-firewall/nftables/files/nftables.confd19
-rw-r--r--net-firewall/nftables/files/nftables.init124
-rw-r--r--net-firewall/nftables/files/systemd/nftables-restore.service14
-rw-r--r--net-firewall/nftables/metadata.xml12
-rw-r--r--net-firewall/nftables/nftables-0.6-r4.ebuild87
-rw-r--r--net-firewall/nftables/nftables-0.7.ebuild82
-rw-r--r--net-firewall/nufw/Manifest12
-rw-r--r--net-firewall/nufw/files/nuauth-conf.d2
-rw-r--r--net-firewall/nufw/files/nuauth-init.d27
-rw-r--r--net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch103
-rw-r--r--net-firewall/nufw/files/nufw-2.2.22-var-run.patch45
-rw-r--r--net-firewall/nufw/files/nufw-conf.d2
-rw-r--r--net-firewall/nufw/files/nufw-init.d17
-rw-r--r--net-firewall/nufw/metadata.xml14
-rw-r--r--net-firewall/nufw/nufw-2.2.22-r1.ebuild102
-rw-r--r--net-firewall/nufw/nufw-2.2.22-r2.ebuild105
-rw-r--r--net-firewall/pftop/Manifest6
-rw-r--r--net-firewall/pftop/metadata.xml11
-rw-r--r--net-firewall/pftop/pftop-0.7-r2.ebuild49
-rw-r--r--net-firewall/pglinux/Manifest5
-rw-r--r--net-firewall/pglinux/metadata.xml21
-rw-r--r--net-firewall/pglinux/pglinux-2.3.1.ebuild103
-rw-r--r--net-firewall/psad/Manifest12
-rw-r--r--net-firewall/psad/files/psad-2.2.4-var-run.patch19
-rw-r--r--net-firewall/psad/metadata.xml8
-rw-r--r--net-firewall/psad/psad-2.2.5.ebuild89
-rw-r--r--net-firewall/psad/psad-2.4.3.ebuild90
-rw-r--r--net-firewall/psad/psad-2.4.4.ebuild93
-rw-r--r--net-firewall/psad/psad-2.4.5.ebuild93
-rw-r--r--net-firewall/quicktables/Manifest5
-rw-r--r--net-firewall/quicktables/metadata.xml5
-rw-r--r--net-firewall/quicktables/quicktables-2.3.ebuild18
-rw-r--r--net-firewall/rtsp-conntrack/Manifest5
-rw-r--r--net-firewall/rtsp-conntrack/metadata.xml8
-rw-r--r--net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild35
-rw-r--r--net-firewall/sanewall/Manifest7
-rw-r--r--net-firewall/sanewall/files/sanewall.confd5
-rw-r--r--net-firewall/sanewall/files/sanewall.initd56
-rw-r--r--net-firewall/sanewall/metadata.xml5
-rw-r--r--net-firewall/sanewall/sanewall-1.1.6-r2.ebuild56
-rw-r--r--net-firewall/shapecfg/Manifest7
-rw-r--r--net-firewall/shapecfg/files/README.shaper50
-rw-r--r--net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch15
-rw-r--r--net-firewall/shapecfg/metadata.xml8
-rw-r--r--net-firewall/shapecfg/shapecfg-36.ebuild34
-rw-r--r--net-firewall/shorewall/Manifest62
-rw-r--r--net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch30
-rw-r--r--net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch28
-rw-r--r--net-firewall/shorewall/files/shorewall-init.confd6
-rw-r--r--net-firewall/shorewall/files/shorewall-init.initd191
-rw-r--r--net-firewall/shorewall/files/shorewall-init.readme30
-rw-r--r--net-firewall/shorewall/files/shorewall-init.systemd18
-rw-r--r--net-firewall/shorewall/files/shorewall-lite.confd-r119
-rw-r--r--net-firewall/shorewall/files/shorewall-lite.initd-r290
-rw-r--r--net-firewall/shorewall/files/shorewall-lite.systemd20
-rw-r--r--net-firewall/shorewall/files/shorewall.confd-r119
-rw-r--r--net-firewall/shorewall/files/shorewall.initd-r2107
-rw-r--r--net-firewall/shorewall/files/shorewall.systemd20
-rw-r--r--net-firewall/shorewall/files/shorewall6-lite.confd-r119
-rw-r--r--net-firewall/shorewall/files/shorewall6-lite.initd-r192
-rw-r--r--net-firewall/shorewall/files/shorewall6-lite.systemd20
-rw-r--r--net-firewall/shorewall/files/shorewall6.confd-r119
-rw-r--r--net-firewall/shorewall/files/shorewall6.initd-r1117
-rw-r--r--net-firewall/shorewall/files/shorewall6.systemd20
-rw-r--r--net-firewall/shorewall/files/shorewallrc-r124
-rw-r--r--net-firewall/shorewall/metadata.xml36
-rw-r--r--net-firewall/shorewall/shorewall-5.1.5.2.ebuild456
-rw-r--r--net-firewall/shorewall/shorewall-5.1.6.1.ebuild456
-rw-r--r--net-firewall/shorewall/shorewall-5.1.7.1.ebuild456
-rw-r--r--net-firewall/shorewall/shorewall-5.1.7.2.ebuild456
-rw-r--r--net-firewall/shorewall/shorewall-5.1.7.ebuild456
-rw-r--r--net-firewall/ufw-frontends/Manifest7
-rw-r--r--net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy21
-rw-r--r--net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch61
-rw-r--r--net-firewall/ufw-frontends/metadata.xml22
-rw-r--r--net-firewall/ufw-frontends/ufw-frontends-0.3.2-r5.ebuild64
-rw-r--r--net-firewall/ufw/Manifest19
-rw-r--r--net-firewall/ufw/files/rsyslog/ufw.logrotate13
-rw-r--r--net-firewall/ufw/files/syslog-ng/syslog-ng.example13
-rw-r--r--net-firewall/ufw/files/syslog-ng/ufw.logrotate12
-rw-r--r--net-firewall/ufw/files/ufw-0.31.1-move-path.patch177
-rw-r--r--net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch46
-rw-r--r--net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch17
-rw-r--r--net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch15
-rw-r--r--net-firewall/ufw/files/ufw-0.35-bash-completion.patch17
-rw-r--r--net-firewall/ufw/files/ufw-0.35-move-path.patch179
-rw-r--r--net-firewall/ufw/files/ufw-2.initd136
-rw-r--r--net-firewall/ufw/files/ufw.confd5
-rw-r--r--net-firewall/ufw/files/ufw.service15
-rw-r--r--net-firewall/ufw/metadata.xml14
-rw-r--r--net-firewall/ufw/ufw-0.34_pre805-r2.ebuild185
-rw-r--r--net-firewall/ufw/ufw-0.35-r1.ebuild195
-rw-r--r--net-firewall/xtables-addons/Manifest5
-rw-r--r--net-firewall/xtables-addons/metadata.xml20
-rw-r--r--net-firewall/xtables-addons/xtables-addons-2.13.ebuild187
233 files changed, 12344 insertions, 0 deletions
diff --git a/net-firewall/arno-iptables-firewall/Manifest b/net-firewall/arno-iptables-firewall/Manifest
new file mode 100644
index 000000000000..e0631c966839
--- /dev/null
+++ b/net-firewall/arno-iptables-firewall/Manifest
@@ -0,0 +1,8 @@
+AUX arno-iptables-firewall 404 SHA256 01f07c4609b02d3efeb3e0f3eb1025ca767efd170d2102a7839776d57aff8470 SHA512 3491c556150ac4c39447f17cb48caa2542c42c632d960f604ccdd475cbec239b8fec8523606c146427e644a929b2c5522f3c21a47712fd67880ac3815d3ab983 WHIRLPOOL d9f5823f7e393eaa3721bdd7b0770225bdbbe68b4d83ffbee21b660502435c9dc714539f6225434814a60797bc6c5955dd5ca524b07b33cd939b404daca5bd2f
+DIST arno-iptables-firewall_2.0.1e.tar.gz 126238 SHA256 fa7b865e5d9b8e077cba73b2f28695a2fd691092a0a7f9e1c16ee369fc27fe43 SHA512 244b3bbf08b2d97128908aece487388bb71ced002cc129885144f4eacf9cf6053c9eb1225a1cd33fdefc502f1e6822a85710d35a7884e99cfde35d34f3fd4f70 WHIRLPOOL f6c1b5ade8b4acdcc4c8e90e19a84335c3932d2a58bbba2221a91b7cbd228c4d6072af6e21836314d86ef005780b47c5ce85198219b345116af529178e2133c1
+DIST arno-iptables-firewall_2.0.1f-rc1.tar.gz 129834 SHA256 84f3e96bb85dbcad2916922d537aa0f188df59ece7ea9d9c0f669468938713e0 SHA512 cf7c2f97e74e01be48a8206be3116156740dfd2022df957651b587de1492157363249c067a778209c1e239f53c30426c32e6b1f901949c37ab2b5d690542d620 WHIRLPOOL 969e09b206cf1e132e93151461297fdb3b40ba849b4b4c9ff9e2ef8095526e4e8340b348e2bc97cfe9838b7de3f42cb1acae7c21d6261dcab5392e26ba81afc4
+EBUILD arno-iptables-firewall-2.0.1e.ebuild 2345 SHA256 7e600bd1113962306d859d13783e9c0e1582c99f5c056431e88ce8240abb6d23 SHA512 9392101cb729e11ed1aaa688b96489241cfe4d9e08038b787a6793f292ca9f2c5fe0c03e93f87a6f8c1bac9ef191bb92ca28a41598165762ee9a0ad20263033b WHIRLPOOL fac7ed2a4974003e2febb9fa34540a9017ba90883f4140dccaa8e19a63e920f6a3f20fb931eb08dfbcee275068d69cfac9d432fe86afc47e2538b7a539d0581e
+EBUILD arno-iptables-firewall-2.0.1f_rc1.ebuild 2382 SHA256 db684215795e22c26e4fb8325a75e251d1b183eb0f30cccd0ed8d42b9e24453a SHA512 ffa821cda34330f02d5973d40959def681690afcb5c8f0f3352459bf3a35027ff8c1528cda612bef66d9f9b471c121721d47182aca8f5aaeb9333be44a299240 WHIRLPOOL aad21b976f28e9977fb0bb0585370b6fcaf7124aa5290b9f9846a2d574b5d78c890306302bff8d7c781ea0d2081480d80cc0da96f48b06903320d10c3eddf05e
+MISC ChangeLog 3738 SHA256 947a905c567c2c50745ac2eb9c378a783c6decbfa4df7786fe7a0cc869d42e76 SHA512 1bbb1d3bae3c2999e1885df3f794ef02b6b0c9202e76c8c332536b1b6cd6fd6154fc16436c640eef27380f8511099820adaab4813b674d006e8b934f3e22bc0b WHIRLPOOL 25603cbad72eb1200824b4ad38d71943b1183bf91b6a630f95960bd635b8ce55edfcbeb315d8f91841879bef51d571aa24dbc179c23cb57aaf903fc0f39e54e8
+MISC ChangeLog-2015 3027 SHA256 03a97849c92cbddd77ca2d61d5692685fd617844d888c5d974262c1333e5e3ac SHA512 135c97f3f8860ba52ac35b2f4d9a3c5101661ca6f9612222747a8f517cb42e190a4ef498835928f85d1b81b3762cbffa4b6ed2f87fc16432a457a1da3a5cdee6 WHIRLPOOL b9594525173419640948b75900726dab052bbff0e10c8e57002a6e98aba5a988921c2d8c11e92e64e7a9a5f030bcf99b2c6f1aaa30d510dd6508abb9afb855d4
+MISC metadata.xml 423 SHA256 42e239edd5085c07bbea7adc06f774a8f94c412410198ebe1bf66828f1ec8737 SHA512 4d3402711020fd7ddecf5eae405bf4f72246347ea887f2f803c317c8b2d94ff830f68cf39e97526522f2d30845d95319e117efd49f06f685c046d0752c67546a WHIRLPOOL 29d07382af50d5fc0cfedcfa7515d899fd2f5b82faaf600c72d97567eae862f9241da364f0e4a738a415db4f5103debfbadd3f0c1ac094ad79563a4999ef3a3d
diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild
new file mode 100644
index 000000000000..4d1cd0080b77
--- /dev/null
+++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+inherit readme.gentoo systemd
+
+DESCRIPTION="Arno's iptables firewall script"
+HOMEPAGE="http://rocky.eld.leidenuniv.nl"
+SRC_URI="http://rocky.eld.leidenuniv.nl/${PN}/${PN}_${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="+plugins"
+
+# sys-apps/coreutils dependency wrt
+# https://bugs.gentoo.org/show_bug.cgi?id=448716
+
+DEPEND=""
+RDEPEND="net-firewall/iptables
+ || ( <sys-apps/coreutils-8.20 >sys-apps/coreutils-8.20-r1 )
+ sys-apps/iproute2
+ plugins? ( net-dns/bind-tools )"
+
+S="${WORKDIR}/${PN}_${PV}"
+
+DISABLE_AUTOFORMATTING="yes"
+DOC_CONTENTS="You will need to configure /etc/${PN}/firewall.conf
+before using this package. To start the script, run:
+
+/etc/init.d/${PN} start (for OpenRC)
+systemctl start ${PN} (for systemd)
+
+If you want to start this script at boot, run:
+
+rc-update add ${PN} default (for OpenRC)
+systemctl enable ${PN} (for systemd)"
+
+src_prepare() {
+ sed -i -e 's:/usr/local/share/:/usr/libexec/:' \
+ etc/"${PN}"/firewall.conf || die "Sed failed!"
+ sed -i -e 's:/usr/local/sbin/:/usr/sbin/:' \
+ lib/systemd/system/"${PN}.service" || die "Sed failed!"
+}
+
+src_install() {
+ insinto /etc/"${PN}"
+ doins etc/"${PN}"/firewall.conf
+ doins etc/"${PN}"/custom-rules
+
+ doinitd "${FILESDIR}/${PN}"
+ systemd_dounit lib/systemd/system/"${PN}.service"
+
+ dobin bin/arno-fwfilter
+ dosbin bin/"${PN}"
+
+ insinto /usr/libexec/"${PN}"
+ doins share/"${PN}"/environment
+
+ dodoc CHANGELOG README
+ readme.gentoo_create_doc
+
+ if use plugins
+ then
+ insinto /etc/"${PN}"/plugins
+ doins etc/"${PN}"/plugins/*
+
+ insinto /usr/libexec/"${PN}"/plugins
+ doins share/"${PN}"/plugins/*.plugin
+
+ exeinto /usr/libexec/"${PN}"/plugins
+ doexe share/"${PN}"/plugins/dyndns-host-open-helper
+ doexe share/"${PN}"/plugins/traffic-accounting-helper
+ doexe share/"${PN}"/plugins/traffic-accounting-log-rotate
+ doexe share/"${PN}"/plugins/traffic-accounting-show
+
+ docinto plugins
+ dodoc share/"${PN}"/plugins/*.CHANGELOG
+ fi
+
+ doman share/man/man1/arno-fwfilter.1 \
+ share/man/man8/"${PN}".8
+}
+
+pkg_postinst () {
+ ewarn "When you stop this script, all firewall rules are flushed!"
+ ewarn "Make sure to not use multiple firewall scripts simultaneously"
+ ewarn "unless you know what you are doing!"
+ readme.gentoo_print_elog
+}
diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1f_rc1.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1f_rc1.ebuild
new file mode 100644
index 000000000000..6ed34cb59a3b
--- /dev/null
+++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1f_rc1.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+inherit readme.gentoo systemd versionator
+
+DESCRIPTION="Arno's iptables firewall script"
+HOMEPAGE="http://rocky.eld.leidenuniv.nl"
+
+MY_PV=$(replace_version_separator 3 -)
+SRC_URI="http://rocky.eld.leidenuniv.nl/${PN}/${PN}_${MY_PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+plugins"
+
+# sys-apps/coreutils dependency wrt
+# https://bugs.gentoo.org/show_bug.cgi?id=448716
+
+DEPEND=""
+RDEPEND="net-firewall/iptables
+ >sys-apps/coreutils-8.20-r1
+ sys-apps/iproute2
+ plugins? ( net-dns/bind-tools )"
+
+S="${WORKDIR}/${PN}_${MY_PV/rc/RC}"
+
+DISABLE_AUTOFORMATTING="yes"
+DOC_CONTENTS="You will need to configure /etc/${PN}/firewall.conf
+before using this package. To start the script, run:
+
+/etc/init.d/${PN} start (for OpenRC)
+systemctl start ${PN} (for systemd)
+
+If you want to start this script at boot, run:
+
+rc-update add ${PN} default (for OpenRC)
+systemctl enable ${PN} (for systemd)"
+
+src_prepare() {
+ sed -i -e 's:/usr/local/share/:/usr/libexec/:' \
+ etc/"${PN}"/firewall.conf || die "Sed failed!"
+ sed -i -e 's:/usr/local/sbin/:/usr/sbin/:' \
+ lib/systemd/system/"${PN}.service" || die "Sed failed!"
+}
+
+src_install() {
+ insinto /etc/"${PN}"
+ doins etc/"${PN}"/firewall.conf
+ doins etc/"${PN}"/custom-rules
+
+ doinitd "${FILESDIR}/${PN}"
+ systemd_dounit lib/systemd/system/"${PN}.service"
+
+ dobin bin/arno-fwfilter
+ dosbin bin/"${PN}"
+
+ insinto /usr/libexec/"${PN}"
+ doins share/"${PN}"/environment
+
+ dodoc CHANGELOG README
+ readme.gentoo_create_doc
+
+ if use plugins
+ then
+ insinto /etc/"${PN}"/plugins
+ doins etc/"${PN}"/plugins/*
+
+ insinto /usr/libexec/"${PN}"/plugins
+ doins share/"${PN}"/plugins/*.plugin
+
+ exeinto /usr/libexec/"${PN}"/plugins
+ doexe share/"${PN}"/plugins/dyndns-host-open-helper
+ doexe share/"${PN}"/plugins/traffic-accounting-helper
+ doexe share/"${PN}"/plugins/traffic-accounting-log-rotate
+ doexe share/"${PN}"/plugins/traffic-accounting-show
+
+ docinto plugins
+ dodoc share/"${PN}"/plugins/*.CHANGELOG
+ fi
+
+ doman share/man/man1/arno-fwfilter.1 \
+ share/man/man8/"${PN}".8
+}
+
+pkg_postinst () {
+ ewarn "When you stop this script, all firewall rules are flushed!"
+ ewarn "Make sure to not use multiple firewall scripts simultaneously"
+ ewarn "unless you know what you are doing!"
+ readme.gentoo_print_elog
+}
diff --git a/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall
new file mode 100644
index 000000000000..40e32a9d8de0
--- /dev/null
+++ b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall
@@ -0,0 +1,27 @@
+#!/sbin/openrc-run
+command=/usr/sbin/arno-iptables-firewall
+description="Single- & multi-homed firewall script with DSL/ADSL support"
+
+extra_started_commands="reload"
+description_reload="Reload blocked hosts (blackhole) file"
+
+depend() {
+ before net
+ use logger
+}
+
+start() {
+ ${command} start
+}
+
+stop() {
+ ${command} stop
+}
+
+restart() {
+ ${command} restart
+}
+
+reload() {
+ ${command} force-reload
+}
diff --git a/net-firewall/arno-iptables-firewall/metadata.xml b/net-firewall/arno-iptables-firewall/metadata.xml
new file mode 100644
index 000000000000..46b4fd2b7b23
--- /dev/null
+++ b/net-firewall/arno-iptables-firewall/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="person">
+ <email>erkiferenc@gmail.com</email>
+ <name>Ferenc Erki</name>
+</maintainer>
+<maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+</maintainer>
+<use>
+ <flag name="plugins">Install optional plugins</flag>
+</use>
+</pkgmetadata>
diff --git a/net-firewall/arptables/Manifest b/net-firewall/arptables/Manifest
new file mode 100644
index 000000000000..fe38f4fa663e
--- /dev/null
+++ b/net-firewall/arptables/Manifest
@@ -0,0 +1,11 @@
+AUX arptables-0.0.3.4-arptables_save.patch 893 SHA256 af4559f04a3bbf4f5d40237658871e3cc2f57a6a6ccfdc9d995aa3a0db358770 SHA512 eb0c76d754a5370ab5967e4fcc3544d9dd72f16692c50a399177da57600eb28d4fe9bed5f510b6f23f18db3775433b399b09c679275b93c3fbabc77d81f550b1 WHIRLPOOL 8c19705b95749de2f85b0b6a31677e764162b0ea68ef1f64173009cec642c7a6dcd90507652ab8084d58659ad8815400be55a4f5b419b3e7b0c8ca383fbdc4c7
+AUX arptables-0.0.3.4-ldflags.patch 372 SHA256 76a224ca0c93722f299e5309d708fd69a253edf496c1bfc87be6a55c6d61a55f SHA512 7620d7f16c0a2d25070f32222935db49d2a8fd675612af72b5bea18a6b0db42cf30f4a854f2f5c2f1185e1fd5f7780ddd3e2d7d4eb335ddf24a53318f490bd06 WHIRLPOOL a3fb169227cb73dcf354ef5127e2d26ea50850eb7f9fb610b914954c28a1a1fce12566ff794a30a4b1b44550c26ea1fd9e7a3aee17c41f0e586ee7c445cd1456
+AUX arptables-0.0.3.4-manpage.patch 447 SHA256 b4d9014f2c1619dfb23e7d992b94ca94ff3e7d34a1e044d978a79c0d65e39c25 SHA512 72860d0f7b33e42bdfe1470399391eb64a3d5543b6b071aab1c9c428f7e56e7a0f115d82c1f5a57f5d324a13b1d58a23adc8a656a8c4f1d4a71a5d0810b5802f WHIRLPOOL 9b4c49e63b38f9d123e74957c365023edddd93f22dae181ba379785795f24293f0a827d8df65b089536ec1b65950d87f176b009a78100aeeb4600eb55ebbf153
+AUX arptables-0.0.3.4-type.patch 935 SHA256 70c48ecef90b4509859c8e200f5155a9335325be04b00aadc962c74fe73b3817 SHA512 4e87cac250cf6b23c54bf9d6b09360300e803cbb76ebb30d166525a6a1069b67eddb46e73d21be18926b2222386a5fee4ef249dff2fba9b03e1b40c2e64681ae WHIRLPOOL 0af3a2d1818a0dc0d9c979b93a413b2c3b7476cf742c99059a01f9059822e0d88b6b590a037eeeb980a403b5fd1a31defe5e5583acec0df9dc450269552c1b16
+DIST arptables-v0.0.3-4.tar.gz 44335 SHA256 e529fd465c67d69ad335299a043516e6b38cdcd337a5ed21718413e96073f928 SHA512 a566b6df5c4b22c9c15d22c3801763e640f15b76043123c4ca8db1cc753a20a99b8b7b6dae2f0d9277cc6c49bcb269ba481958bcff3f6a516c7c9d8b553d35b5 WHIRLPOOL a045489531c2eec53cc57b18639291d38fa443a9b4e4539e096fa2afbaaa8585bfa387c4759e0a02d407d76ef0ed87f602b4f847edd49d3be9c1113264e69996
+DIST arptables-v0.0.4.tar.gz 45380 SHA256 277985e29ecd93bd759a58242cad0e02ba9d4a6e1b7795235e3b507661bc0049 SHA512 bd84e93ab5e0a038753aa17dae9e1f48364f2d2b1492dce2edac117e21edd5aa912be7b9e21bf4fb3698031d2f765a75fa067fe10ce20a1c8951ae7efcc5dbbd WHIRLPOOL 6209b2837e22fa1a3ef9d8d090210a8dda7b6199ec58cbdd565e646f24eb499ae4e3d36175e3ed215eb47783f33ae4a02a50e0b7df5aec78a82a6b5e2c7b1660
+EBUILD arptables-0.0.3.4-r2.ebuild 1013 SHA256 bc2e74dd27192a6c73cb9adb49a8cbbe1d4d66c72ea9d282cfd655e63c2d127c SHA512 8855aa2f610f8bdd5931cd0c6a8a78fffc711b49a8eaf34d65a47e4cae6b2a6cd50f94dc727a7cd5e700e56768192811aa42d2e399f17e0f8e1f61b93d37d83d WHIRLPOOL 4f68dff85b1c31a5021e2075bf738b7aa2bc50d53d441cf87f2d86dc72a5e665646d2fc25375d311046dd8bb78ab49326ad8c42526d3a70ef6e97953d6270f82
+EBUILD arptables-0.0.4.ebuild 770 SHA256 a7817f3d182f579c823de6152f5e9a46ed50a0f3af45ec747a1a394fd0ac0893 SHA512 d30b3fe8d8efd0ac7acf386817a472a8f5434d31d818fa2272e550cfedf348bc4b6b734ea537d1716ca1da9ea2eecc8778d049df6fe9573594bb1f0371d24cd2 WHIRLPOOL 6f6ea9fb68860c9c821fea3e1b8f196a5c486e713dae2fa3b8caa79955539b4a3f7f64ac492d3f7e50a8ee962fe57a559f4355b83fc657f294df6fbdb571fbd5
+MISC ChangeLog 2617 SHA256 11dc26f82e0690b27eb457a84a0aa60e25a6c358c826c5d5b401a772360f5a5d SHA512 94fd1e1deea6d9a19c1ed856ee46718abe743360ce0595ea3ca09cba56a06202a0aad6d0c9c6b0b36562143a170c7b4f515a4328a00676c0e979f8bda49da0f5 WHIRLPOOL 5bbf3edea7693537aaa02ca83b334e2cf0733cb28ea82990993cea48827f84f113b8793f3861d8a52c386c80af90cee57886fd5f687101111bf1430dcb5ad89c
+MISC ChangeLog-2015 3523 SHA256 05c93ef906e3b5485c2e416fec98c37e2dda8cc392373c2ccdbc912b0b7a78a5 SHA512 ba6f3b72b12b341c66b4c19e36fad78eea446bf43e9d3737eca36543cfa80c75cc8ada52090a9ed64a91bdb439ad7c85f5cb19fb2cf7ef203546457dce3baa75 WHIRLPOOL 1b9ab576b1534481a8bb3fd399d70e8dd5aea6aaecdf69570366497b3f7aad40c87d2756d430acd67fd256da3fbd0bbed4601f44b171b16b2bbc96c4bb253b71
+MISC metadata.xml 335 SHA256 7097ea8c5b1135b54ae115ec813e4baf4aa5b58b3d4a1253a2df8504654e5c22 SHA512 840c9d22c1e29b4ddfd6b230e293766fb4b6d5cefc9a5839765629fa33adbddbaa3157d12be851e458030406af95c8e3356577fd20c0f876b43153e89ae298df WHIRLPOOL 8bfa066aae800d9ebb86159939ee88e977f689d6e4ec2249fe7bbdf5563203f3b709e3fce7e7eb0aba8add9811e4a54be198dc9472b0be47bb6f0a127bfc519a
diff --git a/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild b/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild
new file mode 100644
index 000000000000..14b31b9b2647
--- /dev/null
+++ b/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="2"
+inherit versionator eutils
+
+MY_P=${PN}-v$(replace_version_separator 3 - )
+
+DESCRIPTION="set up, maintain, and inspect the tables of ARP rules in the Linux kernel"
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="mirror://sourceforge/ebtables/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ppc x86"
+IUSE=""
+
+S=${WORKDIR}/${MY_P}
+
+src_prepare() {
+ epatch "${FILESDIR}/${P}-ldflags.patch"
+ epatch "${FILESDIR}/${P}-arptables_save.patch"
+ epatch "${FILESDIR}/${P}-manpage.patch"
+ epatch "${FILESDIR}/${P}-type.patch"
+}
+
+src_compile() {
+ # -O0 does not work and at least -O2 is required, bug #240752
+ emake CC="$(tc-getCC)" COPT_FLAGS="-O2 ${CFLAGS//-O0/-O2}" || die "make failed"
+ sed -ie 's:__EXEC_PATH__:/sbin:g' arptables-save arptables-restore \
+ || die "sed failed"
+}
+
+src_install() {
+ into /
+ dosbin arptables arptables-restore arptables-save || die
+ doman arptables.8 || die
+}
diff --git a/net-firewall/arptables/arptables-0.0.4.ebuild b/net-firewall/arptables/arptables-0.0.4.ebuild
new file mode 100644
index 000000000000..23c063983b07
--- /dev/null
+++ b/net-firewall/arptables/arptables-0.0.4.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit toolchain-funcs
+
+MY_P="${PN}-v${PV}"
+
+DESCRIPTION="set up, maintain, and inspect the tables of ARP rules in the Linux kernel"
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+S="${WORKDIR}/${MY_P}"
+
+src_compile() {
+ # -O0 does not work and at least -O2 is required, bug #240752
+ emake CC="$(tc-getCC)" COPT_FLAGS="-O2 ${CFLAGS//-O0/-O2}"
+ sed -ie 's:__EXEC_PATH__:/sbin:g' arptables-save arptables-restore \
+ || die "sed failed"
+}
+
+src_install() {
+ into /
+ dosbin arptables arptables-restore arptables-save
+ doman arptables.8
+}
diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch b/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch
new file mode 100644
index 000000000000..a1b60b24ea10
--- /dev/null
+++ b/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch
@@ -0,0 +1,24 @@
+# Don't resolve host names and don't convert '*' interface names to any.
+# Remove '*' interface names.
+
+diff -urNad arptables-0.0.3.3~/arptables-save arptables-0.0.3.3/arptables-save
+--- arptables-0.0.3.3~/arptables-save 2009-08-19 14:17:17.000000000 +0200
++++ arptables-0.0.3.3/arptables-save 2009-08-19 14:19:58.000000000 +0200
+@@ -35,6 +35,8 @@
+ # Due to arptables "issues" with displaying device names
+ # we need to use -v and then do some processing
+ $line =~ s/\s,\s.*//;
++ $line =~ s/-i\s\*//;
++ $line =~ s/-o\s\*//;
+ $rules = $rules . "-A $chain $line\n";
+ }
+
+@@ -47,7 +49,7 @@
+ # ========================================================
+
+ unless (-x "$tool") { print "ERROR: Tool $tool isn't executable"; exit -1; };
+-$table =`$tool -t filter -L -v`;
++$table =`$tool -t filter -L -v -n`;
+ unless ($? == 0) { print $table; exit -1 };
+ &process_table($table);
+
diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch b/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch
new file mode 100644
index 000000000000..b5ced69c504b
--- /dev/null
+++ b/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch
@@ -0,0 +1,13 @@
+=== modified file 'Makefile'
+--- Makefile 2010-09-15 11:51:49 +0000
++++ Makefile 2010-09-15 11:52:56 +0000
+@@ -31,7 +31,7 @@
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+ arptables: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS)
+- $(CC) $(CFLAGS) -o $@ $^
++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
+
+ $(DESTDIR)$(MANDIR)/man8/arptables.8: arptables.8
+ mkdir -p $(@D)
+
diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch b/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch
new file mode 100644
index 000000000000..76295b6d9b5c
--- /dev/null
+++ b/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch
@@ -0,0 +1,12 @@
+diff -urNad arptables-0.0.3.3~/arptables.8 arptables-0.0.3.3/arptables.8
+--- arptables-0.0.3.3~/arptables.8 2007-08-19 15:04:51.000000000 +0200
++++ arptables-0.0.3.3/arptables.8 2008-05-08 18:56:35.000000000 +0200
+@@ -22,7 +22,7 @@
+ .\"
+ .\"
+ .SH NAME
+-arptables (v.0.0.3-3) \- ARP table administration
++arptables \- ARP table administration
+ .SH SYNOPSIS
+ .BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ]
+ .br
diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-type.patch b/net-firewall/arptables/files/arptables-0.0.3.4-type.patch
new file mode 100644
index 000000000000..851bf0ee247f
--- /dev/null
+++ b/net-firewall/arptables/files/arptables-0.0.3.4-type.patch
@@ -0,0 +1,17 @@
+# Patch from Jeroen van Wolffelaar <jeroen@wolffelaar.nl> to make
+# arptables --proto-type also accept hexadecimal inputs (ethernet protocol
+# numbers are often specfied in hex, not decimal), using standard strtol()
+# behaviour (hex iff starts with 0x).
+
+diff -urNad arptables-0.0.3.3~/arptables.c arptables-0.0.3.3/arptables.c
+--- arptables-0.0.3.3~/arptables.c 2007-08-19 15:04:51.000000000 +0200
++++ arptables-0.0.3.3/arptables.c 2008-05-08 19:16:43.000000000 +0200
+@@ -2039,7 +2039,7 @@
+ check_inverse(optarg, &invert, &optind, argc);
+ set_option(&options, OPT_P_TYPE, &fw.arp.invflags,
+ invert);
+- if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 10)) {
++ if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 0)) {
+ if (strcasecmp(argv[optind-1], "ipv4"))
+ exit_error(PARAMETER_PROBLEM, "Problem with specified protocol type");
+ fw.arp.arpro = htons(0x800);
diff --git a/net-firewall/arptables/metadata.xml b/net-firewall/arptables/metadata.xml
new file mode 100644
index 000000000000..808e7b5d8e83
--- /dev/null
+++ b/net-firewall/arptables/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">ebtables</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/conntrack-tools/Manifest b/net-firewall/conntrack-tools/Manifest
new file mode 100644
index 000000000000..b1acd4345ee3
--- /dev/null
+++ b/net-firewall/conntrack-tools/Manifest
@@ -0,0 +1,11 @@
+AUX conntrackd.confd-r2 441 SHA256 355f91c830f82343a058060e5dd060f72a940471f43c970d46a5ea63c40987c0 SHA512 3d72d56d44094593f6ff1eac421fe6a4f0d20450ce698c175adf1b18a859b1a24c7120fa60431b2a00da62ae3749c4619106c8e93fb8fc763ceefc26a82d2ed2 WHIRLPOOL d583647cca267234ef942a27159203317391c990b997a139c9251b43788fbcc1284d5e6cf8f15570dc4803d7dae7283a8bc6d4c9ffc76a4710b0de784c3a69ad
+AUX conntrackd.initd-r3 2238 SHA256 cd271cebad9a0111d091ada71f60118d6e22fd5b0b3c0bf8b5be3aacf5797e48 SHA512 445c19ad42e92136e9dfd6b7885334075e72971b73ff7178c6bf16a31e0c037f17d9d039394fa8002f0ad5182a353f7c803d3f900e8873b671eecca94ced78fe WHIRLPOOL c3700e30e522d90ef8319728c1968d9c5d8726b759558ed4e71569c1f8e1e18d4744781e3f4d268f9bc895a404c9a261ecca46d68bbfee1ed0c1fad8df8eb024
+DIST conntrack-tools-1.4.2.tar.bz2 472074 SHA256 e5c423dc077f9ca8767eaa6cf40446943905711c6a8fe27f9cc1977d4d6aa11e SHA512 1fed742593caf8bbac96a58df8f7e806d1c0f1dfea8fc601d65aa89b4243b1022949a2bf03ab0ca25994a13e50b3b1ee43a31827e0dc4da1399801ddac623d56 WHIRLPOOL 7405e8b812c98c06bdcdbfea983178f5830001cf247b9a63aac6e19e2497b1bf2bdf8c7c6445dad60f5463eff6cc0ea58d14eca2990b2b3b3f54032daca85572
+DIST conntrack-tools-1.4.3.tar.bz2 487111 SHA256 af3ccc60356cfedf941065fdaaf9cd5e51f3df7484f56858af37106feecf3f57 SHA512 be76a0ddb7470249c58ceab72cb94ffc05f5cc6d740a0755c9c782e948b4234eb1da4f7c7df1f14e4125cca9f12f3b4d2dcd444fe011941952aa3eeb13cb72c3 WHIRLPOOL df6a48e64a79f451b31b3d359fe1657fe68cb2c6cfcc16021dc85c506b81f8375acd8b282bde9e5323beed8008fcead7cad11d1cf6fb465240fbaa0933ae1058
+DIST conntrack-tools-1.4.4.tar.bz2 1010504 SHA256 b7caf4fcc4c03575df57d25e5216584d597fd916c891f191dac616ce68bdba6c SHA512 f53bd620bfd4e854e792416527a3090d883c5f00d1d8365e52ce3ba204218dc431490703985d3fdae44decbcddb24ed610bf81a6a99bd7ea01482f95f71df0f5 WHIRLPOOL ba7c6a917e92651c2fbd23f5839bd42c9ee45dfb1bb12a0949e5610fb72ef5d1aceae0d191604574eee789301576c61b2177b9d1cb5e826f657fe2634f3f99b1
+EBUILD conntrack-tools-1.4.2.ebuild 1938 SHA256 da6e262b2f91ee35e2b6f5231499f4460e8019cce9aaeadf67758eed9205b9b5 SHA512 b7bc4438561d199cba668ebc1ef691ea0a7d737cee8beeeed1c703d479d9161da68f6b2125b9555decda6dd9271955f4c146ff002a3c53a5263db9f7a5a95695 WHIRLPOOL 1c02cf2cace3ee2e30e3f1c0627eddd0a28fda75da59c9fab6590ef36f206deb4006cc88dc6b0f04cdc199a11a988147d7debbd25a662a3fcc1860976adb998c
+EBUILD conntrack-tools-1.4.3.ebuild 1935 SHA256 d793d340a15d5f993b3d7ba10299bfa22f62ce7073b4f4f7eaade156e0bfc060 SHA512 80fa97972a0dce17a5c08bae77123ac0931115cc3d36414c3cb959fbe9edba6ee33a659fdf5c83a6f4c8dfeef94584059adce56955040c56ae958c00a31ef448 WHIRLPOOL 6f27859600c680bd87e015b408e23da8559d5d476a8aa4c71e57ba296ff1ac0d603499a2b3e05018c37d27b77f51d88792ef4bc7924c4b848cef9ed61b11b5c9
+EBUILD conntrack-tools-1.4.4.ebuild 1900 SHA256 e1a22bf9e2e2f24c7b3a2f3b0ed805dc232bc340a193e0474cc5417839c1a5fa SHA512 1b009478cd4a93a1aedaab452c947c6c76e0d18cbdbdccef72e995bc7217066883c98c7232fe76a9946b87f8dbb595eef33aba5e21230d22a1c9268171896d83 WHIRLPOOL 8721e444e796145e8dcf131c07d3f42ae859670a67afc667366496c6ea4b4be983fe2ec32831ede286c0d1e5b3b721a74ddb6da32bcada6592d8b78153b9d1a9
+MISC ChangeLog 3183 SHA256 c777c2b67199bb522e9b10e54d506d48d74b5c07dbdde24586598cedeee33a70 SHA512 3b0de1360e830cf5c54efc06fdc814d58c79d05a9e709a7b8f5a251e1446cdc3fcc92aee5a11bab29f7a80984f651184b411c4297e7a6322173f484d977eb392 WHIRLPOOL 77625a82d74a7ea07014a8686425acecb20ac0dd184b1b23b0c27f74ea950237531e8d5818ba31e25068ed1bf687492a6a92b79b5f9a1f6af37d609800565b9b
+MISC ChangeLog-2015 11264 SHA256 f3873bea101ceea13c3eeadc8aa97feecacb9ffcff9592f703848a314a58c60c SHA512 116e47437dd346ff680bb0a555444115d4aeb23eda0d01c625dee69cfcea6170cf9de2c6a653096e0ddca9f01660b449ce28dd351d20c6ff3a01c11ec75c305a WHIRLPOOL 241401bf7fe4ff1b192273d74650f15ed3ec76c78feacda504def80d48ee7a0d348ef575b89f622c561db160c196e03690a3bad7eb3ee774b09e35b58afb8821
+MISC metadata.xml 481 SHA256 6b661f627a957ab2e3872c728ccad7da40b22879ba97e508494ddc3479ed9879 SHA512 155c9d013b08eac1798c429411aecfc64c7e2f2cf50a3389fc6c30a5805b36bd85b6914f7e7cd4d14cb5d9d8e762db502200fd4b77322ccffd7641fd465a2273 WHIRLPOOL 314fd96d97a7e9527937f5c62e046ed0df7506e69874d32eeb66f27275e02b2f9c53629e3b81a512b82888530b7b1aaadfc57f4767cf2e6aa039318a33e97b86
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild
new file mode 100644
index 000000000000..0e602a00e305
--- /dev/null
+++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+inherit autotools eutils linux-info
+
+DESCRIPTION="Connection tracking userspace tools"
+HOMEPAGE="http://conntrack-tools.netfilter.org"
+SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 hppa x86"
+IUSE="doc"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.3
+ >=net-libs/libnetfilter_conntrack-1.0.4
+ >=net-libs/libnetfilter_cthelper-1.0.0
+ >=net-libs/libnetfilter_cttimeout-1.0.0
+ >=net-libs/libnetfilter_queue-1.0.2
+ >=net-libs/libnfnetlink-1.0.1
+"
+DEPEND="${RDEPEND}
+ doc? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )
+ virtual/pkgconfig
+ sys-devel/bison
+ sys-devel/flex"
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ if kernel_is lt 2 6 18 ; then
+ die "${PN} requires at least 2.6.18 kernel version"
+ fi
+
+ #netfilter core team has changed some option names with kernel 2.6.20
+ if kernel_is lt 2 6 20 ; then
+ CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
+ else
+ CONFIG_CHECK="~NF_CT_NETLINK"
+ fi
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
+ ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
+
+ check_extra_config
+
+ linux_config_exists || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
+ ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
+ "are not set when one at least should be."
+}
+
+src_prepare() {
+ # bug #474858
+ sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed'
+
+ epatch_user
+ eautoreconf
+}
+
+src_compile() {
+ default
+ use doc && emake -C doc/manual
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
+ newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
+
+ insinto /etc/conntrackd
+ doins doc/stats/conntrackd.conf
+
+ dodoc -r doc/sync doc/stats AUTHORS TODO
+ use doc && dohtml doc/manual/${PN}.html
+}
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild
new file mode 100644
index 000000000000..fccdde6b3e3c
--- /dev/null
+++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+inherit autotools eutils linux-info
+
+DESCRIPTION="Connection tracking userspace tools"
+HOMEPAGE="http://conntrack-tools.netfilter.org"
+SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~x86"
+IUSE="doc"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.3
+ >=net-libs/libnetfilter_conntrack-1.0.4
+ >=net-libs/libnetfilter_cthelper-1.0.0
+ >=net-libs/libnetfilter_cttimeout-1.0.0
+ >=net-libs/libnetfilter_queue-1.0.2
+ >=net-libs/libnfnetlink-1.0.1
+"
+DEPEND="${RDEPEND}
+ doc? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )
+ virtual/pkgconfig
+ sys-devel/bison
+ sys-devel/flex"
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ if kernel_is lt 2 6 18 ; then
+ die "${PN} requires at least 2.6.18 kernel version"
+ fi
+
+ #netfilter core team has changed some option names with kernel 2.6.20
+ if kernel_is lt 2 6 20 ; then
+ CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
+ else
+ CONFIG_CHECK="~NF_CT_NETLINK"
+ fi
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
+ ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
+
+ check_extra_config
+
+ linux_config_exists || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
+ ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
+ "are not set when one at least should be."
+}
+
+src_prepare() {
+ # bug #474858
+ sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed'
+
+ epatch_user
+ eautoreconf
+}
+
+src_compile() {
+ default
+ use doc && emake -C doc/manual
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
+ newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
+
+ insinto /etc/conntrackd
+ doins doc/stats/conntrackd.conf
+
+ dodoc -r doc/sync doc/stats AUTHORS TODO
+ use doc && dohtml doc/manual/${PN}.html
+}
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild
new file mode 100644
index 000000000000..c004861ea7cb
--- /dev/null
+++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit autotools eutils linux-info
+
+DESCRIPTION="Connection tracking userspace tools"
+HOMEPAGE="http://conntrack-tools.netfilter.org"
+SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~hppa ~x86"
+IUSE="doc"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.3
+ >=net-libs/libnetfilter_conntrack-1.0.6
+ >=net-libs/libnetfilter_cthelper-1.0.0
+ >=net-libs/libnetfilter_cttimeout-1.0.0
+ >=net-libs/libnetfilter_queue-1.0.2
+ >=net-libs/libnfnetlink-1.0.1
+"
+DEPEND="
+ ${RDEPEND}
+ doc? (
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/xmlto
+ )
+ virtual/pkgconfig
+ sys-devel/bison
+ sys-devel/flex
+"
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ if kernel_is lt 2 6 18 ; then
+ die "${PN} requires at least 2.6.18 kernel version"
+ fi
+
+ #netfilter core team has changed some option names with kernel 2.6.20
+ if kernel_is lt 2 6 20 ; then
+ CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
+ else
+ CONFIG_CHECK="~NF_CT_NETLINK"
+ fi
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
+ ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
+
+ check_extra_config
+
+ linux_config_exists || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
+ linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
+ ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
+ "are not set when one at least should be."
+}
+
+src_prepare() {
+ default
+
+ # bug #474858
+ sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die
+
+ eautoreconf
+}
+
+src_compile() {
+ default
+ use doc && emake -C doc/manual
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
+ newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
+
+ insinto /etc/conntrackd
+ doins doc/stats/conntrackd.conf
+
+ dodoc -r doc/sync doc/stats AUTHORS TODO
+ use doc && dodoc doc/manual/${PN}.html
+}
diff --git a/net-firewall/conntrack-tools/files/conntrackd.confd-r2 b/net-firewall/conntrack-tools/files/conntrackd.confd-r2
new file mode 100644
index 000000000000..01c0633809d5
--- /dev/null
+++ b/net-firewall/conntrack-tools/files/conntrackd.confd-r2
@@ -0,0 +1,14 @@
+# conntrackd config file
+# default: /etc/conntrackd/conntrackd.conf
+#CONNTRACKD_CFG=/etc/conntrackd/conntrackd.conf
+
+# conntrackd lockfile (must match the "LockFile" entry
+# from the "General" section in the config file)
+# default: /run/lock/conntrack.lock
+#CONNTRACKD_LOCK=/run/lock/conntrack.lock
+
+# extra options for conntrackd
+#CONNTRACKD_OPTS="" # you must NOT use -C here!
+
+# depend on a specific network interface
+#rc_need="net.eth1"
diff --git a/net-firewall/conntrack-tools/files/conntrackd.initd-r3 b/net-firewall/conntrack-tools/files/conntrackd.initd-r3
new file mode 100644
index 000000000000..eddcae97ec3d
--- /dev/null
+++ b/net-firewall/conntrack-tools/files/conntrackd.initd-r3
@@ -0,0 +1,77 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+CONNTRACKD_BIN="/usr/sbin/conntrackd"
+CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf}
+CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/run/lock/conntrack.lock}
+
+depend() {
+ use logger
+ need net
+}
+
+checkconfig() {
+ # check for netfilter conntrack kernel support
+ local nf_ct_available=0
+ for k in net.netfilter.nf_conntrack_max \
+ net.ipv4.netfilter.ip_conntrack_max \
+ net.nf_conntrack_max; do
+ if sysctl ${k} >/dev/null 2>&1; then
+ nf_ct_available=1 # sysctl key found
+ break
+ fi
+ done
+ if [ ${nf_ct_available} -eq 0 ]; then
+ eerror
+ eerror "Your kernel is missing netfilter conntrack support!"
+ eerror "Make sure your kernel was compiled with netfilter conntrack support."
+ eerror
+ eerror "If it was compiled as a module you need to ensure the module is being"
+ eerror "loaded before starting conntrackd."
+ eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)"
+ eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module"
+ eerror "by hand like this, depending on your kernel version:"
+ eerror
+ eerror " modprobe nf_conntrack # (for newer kernels)"
+ eerror " modprobe ip_conntrack # (for older kernels)"
+ eerror
+ return 1
+ fi
+ # check for config file
+ if [ ! -e "${CONNTRACKD_CFG}" ]; then
+ eerror
+ eerror "The conntrackd config file (${CONNTRACKD_CFG})"
+ eerror "is missing!"
+ eerror
+ return 1
+ fi
+ # check for leftover lockfile
+ if [ -f "${CONNTRACKD_LOCK}" ]; then
+ ewarn
+ ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})"
+ ewarn "exists although the service is not marked as started."
+ ewarn "Will remove the lockfile and start the service in 10s"
+ ewarn "if not interrupted..."
+ ewarn
+ sleep 10
+ if ! rm -f "${CONNTRACKD_LOCK}"; then
+ eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})"
+ return 1
+ fi
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting conntrackd"
+ start-stop-daemon --start --exec "${CONNTRACKD_BIN}" \
+ -- -d -C "${CONNTRACKD_CFG}" ${CONNTRACKD_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping conntrackd"
+ start-stop-daemon --stop --exec "${CONNTRACKD_BIN}"
+ eend $?
+}
diff --git a/net-firewall/conntrack-tools/metadata.xml b/net-firewall/conntrack-tools/metadata.xml
new file mode 100644
index 000000000000..10198984dfc7
--- /dev/null
+++ b/net-firewall/conntrack-tools/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+ </maintainer>
+ <longdescription lang="en">
+ A set of tools targeted at system administrators. They are conntrack,
+ the userspace command line interface, and conntrackd, the userspace
+ daemon.
+ </longdescription>
+</pkgmetadata>
diff --git a/net-firewall/dshieldpy/Manifest b/net-firewall/dshieldpy/Manifest
new file mode 100644
index 000000000000..17cb91216851
--- /dev/null
+++ b/net-firewall/dshieldpy/Manifest
@@ -0,0 +1,5 @@
+DIST dshieldpy-3.2.tar.gz 28754 SHA256 c7fe2bcbf250e86af30b5ddc294da0c1508b82f90dfc57c5991c1330c350db8b SHA512 2608fd2ed3ed7b346e2cf063c27ed1cfb012545a1e8315019377642ac504ec0296dfbe5aabef995a2125dd85f28b7f7649b32688227b5a5d62a1ef20aa4c8e70 WHIRLPOOL 2f515ae1a1b851dca411b1ebb1f43703a45eefb2136b71931af22ddf9bc3894f1334ae279808c01ad31b3e16fde1eda93e4945d048067dfd5f8eae56e06d5198
+EBUILD dshieldpy-3.2-r2.ebuild 648 SHA256 cc0eb7adbf56e688ad2d1d5cfb8f4da425d01f20b9050d424ed4f3fece9720cc SHA512 4d39b66a573f3dc3f32d42d304a416e29d40c2bd2cf995c12254a6268520a0f19f40e78e6e94908434658e9c953520aaabde839fe9641639c51e29e57251cd2e WHIRLPOOL 49ed4fd8aee0099c772381b0fa9ad4e7166e6ed11eb22f6775a96a4d1a497f7848d71e6a4c6750eb3d9b7071740f8ef6dcfe81b84613e890e2bc96c405c6ccab
+MISC ChangeLog 2958 SHA256 0e878143720d818aa675a4b90b245017ffc55600f2310eacfd4b80b64c6a4a26 SHA512 4ba7250d56699805670546cc1c25fc5271dce6b725b506d38b994e96d6c41fc8a54549013f5c07f7c5c272c60d1c6434d5abdeab2289bd92b601c0b467e94402 WHIRLPOOL 6d0ece9de8962c623894b0a6818ec618bf07957f40cfbf38586bb74ec8a8783c55d9a8ed67a907d646c870097d7c8335c72d4a2053d3b202ae205d4a331c1cc9
+MISC ChangeLog-2015 1341 SHA256 73ebc9222ba40c134b2c5336913b4f954558af9927b9f2cf6e45df9df3232ae9 SHA512 4e6dd3fe0099f53c4b1dceae0efdd34b2214611c2c70caa32b13b72ddf2138478f9700dae42fcf324d33ef8de6f5f96d0a9ed6a547c5c5edb6d33a4084a33522 WHIRLPOOL f8637bc7d3e2ddad6a25abd974f0ae2ace87941397108fd3b7f81ed9d9bd331873edc98bbcb7c0bdb6d3ceab490edbbfcf65174fa6e6fe7477f2fa92a5515720
+MISC metadata.xml 246 SHA256 fa3ac92ffe5e16ad6a893e829c1fe250464454fd9bb6fde6e17f12afe6f5075f SHA512 d7a3f0aba0fdbd2dd974cd86755e143aaa13b6b62f70748d97edf237c6a54d31791e70258bdaba5de897b4ed013c6ca9e07497ac87cba054a7b96904f58c2b49 WHIRLPOOL 6f926c998609cadf3f3344de0b601ad98ee32fb04deae8ccff22ecb6f37cf96436927c2703b62c624d1264b0239144cb5a6df0c5c15908b94572165a4632ac2a
diff --git a/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild b/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild
new file mode 100644
index 000000000000..99d3957c303c
--- /dev/null
+++ b/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit python-single-r1
+
+DESCRIPTION="Python script to submit firewall logs to dshield.org"
+HOMEPAGE="http://dshieldpy.sourceforge.net/"
+SRC_URI="mirror://sourceforge/dshieldpy/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~ppc x86"
+IUSE=""
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+DEPEND="${PYTHON_DEPS}"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/DShield.py"
+
+src_prepare() {
+ default
+ python_fix_shebang dshield.py
+}
+
+src_install() {
+ default
+ dobin dshield.py
+
+ insinto /etc
+ doins dshieldpy.conf
+}
diff --git a/net-firewall/dshieldpy/metadata.xml b/net-firewall/dshieldpy/metadata.xml
new file mode 100644
index 000000000000..3e7ed59000d8
--- /dev/null
+++ b/net-firewall/dshieldpy/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+ <upstream>
+ <remote-id type="sourceforge">dshieldpy</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest
new file mode 100644
index 000000000000..e4a9e42b630e
--- /dev/null
+++ b/net-firewall/ebtables/Manifest
@@ -0,0 +1,9 @@
+AUX ebtables-2.0.8.1-ebt-save.diff 1089 SHA256 b4d7022a616152ca439d2b09f14fda8a3ef479b823c2da44eb0e9e22b256be90 SHA512 904cb936ca6fc39dc4fa6e287ef70df9e1dacbd9dc464f839f25213f5525d4020f819dd893b784c5f611f1185c05ffbaa49423afcd6db2ef328950408a07e6a7 WHIRLPOOL df0664bc20dcd36bf640c8c88dea1e7d17b55c686403bceb77f5416b95ce0e2fc3292755e5986822b794628fc31aff25f7dab4d70d742fc93e78bac9fcdea4b2
+AUX ebtables.confd-r1 288 SHA256 c05a6c1ba6add3881068584074681b04bfb2ad43284d7bdd67f47f3da842de58 SHA512 088308eba077fcec35299c8aaad0492024173504a361c2ba7e29dce106888a78c72818a791f3d3655aed3f6df26a3319c42e2b2c54760cdbad036d46b89b97f3 WHIRLPOOL f6353fcc69beff674227544b36c3e2289f094758b02087d57b44fd0a73d7aa47500592404125bd2570ac2fa0da74aa18138e80c292ff5b21ee1ede13fa1125c4
+AUX ebtables.initd-r1 1990 SHA256 15772b575abdcf683b3ee9815a11b0f7f27602d7fe52673124710e310dc95ec6 SHA512 ceceaf33d6f6bfa89a5d81932e3ec76a26d09d67150efd3de587520ea47984f618d4fc55e799c58a2e5e236caec5bd81e2fde31a7e5aa328e629cdabbd29339b WHIRLPOOL e5af9b113da44c7185a8f7eed2004154270ed8d9c2c5908dc60f0329a402f9e50c978702d129699c639a208cbd7e26266c0d3ac2df2062df61b131c018a70aa1
+DIST ebtables-v2.0.10-4.tar.gz 103764 SHA256 dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d SHA512 a6832453812eaede3fcbb5b4cab5902ea1ea752a80a259eed276a01b61e2afaa6cf07d3d023d86a883f9a02505aecc44a1c6e0d27b3a61f341002e4c051cd60a WHIRLPOOL 5a1e0703e3fd5c79e149824e789646d042660081fb8a9f301fa4cc2716e84fbf842216d5b6b4c8c33de3b6949bfbfcaa2eb7293fe7afa71a2305de8f70abd57d
+EBUILD ebtables-2.0.10.4-r1.ebuild 1862 SHA256 f65ec8a3a0be9aa651964bfc689ade84c45d6e93edf828f5b8eb230a8885f88d SHA512 faac99bbf5d1459eec691df8675bc5ba6acb304b45bc483eb4fc56554a9e19de5fd20732d4fe199f582b6a947c5d6e6c39166ffe9956b83770add0a6ce661cda WHIRLPOOL 6204d16e30792810e7ebc8fcda0246b9d8b595dfb3d00e7c9510c32927c2225e499d1f2ee2f69976e9d33ccc17225b639d250826e97e58d237e77c1af78a4d4f
+EBUILD ebtables-2.0.10.4.ebuild 1691 SHA256 5d70eea6bdfe29cc666dcc6c96fd7c27e812ce6d3cdbb7f2a2dffe00cbf00c48 SHA512 64ee80df88005014d905f48eec20eed0847c3719cdf326d361032042a7b00a06fe6dc9b55d5ff92e702f6adbb25988a1df1735bea9a71f871a3166374f323086 WHIRLPOOL cc8ddd92d4abbd456590cd2e42449845f151e99eb354cd67c0a12b1c1fa5a1c4b2fe9a4473388c63e1a192f2a90e7c8cb3bf3fcdb338e1c8d1bef18273f9c0e0
+MISC ChangeLog 4315 SHA256 9d6fd31bd683f09db2e2b238239b51abbbb72e111380cdffa62b4a1c3eadf365 SHA512 95f6c29a2fd0728228951fe1c9daded4ac680effdf34217ddeec67b74d30f44294efde6e432a5632b2f47edc6358a17f9e64340daf8b68728a128423a7f859f4 WHIRLPOOL c5c860903822372ebe9496b69d12f1fa4f401a312ba3b1607d88c1e20ece947baae43695a304f3c35a48ec448a767e7db7446526c9d9cc18127238a5dcc64df9
+MISC ChangeLog-2015 8943 SHA256 d7edb6a0880d5fcdadd33a672f24af11c9cef96b755cbe3dfaca66da2783ad74 SHA512 53e6543413542132e962f63594585e4f727bca471ba43c4a54ca093e196adf3e47ce9e6a6ad6c70df1348e2f3c5bf636c6826a87a6f23e76771a9e225cccce91 WHIRLPOOL 17140ef1391513e37b4c1e30ec665fd30d7d9a3e564d20ece083960bf7941b6f6ced424287788e1aff1a148914a0c390714630b21b9b49c551df2435a60c615e
+MISC metadata.xml 426 SHA256 4af9dfd3040d9bb4be1b873b11cfadd0cda1a68f6b6a9e6acefe9d4dbd84c60c SHA512 77ff48216c32448cf2e2aa580f0b3afd6de7aa9bda2c2379c89f77282c417d385bb8c3d3218cf6d30021e472163bc8f2b450f0e43d944adb336f49fb695ba231 WHIRLPOOL 702803e5ff88215990751ebd4afa5d4b230e723ac50b8b0fea751f9b5cf8f612cfa76fe84c1650009b738de480154b1b1196d8cdfabe58325a9e65e4d338f3c5
diff --git a/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild
new file mode 100644
index 000000000000..e115a16fdbdc
--- /dev/null
+++ b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="4"
+
+inherit versionator eutils toolchain-funcs multilib flag-o-matic
+
+MY_PV=$(replace_version_separator 3 '-' )
+MY_P=${PN}-v${MY_PV}
+
+DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86"
+IUSE="+perl static"
+
+# The ebtables-save script is written in perl.
+RDEPEND="perl? ( dev-lang/perl )"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+ if use static; then
+ ewarn "You've chosen static build which is useful for embedded devices."
+ ewarn "It has no init script. Make sure that's really what you want."
+ fi
+}
+
+src_prepare() {
+ # Enhance ebtables-save to take table names as parameters bug #189315
+ epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff"
+
+ sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \
+ -e "s,^BINDIR:=.*,BINDIR:=/sbin," \
+ -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \
+ -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \
+ -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile
+}
+
+src_compile() {
+ # This package uses _init functions to initialise extensions. With
+ # --as-needed this will not work.
+ append-ldflags $(no-as-needed)
+ emake \
+ CC="$(tc-getCC)" \
+ CFLAGS="${CFLAGS}" \
+ $(use static && echo static)
+}
+
+src_install() {
+ if ! use static; then
+ emake DESTDIR="${D}" install
+ keepdir /var/lib/ebtables/
+ newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
+ newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
+ if ! use perl; then
+ rm "${ED}"/sbin/ebtables-save || die
+ fi
+ else
+ into /
+ newsbin static ebtables
+ insinto /etc
+ doins ethertypes
+ fi
+ dodoc ChangeLog THANKS
+}
diff --git a/net-firewall/ebtables/ebtables-2.0.10.4.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4.ebuild
new file mode 100644
index 000000000000..7aeb41c564a0
--- /dev/null
+++ b/net-firewall/ebtables/ebtables-2.0.10.4.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="4"
+
+inherit versionator eutils toolchain-funcs multilib flag-o-matic
+
+MY_PV=$(replace_version_separator 3 '-' )
+MY_P=${PN}-v${MY_PV}
+
+DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
+
+KEYWORDS="amd64 ppc x86"
+IUSE="static"
+LICENSE="GPL-2"
+SLOT="0"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+ if use static; then
+ ewarn "You've chosen static build which is useful for embedded devices."
+ ewarn "It has no init script. Make sure that's really what you want."
+ fi
+}
+
+src_prepare() {
+ # Enhance ebtables-save to take table names as parameters bug #189315
+ epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff"
+
+ sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \
+ -e "s,^BINDIR:=.*,BINDIR:=/sbin," \
+ -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \
+ -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \
+ -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile
+}
+
+src_compile() {
+ # This package uses _init functions to initialise extensions. With
+ # --as-needed this will not work.
+ append-ldflags $(no-as-needed)
+ emake \
+ CC="$(tc-getCC)" \
+ CFLAGS="${CFLAGS}" \
+ $(use static && echo static)
+}
+
+src_install() {
+ if ! use static; then
+ make DESTDIR="${D}" install
+ keepdir /var/lib/ebtables/
+ newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
+ newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
+ else
+ into /
+ newsbin static ebtables
+ insinto /etc
+ doins ethertypes
+ fi
+ dodoc ChangeLog THANKS
+}
diff --git a/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff
new file mode 100644
index 000000000000..cdfd823447ed
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff
@@ -0,0 +1,31 @@
+--- ./ebtables-save.orig 2007-09-28 22:50:35.000000000 +0400
++++ ./ebtables-save 2007-09-28 22:51:22.000000000 +0400
+@@ -12,6 +12,7 @@
+ my $cnt = "";
+ my $version = "1.0";
+ my $table_name;
++my @table_names;
+
+ # ========================================================
+ # Process filter table
+@@ -49,12 +50,19 @@
+ }
+ # ========================================================
+
++if ($#ARGV + 1 == 0) {
++ @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`);
++}
++else {
++ @table_names = @ARGV;
++}
++# ========================================================
+ unless (-x $ebtables) { exit -1 };
+ print "# Generated by ebtables-save v$version on " . `date`;
+ if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") {
+ $cnt = "--Lc";
+ }
+-foreach $table_name (split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`)) {
++foreach $table_name (@table_names) {
+ $table =`$ebtables -t $table_name -L $cnt`;
+ unless ($? == 0) { print $table; exit -1 };
+ &process_table($table);
diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1
new file mode 100644
index 000000000000..645b26edae99
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables.confd-r1
@@ -0,0 +1,11 @@
+# /etc/conf.d/ebtables
+
+# Location in which ebtables initscript will save set rules on
+# service shutdown
+EBTABLES_SAVE="/var/lib/ebtables/rules-save"
+
+# Options to pass to ebtables-save and ebtables-restore
+SAVE_RESTORE_OPTIONS=""
+
+# Save state on stopping ebtables
+SAVE_ON_STOP="yes"
diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1
new file mode 100644
index 000000000000..9c78e9b78df0
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables.initd-r1
@@ -0,0 +1,101 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save panic"
+extra_started_commands="reload"
+
+ebtables_bin="/sbin/ebtables"
+ebtables_save=${EBTABLES_SAVE}
+
+depend() {
+ before net
+ use logger
+}
+
+ebtables_tables() {
+ for table in filter nat broute; do
+ if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then
+ echo -n "${table} "
+ fi
+ done
+}
+
+set_table_policy() {
+ local chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ broute) chains="BROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+ local chain
+ for chain in ${chains} ; do
+ ${ebtables_bin} -t ${table} -P ${chain} ${policy}
+ done
+}
+
+checkconfig() {
+ if [ ! -f ${ebtables_save} ] ; then
+ eerror "Not starting ebtables. First create some rules then run:"
+ eerror "/etc/init.d/ebtables save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ebtables state and starting bridge firewall"
+ ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+ ebegin "Stopping bridge firewall"
+ local a
+ for a in $(ebtables_tables); do
+ set_table_policy $a ACCEPT
+
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing bridge firewall"
+ local a
+ for a in $(ebtables_tables); do
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+ done
+ eend $?
+
+ start
+}
+
+save() {
+ ebegin "Saving ebtables state"
+ touch "${ebtables_save}"
+ chmod 0600 "${ebtables_save}"
+ ${ebtables_bin}-save $(ebtables_tables) ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}"
+ eend $?
+}
+
+panic() {
+ service_started ebtables && svc_stop
+
+ local a
+ ebegin "Dropping all packets forwarded on bridges"
+ for a in $(ebtables_tables); do
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+
+ set_table_policy $a DROP
+ done
+ eend $?
+}
diff --git a/net-firewall/ebtables/metadata.xml b/net-firewall/ebtables/metadata.xml
new file mode 100644
index 000000000000..16ad142c1527
--- /dev/null
+++ b/net-firewall/ebtables/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+ </maintainer>
+ <use>
+ <flag name="perl">Install the ebtables-save script which uses perl</flag>
+ </use>
+ <upstream>
+ <remote-id type="sourceforge">ebtables</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/ferm/Manifest b/net-firewall/ferm/Manifest
new file mode 100644
index 000000000000..ad2c3466ca2d
--- /dev/null
+++ b/net-firewall/ferm/Manifest
@@ -0,0 +1,7 @@
+DIST ferm-2.4.1.tar.xz 71324 SHA256 8a6f7d5beeac07c574bef7a6f938ef543c08aaa0b9980830b9dafb11cae468bb SHA512 beea4b8dd04e00662ef380442f8249c2d2dadf6d35b90e415038df807c8d08295d2575efbf3265f48f5e92afa174135a9c662f74d52545dd3e1c55a1436aa5bb WHIRLPOOL d2d115112a538ef39160fd0906d6abb9b3deb2f4a70adf77f4e84170f8d355063c8806d3587175dc5cba0c0a429fdcb713ab7ce4d57cd5a5f6683721fc5276ad
+DIST ferm-2.4.tar.gz 128776 SHA256 1293d56d6e9d3e3a389c54919fee5a4323ce81fc8b25eee8f3296a858410d470 SHA512 0b36b95a5ebb4cd306f9ab84ea12ce16c15d56ecc70c895261c74310f2474946ec1e73d63e7cda5becbfa875091c1362c715226776793c5b6ed179bf543ab27e WHIRLPOOL d4a2a10b6bc3b1b18ddcc1d3b0250f6054329ae8a6a727daf89dde7f9ba851c10b98ff9cc334f9357ea4cb932f821b6ecfd2e117cdd29b7b685afa724e9df6e8
+EBUILD ferm-2.4.1.ebuild 802 SHA256 3abae932479294d28381b9bf8485306bb792aa0212d4c983d176d685e122168d SHA512 814fa6ac687ac32a5c9398417bde1a91e6d1f5bb35ac1c0ed0e3c4ecd457f076aff97edf0cc8ccae40d4a1804dee85be9c73c21716b65001d38782c98a5eb505 WHIRLPOOL 6888373b13f38d6c704886563fb65b3864ae9f4f9a2caf4d2a12b5cd0fc042b918cdda47f170b6cde82b016fe033774287f1535cd8948d145be45d7a26d14507
+EBUILD ferm-2.4.ebuild 760 SHA256 4b4569001392f0c3a27fbfd7dbae6b014a67635cc0cf001febf645d973e4d9c7 SHA512 b27bc01b9c69a416f26b9a4282e8d8602de4f3a2b2b596f5a675bddb6e85d7ed00a9c92fb0572dcd411fbfdda61db070b83de3b5e4846a70cb0e56ed350a1364 WHIRLPOOL f7cbc450be2c0657ec851f93ecb56856b1bf114736d2465dedcafcff085e7e5a2227247ea1853a621ca513ec0a9bcf5d7b43785965941a73773e5572b1e8b2cd
+MISC ChangeLog 2867 SHA256 228e39bb17908a927d28b88aeacefb31b9120f7fc086236fa16882688bb20d1a SHA512 2f799f80703f2fbe8925718576035182a90de1dbe51c870a649df5f127ab762e714b2f15b9047c33360a86cc60e2fd58f28b224694ce77818ac51c83768c212a WHIRLPOOL 0d5f6562b20bcf8274645c9324bb01752a03bf2c8d287eb5f5a3a66ed004038cb8d2bc10adabc16b3da53421f9562ae13b69452b0ce483cf5fd8f2aba7873734
+MISC ChangeLog-2015 5454 SHA256 83c31d771891c23695a95116cb42a6e1ecbf63ecb376bc5cf83fa6cddb6c5850 SHA512 0bea19a295ca2d6d1ddbe8d441903b4dd4c3fd8543e79efb63fc9e4b003a6d1ae209e98eab50ce824e0a64a9b846b4ec755e6b882854f155d1c201deb7c7a7a8 WHIRLPOOL 5737472df9e17927e8c18a1eaf880c39243d7abfb5e34d086e8fed69a4409d9653bba7e15445e8ecb702f0a15e200c05a72d2c19260641aeef0d7a6349083e42
+MISC metadata.xml 450 SHA256 181e06e4402cd887cf07afb4db116a17275faebc521afcaabb39f63baf463983 SHA512 23ffc755aba9f3ce1acb92f3de86ec1f788bd868227b7ace77b3b7accfe891036da7e3e87254fc0bd693d7777e4c932b663e0b1118a8804b0ac2d63624a4ecac WHIRLPOOL 41139286c5c1c166b2c97de6830025da24e758cc2f0b55f202a33cb2c73aa60ad02c7535e55f212e9bf1bece60e0bb7742eaecd1986a06bdc7acc216bb1a2b38
diff --git a/net-firewall/ferm/ferm-2.4.1.ebuild b/net-firewall/ferm/ferm-2.4.1.ebuild
new file mode 100644
index 000000000000..339938cb9200
--- /dev/null
+++ b/net-firewall/ferm/ferm-2.4.1.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd versionator
+
+MY_PV=$(get_version_component_range 1-2)
+
+DESCRIPTION="Command line util for managing firewall rules"
+HOMEPAGE="http://ferm.foo-projects.org/"
+SRC_URI="http://ferm.foo-projects.org/download/${MY_PV}/${P}.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+# does not install any perl libs
+RDEPEND="dev-lang/perl:*
+ net-firewall/iptables
+ virtual/perl-File-Spec"
+
+DOCS=( AUTHORS NEWS README.rst TODO doc/ferm.txt examples/ )
+HTML_DOCS=( doc/ferm.html )
+
+src_install() {
+ dosbin src/{,import-}ferm
+ systemd_dounit ferm.service
+
+ einstalldocs
+ doman doc/*.1
+}
+
+pkg_postinst() {
+ elog "See ${EROOT}usr/share/doc/${PF}/examples for sample configs"
+}
diff --git a/net-firewall/ferm/ferm-2.4.ebuild b/net-firewall/ferm/ferm-2.4.ebuild
new file mode 100644
index 000000000000..0bc4883a5218
--- /dev/null
+++ b/net-firewall/ferm/ferm-2.4.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd
+
+DESCRIPTION="Command line util for managing firewall rules"
+HOMEPAGE="http://ferm.foo-projects.org/"
+SRC_URI="http://ferm.foo-projects.org/download/${PV}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="amd64 ppc x86"
+
+# does not install any perl libs
+RDEPEND="dev-lang/perl:*
+ net-firewall/iptables
+ virtual/perl-File-Spec"
+
+DOCS=( AUTHORS NEWS README TODO doc/ferm.txt examples/ )
+HTML_DOCS=( doc/ferm.html )
+
+src_compile() { :; }
+
+src_install() {
+ dosbin src/{,import-}ferm
+ systemd_dounit ferm.service
+
+ einstalldocs
+ doman doc/*.1
+}
+
+pkg_postinst() {
+ elog "See ${EROOT}usr/share/doc/${PF}/examples for sample configs"
+}
diff --git a/net-firewall/ferm/metadata.xml b/net-firewall/ferm/metadata.xml
new file mode 100644
index 000000000000..7d002d1d6794
--- /dev/null
+++ b/net-firewall/ferm/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>hydrapolic@gmail.com</email>
+ <name>Tomáš Mózes</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">MaxKellermann/ferm</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest
new file mode 100644
index 000000000000..94c968ea4600
--- /dev/null
+++ b/net-firewall/firehol/Manifest
@@ -0,0 +1,12 @@
+AUX firehol.conf.d 70 SHA256 0e6bae0a5329d6b527cf0ae7183acf04f0f08f5a931bf5e82a789053faed4e3c SHA512 e6b21b493526770bf5619d09b63f8e6cf7f94fb8059fc8ff2d1f19776cab1320218e103d73219534817464314430faca4e437644befa5330610d948c2ade1a35 WHIRLPOOL f5a4db182e7f04200686a4ab2c2fd76929fed12ba2c7cf36461a5e01ece9d2eaac3caaf98def21dd0a7be4902220f51a82f0281ef0eef3724efc88af4cea4643
+AUX firehol.initrd 1144 SHA256 416bb94a338be8940a68787173e2ab539337685f767b2cbd24094d4b026f5528 SHA512 c582e5f3ebdaf7a8f68c137936bf52600bef2d5f7dc4443db6fbc6eac16ad367d69cb936ad2c1bc6e0f6aa3fcaeac7efd8c40f056fa6ea9a7d876ca3c07767ac WHIRLPOOL 7559ccecd5dab2b61efeaec761c8943ecae9a949ecc4bf447210f99d7f2bb8d1b947447b0297c6222d41df34bf31ddb6ea9405f4d73e7e517b6939566d87a16e
+AUX fireqos.conf.d 65 SHA256 c18e2f224ac8e33971c632d7492ed3142059e8fce370713cf72df35cbd0a3b6a SHA512 4dd394f3d896d8bf782cf1157f5bf420ca0e9b2c6238986f3fb17630ec0e12bfcad4ffc6fe2258a7d257e157fed11e01aef26965f3d97c78643c6467639a822c WHIRLPOOL 05cded3032f1db543e1b35eb84963ebadb59a72d3b4cffcf00c31b18346a85795f21bc836eb461688152c8abcd0a221ec46d47dac5302c692c9bb3d67e835d14
+AUX fireqos.initrd 832 SHA256 862aa8fedbe2f52c9eab0d8c9d99cfa9947c8486b88951d3aa45cb4bb0230904 SHA512 87e5b8cff3a6c76780c5bf370e8f628c8e45aa2347d06e68aef65229b7b5f4a2770156019380e892991259145af55be7a84a2b55164530ec34e966baacd666cc WHIRLPOOL 74cbb50553afa56e1d3f34d01bcbdc2ceadf643aaa400ab5daca2f08dca1b26cc09357a386b46cedcec1e2866d72c76616e4a2ec2fa3fcc67bb1aff2957a3cbf
+DIST firehol-3.1.3.tar.xz 1476220 SHA256 4693d7238d411ffcaacd1febf7231a9e69657e8b198f1b0726429bdb258372e7 SHA512 6c75b57650d918cfc485f6eb01d69694acd5c7b487a10a566fc26b8d5e0cd6a6a9a09bd8d3219bf4e78aa4fe47f83e5ac399107a07770b787e1ccba3078c5f3f WHIRLPOOL b14628fe4e9f7d0b45231a0720b4142dfd41edadd5bafd74650c8af2c67b5a535b8c32e03c696a06332455b18b18900c063a7cdbeb7582c15b409a83cfea83b7
+DIST firehol-3.1.4.tar.xz 1481320 SHA256 a73c26bb81dfa4c476b7b02c3e71c34715c044c496feea56551614a195b93d7e SHA512 1a17b6e810274b346f66788c4c4736421583e6a4ed76df7a1d7f46dcb99e434460998c05755c8342941413d23c02e2ca0d0bf2123cb555a6c7513d24983a13ed WHIRLPOOL b551cd98641a3ae74a06d29080c70451ee7bd2174f0658ed91c55d42691c4f07d7c248ed63d208c6ef7084294726482ab1d398a79fddeec88865b7308ee10cff
+EBUILD firehol-3.1.3-r1.ebuild 1376 SHA256 473e4f994d6746a9792b496796286cb61ce43998077ac714f8993ed3f2ff2dc2 SHA512 3e928126a612dcb3f4c8d44d3cda9756c51126e98c25d1b3d3f76e6c58360cefb5724e45c4e5f2e76e7e568e5ee561d7fe63d7576297367602ecd1908a86db00 WHIRLPOOL 86cec765a811b729f6194e5388c2d8e285a8415f59c99f5e77da2b12f328bbb0d319faf9907df94c0ab5dd77d33e90f0907d42919a9dc821d80309bc443e30e7
+EBUILD firehol-3.1.3.ebuild 1323 SHA256 73b685c027bd7eeb20595d13fa9927af531033fd60b760a2904f7ae8520ff474 SHA512 866ebfc4863d115a9b15e184b317ecdbc9a4d13fc58264b105cd0c744e3568a7cb09a42522c6f2399e5293f8ec2d2ef80b1cfb5bbf2fefc16d564437c7e47144 WHIRLPOOL db5c95da19751e0d00c66ff90454294fa41370c68dc518c20a1b121fd97c79878328ddfab6fa1d147683bf2e5e1d5214a2c9fc6d2a5a5bec7a3c602b9bf65ffc
+EBUILD firehol-3.1.4.ebuild 1376 SHA256 473e4f994d6746a9792b496796286cb61ce43998077ac714f8993ed3f2ff2dc2 SHA512 3e928126a612dcb3f4c8d44d3cda9756c51126e98c25d1b3d3f76e6c58360cefb5724e45c4e5f2e76e7e568e5ee561d7fe63d7576297367602ecd1908a86db00 WHIRLPOOL 86cec765a811b729f6194e5388c2d8e285a8415f59c99f5e77da2b12f328bbb0d319faf9907df94c0ab5dd77d33e90f0907d42919a9dc821d80309bc443e30e7
+MISC ChangeLog 5800 SHA256 791075b6f542798b75d4e42bc83a719f46b561de3faaee47851f0e50beba06b6 SHA512 ac475315fbbb8838f29dcf1894793839382b1df1ce24baf0cc4b9fe59803a7a638071350d83b386ecb6b675b6358eec96f12d502950ddea3c5c062561fa52467 WHIRLPOOL 447717c44fa98a680725b00fffcd4093c53e3f6b7bd39344cc6699e56d669d1971f52b4f0cc20e0135dcd2bd46f8d9b55dd0060635109066c9577891c5073cf1
+MISC ChangeLog-2015 10363 SHA256 41530e59b1061e57eeb5482eef585fd484f02ca92833ebcb65c83d1bb3ec566d SHA512 52b17320e2c886a1bc971d56b4666ccc3f7b6bc1048b971e0d98bf4d5bab58f0b6cb8aae99ad05eeaf37b3b0d06905259fd1b616204e4a159a628db4f5bf3380 WHIRLPOOL 55cc0533caf9924584d2d0b82038c94ec961c68c4871a2295cedfb8bb2e505edd205ed3a45974e26e25b19f84806cd7cbbfdff7ccd1eb060e69d11183c47a526
+MISC metadata.xml 434 SHA256 d0a81e31c09376f8bf9dd8e76642a84a0bf32b907c31d44dd4aba2c4063fb9a8 SHA512 9ab3275ada67cf2da92f07d9a332f098330caa81b0a7f5d17a321a03cf6b441e029efab9a8f3eaaff7d7181eb503721aa954c14e0a7982e4f35e16c8eaa57898 WHIRLPOOL aa8f5537377068edc1fe1c424a8f80fdb3c8f41788eca8515794df75b76402a0981238f309225be7b82e28a66901e0fe0bc836977ad8d19a736dd1f1106986a1
diff --git a/net-firewall/firehol/files/firehol.conf.d b/net-firewall/firehol/files/firehol.conf.d
new file mode 100644
index 000000000000..c8b06e0eaf09
--- /dev/null
+++ b/net-firewall/firehol/files/firehol.conf.d
@@ -0,0 +1,2 @@
+#Locate of FireHOL conf file
+FIREHOL_CONF="/etc/firehol/firehol.conf"
diff --git a/net-firewall/firehol/files/firehol.initrd b/net-firewall/firehol/files/firehol.initrd
new file mode 100644
index 000000000000..05fc3a2f11c0
--- /dev/null
+++ b/net-firewall/firehol/files/firehol.initrd
@@ -0,0 +1,66 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save panic try"
+extra_started_commands="reload"
+
+depend() {
+ need localmount
+ after bootmisc
+ before net
+ provide firewall
+}
+
+checkrules() {
+ if [ ! -f ${FIREHOL_CONF} ]; then
+ eerror "Not starting FireHOL. Create ${FIREHOL_CONF}"
+ eerror "and fill it with some rules."
+ eerror "man firehol.conf for more info."
+ return 1
+ fi
+}
+
+start() {
+ checkrules || return 1
+ ebegin "Starting FireHOL"
+ /usr/sbin/firehol ${FIREHOL_CONF} start > /dev/null
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping FireHOL"
+ /usr/sbin/firehol stop > /dev/null
+ eend $?
+}
+
+restart() {
+ ebegin "Restarting Firewall"
+ svc_stop;
+ svc_start;
+ eend $?
+}
+
+try() {
+ ebegin "Trying FireHOL configuration"
+ /usr/sbin/firehol ${FIREHOL_CONF} try
+ eend $?
+}
+
+status() {
+ ebegin "Showing FireHOL status"
+ /usr/sbin/firehol status
+ eend $?
+}
+
+panic() {
+ ebegin "FireHOL PANIC"
+ /usr/sbin/firehol panic
+ eend $?
+}
+
+save() {
+ ebegin "Saving FireHOL configuration"
+ /usr/sbin/firehol save
+ eend $?
+}
diff --git a/net-firewall/firehol/files/fireqos.conf.d b/net-firewall/firehol/files/fireqos.conf.d
new file mode 100644
index 000000000000..55fa2e037e01
--- /dev/null
+++ b/net-firewall/firehol/files/fireqos.conf.d
@@ -0,0 +1,2 @@
+#Locate of FireQOS conf file
+FIREQOS="/etc/firehol/fireqos.conf"
diff --git a/net-firewall/firehol/files/fireqos.initrd b/net-firewall/firehol/files/fireqos.initrd
new file mode 100644
index 000000000000..628cc9d3c4a1
--- /dev/null
+++ b/net-firewall/firehol/files/fireqos.initrd
@@ -0,0 +1,44 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ need localmount
+ after bootmisc
+ before net
+}
+
+checkrules() {
+ if [ ! -f ${FIREQOS_CONF} ]; then
+ eerror "Not starting FireQOS. Create ${FIREQOS_CONF}"
+ eerror "and fill it with some rules."
+ eerror "man fireqos.conf for more info."
+ return 1
+ fi
+}
+
+start() {
+ checkrules || return 1
+ ebegin "Starting FireQOS"
+ /usr/sbin/fireqos start ${FIREQOS_CONF} -- ${FIREQOS_EXTRA_ARGS} > /dev/null
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping FireQOS"
+ /usr/sbin/fireqos stop > /dev/null
+ eend $?
+}
+
+restart() {
+ ebegin "Restarting FireQOS"
+ svc_stop;
+ svc_start;
+ eend $?
+}
+
+status() {
+ ebegin "Showing FireQOS status"
+ /usr/sbin/fireqos status
+ eend $?
+}
diff --git a/net-firewall/firehol/firehol-3.1.3-r1.ebuild b/net-firewall/firehol/firehol-3.1.3-r1.ebuild
new file mode 100644
index 000000000000..f95d2d08acfd
--- /dev/null
+++ b/net-firewall/firehol/firehol-3.1.3-r1.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit linux-info
+
+DESCRIPTION="iptables firewall generator"
+HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol"
+SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc ipv6 ipset"
+KEYWORDS="~amd64 ~arm ~ppc"
+
+RDEPEND="net-firewall/iptables
+ sys-apps/iproute2[-minimal,ipv6?]
+ net-misc/iputils[ipv6?]
+ net-misc/iprange
+ net-analyzer/traceroute
+ virtual/modutils
+ app-arch/gzip
+ ipset? (
+ net-firewall/ipset
+ )"
+DEPEND="${RDEPEND}"
+
+pkg_setup() {
+ local KCONFIG_OPTS=" \
+ ~IP_NF_FILTER \
+ ~IP_NF_IPTABLES \
+ ~IP_NF_MANGLE \
+ ~IP_NF_TARGET_MASQUERADE
+ ~IP_NF_TARGET_REDIRECT \
+ ~IP_NF_TARGET_REJECT \
+ ~NETFILTER_XT_MATCH_LIMIT \
+ ~NETFILTER_XT_MATCH_OWNER \
+ ~NETFILTER_XT_MATCH_STATE \
+ ~NF_CONNTRACK \
+ ~NF_CONNTRACK_IPV4 \
+ ~NF_CONNTRACK_MARK \
+ ~NF_NAT \
+ ~NF_NAT_FTP \
+ ~NF_NAT_IRC \
+ "
+ linux-info_pkg_setup
+}
+
+src_configure() {
+ econf \
+ --disable-vnetbuild \
+ $(use_enable ipset update-ipsets) \
+ $(use_enable doc) \
+ $(use_enable ipv6)
+}
+
+src_install() {
+ default
+
+ newconfd "${FILESDIR}"/firehol.conf.d firehol
+ newinitd "${FILESDIR}"/firehol.initrd firehol
+ newconfd "${FILESDIR}"/fireqos.conf.d fireqos
+ newinitd "${FILESDIR}"/fireqos.initrd fireqos
+}
diff --git a/net-firewall/firehol/firehol-3.1.3.ebuild b/net-firewall/firehol/firehol-3.1.3.ebuild
new file mode 100644
index 000000000000..dec6cac43afb
--- /dev/null
+++ b/net-firewall/firehol/firehol-3.1.3.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit linux-info
+
+DESCRIPTION="iptables firewall generator"
+HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol"
+SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc ipv6"
+KEYWORDS="amd64 arm ppc"
+
+RDEPEND="net-firewall/iptables
+ sys-apps/iproute2[-minimal,ipv6?]
+ net-misc/iputils[ipv6?]
+ net-misc/iprange
+ net-analyzer/traceroute
+ virtual/modutils
+ app-arch/gzip"
+DEPEND="${RDEPEND}"
+
+pkg_setup() {
+ local KCONFIG_OPTS=" \
+ ~IP_NF_FILTER \
+ ~IP_NF_IPTABLES \
+ ~IP_NF_MANGLE \
+ ~IP_NF_TARGET_MASQUERADE
+ ~IP_NF_TARGET_REDIRECT \
+ ~IP_NF_TARGET_REJECT \
+ ~NETFILTER_XT_MATCH_LIMIT \
+ ~NETFILTER_XT_MATCH_OWNER \
+ ~NETFILTER_XT_MATCH_STATE \
+ ~NF_CONNTRACK \
+ ~NF_CONNTRACK_IPV4 \
+ ~NF_CONNTRACK_MARK \
+ ~NF_NAT \
+ ~NF_NAT_FTP \
+ ~NF_NAT_IRC \
+ "
+ linux-info_pkg_setup
+}
+
+src_configure() {
+ econf \
+ --disable-vnetbuild \
+ --disable-update-ipsets \
+ $(use_enable doc) \
+ $(use_enable ipv6)
+}
+
+src_install() {
+ default
+
+ newconfd "${FILESDIR}"/firehol.conf.d firehol
+ newinitd "${FILESDIR}"/firehol.initrd firehol
+ newconfd "${FILESDIR}"/fireqos.conf.d fireqos
+ newinitd "${FILESDIR}"/fireqos.initrd fireqos
+}
diff --git a/net-firewall/firehol/firehol-3.1.4.ebuild b/net-firewall/firehol/firehol-3.1.4.ebuild
new file mode 100644
index 000000000000..f95d2d08acfd
--- /dev/null
+++ b/net-firewall/firehol/firehol-3.1.4.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit linux-info
+
+DESCRIPTION="iptables firewall generator"
+HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol"
+SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc ipv6 ipset"
+KEYWORDS="~amd64 ~arm ~ppc"
+
+RDEPEND="net-firewall/iptables
+ sys-apps/iproute2[-minimal,ipv6?]
+ net-misc/iputils[ipv6?]
+ net-misc/iprange
+ net-analyzer/traceroute
+ virtual/modutils
+ app-arch/gzip
+ ipset? (
+ net-firewall/ipset
+ )"
+DEPEND="${RDEPEND}"
+
+pkg_setup() {
+ local KCONFIG_OPTS=" \
+ ~IP_NF_FILTER \
+ ~IP_NF_IPTABLES \
+ ~IP_NF_MANGLE \
+ ~IP_NF_TARGET_MASQUERADE
+ ~IP_NF_TARGET_REDIRECT \
+ ~IP_NF_TARGET_REJECT \
+ ~NETFILTER_XT_MATCH_LIMIT \
+ ~NETFILTER_XT_MATCH_OWNER \
+ ~NETFILTER_XT_MATCH_STATE \
+ ~NF_CONNTRACK \
+ ~NF_CONNTRACK_IPV4 \
+ ~NF_CONNTRACK_MARK \
+ ~NF_NAT \
+ ~NF_NAT_FTP \
+ ~NF_NAT_IRC \
+ "
+ linux-info_pkg_setup
+}
+
+src_configure() {
+ econf \
+ --disable-vnetbuild \
+ $(use_enable ipset update-ipsets) \
+ $(use_enable doc) \
+ $(use_enable ipv6)
+}
+
+src_install() {
+ default
+
+ newconfd "${FILESDIR}"/firehol.conf.d firehol
+ newinitd "${FILESDIR}"/firehol.initrd firehol
+ newconfd "${FILESDIR}"/fireqos.conf.d fireqos
+ newinitd "${FILESDIR}"/fireqos.initrd fireqos
+}
diff --git a/net-firewall/firehol/metadata.xml b/net-firewall/firehol/metadata.xml
new file mode 100644
index 000000000000..1e8e9bca98d8
--- /dev/null
+++ b/net-firewall/firehol/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>alonbl@gentoo.org</email>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">firehol</remote-id>
+ <remote-id type="github">firehol/firehol</remote-id>
+ </upstream>
+ <use>
+ <flag name="ipset">
+ Use <pkg>net-firewall/ipset</pkg>.
+ </flag>
+ </use>
+</pkgmetadata>
diff --git a/net-firewall/firewalld/Manifest b/net-firewall/firewalld/Manifest
new file mode 100644
index 000000000000..9d2b36d07c19
--- /dev/null
+++ b/net-firewall/firewalld/Manifest
@@ -0,0 +1,6 @@
+AUX firewalld.init 272 SHA256 4717ba9b5d137493528d9f334e829d507eb3e9cf052abc6653dea1c2fc583f56 SHA512 ed71564d92f4235bb1209cf1141e28f825e4b0e3d84e7214456399e1ac0a787c02d06fecd38eaa7643b4c571b90bfe2e3c93d9826ea448ebd480c0794b62265d WHIRLPOOL 2de2499925ce7aecd946066ab32c10fd55f1a84e1945b3dd90b05a21e624ff13f2a318d44062f88c825f1142f20a085df555d3aa02cc379b9760d0803902bf64
+DIST firewalld-0.4.3.3.tar.bz2 679617 SHA256 e57d851e4f1aa65927e055d3e73b7a29a5ae37de51671ce1885e030fe6e0b6d4 SHA512 21cb91b9545263f6da4a6ff218c939b610c7fe5dba2ad509803673d9c01cf6fecb4ab32bacf1a04e3d579fd9699a03760475285f824a6641902037c81ad2243a WHIRLPOOL 89077aefa28752e51472510bc5080c61e1f6051062efd4aaac08c8a60879b1c3d00db9d9ad7c33d8a49d8868fb9796c0bf945c869a470380f9e2ab017c45ab41
+EBUILD firewalld-0.4.3.3.ebuild 2876 SHA256 f4ef1608f614dce96336373681d666efe866149863a90bac678df28ce33f87f8 SHA512 25fc5a1e8b70a5a8d38eec24adb924aeb9b7e349dcc4fcc595abbbdb4ea3b47d7e684e8b07e3c85d3b33e027d1f6388ba14bff91c8a3a883fd8311eb9d3f4ea2 WHIRLPOOL 0525c8779bcf22ffee817ec76e05f326a34998bae1afcac0d38aa19fcef4fcae5fc186d4dfcb6560b6b066af08c5fa15633fddf1edd553b820195d8411df3498
+MISC ChangeLog 5943 SHA256 45282f3a33ec109c7f8a41a0550fe22e7b210d3be5d516e78da80c00ab0311b1 SHA512 7e74e02cc7261f651f3fd44d7f59cf4f7b93d47aaf395aa3cb1b18fb8be1ea0a31044ad42d07411cd198b612703ca5d1bcc92febfd0a207fc6a3c592aca3f339 WHIRLPOOL f3d63f89b0723f21e0142207375cdbe19da9e14511a0e9c87a962b63603b309624ec98ab90e6395f2184cca19f56d46963c3213c0e4eff6a639aa89aeabb3fca
+MISC ChangeLog-2015 3590 SHA256 97c414c1cc466497b0e6503d877594b3bc158292cfa9cfba5fc9627e97eb3e07 SHA512 4ed53b8c1e1091f1a7995348d394666ff99d51973674006ef2efd5897ed3712039d3a3ab928a9afb2726964904eb2dcde7d13a69a00b3b79b1a400c726792069 WHIRLPOOL 68237672f48ac14952a7c65aa35e46ed21c9adefecba6f3ced6582da7aebec93249a3a956661490af00cc93cddd2af681e5cc1c7836a48954382de8aef43a2ee
+MISC metadata.xml 365 SHA256 dece091972015561e750838735cb37eb11035ba4adf25afb7866156cb596d522 SHA512 b317c52dc7ab211183555f45d1b84786f9aede73f3b59eee54aa696b4e358e42dd7c30044e89931c2362f3a11c5180f1136f7631bf19c1fe02e29d68bea4c5a6 WHIRLPOOL a431a89d5f00a7f37a7510df409fff6e291747a5dac5dec1883757a94a4f2f6a3aa529a04c7566eba2f61c1c42c7c6d8e9e07d8a04fd6dd736c0ce7fc57ef6a8
diff --git a/net-firewall/firewalld/files/firewalld.init b/net-firewall/firewalld/files/firewalld.init
new file mode 100644
index 000000000000..2618338e9f81
--- /dev/null
+++ b/net-firewall/firewalld/files/firewalld.init
@@ -0,0 +1,12 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="FirewallD"
+command=/usr/sbin/firewalld
+pidfile=/var/run/firewalld.pid
+
+depend() {
+ need dbus
+ provide iptables ip6tables ebtables
+}
diff --git a/net-firewall/firewalld/firewalld-0.4.3.3.ebuild b/net-firewall/firewalld/firewalld-0.4.3.3.ebuild
new file mode 100644
index 000000000000..e270b3f02b37
--- /dev/null
+++ b/net-firewall/firewalld/firewalld-0.4.3.3.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+#BACKPORTS=
+
+inherit autotools eutils gnome2-utils python-r1 systemd multilib bash-completion-r1
+
+DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall"
+HOMEPAGE="http://www.firewalld.org/"
+SRC_URI="https://fedorahosted.org/released/${PN}/${P}.tar.bz2
+ ${BACKPORTS:+https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="amd64 ~arm64 x86"
+IUSE="gui"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="${PYTHON_DEPS}
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/decorator[${PYTHON_USEDEP}]
+ >=dev-python/python-slip-0.2.7[dbus,${PYTHON_USEDEP}]
+ dev-python/pygobject:3[${PYTHON_USEDEP}]
+ net-firewall/ebtables
+ net-firewall/iptables[ipv6]
+ net-firewall/ipset
+ || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd )
+ gui? (
+ x11-libs/gtk+:3
+ dev-python/PyQt4[${PYTHON_USEDEP}]
+ )"
+DEPEND="${RDEPEND}
+ dev-libs/glib:2
+ >=dev-util/intltool-0.35
+ sys-devel/gettext"
+
+src_prepare() {
+ [[ -n ${BACKPORTS} ]] && \
+ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \
+ epatch
+
+ epatch_user
+ eautoreconf
+}
+
+src_configure() {
+ python_setup
+
+ econf \
+ --enable-systemd \
+ --with-iptables="${EPREFIX}/sbin/iptables" \
+ --with-ip6tables="${EPREFIX}/sbin/ip6tables" \
+ --with-iptables_restore="${EPREFIX}/sbin/iptables-restore" \
+ --with-ip6tables_restore="${EPREFIX}/sbin/ip6tables-restore" \
+ --with-ebtables="${EPREFIX}/sbin/ebtables" \
+ --with-ebtables_restore="${EPREFIX}/sbin/ebtables-restore" \
+ "$(systemd_with_unitdir 'systemd-unitdir')" \
+ --with-bashcompletiondir="$(get_bashcompdir)"
+}
+
+src_install() {
+ # manually split up the installation to avoid "file already exists" errors
+ emake -C config DESTDIR="${D}" install
+ emake -C po DESTDIR="${D}" install
+ emake -C shell-completion DESTDIR="${D}" install
+ emake -C doc DESTDIR="${D}" install
+
+ install_python() {
+ emake -C src DESTDIR="${D}" pythondir="$(python_get_sitedir)" install
+ python_optimize
+ }
+ python_foreach_impl install_python
+
+ python_replicate_script "${D}"/usr/bin/firewall-{offline-cmd,cmd,applet,config}
+ python_replicate_script "${D}/usr/sbin/firewalld"
+
+ # Get rid of junk
+ rm -rf "${D}/etc/rc.d/"
+ rm -rf "${D}/etc/sysconfig/"
+
+ # For non-gui installs we need to remove GUI bits
+ if ! use gui; then
+ rm -rf "${D}/etc/xdg/autostart"
+ rm -f "${D}/usr/bin/firewall-applet"
+ rm -f "${D}/usr/bin/firewall-config"
+ rm -rf "${D}/usr/share/applications"
+ rm -rf "${D}/usr/share/icons"
+ fi
+
+ newinitd "${FILESDIR}"/firewalld.init firewalld
+}
+
+pkg_preinst() {
+ gnome2_icon_savelist
+ gnome2_schemas_savelist
+}
+
+pkg_postinst() {
+ gnome2_icon_cache_update
+ gnome2_schemas_update
+}
+
+pkg_postrm() {
+ gnome2_icon_cache_update
+ gnome2_schemas_update
+}
diff --git a/net-firewall/firewalld/metadata.xml b/net-firewall/firewalld/metadata.xml
new file mode 100644
index 000000000000..1d49811fa2be
--- /dev/null
+++ b/net-firewall/firewalld/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>virtualization@gentoo.org</email>
+ <name>Gentoo Virtualization Project</name>
+ </maintainer>
+ <use>
+ <flag name="gui">Builds and installs GUI configurator and GTK+ applet</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-firewall/fwanalog/Manifest b/net-firewall/fwanalog/Manifest
new file mode 100644
index 000000000000..d6c07de1bef3
--- /dev/null
+++ b/net-firewall/fwanalog/Manifest
@@ -0,0 +1,5 @@
+DIST fwanalog-0.6.4.tar.gz 128787 SHA256 8ddc4c7ec16e59a27691e25fdd1f266838230ee08c3495fa289db0e7fc008e13 SHA512 953ca03c070e82370dc2a993c19113b4a92f89be6a0d77edbbcb722420c9fc28d3f4bb454441c3e82f36eb27584ff88090beab18c095051a2e8ef7bc28b52da2 WHIRLPOOL 3b274f44788e411ddec0256e47f735de94cc2eadb66ab4f295986417cf3f4b525c0c35f40f83f5e5dec6179ea44d26cc61c8f74db5fc47d6b56f6eab174d9fa9
+EBUILD fwanalog-0.6.4.ebuild 948 SHA256 5be3a565604a4d82d9b27ac56d4aef7999cabf2f13ff25dcc0af9ec52abc0085 SHA512 c04512d5400a56344bdd54015bd35e219ccfce5af7c0f166fbf11a737eecaffa85ae5bfded021f92f90e02cfe0bc941e3ff00b8c97318c6cfea73519dc8a2bea WHIRLPOOL 0e6e061ae7ea1f2578fa6aa866c82520f04909d1e932f58ab0e2abf52bd51b4cb85a76d7213916b5a6e9041ec13137e30c699bdd4e270787ac732b401d480def
+MISC ChangeLog 2529 SHA256 df03c1cc3b576747489d3071dbba853d64f603f9cb916cc573b7e096d341e342 SHA512 4c7875c16def8999c70b51bf116d6c49b8d9688e81639099d32a05843b006d65a5c050b25323d3036f52b53105f40d30314048da54a759f686ec463beda19273 WHIRLPOOL f32f2a08590967602acaaea9292da90ad150c27628305bb29a23e68d49ab63b288803fabdd8b53f4e9ec2157c15fe44936fcb451418a4eff5fa772336b1edd73
+MISC ChangeLog-2015 2145 SHA256 13f4a003c863277739222e59e23c97891116df42b72f08fce2d797af256e919b SHA512 122d13e5d0c8cdb151fb03400f281da4cb471fe5fed3fa2a4787afb24bc11ed43bd1dd76d9728039832461705a6e9b4eb0d32c11a749dd5a8f04eb1fc3dbaa7b WHIRLPOOL c41b5a5069021d9e9072ea9d9ba2b80ee8ad3d62025d159f1ca83cfbd177e9f92a05ec59423c76aec32fb5f0792acd00012dfcb5bf93d8796e7273871b38723e
+MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968
diff --git a/net-firewall/fwanalog/fwanalog-0.6.4.ebuild b/net-firewall/fwanalog/fwanalog-0.6.4.ebuild
new file mode 100644
index 000000000000..4f74bd138155
--- /dev/null
+++ b/net-firewall/fwanalog/fwanalog-0.6.4.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+DESCRIPTION="Script to parse firewall logs and analyze them with Analog"
+HOMEPAGE="http://tud.at/programm/fwanalog/"
+SRC_URI="http://tud.at/programm/fwanalog/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 x86 ppc sparc"
+IUSE=""
+
+DEPEND="" # this is just a bash script
+RDEPEND="app-shells/bash
+ sys-apps/grep
+ virtual/awk
+ sys-apps/sed
+ app-arch/gzip
+ sys-apps/diffutils
+ dev-lang/perl
+ >=app-admin/analog-5.31"
+
+src_install() {
+ insinto /etc/fwanalog
+
+ insopts -m0700 ; doins fwanalog.sh
+
+ insopts -m0600
+ doins fwanalog-dom.tab fwanalog.lng services.conf
+ doins fwanalog.analog.conf fwanalog.analog.conf.local
+ newins fwanalog.opts.linux24 fwanalog.opts
+
+ dosed "s/\"zegrep\"/\"egrep\"/" /etc/fwanalog/fwanalog.opts
+
+ dodoc CONTRIBUTORS ChangeLog README
+ docinto support ; dodoc support/*
+ docinto langfiles ; dodoc langfiles/*
+}
diff --git a/net-firewall/fwanalog/metadata.xml b/net-firewall/fwanalog/metadata.xml
new file mode 100644
index 000000000000..6f49eba8f496
--- /dev/null
+++ b/net-firewall/fwanalog/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<!-- maintainer-needed -->
+</pkgmetadata>
diff --git a/net-firewall/fwbuilder/Manifest b/net-firewall/fwbuilder/Manifest
new file mode 100644
index 000000000000..047c615b1d47
--- /dev/null
+++ b/net-firewall/fwbuilder/Manifest
@@ -0,0 +1,12 @@
+AUX fwbuilder-5.0.0.3568-ldflags.patch 469 SHA256 65f549a65b7b7c605c5a2872baac20ba80c90a2e01c8525fd2e88884798f80cc SHA512 3047ad8ecd868eca28a58b9c124f2c05f7bdc68c08da7017896a13cf77c9ed9d033e227d9c520973174d3551334af26319b31491a4264062be94dd04cd97f372 WHIRLPOOL 4d4dbbaf585efa308ef6b03663606cbad05773cef6073cc3097a785c8616cd873fcc9357c4e770c8269b20442b304fd30994483504b0b09ead58f4792ca72f16
+AUX fwbuilder-5.0.1.3592-gcc47.patch 321 SHA256 c15eac3235980e7bf4824abcf3a1583a7c3053fc7376e44022237e9cf64a07f1 SHA512 13800468ef7958fe811b42833b101d221a5126f13f3191c8d84c8cd7da3e02163e522bf7c87a5c739ef6ab935ab80798e947c2b81fc90168881eec502dd861a8 WHIRLPOOL 1fe6a03dc4377a78be01eb6bc173fdaa84b5e5556184bd339ac79a0230ebfe6c5c049b0e93b48633cdd5ea9126517d34b13cac49b46d5e2160899c9f0515f0e7
+AUX fwbuilder-5.0.1.3592-stdc-format-macros.patch 1684 SHA256 6bb4ac02615247a7102021126eae788e67f9242c11e0b865a27ba2efd33f278f SHA512 ec13849e07683ce6ebc0098f1eae803a232fdde692e46c591a3a7c9cf0fb22d28d9de6ff773051089ce75a7dd55cbab63063f0391f6f9960b631c21ec4ca38ef WHIRLPOOL 7871e586a5646bf021a8820435b49ddfe3e43584870b8a9edfdfdd45e41e65c6ca44510ab2d5193976685172ce5c43e05c4207d0726fa16cd0b93487c5020b57
+DIST fwbuilder-5.0.1.3592.tar.gz 6733502 SHA256 22120de712844b5d89a3f2924964c16cc86f96f2156ace7c3f551bd0d713c94b SHA512 aac34c97963819f0dca4a6bfa63987df45cdd6905164b49ae6f6a423f044fc52aeb09b15b2fc294e1aa3da97d3d31e75bdf9a690e383f579a2fb40ef656f4885 WHIRLPOOL 436e5f8c802e6b25c588f3296ac0cbce89aa818c53871296615980aee6b71b84a64a44808f7d2390ee73b11e83b2acc88d94c7b236df5caf83788d735276211f
+DIST fwbuilder-5.3.6.tar.gz 7325429 SHA256 672c2870c3a2ce1eb504a97d17ea9a8eb6dd61ec314cf79b9488b48a356cdfa6 SHA512 70f6888d09c89a624ea35f119c1e00d5a7e57d993d8658fd164e35bce073503bf66f3c9e05ffa1b49ab9371cf219825d22a41c31604c63de5290dd64845e06af WHIRLPOOL a559061861447bff1657857c5a9f551e4eb0315fdea99199025d9cdaae3b1163cb69f97c36517bbe39998b0a9a97026d9737485b5a01144cd8296c502830e9b6
+DIST fwbuilder-5.3.7.tar.gz 7332419 SHA256 aba1ed8f690e9e4659c0e981120ea68da7ee327d6cf81260d51329351addf91e SHA512 d6504ddab17e80cb332f005b6bbb16c15a7b4735361733f0e0437cb94059a5c9039e563be6e0e8d328954db2416b2c0bdbb8afa36cd946f61e7c7edaee47453b WHIRLPOOL 0191f0f812b494bae9d4c00cc4a26315f32c378e5395270f56cd4e3d7d0c189d67ec154c28d9aaeecee0b0304c1bb5cf61db2a738b32b189ee53f306849fdfa9
+EBUILD fwbuilder-5.0.1.3592-r1.ebuild 1142 SHA256 c5591b2d4db80a2a283ce6732582777dc8dca6aef173bcaae5172a4b1d721a41 SHA512 eae8e3fe6343d4fc1ecd0295d7f64775cc7b7d347c16d4b4cac2a1fa30ef1d2d4516715b154725dd6b7aea3f07b2ce99d54634613d50887774fac0372e3ebce4 WHIRLPOOL b8a371a5cd7ef013a2206635964658698767c71c5a8ba2ab1883efa414117c8a918e2ff08549cc62093ad28d2f9a84da50780b1f6ac87bae7e998fd9779905af
+EBUILD fwbuilder-5.3.6.ebuild 966 SHA256 ba0e0ee1066dbe39c91e5dc47789d0390e591b1e5305b7c582ce6b9cf5500aeb SHA512 e5c78f3f4d71ad9ecd769f63272b4f8c3e4649cd16d88322ff79f3e5af684587b8ecadbc92ed1f07bd2133e829329f0ea9106b60d41d223043b6db3baeacf526 WHIRLPOOL a6d0899efe7c82f0ce26aa66555c47ed5eafb40803de42bdaf41f94ab49795b29708a8977e46d64d9e165451ed4ba87367e7fef5821d59e45bfee8ba6dce11e0
+EBUILD fwbuilder-5.3.7.ebuild 1499 SHA256 c65f7ca39fa398bb4671c02b8ad26c38c218d09aa105c0506cf2bf4ebdaa18c8 SHA512 f95d657e018e8953ca17b938765e708e8a2d6794beed4b1f6762a941760aaac6e856cda46a63e1098399c3d4ff0de25809864327f255607a4e5ffcd9dba075ee WHIRLPOOL 43e222433ffe39798dd946d8ce7296775099044f92bdbcbaec9bdbe5e06b2f00dc74600e3641dc8fa2c5e6f9d7bfb20222a8d0efc64e484f630b3bd3e940d855
+MISC ChangeLog 3454 SHA256 edd6317fa6b92bc90f320c51e0b2bba0617aec82ff52f2444fd9876bab9e7e57 SHA512 3386a82d715bf5dcd56860c38775314b507aa50fae7f1685b5ab218f43dde472788bb9af5e76b3eee321d4c8caa166512cc7f13823eb5b5d6bc883b560ff974c WHIRLPOOL e22425660892c5377a21da86a3238ec32c17f9d022feeff42cac203dada06a0f2dcffe0444e043a77c90b7e45ba1c6c0bdc41a35b68bde01ce59c6edb75de3d7
+MISC ChangeLog-2015 20862 SHA256 4248e5ae2e28c214f0489e2bfcf39ef1a26fbc4fea15daea88682aad89bc5c8c SHA512 c5f9ea9c313070a938c90b831e392a4dbf7c98a740c3194046000e92f5dbc68f3f57162af9bb6da7ef21c8cf703914cf88ff1b60b135d53c7abd0bf997611a59 WHIRLPOOL eddd51338384dfca5fd75caf5e81c9f33e573cdb1ff529ca707749bb7843968730c6acce5f261e248ae2ddf6e11e181ef9ea38c62e07bed12366c938166b1623
+MISC metadata.xml 520 SHA256 5134ca480376f531890da4894056865392fef4168ad642e8f5619420c9d524ac SHA512 deda312a012b6b7e342fa3b37d53a6c6fc2b5de129121314856ea659dad92cf3e7b17923f2942bc606deab719907a26e9908c35d087596291b05c0f2e1645e62 WHIRLPOOL 51ab38cfd8ebfce202f1b4a34b76b8d4eb804b68d5a27ebd8b77ca7281d73b058115997299bdd0722feada2b5a0ad83a0a60c1e87a32d3e4429090b2e8c4a06d
diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch
new file mode 100644
index 000000000000..d9df8429d390
--- /dev/null
+++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch
@@ -0,0 +1,11 @@
+diff -Naurp fwbuilder-5.0.0.3568.orig//qmake.inc.in fwbuilder-5.0.0.3568//qmake.inc.in
+--- fwbuilder-5.0.0.3568.orig//qmake.inc.in 2011-07-25 19:27:44.000000000 -0400
++++ fwbuilder-5.0.0.3568//qmake.inc.in 2011-08-19 17:00:41.259985388 -0400
+@@ -39,6 +39,7 @@ unix {
+ QMAKE_CFLAGS_RELEASE += -Wno-unused-parameter
+ QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter
+ QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter
++ QMAKE_LFLAGS = @LDFLAGS@
+
+ !macx {
+
diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch
new file mode 100644
index 000000000000..7849e2b6da95
--- /dev/null
+++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch
@@ -0,0 +1,11 @@
+--- a/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-06-04 15:02:55.909203733 -0400
++++ b/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-06-04 15:04:54.079198998 -0400
+@@ -31,7 +31,7 @@
+
+ #include <time.h> //for time_t definition
+ #include <pthread.h>
+-
++#include <unistd.h>
+ #include <string>
+ #include <queue>
+
diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch
new file mode 100644
index 000000000000..3658c10a3eec
--- /dev/null
+++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch
@@ -0,0 +1,51 @@
+From: Vadim Kurland <vadim@slot.vk.crocodile.org>
+Date: Tue, 14 Feb 2012 04:59:26 +0000 (-0800)
+Subject: fix for SF bug #3468802. Define macro __STDC_FORMAT_MACROS. This still
+X-Git-Url: http://fwbuilder.git.sourceforge.net/git/gitweb.cgi?p=fwbuilder%2Ffwbuilder;a=commitdiff_plain;h=f97a1b50ba51be5fa31cc54dba829a9e77609160;hp=15565ade5dc843e5fefe83568a023c37256c3c3c
+
+fix for SF bug #3468802. Define macro __STDC_FORMAT_MACROS. This still
+needs to be tested on all build machines.
+---
+
+diff --git a/qmake.inc.in b/qmake.inc.in
+index 6bf27e0..3e31fd6 100644
+--- a/qmake.inc.in
++++ b/qmake.inc.in
+@@ -67,6 +67,9 @@ unix {
+
+ CONFIG += warn_on
+
++ QMAKE_CXXFLAGS_DEBUG += -D__STDC_FORMAT_MACROS
++ QMAKE_CXXFLAGS_RELEASE += -D__STDC_FORMAT_MACROS
++
+ }
+ }
+
+diff --git a/src/libfwbuilder/qmake.inc.in b/src/libfwbuilder/qmake.inc.in
+index b4f15bb..a8114cf 100644
+--- a/src/libfwbuilder/qmake.inc.in
++++ b/src/libfwbuilder/qmake.inc.in
+@@ -34,6 +34,9 @@ unix {
+ QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter @CXXFLAGS@
+ QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter @CXXFLAGS@
+
++ QMAKE_CXXFLAGS_DEBUG += -D__STDC_FORMAT_MACROS
++ QMAKE_CXXFLAGS_RELEASE += -D__STDC_FORMAT_MACROS
++
+ exec_prefix = @EXEC_PREFIX@
+ DESTDIR =
+
+diff --git a/src/libfwbuilder/src/fwbuilder/uint128.h b/src/libfwbuilder/src/fwbuilder/uint128.h
+index 0a2e7a4..b00ab47 100644
+--- a/src/libfwbuilder/src/fwbuilder/uint128.h
++++ b/src/libfwbuilder/src/fwbuilder/uint128.h
+@@ -36,7 +36,7 @@
+
+ #include <stdio.h>
+
+-#define __STDC_FORMAT_MACROS
++// #define __STDC_FORMAT_MACROS
+ #include <inttypes.h> // for sprintf formats for "long long"
+
+ // convinience macro
+
diff --git a/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild b/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild
new file mode 100644
index 000000000000..beadb373cea3
--- /dev/null
+++ b/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="4"
+
+inherit eutils base qt4-r2 multilib autotools
+
+DESCRIPTION="A firewall GUI"
+HOMEPAGE="http://www.fwbuilder.org/"
+SRC_URI="mirror://sourceforge/fwbuilder/${P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ppc ppc64 x86"
+IUSE=""
+
+DEPEND=">=dev-qt/qtgui-4.3:4
+ dev-libs/openssl
+ dev-libs/elfutils"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-5.0.0.3568-ldflags.patch"
+ "${FILESDIR}/${PN}-5.0.1.3592-gcc47.patch"
+)
+
+src_prepare() {
+ # Fix a compile bug that affects some x86_64 platforms.
+ # Addressed in the upcoming 5.0.2.3596 release.
+ # Closes #395151.
+ epatch "${FILESDIR}/${P}-stdc-format-macros.patch"
+
+ qt4-r2_src_prepare
+ sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die #398743
+ eautoreconf
+}
+
+src_configure() {
+ eqmake4
+ # portage handles ccache/distcc itself
+ econf --without-{ccache,distcc}
+}
+
+src_install() {
+ emake INSTALL_ROOT="${D}" install
+}
+
+pkg_postinst() {
+ validate_desktop_entries
+
+ elog "You need to emerge sys-apps/iproute2 on the machine"
+ elog "that will run the firewall script."
+}
diff --git a/net-firewall/fwbuilder/fwbuilder-5.3.6.ebuild b/net-firewall/fwbuilder/fwbuilder-5.3.6.ebuild
new file mode 100644
index 000000000000..9ae8b3f7a8a1
--- /dev/null
+++ b/net-firewall/fwbuilder/fwbuilder-5.3.6.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit qmake-utils autotools
+
+DESCRIPTION="A firewall GUI"
+HOMEPAGE="http://www.fwbuilder.org/"
+SRC_URI="https://github.com/UNINETT/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE="libressl"
+
+DEPEND="
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ dev-libs/elfutils
+ >=dev-qt/qtgui-5.5.1-r1:5"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+ eapply_user
+ sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die #398743
+ mv configure.in configure.ac || die #426262
+ eautoreconf
+}
+
+src_configure() {
+ eqmake5
+ # portage handles ccache/distcc itself
+ econf --without-{ccache,distcc}
+}
+
+src_install() {
+ emake INSTALL_ROOT="${D}" install
+}
+
+pkg_postinst() {
+ validate_desktop_entries
+
+ elog "You need to emerge sys-apps/iproute2"
+ elog "in order to run the firewall script."
+}
diff --git a/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild b/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild
new file mode 100644
index 000000000000..a3fb5b1aeb90
--- /dev/null
+++ b/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit autotools gnome2-utils qmake-utils
+
+DESCRIPTION="A firewall GUI"
+HOMEPAGE="http://www.fwbuilder.org/"
+SRC_URI="https://github.com/fwbuilder/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE=""
+
+DEPEND="
+ dev-libs/libxml2
+ dev-libs/libxslt
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtnetwork:5
+ dev-qt/qtprintsupport:5
+ dev-qt/qtwidgets:5
+ sys-libs/zlib
+"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+ eapply_user
+
+ # bug 398743
+ sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die
+
+ # we need to run qmake ourselves using eqmake5 in src_configure to
+ # ensure we respect CC, *FLAGS, etc.
+ sed -i -e "/runqmake.sh/d" configure.in || die
+
+ # bug 426262
+ mv configure.in configure.ac || die
+
+ # don't install yet another copy of the GPL
+ sed -i -e '/COPYING/d' doc/doc.pro || die
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --without-{ccache,distcc} # portage handles ccache/distcc itself
+ --with-docdir="/usr/share/doc/${PF}"
+ --with-qmake="$(qt5_get_bindir)/qmake" # use fully-qualified qmake, bug #599466
+
+ # yes, we really do need to run both econf and eqmake5...
+ eqmake5
+}
+
+src_install() {
+ emake INSTALL_ROOT="${D}" install
+}
+
+pkg_postinst() {
+ gnome2_icon_cache_update
+
+ elog "You need to install sys-apps/iproute2"
+ elog "in order to run the firewall script."
+}
+
+pkg_postrm() {
+ gnome2_icon_cache_update
+}
diff --git a/net-firewall/fwbuilder/metadata.xml b/net-firewall/fwbuilder/metadata.xml
new file mode 100644
index 000000000000..797459b851a1
--- /dev/null
+++ b/net-firewall/fwbuilder/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>kevin.bauman80@gmail.com</email>
+ <name>Kevin Bauman</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Gentoo Proxy Maintainers Project</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">UNINETT/fwbuilder</remote-id>
+ <remote-id type="sourceforge">fwbuilder</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/fwipsec/Manifest b/net-firewall/fwipsec/Manifest
new file mode 100644
index 000000000000..aced74fe01e8
--- /dev/null
+++ b/net-firewall/fwipsec/Manifest
@@ -0,0 +1,5 @@
+DIST fwipsec-0.4.2.tar.bz2 13114 SHA256 8fa4204c968198a3ea40c8b5efa20c77258be4c912d11d16c1a4c51f712d9aa4 SHA512 752af6b937f6b08b3613f50c789911dd09b1648c57b9ab613fe98922c9f38043a1cee9b45a94f02b51031f3ef4feefc29f192beafec4506202925f71f8e82d0d WHIRLPOOL 122b325b72e2e1f14ac8abd8554c85dd438cfe3ca2410b7ec1339678c8eeb81347bf22af2d055f867caa83ee913c9d42272f70f20595ee17a696a72331c068c8
+EBUILD fwipsec-0.4.2-r1.ebuild 637 SHA256 dd0fccdfd085206f4a9aee3493af3d0e5b6cf91ef43084c104c6dd7b6ac7f842 SHA512 5e6656ce5e61b0e93107608c60e46ce9fe7f81725077a3ae2244ae6bdce6b2a4a9e842da471cba1ca027c59c8d10f8a1adfb0f44ea9a8a9d455605d899bda7fa WHIRLPOOL 0713a68f5b737816eceef109143f430a4e3e32e7f8a59cf09bdd9dfe7d57f99378124b5efc9698c6e34f17127ddbadc7f77a395fdda4414555e7fb62feac7325
+MISC ChangeLog 3078 SHA256 46a7773e6b754b86cfd111f436b20c4010b86caf46afbd5a82f31d4b6e9b0a03 SHA512 52eef5a800d679d157027ce6a23b1f96e0f3c883d5c9a55a03267178ced5cc7e5cb1f0028975d267c55320a50af7123d68aabeab976b9fc895597b1d85ef7f6f WHIRLPOOL f3dba66771dedd179706085a14fbc9c7928dfcfdd2845b5ed2bb7815f961d890ce186b243356a2a983fc83635ed8d1eabb41bfc9c240b15108616cb5d1b0c761
+MISC ChangeLog-2015 2015 SHA256 985dfda277f8b0dc10c3f568d9a9b5db5322e10be80c5c9a32785a3b25ed40b0 SHA512 68de5b091483d0e182a502beb8df89932ea7de4b59bf83f1305d1108e183d64e28b20338e141620db0a431380e273701b0d35d058dbaac03b40867147eda4500 WHIRLPOOL 58de840c7bded5dc4e0adf836a6b9250520dca5183cacfc7420c0b3e276b6a0da74891b35208be5ffc24059adb26df7fc272b19b7e765f11e0cf253f1e24b01d
+MISC metadata.xml 244 SHA256 6012db09dee7d632ca0c0baf1e637cabf3b9c6b68e830e841a124c479f460878 SHA512 b7e666d8c442cf743a0945509197a8ade888c22a0b6f175af937185df2649c05bbbd95e3bff0c33da81bf393899d7b8552fbd27d42dd18572119d5e61f1410e3 WHIRLPOOL 187addb64af741d850e09c34c7f4f0ec55e213612d3647a88a47bb1b35edcc27d92c60ab6d019c9565f159c0aef4b3c1e3af04b5ec6c97d83559983732560010
diff --git a/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild b/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild
new file mode 100644
index 000000000000..3dec312a3916
--- /dev/null
+++ b/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+S=${WORKDIR}/${PN}
+DESCRIPTION="Firewall scripts that control iptables, FreeS/WAN, and squid"
+HOMEPAGE="http://fwipsec.sourceforge.net/"
+SRC_URI="mirror://gentoo/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE=""
+KEYWORDS="alpha amd64 ~hppa ia64 ~mips ~ppc ~sparc x86"
+
+DEPEND=">=net-firewall/iptables-1.2.7
+ sys-apps/iproute2"
+
+src_install() {
+ exeinto /etc/fwipsec
+ doexe fwipsec.*
+ doinitd fwipsec
+
+ dodoc LICENSE DOCS/README*
+ doman DOCS/*.5
+}
+
+pkg_postinst() {
+ elog "Edit /etc/fwipsec/fwipsec.defs to set your base rules."
+}
diff --git a/net-firewall/fwipsec/metadata.xml b/net-firewall/fwipsec/metadata.xml
new file mode 100644
index 000000000000..30534ef172e2
--- /dev/null
+++ b/net-firewall/fwipsec/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+ <upstream>
+ <remote-id type="sourceforge">fwipsec</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest
new file mode 100644
index 000000000000..cce67c03a143
--- /dev/null
+++ b/net-firewall/fwknop/Manifest
@@ -0,0 +1,9 @@
+AUX fwknopd.confd 475 SHA256 818366d8012cf50771ab427bcf645de697e7d05e4bb80d5eb2f98291e071d510 SHA512 a23e42ca59f2d86b0ff1456773419d9b075bdae83fcd307d506dd9e282b58d24c6f6c50ea3418d5cce07a447f32f0089f747516e8f108b7e3c03944ea59a6412 WHIRLPOOL 79a7efe36d88bd4d313a342aa75bcb2a02acbb954c46947c5b9470277cabdd5c1cc66ccae5eb0b4e6a8002b5b0fde7ee4c069d160e2e19f2de8d48b3875a9382
+AUX fwknopd.init 2706 SHA256 ace9569324d049a226d09c91373644c0181e7f714eebd5bacd13c04e2d5fa093 SHA512 6e58cb40bd2c69b624fa5bb320f79e6befd91bc39e4aa66ec0b2a2a014b9342377ea919b364cf52cfda76b924d5d497a79b0d66f2e0c7339894b75bfa9e165fa WHIRLPOOL 7ffa1eb97bc2bace6e4d40d180bd3087db236947dfbc551b133c4f1cff3ec5fbe891ba9b8a7aebca824637cfcd5f5c7aba043ae3be8eace02368411f829f6d81
+AUX fwknopd.service 235 SHA256 c88fbe0588731a5dea7d358680d5625876d36b6732ac51d8812390affc8d79b9 SHA512 890bbba586183275cbd3b420a9c0d609ff3eca0fd239b4af97e2730e2790f317fc114f51d60107ba4fbddd2cabb60c70d8b615e2a75bb80cf27d352c894a1c6d WHIRLPOOL 1389d12053c0a0904e661065095ee6d3102ae2fe2934814aabce7e282b7fc512e80c01a53cc9d74c78c861f95b738c47148dc1446e3f3271187c04da42ee3a3a
+AUX fwknopd.tmpfiles.conf 31 SHA256 ba9eed2ec8f4230ab2070865a829e0da290761e93a0979212481c974314e77b7 SHA512 73b56a42c7728c9dabd82cd81bd6ffa1b948fe80fa67feee348ad65f957f1f2ea53c6b5d74fa2784ea75c45c2c27b5d989da4a618f3a4cf67914c927e04b74ae WHIRLPOOL 06466f7d6a70edc7a7a02b0c492e37143aab3735b7d294ea88a1371e4bf9ed70b47e871cdd293e9e879e7e40783bfaba90f6aa81580ac1a785f3e275ba21399a
+DIST fwknop-2.6.9.tar.gz 3043542 SHA256 0a8de8d3e2073ad08f5834d39def6c33fd035809cfddbea252174e7dc06a5a51 SHA512 4706560d44c911c8604059d88dded9c1b8c333399d90ec7dc366c0fba96c79680bdbf1b8b5e76cc34aaf3a1e58fff80db8f5f20c96d57481bdb476a9b99f4d1b WHIRLPOOL e9ac76f39f8991af4a56f85f50f2ea982a7d043cfb17c824cbaf3ebd18e34630b86abdf198e9e91239c4acf67db56539a9dee00ee379ec39314adb5bc233344c
+EBUILD fwknop-2.6.9-r1.ebuild 3691 SHA256 e40b1f14afcb70bf39d8cd91b29a1bf87175dbf251002f17267c33092264d941 SHA512 ee6a6065e916cf745dfa9e8903166ab0de571138720134568349767f9f63ea0b00d5991a2b29206279f17d0e2968fb573195d3191c89bd0d1b2ca34c21a18473 WHIRLPOOL c44e1adcde5cb0a221a1a0c8ecb43472f060aaafa6328f962a708a04d306fe5e5f3f29e7f2e6e637392ebc7179f12e887fad92256661839b8afd5026af71514c
+MISC ChangeLog 8140 SHA256 35c7b993e77213cd8fd5ab04ce14e1ad1559e94eb2548c935410e5f7109194ca SHA512 13f15847d75607dd3592693264b86be4895e9776ef4a1d6447feb2ab76733740b1126d36a355c8d6e388e7fa671a67c1bd2b168b074933a6f9ed430f7d86612f WHIRLPOOL f10627e102edab784c3ca2a830e028e7a7e71b4e2b4c3c09b58344ffd24362e1e398bc6d9d90d474f011cf81f41a6536c6ef2dd68222fe18bbb43a67fa1d8d0f
+MISC ChangeLog-2015 1964 SHA256 9ae9b87ddd19f9aa29b820260929906c94dca2b6b05dab5a88b4f33c29e1fe89 SHA512 f8e8d28aa3c3bf6e8cb9dd9706188e0b54e254ccc66144bfd3e43268410bf2fe1540a5a0ba9a0afd7804e7c43adc7077002d805bbac269a3d6f1132168d3313b WHIRLPOOL a41b48ea32db7becb4bd5af50baea40a69d51fe3594bab79197653e01c0465868b1342c8456d6179cd09ba7de6ff62592983c256724f05c923530afbc447d9fc
+MISC metadata.xml 1217 SHA256 79101e3c34af737f9399fa485ceb72efa82bf9bc6dca1e2ba51097c7eb9d92de SHA512 5f6c53eedff6224d8c282d4c8d1ecde4efaa975ecb7ed330ab2ccd01a9584f9ed71f5cca74fc4ad6d6aa241b2c95b8cb091546538ae64577ba61bbbd3b652954 WHIRLPOOL c85f4250fb47f7958f400fef75c601fd0c4058086ce88cff7adad20d638b7d3f95ab6bbbb1bc5704662c413e0fb32b0c49bd1520bd1acc5a6aa57a0b26ee5db0
diff --git a/net-firewall/fwknop/files/fwknopd.confd b/net-firewall/fwknop/files/fwknopd.confd
new file mode 100644
index 000000000000..63bcd01dd82f
--- /dev/null
+++ b/net-firewall/fwknop/files/fwknopd.confd
@@ -0,0 +1,21 @@
+# /etc/conf.d/fwknopd: config file for /etc/init.d/fwknopd
+
+# Path to the fwknopd config directory (needs to be an absolute path).
+
+FWKNOPD_CONFDIR="/etc/fwknop"
+
+
+# Additional options to pass to fwknopd.
+# Refer to the fwknopd(8) manpage for more information.
+
+#FWKNOPD_OPTS=""
+
+
+# Pid file to use (needs to be an absolute path).
+
+#FWKNOPD_PIDFILE="/run/fwknop/fwknopd.pid"
+
+
+# Path to the fwknopd binary (needs to be an absolute path).
+
+#FWKNOPD_BINARY="/usr/sbin/fwknopd"
diff --git a/net-firewall/fwknop/files/fwknopd.init b/net-firewall/fwknop/files/fwknopd.init
new file mode 100644
index 000000000000..dda1bf03156e
--- /dev/null
+++ b/net-firewall/fwknop/files/fwknopd.init
@@ -0,0 +1,91 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+: ${FWKNOPD_BINARY:=/usr/sbin/fwknopd}
+: ${FWKNOPD_CONFDIR:=/etc/fwknop}
+: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf}
+: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid}
+
+depend() {
+ after iptables ip6tables ebtables firewall
+ use logger
+ if [ "${rc_need+set}" = "set" ]; then
+ : # Do nothing, the user has explicitly set rc_need
+ elif [ -f "${FWKNOPD_CONFIG}" ]; then
+ local x warn_intf
+ for x in $(awk '/^[[:blank:]]*PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do
+ warn_intf="${warn_intf} ${x}"
+ done
+ if [ -n "${warn_intf}" ]; then
+ need net
+ ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!"
+ ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME},"
+ ewarn "where FOO is the following interface(s):"
+ ewarn "${warn_intf}"
+ else
+ # If PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0
+ if ! grep -q '^[[:blank:]]*PCAP_FILE' "${FWKNOPD_CONFIG}"; then
+ need net
+ ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf,"
+ ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0."
+ ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}."
+ fi
+ fi
+ fi
+}
+
+checkconfig() {
+ if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then
+ eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd"
+ eerror "Example is located at /etc/fwknop/fwknopd.conf.example"
+ return 1
+ fi
+
+ if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then
+ eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd"
+ eerror "Example is located at /etc/fwknop/access.conf.example"
+ return 1
+ fi
+
+ [ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \
+ && FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}"
+
+ [ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \
+ && FWKNOPD_OPTS="${FWKNOPD_OPTS} \
+ --config=${FWKNOPD_CONFDIR}/fwknopd.conf \
+ --access-file=${FWKNOPD_CONFDIR}/access.conf"
+
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start \
+ --exec ${FWKNOPD_BINARY} --pidfile ${FWKNOPD_PIDFILE} \
+ -- ${FWKNOPD_OPTS}
+ eend $?
+}
+
+stop() {
+ if [ "${RC_CMD}" = "restart" ]; then
+ checkconfig || return 1
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --pidfile ${FWKNOPD_PIDFILE}
+ eend $?
+}
+
+reload() {
+ checkconfig || return 1
+
+ ebegin "Reloading ${SVCNAME} configuration"
+ start-stop-daemon --signal HUP --pidfile ${FWKNOPD_PIDFILE}
+ eend $?
+}
diff --git a/net-firewall/fwknop/files/fwknopd.service b/net-firewall/fwknop/files/fwknopd.service
new file mode 100644
index 000000000000..d2e8c3125200
--- /dev/null
+++ b/net-firewall/fwknop/files/fwknopd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Firewall Knock Operator Daemon
+After=network-online.target
+
+[Service]
+Type=forking
+PIDFile=/run/fwknop/fwknopd.pid
+ExecStart=/usr/sbin/fwknopd
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-firewall/fwknop/files/fwknopd.tmpfiles.conf b/net-firewall/fwknop/files/fwknopd.tmpfiles.conf
new file mode 100644
index 000000000000..b7cb3856b056
--- /dev/null
+++ b/net-firewall/fwknop/files/fwknopd.tmpfiles.conf
@@ -0,0 +1 @@
+d /run/fwknop 0700 root root -
diff --git a/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild
new file mode 100644
index 000000000000..5c86df5bfb0c
--- /dev/null
+++ b/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+# Python extension supports only Python 2.
+# See https://github.com/mrash/fwknop/issues/167
+PYTHON_COMPAT=( python2_7 )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools distutils-r1 eutils linux-info readme.gentoo-r1 systemd
+
+DESCRIPTION="Single Packet Authorization and Port Knocking application"
+HOMEPAGE="https://www.cipherdyne.org/fwknop/ https://github.com/mrash/fwknop"
+SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+client extras firewalld gdbm gpg +iptables nfqueue python +server udp-server"
+
+DEPEND="
+ client? ( net-misc/wget[ssl] )
+ firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] )
+ gdbm? ( sys-libs/gdbm )
+ gpg? (
+ app-crypt/gpgme
+ dev-libs/libassuan
+ dev-libs/libgpg-error
+ )
+ iptables? ( net-firewall/iptables )
+ nfqueue? ( net-libs/libnetfilter_queue )
+ python? ( ${PYTHON_DEPS} )
+ server? ( !nfqueue? ( !udp-server? ( net-libs/libpcap ) ) )
+"
+RDEPEND="${DEPEND}"
+
+REQUIRED_USE="
+ nfqueue? ( server )
+ python? ( ${PYTHON_REQUIRED_USE} )
+ server? ( ^^ ( firewalld iptables ) )
+ udp-server? ( server )
+"
+
+DOCS=( AUTHORS ChangeLog README.md )
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS="
+Example configuration files were installed to '${EPREFIX}/etc/fwknopd/'.
+Please edit them to suit your needs and then remove the .example suffix.
+
+fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf.
+You can set the desired backend via FIREWALL_EXE option in fwknopd.conf
+instead of the default one chosen at compile time.
+"
+
+src_prepare() {
+ default_src_prepare
+
+ # Install example configs with .example suffix.
+ if use server; then
+ sed -i -e 's|conf;|conf.example;|g' Makefile.am || die
+ fi
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/run"
+ $(use_enable client)
+ $(use_enable !gdbm file-cache)
+ $(use_enable nfqueue nfq-capture)
+ $(use_enable server)
+ $(use_enable udp-server)
+ $(use_with gpg gpgme)
+ )
+ use firewalld && myeconfargs+=(--with-firewalld="${EPREFIX}/usr/sbin/firewalld")
+ use iptables && myeconfargs+=(--with-iptables="${EPREFIX}/sbin/iptables")
+
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default_src_compile
+
+ if use python; then
+ cd python || die
+ distutils-r1_src_compile
+ fi
+}
+
+src_install() {
+ default_src_install
+ prune_libtool_files --modules
+
+ if use extras; then
+ dodoc extras/apparmor/usr.sbin.fwknopd
+ dodoc extras/console-qr/console-qr.sh
+ dodoc extras/fwknop-launcher/*
+ fi
+
+ if use server; then
+ newinitd "${FILESDIR}/fwknopd.init" fwknopd
+ newconfd "${FILESDIR}/fwknopd.confd" fwknopd
+ systemd_dounit extras/systemd/fwknopd.service
+ systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf
+ readme.gentoo_create_doc
+ fi
+
+ if use python; then
+ # Redefine DOCS, otherwise distutils-r1 eclass interferes.
+ local DOCS=()
+ cd python || die
+ distutils-r1_src_install
+ fi
+}
+
+pkg_postinst() {
+ if use server; then
+ readme.gentoo_print_elog
+
+ if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then
+ echo
+ ewarn "fwknopd daemon relies on the 'comment' match in order to expire"
+ ewarn "created firewall rules, which is an important security feature."
+ ewarn "Please enable NETFILTER_XT_MATCH_COMMENT support in your kernel."
+ echo
+ fi
+ if use nfqueue && \
+ ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_TARGET_NFQUEUE; then
+ echo
+ ewarn "fwknopd daemon relies on the 'NFQUEUE' target for NFQUEUE mode."
+ ewarn "Please enable NETFILTER_XT_TARGET_NFQUEUE support in your kernel."
+ echo
+ fi
+ fi
+}
diff --git a/net-firewall/fwknop/metadata.xml b/net-firewall/fwknop/metadata.xml
new file mode 100644
index 000000000000..3f95120e273b
--- /dev/null
+++ b/net-firewall/fwknop/metadata.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>itumaykin+gentoo@gmail.com</email>
+ <name>Coacher</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <use>
+ <flag name="client">Build fwknop client</flag>
+ <flag name="extras">Install utility scripts and AppArmor policy for fwknopd</flag>
+ <flag name="firewalld">Use <pkg>net-firewall/firewalld</pkg> as the default server backend</flag>
+ <flag name="gdbm">Use <pkg>sys-libs/gdbm</pkg> to store fwknopd digest cache</flag>
+ <flag name="gpg">Enable GPG support via <pkg>app-crypt/gpgme</pkg></flag>
+ <flag name="iptables">Use <pkg>net-firewall/iptables</pkg> as the default server backend</flag>
+ <flag name="nfqueue">Enable UDP-only NFQUEUE server mode (no <pkg>net-libs/libpcap</pkg> dependency)</flag>
+ <flag name="server">Build fwknopd server</flag>
+ <flag name="udp-server">Enable UDP-only server mode (no <pkg>net-libs/libpcap</pkg> dependency)</flag>
+ </use>
+ <upstream>
+ <remote-id type="github">mrash/fwknop</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/gshield/Manifest b/net-firewall/gshield/Manifest
new file mode 100644
index 000000000000..4340ae74222f
--- /dev/null
+++ b/net-firewall/gshield/Manifest
@@ -0,0 +1,6 @@
+AUX gshield.init 533 SHA256 160e3c9c29052643621c377be3a8450f36dce9971717b14154f32c4ce97ad3d2 SHA512 d046f8a0c4da46bdea94ef45ce472a8c0c68688421a06c7254a2f5e861b0c4884215ec860af7440a0e42a3fcdc93828a95ebd99acee4951850e6c94f2d2a5796 WHIRLPOOL de7527ac542ed73bfdfc7d3c82425f7c0c4e48c5180b59b37370bc925f9b32eff7e4e0a75a959af62a0e1c1259dc2906df319f657c574aaa0a0fa92e67afe6df
+DIST gShield-2.8.tgz 47346 SHA256 19b04059ac4a6ad28f8653d804376779a83516ba4e0b5b041fe45d422ef68b85 SHA512 f91ef18267817e3296c795b3f1629dad9ade269e12aba7f95d39b7ae39aaf76dc15e0046747281dc44859241a18b2ce7ac03e276984aee11af15e28cf80f736c WHIRLPOOL 3e834f39be912d039112971c57e62ca2b645afc33672bdb140f77b4c2cb16227b07f82fd2983dddb492381d798c4f7567d6b1fe61ad0f67554968c937c7d5e2b
+EBUILD gshield-2.8-r4.ebuild 1159 SHA256 f81321155b6b558c580bc470a4c8421e4fe3b817d47defde81a26c60ab2e0b1c SHA512 393375f184c49f9773ed82b2638de608920c70e1fb58116dbea23b99984ea65af2099293b2f74fe8705a31f923bd7a376bd12c5f677f4c72027940f1d8ee26e2 WHIRLPOOL 476ddbc59f5e2382f10441b354f6da4382e6d5302dbdd6dd53b673e023481a406f6a92f670ccdf1f2dfd53d270bcafd5c20adbd9124e8efc7cbbd3dcb8b7acb3
+MISC ChangeLog 2583 SHA256 1fb1343f40aa51c221ffb8c54c07309336feb4891e783ee904f294758e4e3dd1 SHA512 6932aabfb6e0e3801ebc9fea57aea8f7a398611227cc4d2f568a136c3c186b93647281fe56f09a649ae0ddd3f1c5a88605246a452fe2a0d7fdd0bfa3c9c0793e WHIRLPOOL a8e3e040044b15a6b4d3cdbd64e5265244a1266657d24c95b70986b13fcb4d9b6e051e466b7e96afa7d09d7071fb8158b956601b43641975a401c0306f35d17c
+MISC ChangeLog-2015 2596 SHA256 e3391ffea238bcc003784b1e800afea0d2f16a1b889b594639446bc50224b255 SHA512 b45819dabcb48ca7da7f0f3c7e5f2bd8d26985254166ba539a52ac4f89b163f82189ac8a3608c5532c86808968e87a970fa07eaa139204e70be320329cbf03a4 WHIRLPOOL ed465c30e441bd72583c29f033f94b5b517280b29790cd03d69e06de0222bb467b643906f6cbcc612149af41265fe982d7205257ee41c9559d3a41fc7589591e
+MISC metadata.xml 276 SHA256 d15d6b6bd9ffc8a642c7469d01788ba9158efb4ca27fcf3324d9e52d1b70ec93 SHA512 f0e6c6bc89659e01e157d9bf30d0a2f3fd2d71bc26c8d12489c4a44fc5237159946e25b46e7295ab4676aea63559194977a0b1e76aced31d81cf6387dd0f4250 WHIRLPOOL 26b9e81575f613b751f76234013c30a8da84a1c0dd75c12b8df32706ee753691bbc889a2dec5001cc8c4b05c47aca49ed9fabbb5a6fefed74aaa86d6c3f56cee
diff --git a/net-firewall/gshield/files/gshield.init b/net-firewall/gshield/files/gshield.init
new file mode 100644
index 000000000000..243c0ccc8946
--- /dev/null
+++ b/net-firewall/gshield/files/gshield.init
@@ -0,0 +1,26 @@
+#!/sbin/openrc-run
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ need logger net
+}
+
+start() {
+ ebegin "Loading gShield network firewall"
+ /usr/share/gshield/gShield.rc start > /dev/null
+ # check that it loaded
+ iptables -L DMZ > /dev/null 2>&1
+ eend $?
+}
+
+stop() {
+ ebegin "Unloading gShield network firewall"
+ /usr/share/gshield/gShield.rc stop > /dev/null
+ # check that it unloaded
+ if iptables -L DMZ > /dev/null 2>&1 ; then
+ eend 1
+ else
+ eend 0;
+ fi
+}
diff --git a/net-firewall/gshield/gshield-2.8-r4.ebuild b/net-firewall/gshield/gshield-2.8-r4.ebuild
new file mode 100644
index 000000000000..f136566e21fa
--- /dev/null
+++ b/net-firewall/gshield/gshield-2.8-r4.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DESCRIPTION="iptables firewall configuration system"
+HOMEPAGE="http://muse.linuxmafia.org/gshield.html"
+SRC_URI="ftp://muse.linuxmafia.org/pub/gShield/v2/gShield-${PV}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc x86"
+
+RDEPEND="
+ net-dns/bind-tools
+ net-firewall/iptables
+ virtual/logger
+"
+
+S=${WORKDIR}/gShield-${PV}
+
+src_install() {
+ # install config files
+ dodir /etc/gshield
+ cp -pPR * "${D}"/etc/gshield || die
+ dosym gshield /etc/firewall
+
+ # get rid of docs from config
+ rm -r "${D}"/etc/gshield/{Changelog,INSTALL,LICENSE,docs} || die
+
+ # move non-config stuff out of config, but make symlinks
+ dodir /usr/share/gshield/routables
+ for q in gShield-version gShield.rc tools sourced routables/routable.rules
+ do
+ mv "${D}"/etc/gshield/$q "${D}"/usr/share/gshield/$q || die
+ dosym /usr/share/gshield/$q /etc/gshield/$q
+ done
+ chmod -R u+rwX "${D}"/etc/gshield || die
+
+ # install init script
+ newinitd "${FILESDIR}"/gshield.init gshield
+ chmod -R u+rwx "${D}"/etc/init.d/gshield || die
+
+ # install docs
+ dodoc Changelog docs/*
+}
diff --git a/net-firewall/gshield/metadata.xml b/net-firewall/gshield/metadata.xml
new file mode 100644
index 000000000000..74c2baebb4ec
--- /dev/null
+++ b/net-firewall/gshield/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+</maintainer>
+</pkgmetadata>
diff --git a/net-firewall/ipkungfu/Manifest b/net-firewall/ipkungfu/Manifest
new file mode 100644
index 000000000000..d750497c4f2c
--- /dev/null
+++ b/net-firewall/ipkungfu/Manifest
@@ -0,0 +1,10 @@
+AUX ipkungfu.init 379 SHA256 c9a24aed68188837938278df6edbd2f22c4557123c1d6d044d11a35e82964952 SHA512 612a42d7841e6ea72b4b9d4e77734cb38d65f38b0364c15234172fc5cc37d4382d51b4d35f08432e2badca6f8833c6d347c930f6a14295a373f0760226ce5c5d WHIRLPOOL cd945a67ee782a6ed5bc601bc37a17e1417d24166c0e0281580e1209b42de653fc2b57178af9679ed401082b028595d10a83d6c23693fbdf8c9b151bea3fbc2d
+AUX ipkungfu_noiseless.patch 752 SHA256 e114e8107b7c5279d90ddd93f5eb356e182b9c67f503b3a3083a5c7f44edc2bd SHA512 990dd6ef61e3e1645a8e09ee6ae43e90ad46a13c7855d97414dd942007a1a4de69c8c31d26973d7606a852b85e0322648ebe1713e7a51df76040f2df92c0c3b6 WHIRLPOOL 12b7b90a46c0785360bb4226dc8250f27fee0307cc1df6d4cf6d69a4959631a9eaa9b70836b61878d1bece39b8c0ade97edbdadeed26b74f992386836ea90db1
+AUX nat_ftp.patch 262 SHA256 a727743f1fe5a9a5133c942f3f86080d8165a07f4d4faec3a5338d7bdb25253e SHA512 4b8747bdd63fdd04d7fc3b3b9bd9437bbaae7b479aa3e1d5c3f9183c9f3228f9946bcb83e24871fad57557e439c752f458f8ad1496dfcc2f6a0ca3295ab62930 WHIRLPOOL a48a985d0a9be9d9008f234d01143e780b52d63fe3e1525fe9c1dae4f3738f6192dc09c3069501657a2f0dadc65486b7f3a86ade09b519562adeca5863ab2acd
+DIST ipkungfu-0.5.2.tgz 35985 SHA256 6543815384f1935631121fba833b5988ca6e88ff19646a561d0315b29f2f5ef8 SHA512 9aaef341b85a0788d65dd6d341a94319cb8083a57f06645c5ad938dabccd53abbb590e8eddd3a9172f9b226780cc9e6e1f906da668f6a80c3a6fb0a9be081046 WHIRLPOOL 5d47bae5c88f5343c51ed52c33fd890b65626db8e29841fb1af067ff1a48538c118e99d65474c431cf8445cdaa2a1f2eec3e32eef56d6ca3ef54aa2953884944
+DIST ipkungfu-0.6.1.tar.bz2 104516 SHA256 a1b19c588ecc9584c37e7578c869842f9ceb97b5fd8320abe5b4bd98c136fa76 SHA512 bc1df9894d36d40f5394cbaef6f7cc9f95a8eaaf45a03d1c3a809bc5a7a5ae685c8cf6a27363ab83f6f817a0d44277b28de8bd40230d29c5700dda1d52e231b7 WHIRLPOOL 032ed7e8fb128226a6415ad734b65d383265708c1109f139ea042391a3fd29d39207425a1ae662aa8dbc8051ba9d6380ba6ee6c30de0675d914c80318d88b7a5
+EBUILD ipkungfu-0.5.2-r2.ebuild 1322 SHA256 cbd3e8a3d1c3446efcb7bfff37918d21cc5e3bfdcc3f9c0c40487874f562b4e1 SHA512 1b1c1783d8083ff9a9304693e283d7a2c345a48eb1627ef51d0676cb9a26fd41abac91ca5b5b61c12549a402bdd6a5eadb73a32c50c66ab74edd6c814bce5c2d WHIRLPOOL 0b64672ddd3261f697c50df0fd4d44797638195e972a06a268a52a96fefbf02edbcee86f31ef156f5c9eee0f72c265e2546ce8337e0d2e51898998c69320c656
+EBUILD ipkungfu-0.6.1-r1.ebuild 1163 SHA256 199d6d605ba7eee7674d107bb720a819f6f2aff3d974cd0dbf4a5bfe05c6da45 SHA512 134f266e8e3b1b3436e3b0976182505e5c2bb2ac9f1387714642691793cd66bcfbee57b8daa9151bfeb1b385a23818deca7c9f420628bfab3062e6acb7682aed WHIRLPOOL 7c626d6064e100ae00b719eb47d5564cda0a9b8a4a2691d5c50690d0f2a6d6dacb7e3e40d3c10bbf6d186a97dbe3906b8480bbbcc832d832a33c0927ef19b120
+MISC ChangeLog 3166 SHA256 748845d0160bc761c10093d216572333cb72917d8c0f4ee5868f4eec1454f7b7 SHA512 673f94df74be2f0a13571a43a4f1ddc9913089401b87c356169fbb2ec90c99a81a66383d805c8421136b275d2cdbf5566ca516bdde5bdccf76f084beaa37e69e WHIRLPOOL 6f7def9a076aa694227c2fd1c0f58a867312ff45823163a91d119acde052722cf6b937b56c49eb58135cf3011cc7f27b705ef6616e81ba8aacaed00c1a83f1d9
+MISC ChangeLog-2015 2865 SHA256 73bcbb6bca1b64ef7d43a49175de91513ec123f94e240bdfadcb139e17cc7513 SHA512 aa3df788f01727837efdea748667d960dd2fa78c3d5b8dcef859d019fe78388a56ce96060147bff15a7610ad226685662012aa8335e46134f78b2067006767ff WHIRLPOOL d73c12a0243e7e61f0b486e9fabbb8f5ef801e1e51cc2f488cbca1dfd42785416218b24fcbcbc4b586bb7ce618d2c0938cdeabd129deb4639cab922d72a3cc7d
+MISC metadata.xml 262 SHA256 f408140b4b8086290e0264f35df3b73e1900f853a1ddc8ac490db642c2c4a6e9 SHA512 586abd31f3353b9225ef45186aa03c1fe24affc9937c796344c6025368e33ac62871ee003852e3272d39b2bf75fe2b8e4b9f56970f3c076268d19963bf71a6a0 WHIRLPOOL d854d0b073426f8ec83258944dcd1e62680c544e7cccfa121ea78eebc2b59df492e8b86a664d015eab82e4ca822176901d538ef638ccd61987d755a2aff3b8bb
diff --git a/net-firewall/ipkungfu/files/ipkungfu.init b/net-firewall/ipkungfu/files/ipkungfu.init
new file mode 100644
index 000000000000..a3eeafc5b813
--- /dev/null
+++ b/net-firewall/ipkungfu/files/ipkungfu.init
@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ need logger net
+}
+
+start () {
+ ebegin "Starting ipkungfu"
+ /usr/sbin/ipkungfu --init
+ eend $? "Failed to start ipkungfu"
+}
+
+stop() {
+ ebegin "Stopping ipkungfu"
+ /usr/sbin/ipkungfu --disable > /dev/null
+ eend $? "Failed to stop ipkungfu"
+}
diff --git a/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch b/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch
new file mode 100644
index 000000000000..eed657f2dada
--- /dev/null
+++ b/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch
@@ -0,0 +1,24 @@
+diff -ru ipkungfu-0.6.1.orig/ipkungfu.in ipkungfu-0.6.1/ipkungfu.in
+--- ipkungfu-0.6.1.orig/ipkungfu.in 2007-01-22 04:47:04.000000000 +0100
++++ ipkungfu-0.6.1/ipkungfu.in 2007-07-04 12:49:23.000000000 +0200
+@@ -753,11 +753,15 @@
+ fi
+
+ function delTestChain {
+-# {{{ Flush and delete test chains
+- $IPTABLES -t filter -F SYSTEST
+- $IPTABLES -t filter -X SYSTEST
+- $IPTABLES -t mangle -F SYSTEST
+- $IPTABLES -t mangle -X SYSTEST
++# {{{ Flush and delete test chains, if exist
++ if $IPTABLES -t filter -L SYSTEST > /dev/null 2>&1 ; then
++ $IPTABLES -t filter -F SYSTEST
++ $IPTABLES -t filter -X SYSTEST
++ fi
++ if $IPTABLES -t mangle -L SYSTEST > /dev/null 2>&1 ; then
++ $IPTABLES -t mangle -F SYSTEST
++ $IPTABLES -t mangle -X SYSTEST
++ fi
+ # }}}
+ }
+
diff --git a/net-firewall/ipkungfu/files/nat_ftp.patch b/net-firewall/ipkungfu/files/nat_ftp.patch
new file mode 100644
index 000000000000..db919c5565e1
--- /dev/null
+++ b/net-firewall/ipkungfu/files/nat_ftp.patch
@@ -0,0 +1,11 @@
+--- ipkungfu 2003-10-03 13:05:59.000000000 -0400
++++ ipkungfu 2004-02-09 16:34:37.000000000 -0500
+@@ -138,7 +138,7 @@
+ if [ $INIT != 1 ] ; then
+ echo "Loading FTP NAT module..."
+ fi
+- $MODPROBE ip_nat_irc
++ $MODPROBE ip_nat_ftp
+ fi
+ fi
+ }
diff --git a/net-firewall/ipkungfu/ipkungfu-0.5.2-r2.ebuild b/net-firewall/ipkungfu/ipkungfu-0.5.2-r2.ebuild
new file mode 100644
index 000000000000..f6cd5f2bcd6f
--- /dev/null
+++ b/net-firewall/ipkungfu/ipkungfu-0.5.2-r2.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+inherit eutils
+
+DESCRIPTION="A nice iptables firewall script"
+HOMEPAGE="http://www.linuxkungfu.org/"
+SRC_URI="http://www.linuxkungfu.org/ipkungfu/${P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc x86"
+IUSE=""
+
+DEPEND="net-firewall/iptables"
+RDEPEND="${DEPEND}
+ virtual/logger"
+
+src_unpack() {
+ unpack ${A}
+
+ # Patch ipkungfu to load the right module for ip_nat_ftp
+ # Fixes bug #42443. Thanks to George L. Emigh <george@georgelemigh.com>
+ cd "${WORKDIR}"/${P} && epatch "${FILESDIR}"/nat_ftp.patch
+
+ # man page comes bzip2'd, so bunzip2 it.
+ cd "${WORKDIR}"/${P}/files
+ bunzip2 ipkungfu.8.bz2
+}
+
+src_install() {
+
+ # Package comes with a hard coded shell script, so here we
+ # replicate what they did, but so it's compatible with portage.
+
+ # Install shell script executable
+ dosbin ipkungfu
+
+ # Install Gentoo init script
+ newinitd "${FILESDIR}"/ipkungfu.init ipkungfu
+
+ # Install config files into /etc
+ dodir /etc/ipkungfu
+ insinto /etc/ipkungfu
+ doins files/*.conf
+
+ # Install man page
+ doman files/ipkungfu.8
+
+ # Install documentation
+ dodoc COPYRIGHT Changelog FAQ INSTALL README gpl.txt
+}
+
+pkg_postinst() {
+ einfo "Be sure to edit the config files"
+ einfo "in /etc/ipkungfu before running"
+}
diff --git a/net-firewall/ipkungfu/ipkungfu-0.6.1-r1.ebuild b/net-firewall/ipkungfu/ipkungfu-0.6.1-r1.ebuild
new file mode 100644
index 000000000000..94f6785c0b8e
--- /dev/null
+++ b/net-firewall/ipkungfu/ipkungfu-0.6.1-r1.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DESCRIPTION="A nice iptables firewall script"
+HOMEPAGE="http://www.linuxkungfu.org/"
+SRC_URI="http://www.linuxkungfu.org/ipkungfu/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE=""
+
+DEPEND="net-firewall/iptables"
+RDEPEND="${DEPEND}
+ virtual/logger"
+
+src_prepare() {
+ eapply "${FILESDIR}/ipkungfu_noiseless.patch"
+ eapply_user
+}
+
+src_install() {
+ default
+
+ # Install configuration files
+ emake DESTDIR="${D}" install-config
+
+ # Install Gentoo init script
+ newinitd "${FILESDIR}"/ipkungfu.init ipkungfu
+}
+
+pkg_postinst() {
+ # Remove the cache dir so ipkungfu won't fail when running for
+ # the first time, in case 0.6.0 was installed before.
+ rm -rf /etc/ipkungfu/cache
+
+ einfo "Be sure, before running ipkungfu, to edit the config files in:"
+ einfo "/etc/ipkungfu/"
+ einfo
+ einfo "Also, be sure to run ipkungfu prior to rebooting,"
+ einfo "especially if you you're updating from <0.6.0 to >=0.6.0."
+ einfo "There are some significant configuration changes on this"
+ einfo "release covered by the ipkungfu script."
+}
diff --git a/net-firewall/ipkungfu/metadata.xml b/net-firewall/ipkungfu/metadata.xml
new file mode 100644
index 000000000000..5dc048e2ff1d
--- /dev/null
+++ b/net-firewall/ipkungfu/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+ <longdescription lang="en">
+ ipkungfu is a nice iptables firewall script
+ </longdescription>
+</pkgmetadata>
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
new file mode 100644
index 000000000000..71e280d5517b
--- /dev/null
+++ b/net-firewall/ipset/Manifest
@@ -0,0 +1,29 @@
+AUX ipset.confd 588 SHA256 a4203705531190ba1793dfe18e0cad03cae624918fdd9845d79c6aef27ad6ee7 SHA512 93e01873c3fb8ff5f4f78e04118a666a650e604a1ba2908309faab08aa140e0ca7a2e24fc5114a9e809d3dbe81e801fc9ad59d53e174014cae1f23719a2a8e3e WHIRLPOOL a1ff1c60d761de759ca9c624784698dfb18e461eb2eb817eadbeeadf0706f8af07d1dc36c495435f338c6aa099a2b974e4c9c10179a4fc98eb11c15dc8fcc23b
+AUX ipset.initd-r2 1342 SHA256 15dc2018baf45fb5bb6778815545730039ab6a0e3d07b9fe1b2afa70fa51c58c SHA512 0de7ca42ebc8edcc3463bd532cdddaba000aa91f92173ebc5b4bf7b4b182602ce586f40726fc8cd0156b55e25bcec96372b84aae2e655b15013bcd861757e4f4 WHIRLPOOL 017a867e9bf9e0284b997a5ba188d74f9e672a7fe5ad54f3c4284ded0655a99edaafef71b39f9c24e140e93e1f1e4428fe58a86acdc37d1b6bfce48234903f9f
+AUX ipset.initd-r3 2985 SHA256 78d8c31c00d746552db9fdee77effd508c20389d1ee229e9ebd1f4b8d1273e6e SHA512 254b09865fad6d8d88af77a7264d14dc341946e768b4f85fbe66e01dc4de0a3fae55f93b03c9cdc350779d5bb05710682acb5b9eb687b4cc6eeefb98933bdaac WHIRLPOOL 792030567faeaed77196a4f9c87df9ba36bfe9848bc33049e2e63cf2dbaa4a405626152e2a74901a7bc969b4db09ec0aa3fa68489adf738ba14de7d013af9594
+AUX ipset.initd-r4 3005 SHA256 431663ee4a0d1ae8f8574edce310f9fe2e9c9c649fb89f4081362bc523143a5e SHA512 1d5e0a56811bbd11193712bf6ab165ce43426cd46cefe17e06598e905ff3a4902f4eca723b40ba3962fa344fdefb0a5df6b6d70b7b8fb40b376441975634a211 WHIRLPOOL 061dcfe62f6465ec16219bde3065023446c35775a3e6c35fd342b67d19cadc29ddcff460a88286f66d292c9412a07aa94b6807d1f1a3a9573cce266ad7cd5d55
+DIST ipset-6.15.tar.bz2 432771 SHA256 6f60a472bc2ef7b1c864be6472de65365c90e264dfadf28da48c2361393d8fd1 SHA512 f72329bb8610717ccdddbfaf7b7774e717a34d71fdb7f9c7eac97e3d1b314915500c88137b6e229411df99c86d2228bef447f26c116bc2cf992cfb60ab1422d3 WHIRLPOOL 868ee3cd722c2d86c273aca8f3ca7695e8ef5d00d30111ef0f2bf972a119211008d8cadec1760b43b4f0efb24690f20a2cf5f0fdbbb0700cf66e5660d363ab2a
+DIST ipset-6.16.1.tar.bz2 433347 SHA256 cb5b02deab8521946fd473b77c40f00452b76fed621f0eee76746c74e89e4c3c SHA512 e54d32932875a9d06acba598280de9e83529f36326cbaaeb05d38b985bc40d276dc46e37eae3d1d4c1afcdd69b3074678512349ebd964b6189ca1c6871efe304 WHIRLPOOL ff2276446c7dbb4005de236b73bf9879ead8273f3ec014883160b779f6c089eaf7d4c4dce06233ef357f0a8b5376754b158eec29187ae5f5f7bb52bfd2d8ae3c
+DIST ipset-6.16.tar.bz2 433118 SHA256 bc3ea05cfbacd43aebff6668825453d0a626edd5d3495a8670103ab895fba464 SHA512 34ef44af76f3609035ae1bdacb7586f2288ee66701ed8a1a5a0632fb23b5f651fe02b070e0f0f1b0ebae6cab02b3f827cc7e67f740cf77f51ba494c25dcc47dd WHIRLPOOL 3b3c2172626530145401bd813c39114f31bf3546ebe0af6e168ed32ade102c158f3bc5f4690ee8bf0540415adc35929da5d8ca8e4e1c2ec83bf631849a24b8a7
+DIST ipset-6.17.tar.bz2 448076 SHA256 7987bb8de1b0490b32084ab72165ae53038e497a96ab9940920280d8068629b0 SHA512 668f173b7ddd8a18af2730205e2e2c38610aa9fd191af52f91080e903bcd8e1f38e8e3a7fd57077decb00fd0556df89c3315c91eaffaa6977f2caf2a3300b175 WHIRLPOOL 1d08c841d87c7a5ca355857ac823ee696922b867690e9066c631414615c98f3cf3e59c6dd8d9f556170eef90a029260c7d41dc1e3f47811ede2190c5d0298e8b
+DIST ipset-6.19.tar.bz2 465927 SHA256 058e7950efdf8b9539ab79eb145de7be60d6cb7b92c0c011edda37e70135024c SHA512 9e9fdccd8ae34ad56c5fc6da03060b39b3acc9a53154acf7e82df3f2c1545b2bdcc7b5b9b4f6ddd6ee3e8582e81b1fa51fae37cb4f46948c053d5153bdca6f39 WHIRLPOOL 31472a732781598c8d99ee562766492c225e359b8153ff68a7769d8fa86f41cac9749eda08e4e3922a6ada5a815192109104b42c59ba3079530f6c0b0169613c
+DIST ipset-6.20.1.tar.bz2 500898 SHA256 356cac020438cd0871acbfc4cb119b8296030f0bb4661ad0d44bbc115ccbce92 SHA512 3fda3a71c18c8d5f9567038fc72f95abec81b4c789fbca7f7b9c032b15000cfbd2829f11a07f2f9ad2afcff54d6851923caff0917b2ead73756673a6b3667565 WHIRLPOOL f31cd533d286238e63f38aecbf281d428d75e856b393f61db5f6622d0dc0cd0a6de7aa4d3eaa2831e1da7dd0846e95c22f92b3a586cf3918cee074360a4caff3
+DIST ipset-6.21.1.tar.bz2 510013 SHA256 cf46c9c35a15aa0f2e0fbab0422586757bd82386c8ad3864936e6cffbd74a331 SHA512 c2ffb2eafc780e15370fd48841f4323c39e8fef1893216c8bc0b8aa8d143f9daf078c6e261e4558243004fe9612ce1d5ca4cca16f8b3f324f4194700c1b0accb WHIRLPOOL 230ebb4756891283980f5b7f67c0c64772b1527b8e8c0b6cdd2714de450b3f6c2a75d961d44563e440edd1399bdee8cce820fe59f46c28355a6f053ad6b1c37b
+DIST ipset-6.24.tar.bz2 518811 SHA256 3071fc283f00a6472b5b352ef57f9825c9face70dda5b0d8715f8d43d0e995d0 SHA512 107bf492030dc4e8e4c2a939e46a715f58458126bfb636dae993e5bf31151d33c2a41b89eb5cca85b71d95b3e36debf97cdfc72c568f351091df17159003d6c6 WHIRLPOOL d34e8d5d197be85cf00ea6a5dbfeb7c52b5d42d9e78299620928e69ba1fbbe124cb16b9f5f2e05d1213b2b7a29a2bed2c1edac2f15ee3c83d8dc19eb3afcc112
+DIST ipset-6.29.tar.bz2 542735 SHA256 6af58b21c8b475b1058e02529ea9f15b4b727dbc13dc9cbddf89941b0103880e SHA512 ce62c72c4cea1b52f069602a90fbffe9bcb12bf70f5b42d93cacb48e4b5d1192a13b18be45391c66a65421f41968e73416e16af25ae6ef19ba92bdbb2cd45ff3 WHIRLPOOL 8e6642d180b5e682bb121ffc249638da27650f97bc3b1e8aef75996d7c626eb447c9324b9cf68e25773cef73720e6281c7a16bf3ba96433ab77ef6f437be3999
+DIST ipset-6.30.tar.bz2 544054 SHA256 65bfa43fec3d51a6b4012f3d7e4b93a748df9b71b6cd6c53adbec8083e804a31 SHA512 6299a6905fbbcc2dd7c2f07862af184fd3b63b586f7bf3af2de5a0cc692f4ec6ef57db64c3435c1acedd6c293570602dca8cfedcb197a00ec18517ced92dc903 WHIRLPOOL d7721b40c5a1556928778fe8adec6c792d0f281737b61680ab414e4aa11691dc2f9c0bf0e56ec8873f4263011e836963d1ab2e273b206b7a0a98adc2ea3d5468
+DIST ipset-6.32.tar.bz2 544635 SHA256 d9cbb49a4ae9e32d7808a604f1a37f359f9fc9064c210c4c5f35d629d49fb9fe SHA512 7b0f5e7ef1a777ab70872aa52f658ff9516cb5de4c67c56d7f596eb88db03467d39b10ffc098441b4bfa4bb21a15f3c5f7f7f825300ce8efbacd767369ad43c7 WHIRLPOOL a87a94f617b269cfcdb3dbf1516d1902b027f82fdec8b1e1d7586c83e1582256f61383be70c7bc5c96959bd0677d290db6a114d03dd2b83108f418a7f843dc99
+EBUILD ipset-6.15.ebuild 3234 SHA256 7d5b60e417a6161c1f23dc4ffe37249a00118b597fb30f1da07ff38c5a35d5bf SHA512 6ff43aa71c0db6bd657335ee29578a9f243cec4e0f1e92183380e619e2cae72801fbba56f109465aeb15fdb513bf7e20f6eb908dd5610b11eb5850b1658864cc WHIRLPOOL ea3b226388f573c60cf2884ae5ecb52d4035f017681ea205647bee926305a1e2c8975381e7f021f9649b3a52bc433c1b591dc72d145795b0ad728e09db8b48ff
+EBUILD ipset-6.16.1.ebuild 3209 SHA256 154b2af5f88fdf0b113e067b5f4915f0a021801ee0968d5c26e4829dac0a4a94 SHA512 f920cbccf52b57fc82b51687145d7e5866ba8e3e96db0a61b7838a3f1e38f4909447f9c9cc6a1caf518467200b043db35ec7d4a61bf91b683e4b5832edc280ea WHIRLPOOL 9941bf8ad948777a130da79aa83ae4dd0141f10a6a90bc998f871dc19cf9d12ef834d19498b764cc0cbcc1da0d9da00fe2fb174ac6d2d57119fb5a22f84a8a8f
+EBUILD ipset-6.16.ebuild 3209 SHA256 154b2af5f88fdf0b113e067b5f4915f0a021801ee0968d5c26e4829dac0a4a94 SHA512 f920cbccf52b57fc82b51687145d7e5866ba8e3e96db0a61b7838a3f1e38f4909447f9c9cc6a1caf518467200b043db35ec7d4a61bf91b683e4b5832edc280ea WHIRLPOOL 9941bf8ad948777a130da79aa83ae4dd0141f10a6a90bc998f871dc19cf9d12ef834d19498b764cc0cbcc1da0d9da00fe2fb174ac6d2d57119fb5a22f84a8a8f
+EBUILD ipset-6.17.ebuild 3207 SHA256 abf1dfd2a254c641a34ca39d227efc81cfa24993371c5c9f53e17e2787ed8ad0 SHA512 22de0e3a9879176f7ac54f7bedf52699f3ac109f1fadc999411372de9118fb4c0f045fafc256ae07a909dd6946af04fca1c6b412ef7fcddf61a358fe1c61f888 WHIRLPOOL 2a264d6e74024b20fce3f92d4bd69d62863f99ddfa1ad25045f90c2f07c9e0177003a29c932592c3c3498dfdd15da63613bf007267a2b29da67987285daba58e
+EBUILD ipset-6.19.ebuild 3209 SHA256 154b2af5f88fdf0b113e067b5f4915f0a021801ee0968d5c26e4829dac0a4a94 SHA512 f920cbccf52b57fc82b51687145d7e5866ba8e3e96db0a61b7838a3f1e38f4909447f9c9cc6a1caf518467200b043db35ec7d4a61bf91b683e4b5832edc280ea WHIRLPOOL 9941bf8ad948777a130da79aa83ae4dd0141f10a6a90bc998f871dc19cf9d12ef834d19498b764cc0cbcc1da0d9da00fe2fb174ac6d2d57119fb5a22f84a8a8f
+EBUILD ipset-6.20.1.ebuild 3423 SHA256 6900475b6a6a1e3a1a66d55eb574bbe0d93456c1faa7856a9cfbcbcb798da3cc SHA512 8eca0e5209f03e7b69374b568ef9db4c79267b689de95e0089c39dbd77510ad61eb400a58c16b6c4905e2ab945e799bd940f51feda0588192bad7b72a2f3cd3c WHIRLPOOL d6c73ed70a93ea091ce33e86042cb710b5128d365eb76abf646327512166b10bf1dbf4b9ca3b0096547f74feee9f6cb94f883239696f58a1c1e34c932eb88f88
+EBUILD ipset-6.21.1.ebuild 3424 SHA256 3a6b8b62fe216ee7dec1577a05a0ce30baa4c0a82c5a9157d85289e06e74cbc7 SHA512 4fb0e425af02f7080275c155f7f3b04cec7179e663664accb118f7c4c0cc6415487546a03934773b7e1df0090bfcf422a335f5c7f415b389d78e51f0f7ba6227 WHIRLPOOL e4e00d322e0d13e664f90512d4cf7d1b011cccce8b2405652b27ed41c1b1ff43430eb99ce6e33eff886709b15b9edb541c02f52b5f3921980330c16bec1cdacd
+EBUILD ipset-6.24.ebuild 2963 SHA256 fb91f18a7d4fd218523af476a8f1a166fa73133f3be931371bdac31f253337d0 SHA512 1ee2bc5442dc5c10bb29b53984a7cd84bafc9618a61fdb633bf435e65c06e77cb0036a6752a3e8078b0b31a848843ad6961a607d147c09eb945d63efd2d56978 WHIRLPOOL 955aab838c43c723febf4cccbb1177d1dcda18db071595f7675e6f467ce73c692a79aa8656b0a4d5e409cbc35f1b9cd85b69bde97ee2969df0f06ae6fbebde4d
+EBUILD ipset-6.29.ebuild 2961 SHA256 14ba10b0bb9f715466e2040ed95e88ffab3eb6571c84d571a9ef29725dadd9a9 SHA512 c11c5a7b9c56b00d1ae60328d31c6415238b680329d2d1b7be591cd0d6c383029fe07e4305e6bb6e2780205bc4525c2f39bb106a6d3a8c542cf4ea8c00839ccd WHIRLPOOL 16872bdedc995113b2de12de45a13e172ccdee8c345a439ff8938aeb7d2fe08cef4521687fd01ffc37e10aec016402c0fe5dc1ac0e28d4d6a3dbb80e09c035c6
+EBUILD ipset-6.30.ebuild 2888 SHA256 452ea909dbae7e471557089df633f3ec05ca9736d2d14f952a691ba4503c61f5 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd WHIRLPOOL 57c840c60113427a0a48f785a596841b0c64aefd6205e26d3cb4417118975433f9608d888571a8ed8e4a351d8158048692a6eccb9251e94551efd772e8ed2d48
+EBUILD ipset-6.32.ebuild 2888 SHA256 452ea909dbae7e471557089df633f3ec05ca9736d2d14f952a691ba4503c61f5 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd WHIRLPOOL 57c840c60113427a0a48f785a596841b0c64aefd6205e26d3cb4417118975433f9608d888571a8ed8e4a351d8158048692a6eccb9251e94551efd772e8ed2d48
+MISC ChangeLog 3403 SHA256 d9b2e40acbe8a994282ab13ec91d59ee8a34c5c8676f7916c6f12be01c38b954 SHA512 48025aab367377691b05ca7cc02498e7e4f242c15fbb8314a6ba09f4a93f0f917c8c6a8273efc0fa2571942fe506672bc44cf4fb444eead88c6477a35ac4b4bd WHIRLPOOL 64f8412d7634471daabd72a61dd53bbfeaf9243a4db35764680330ad01307e3ad66cfd314b7eda557caf8535e372331edf7c96119282776742ab1e2d0c52d2c9
+MISC ChangeLog-2015 13758 SHA256 27fcbac08b65bff92d005acff99837b659b9d5b4e35b8caff074bc806c391944 SHA512 16a2bb6094b0934630108bb336838887457672f74c374316ff5450ee8af8e94432661d85c879b233f16ce751fc3d2abf86888d920d588bbfefbb7b1504f8fba1 WHIRLPOOL d2f52c40acc89740fd22475cd55c92062dc749601fb02cc813d82ac1b8369c33df8f4d0a26d1505ef78715ca7c3f08e491cbcf673be8e7b8ac4a813c203e198a
+MISC metadata.xml 216 SHA256 f7475919f28a8a93ec8bd025c8f8bbab918f66d0d1737420c876f0480308fe6a SHA512 e881b59fe49746eb25ad66c258b41aba501e4eb563129093a3898ea970a20506e7898f7c355cfcf99605234962bf2c77c1309c258b9a2b84ee4302ccb71c9dbd WHIRLPOOL 163285b60aa93e00993af659dc1e29a9eb245bd3415dd5ec75b284250596165f469028102b72fa0c344834443a44c1bbcf6272fe6a3f5211f721fc96e1c6ec16
diff --git a/net-firewall/ipset/files/ipset.confd b/net-firewall/ipset/files/ipset.confd
new file mode 100644
index 000000000000..9fe42e9c75c5
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.confd
@@ -0,0 +1,16 @@
+# /etc/conf.d/ipset
+
+# Location in which ipset initscript will save set rules on
+# service shutdown
+IPSET_SAVE="/var/lib/ipset/rules-save"
+
+# Save state on stopping ipset
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/ipset/files/ipset.initd-r2 b/net-firewall/ipset/files/ipset.initd-r2
new file mode 100644
index 000000000000..86c580cfe086
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.initd-r2
@@ -0,0 +1,59 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save"
+
+IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
+
+depend() {
+ before iptables ip6tables
+}
+
+checkconfig() {
+ if [ ! -f "${IPSET_SAVE}" ] ; then
+ eerror "Not starting ${SVCNAME}. First create some rules then run:"
+ eerror "/etc/init.d/${SVCNAME} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ipset session"
+ ipset restore < "${IPSET_SAVE}"
+ eend $?
+}
+
+stop() {
+ # check if there are any references to current sets
+
+ if ! ipset list | gawk '
+ ($1 == "References:") { refcnt += $2 }
+ ($1 == "Type:" && $2 == "list:set") { set = 1 }
+ (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
+ (set && $1 == "Members:") {scan = 1}
+ END { if ((refcnt - setcnt) > 0) exit 1 }
+ '; then
+ eerror "ipset is in use, can't stop"
+ return 1
+ fi
+
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Removing kernel IP sets"
+ ipset flush
+ ipset destroy
+ eend $?
+}
+
+save() {
+ ebegin "Saving ipset session"
+ touch "${IPSET_SAVE}"
+ chmod 0600 "${IPSET_SAVE}"
+ ipset save > "${IPSET_SAVE}"
+ eend $?
+}
diff --git a/net-firewall/ipset/files/ipset.initd-r3 b/net-firewall/ipset/files/ipset.initd-r3
new file mode 100644
index 000000000000..85556edd1c39
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.initd-r3
@@ -0,0 +1,95 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save"
+extra_started_commands="reload"
+
+IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
+
+depend() {
+ before iptables ip6tables
+}
+
+checkconfig() {
+ if [ ! -f "${IPSET_SAVE}" ] ; then
+ eerror "Not starting ${SVCNAME}. First create some rules then run:"
+ eerror "/etc/init.d/${SVCNAME} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ipset session"
+ ipset restore < "${IPSET_SAVE}"
+ eend $?
+}
+
+stop() {
+ # check if there are any references to current sets
+
+ if ! ipset list | gawk '
+ ($1 == "References:") { refcnt += $2 }
+ ($1 == "Type:" && $2 == "list:set") { set = 1 }
+ (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
+ (set && $1 == "Members:") {scan = 1}
+ END { if ((refcnt - setcnt) > 0) exit 1 }
+ '; then
+ eerror "ipset is in use, can't stop"
+ return 1
+ fi
+
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Removing kernel IP sets"
+ ipset flush
+ ipset destroy
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ipsets"
+
+ # Loading sets from a save file is only additive (there is no
+ # automatic flushing or replacing). And, we can not remove sets
+ # that are currently used in existing iptables rules.
+ #
+ # Instead, we create new temp sets for any set that is already
+ # in use, and then atomically swap them into place.
+ #
+ # XXX: This does not clean out previously used ipsets that are
+ # not in the new saved policy--it can't, because they may still
+ # be referenced in the current iptables rules.
+
+ # Build a list of all currently used sets (if any).
+ running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}')
+ running_ipset_list="${running_ipset_list% }"
+ # Build a regular expression that matches those set names.
+ running_ipset_list_regex="${running_ipset_list// /|}"
+
+ # Load up sets from the save file, but rename any set that already
+ # exists to a temporary name that we will swap later.
+ if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then
+ eend $? "Failed to load new ipsets"
+ fi
+
+ # Now for every set name that currently exists, atomically swap it
+ # with the temporary new one we created, and then destroy the old set.
+ for ipset_name in ${running_ipset_list} ; do
+ ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name"
+ ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp"
+ done
+ eend 0
+}
+
+save() {
+ ebegin "Saving ipset session"
+ touch "${IPSET_SAVE}"
+ chmod 0600 "${IPSET_SAVE}"
+ ipset save > "${IPSET_SAVE}"
+ eend $?
+}
diff --git a/net-firewall/ipset/files/ipset.initd-r4 b/net-firewall/ipset/files/ipset.initd-r4
new file mode 100644
index 000000000000..08edfcbcf859
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.initd-r4
@@ -0,0 +1,95 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save"
+extra_started_commands="reload"
+
+IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
+
+depend() {
+ before iptables ip6tables
+}
+
+checkconfig() {
+ if [ ! -f "${IPSET_SAVE}" ] ; then
+ eerror "Not starting ${SVCNAME}. First create some rules then run:"
+ eerror "/etc/init.d/${SVCNAME} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ipset session"
+ ipset restore < "${IPSET_SAVE}"
+ eend $?
+}
+
+stop() {
+ # check if there are any references to current sets
+
+ if ! ipset list | gawk '
+ ($1 == "References:") { refcnt += $2 }
+ ($1 == "Type:" && $2 == "list:set") { set = 1 }
+ (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
+ (set && $1 == "Members:") {scan = 1}
+ END { if ((refcnt - setcnt) > 0) exit 1 }
+ '; then
+ eerror "ipset is in use, can't stop"
+ return 1
+ fi
+
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Removing kernel IP sets"
+ ipset flush
+ ipset destroy
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ipsets"
+
+ # Loading sets from a save file is only additive (there is no
+ # automatic flushing or replacing). And, we can not remove sets
+ # that are currently used in existing iptables rules.
+ #
+ # Instead, we create new temp sets for any set that is already
+ # in use, and then atomically swap them into place.
+ #
+ # XXX: This does not clean out previously used ipsets that are
+ # not in the new saved policy--it can't, because they may still
+ # be referenced in the current iptables rules.
+
+ # Build a list of all currently used sets (if any).
+ running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}')
+ running_ipset_list="${running_ipset_list% }"
+ # Build a regular expression that matches those set names.
+ running_ipset_list_regex="$(echo "$running_ipset_list" | tr -s ' ' '|' )"
+
+ # Load up sets from the save file, but rename any set that already
+ # exists to a temporary name that we will swap later.
+ if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then
+ eend $? "Failed to load new ipsets"
+ fi
+
+ # Now for every set name that currently exists, atomically swap it
+ # with the temporary new one we created, and then destroy the old set.
+ for ipset_name in ${running_ipset_list} ; do
+ ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name"
+ ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp"
+ done
+ eend 0
+}
+
+save() {
+ ebegin "Saving ipset session"
+ touch "${IPSET_SAVE}"
+ chmod 0600 "${IPSET_SAVE}"
+ ipset save > "${IPSET_SAVE}"
+ eend $?
+}
diff --git a/net-firewall/ipset/ipset-6.15.ebuild b/net-firewall/ipset/ipset-6.15.ebuild
new file mode 100644
index 000000000000..fda7f2ff30db
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.15.ebuild
@@ -0,0 +1,111 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="4"
+inherit autotools linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~ppc x86"
+IUSE="modules"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+check_header_patch() {
+ if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
+ eerror "Sorry, but you have to patch kernel sources with the following patch:"
+ eerror " # cd ${KV_DIR}"
+ eerror " # patch -i ${S}/netlink.patch -p1"
+ eerror "You should recompile and run new kernel to avoid runtime errors."
+ die "Unpatched kernel"
+ fi
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ [[ ${build_modules} -eq 1 ]] && check_header_patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}" \
+ --disable-silent-rules
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.16.1.ebuild b/net-firewall/ipset/ipset-6.16.1.ebuild
new file mode 100644
index 000000000000..735cbce7981a
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.16.1.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+inherit autotools linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="modules"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+check_header_patch() {
+ if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
+ eerror "Sorry, but you have to patch kernel sources with the following patch:"
+ eerror " # cd ${KV_DIR}"
+ eerror " # patch -i ${S}/netlink.patch -p1"
+ eerror "You should recompile and run new kernel to avoid runtime errors."
+ die "Unpatched kernel"
+ fi
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ [[ ${build_modules} -eq 1 ]] && check_header_patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.16.ebuild b/net-firewall/ipset/ipset-6.16.ebuild
new file mode 100644
index 000000000000..735cbce7981a
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.16.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+inherit autotools linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="modules"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+check_header_patch() {
+ if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
+ eerror "Sorry, but you have to patch kernel sources with the following patch:"
+ eerror " # cd ${KV_DIR}"
+ eerror " # patch -i ${S}/netlink.patch -p1"
+ eerror "You should recompile and run new kernel to avoid runtime errors."
+ die "Unpatched kernel"
+ fi
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ [[ ${build_modules} -eq 1 ]] && check_header_patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.17.ebuild b/net-firewall/ipset/ipset-6.17.ebuild
new file mode 100644
index 000000000000..e841595369ff
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.17.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+inherit autotools linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~ppc x86"
+IUSE="modules"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+check_header_patch() {
+ if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
+ eerror "Sorry, but you have to patch kernel sources with the following patch:"
+ eerror " # cd ${KV_DIR}"
+ eerror " # patch -i ${S}/netlink.patch -p1"
+ eerror "You should recompile and run new kernel to avoid runtime errors."
+ die "Unpatched kernel"
+ fi
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ [[ ${build_modules} -eq 1 ]] && check_header_patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.19.ebuild b/net-firewall/ipset/ipset-6.19.ebuild
new file mode 100644
index 000000000000..735cbce7981a
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.19.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+inherit autotools linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="modules"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+check_header_patch() {
+ if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
+ eerror "Sorry, but you have to patch kernel sources with the following patch:"
+ eerror " # cd ${KV_DIR}"
+ eerror " # patch -i ${S}/netlink.patch -p1"
+ eerror "You should recompile and run new kernel to avoid runtime errors."
+ die "Unpatched kernel"
+ fi
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ [[ ${build_modules} -eq 1 ]] && check_header_patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r2 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.20.1.ebuild b/net-firewall/ipset/ipset-6.20.1.ebuild
new file mode 100644
index 000000000000..6bd830949e02
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.20.1.ebuild
@@ -0,0 +1,113 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+MODULES_OPTIONAL_USE=modules
+inherit autotools linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~ppc ~x86"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+check_header_patch() {
+ if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
+ eerror "Sorry, but you have to patch kernel sources with the following patch:"
+ eerror " # cd ${KV_DIR}"
+ eerror " # patch -i ${S}/netlink.patch -p1"
+ eerror "You should recompile and run new kernel to avoid runtime errors."
+ die "Unpatched kernel"
+ fi
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ [[ ${build_modules} -eq 1 ]] && check_header_patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r3 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.21.1.ebuild b/net-firewall/ipset/ipset-6.21.1.ebuild
new file mode 100644
index 000000000000..70888cbc868d
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.21.1.ebuild
@@ -0,0 +1,113 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+MODULES_OPTIONAL_USE=modules
+inherit autotools linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+check_header_patch() {
+ if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then
+ eerror "Sorry, but you have to patch kernel sources with the following patch:"
+ eerror " # cd ${KV_DIR}"
+ eerror " # patch -i ${S}/netlink.patch -p1"
+ eerror "You should recompile and run new kernel to avoid runtime errors."
+ die "Unpatched kernel"
+ fi
+}
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_prepare() {
+ [[ ${build_modules} -eq 1 ]] && check_header_patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r3 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.24.ebuild b/net-firewall/ipset/ipset-6.24.ebuild
new file mode 100644
index 000000000000..0795c0f13b41
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.24.ebuild
@@ -0,0 +1,98 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+MODULES_OPTIONAL_USE=modules
+inherit linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~ppc ~x86"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r3 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.29.ebuild b/net-firewall/ipset/ipset-6.29.ebuild
new file mode 100644
index 000000000000..bdac66a1547a
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.29.ebuild
@@ -0,0 +1,98 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+MODULES_OPTIONAL_USE=modules
+inherit linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm64 ~ppc x86"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35."
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.30.ebuild b/net-firewall/ipset/ipset-6.30.ebuild
new file mode 100644
index 000000000000..292b40eb05d7
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.30.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+MODULES_OPTIONAL_USE=modules
+inherit linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~ppc ~x86"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/ipset-6.32.ebuild b/net-firewall/ipset/ipset-6.32.ebuild
new file mode 100644
index 000000000000..292b40eb05d7
--- /dev/null
+++ b/net-firewall/ipset/ipset-6.32.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+MODULES_OPTIONAL_USE=modules
+inherit linux-info linux-mod
+
+DESCRIPTION="IPset tool for iptables, successor to ippool"
+HOMEPAGE="http://ipset.netfilter.org/"
+SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~ppc ~x86"
+
+RDEPEND=">=net-firewall/iptables-1.4.7
+ net-libs/libmnl"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog INSTALL README UPGRADE )
+
+# configurable from outside, e.g. /etc/portage/make.conf
+IP_NF_SET_MAX=${IP_NF_SET_MAX:-256}
+
+BUILD_TARGETS="modules"
+MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset"
+MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)"
+for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do
+ MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})"
+done
+
+pkg_setup() {
+ get_version
+ CONFIG_CHECK="NETFILTER"
+ ERROR_NETFILTER="ipset requires NETFILTER support in your kernel."
+ # It does still build without NET_NS, but it may be needed in future.
+ #CONFIG_CHECK="${CONFIG_CHECK} NET_NS"
+ #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel."
+
+ build_modules=0
+ if use modules; then
+ if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then
+ if linux_chkconfig_present "IP_NF_SET" || \
+ linux_chkconfig_present "IP_SET"; then #274577
+ eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel."
+ eerror "Please either build ipset with modules USE flag disabled"
+ eerror "or rebuild kernel without IP_SET support and make sure"
+ eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ."
+ die "USE=modules and in-kernel ipset support detected."
+ else
+ einfo "Modular kernel detected. Gonna build kernel modules..."
+ build_modules=1
+ fi
+ else
+ eerror "Nonmodular kernel detected, but USE=modules. Either build"
+ eerror "modular kernel (without IP_SET) or disable USE=modules"
+ die "Nonmodular kernel detected, will not build kernel modules"
+ fi
+ fi
+ [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup
+}
+
+src_configure() {
+ econf \
+ $(use_with modules kmod) \
+ --disable-static \
+ --with-maxsets=${IP_NF_SET_MAX} \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ksource="${KV_DIR}" \
+ --with-kbuild="${KV_OUT_DIR}"
+}
+
+src_compile() {
+ einfo "Building userspace"
+ emake
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Building kernel modules"
+ set_arch_to_kernel
+ emake modules
+ fi
+}
+
+src_install() {
+ einfo "Installing userspace"
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/ipset.initd-r4 ${PN}
+ newconfd "${FILESDIR}"/ipset.confd ${PN}
+ keepdir /var/lib/ipset
+
+ if [[ ${build_modules} -eq 1 ]]; then
+ einfo "Installing kernel modules"
+ linux-mod_src_install
+ fi
+}
diff --git a/net-firewall/ipset/metadata.xml b/net-firewall/ipset/metadata.xml
new file mode 100644
index 000000000000..79d462e85571
--- /dev/null
+++ b/net-firewall/ipset/metadata.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="person">
+ <email>robbat2@gentoo.org</email>
+</maintainer>
+</pkgmetadata>
diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest
new file mode 100644
index 000000000000..bfed314208fd
--- /dev/null
+++ b/net-firewall/ipt_netflow/Manifest
@@ -0,0 +1,10 @@
+AUX ipt_netflow-2.0-configure.patch 276 SHA256 cf24753f0075b8015b8832799d993fcc1671ab001033f40f7d0ee12ba469de50 SHA512 cb7b1a690a69eb68ce57d1b216324de3114c01a6bc2ca7e29fece702be62a0f903e6946426c49a8fcd08295466524eb464127655a8742507f999a318319cd3d0 WHIRLPOOL ca45617b098c4e57756b5aeacef9c638444c12cbbd3dea38de457fca9be89592e854c3b9bd70d36250dce4becee28fee94ecd321c857786dc93e92ff5316ab16
+AUX ipt_netflow-2.2-linux-4.10.patch 4343 SHA256 c9874b75e050e0172deb12d0e6c1f981a3c869585e13be7b08d6094a16ff9e42 SHA512 077787f9bc8981064c4a9489487a0079877000f58d4ce789b7aaf7819cabacd1b12e4a527174662bd17c1303631282254e2215f06f02f08e41327a7dbbc13f13 WHIRLPOOL 48c949953be76d096946c02ff0b77c60f2e6f04f287c297ee4494077b8f5192312352ad1b23a89779d635933a6e8203ba316ab296f6566d3bc43fd71ceed7ff9
+AUX ipt_netflow-2.2-linux-4.13.patch 2403 SHA256 96354f3907a1d8d0d590436a3f9fa8ee6829489bcc9b7a46ab8e74f31b704370 SHA512 38b2657a42607cd86f36089cb1c26b609d29f1c6aca75ed38000baa69a58b75568ee7194e5d1692004c59ad8087fc4cb183ee61ed34ab52e557a3f0a330d2b6a WHIRLPOOL 270f2369a693c49a7b1bbe9ba14eb674b8a15648e16d59a9b8b33a295cc87ca9bc1b38599756b7bc680ffe7ea54108c3b3aec938228e520864b039df130507e0
+AUX ipt_netflow-2.2-linux-4.6.patch 2098 SHA256 c795cf2cbba8c502ca8d1aa27c3138f382b728c58351d60c50fd538f17f27644 SHA512 319b1a013e8d32854ecfbc207aa7197e2ef39bc2688ece952814d3092e9110aa3cf134c56f3b9f671c7856465814905a4d1f888f8dab3b40f0be09202c6f1a64 WHIRLPOOL 475c5779f97e2a1611120e38f475bd7acb6855ba647bb9e78057288dca84950aae88ddc2f85ae4e6a48a99cb94fd0978ade5e87e11b9b60200cf12c4df895b6c
+DIST ipt-netflow-2.2.tgz 96697 SHA256 81be0a334f74894756d022aee2c87b36c89a7aeca6ff1c91ef6b4f3458793198 SHA512 a406ab9bd18616414d8c99f427382a075bdb8000d8c40959f5b6d6e577d7eb4dfc7f8b773664a516ec2228d15590f21c3fbd6aa3d4302f6cdf03810e1702af74 WHIRLPOOL e9c5f13a3efa346b75ec47ceb033e83099744fa90d575d62135225a88f0093b1de556354d972772f13e7ea895659cd58e6e9a3c08817f62fd902336cc8771928
+EBUILD ipt_netflow-2.2-r1.ebuild 2290 SHA256 6d5179df6ba5fc7b1cf416f99a935ecffbe5a9c87e390232da3378b19bd103d0 SHA512 ff5991046c7a4f575071721f456a88de1f410cdc1ccd0a6b73d5e4a607a25bcb17ed8c1c475f5b3dabb43e00c57f3f9ccd3a8f230f550e8d61b622adee69cf4f WHIRLPOOL a8782221335da2d2249e1a1e165b6a2ef3829c7591f932bdca376fae7848a8eaa8032b4cd6e3adc22e35fbc35b8534714aa16d31562c8451a6cf8c787ffc27e0
+EBUILD ipt_netflow-2.2-r2.ebuild 2511 SHA256 cf8734703821b4b1d0f65b8dfb746e8dcd9c93ce0bcb5b57e2269ddee53d7fae SHA512 f7ffbb8345bd9febdda8895c3424bb3cb8c85b214cbe8b14f0be4bfddd9d2fb9ae04652dcb9dbb54d37337a5e3d44b233bdc95c772244580ed7b4cf4e0cc079c WHIRLPOOL cbd5f3354abfa17711f7d768d645598b8fb09c68fc843a07a7248d4bd1a58607babd41908fae9ed14f10919df69b8a05395336322055e4c1b959725593a224a0
+MISC ChangeLog 4149 SHA256 907012df44868b22ece920cad4dccb3aa44482ad4749468fabd28547cc493d99 SHA512 f7f9c87d99cfae607dadd88df531ca283df898f0c093a4928f5d441d6347a773803311ae325c4a058f5812676efb02f995283abeb88fe832e03792602c56e583 WHIRLPOOL d981cc10fe6884988dfe0e580ad0adf26eb1479435c8789e77232a66e605803b9ddc582c9930b1b2a08a9260dbb613da83c4f477328f5407710c036f0a2cb633
+MISC ChangeLog-2015 5139 SHA256 4bc227582ff7a604a701289ac3cd6a7e9b347025f3838732b59d213d60e70aa3 SHA512 6d5d0f39352fafccd77b878f37342461e21b94b8834f6bab0018328781e7dbf726ef537064eadf9c60baa4ec2e69562f7f6e741b379574821d24544dc9005626 WHIRLPOOL 67bd74db5f3303682bb771982c45586bdab9cb55feb6b0b04f0e1a7fab9e6c29ae0317a1100dd9235b2662f25e899ee1f656281ee56ade3f57c65523e7ab416b
+MISC metadata.xml 561 SHA256 7a00db53aae4ab7395ec5fe44907703f00c61ec92995dfb3de6e5ee1b5fc0576 SHA512 6cd4feab99315acfcf34f34fccd9ecb6b00b23efecef622cc638902a4ec62240f3d9f87d1f349a84ec7c4985a90f8632ffcfa9f403b42c26ce9d923ca9e01bc5 WHIRLPOOL 62ecc05c510e0fdf9e235c5dc45be32f8028b1834595d7121e79a48d64535589d479a02c08d50f5f5cc934b188f9c7b4dfc55e73428d0a121cb825347297a32e
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch
new file mode 100644
index 000000000000..f6b3a005ba21
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch
@@ -0,0 +1,10 @@
+--- a/configure
++++ b/configure
+@@ -421,7 +421,6 @@
+ iptables_find_version #IPTVER
+ iptables_try_pkgconfig #try to configure from pkg-config
+ iptables_find_src #IPTSRC
+-iptables_src_version #check that IPTSRC match to IPTVER
+ iptables_inc #IPTINC
+ iptables_modules #IPTLIB
+
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch
new file mode 100644
index 000000000000..7e8f62840a91
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch
@@ -0,0 +1,137 @@
+commit 5d71c94c400d91633f6d3c3be9e785bb23d4ca1a
+Author: ABC <abc@telekom.ru>
+Date: Sun Mar 5 11:27:39 2017 +0300
+
+ Compilation compatibility with kernel 4.10.
+
+ Fixes #70.
+ Resolves incompatibilities introduced by
+ 2456e855354415bfaeb7badaa14e11b3e02c8466 and
+ 613dbd95723aee7abd16860745691b6c7bda20dc for kernel 4.10.
+
+diff --git a/compat.h b/compat.h
+index 3f27977..47176ef 100644
+--- a/compat.h
++++ b/compat.h
+@@ -600,4 +600,29 @@ out:
+ # define __GNUC_PREREQ(maj, min) 0
+ #endif
+
++/* ktime is not union anymore, since 2456e855354415bfaeb7badaa14e11b3e02c8466 */
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0)
++# define first_tv64 first.tv64
++# define last_tv64 last.tv64
++#else
++# define first_tv64 first
++# define last_tv64 last
++#endif
++
++/* Offset changes made in 613dbd95723aee7abd16860745691b6c7bda20dc */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) && LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0)
++static inline u_int8_t xt_family(const struct xt_action_param *par)
++{
++ return par->family;
++}
++static inline const struct net_device *xt_in(const struct xt_action_param *par)
++{
++ return par->in;
++}
++static inline const struct net_device *xt_out(const struct xt_action_param *par)
++{
++ return par->out;
++}
++#endif
++
+ #endif /* COMPAT_NETFLOW_H */
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 781b284..0d1ac55 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -3863,10 +3863,10 @@ static void netflow_export_stats(void)
+ t.pkts_selected += st->pkts_selected;
+ t.pkts_observed += st->pkts_observed;
+ #endif
+- t.drop.first.tv64 = min_not_zero(t.drop.first.tv64, st->drop.first.tv64);
+- t.drop.last.tv64 = max(t.drop.last.tv64, st->drop.last.tv64);
+- t.lost.first.tv64 = min_not_zero(t.lost.first.tv64, st->lost.first.tv64);
+- t.lost.last.tv64 = max(t.lost.last.tv64, st->lost.last.tv64);
++ t.drop.first_tv64 = min_not_zero(t.drop.first_tv64, st->drop.first_tv64);
++ t.drop.last_tv64 = max(t.drop.last_tv64, st->drop.last_tv64);
++ t.lost.first_tv64 = min_not_zero(t.lost.first_tv64, st->lost.first_tv64);
++ t.lost.last_tv64 = max(t.lost.last_tv64, st->lost.last_tv64);
+ }
+
+ export_stat_st(OTPL_MPSTAT, &t);
+@@ -4781,8 +4781,8 @@ static unsigned int netflow_target(
+ const void *targinfo
+ # endif
+ #else /* since 2.6.28 */
+-# define if_in par->in
+-# define if_out par->out
++# define if_in xt_in(par)
++# define if_out xt_out(par)
+ # if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
+ const struct xt_target_param *par
+ # else
+@@ -4809,7 +4809,7 @@ static unsigned int netflow_target(
+ #ifdef ENABLE_DIRECTION
+ const int hooknum = par->hooknum;
+ #endif
+- const int family = par->family;
++ const int family = xt_family(par);
+ #endif
+ struct ipt_netflow_tuple tuple;
+ struct ipt_netflow *nf;
+diff --git a/ipt_NETFLOW.h b/ipt_NETFLOW.h
+index eb00e94..3ee44a8 100644
+--- a/ipt_NETFLOW.h
++++ b/ipt_NETFLOW.h
+@@ -414,7 +414,7 @@ struct netflow_aggr_p {
+ #define NETFLOW_STAT_TS(count) \
+ do { \
+ ktime_t kts = ktime_get_real(); \
+- if (!(__get_cpu_var(ipt_netflow_stat)).count.first.tv64) \
++ if (!(__get_cpu_var(ipt_netflow_stat)).count.first_tv64) \
+ __get_cpu_var(ipt_netflow_stat).count.first = kts; \
+ __get_cpu_var(ipt_netflow_stat).count.last = kts; \
+ } while (0);
+commit 5dec6355f151a5c9fa4393c43388b22d9c720fae
+Author: ABC <abc@telekom.ru>
+Date: Tue Mar 14 21:55:29 2017 +0300
+
+ More compatibility with kernel 4.10.
+
+ Thanks to cREoz @ gitnub. Resolves #70 once more.
+
+diff --git a/compat.h b/compat.h
+index 47176ef..867e7f2 100644
+--- a/compat.h
++++ b/compat.h
+@@ -623,6 +623,10 @@ static inline const struct net_device *xt_out(const struct xt_action_param *par)
+ {
+ return par->out;
+ }
++static inline unsigned int xt_hooknum(const struct xt_action_param *par)
++{
++ return par->hooknum;
++}
+ #endif
+
+ #endif /* COMPAT_NETFLOW_H */
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 0d1ac55..6d3122e 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -4806,9 +4806,9 @@ static unsigned int netflow_target(
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
+ const int family = target->family;
+ #else
+-#ifdef ENABLE_DIRECTION
+- const int hooknum = par->hooknum;
+-#endif
++# ifdef ENABLE_DIRECTION
++ const int hooknum = xt_hooknum(par);
++# endif
+ const int family = xt_family(par);
+ #endif
+ struct ipt_netflow_tuple tuple;
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch
new file mode 100644
index 000000000000..10e8b552afb4
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch
@@ -0,0 +1,63 @@
+commit 53a556cb4a705f4eae2bcb49552b6427b231378a
+Author: ABC <abc@telekom.ru>
+Date: Mon Aug 14 22:55:25 2017 +0300
+
+ Compatibility with kernel 4.13.
+
+ Offset patch torvalds/linux@14afee4b6092fde451ee17604e5f5c89da33e71e
+
+diff --git a/compat.h b/compat.h
+index 061eb57..275ff58 100644
+--- a/compat.h
++++ b/compat.h
+@@ -636,4 +636,10 @@ static inline unsigned int xt_hooknum(const struct xt_action_param *par)
+ # define SK_CAN_REUSE 1
+ #endif
+
++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,13,0)
++# define compat_refcount_read atomic_read
++#else
++# define compat_refcount_read refcount_read
++#endif
++
+ #endif /* COMPAT_NETFLOW_H */
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 494ea74..9365325 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -622,7 +622,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
+
+ seq_printf(seq, " %u %u %u\n",
+ sk->sk_sndbuf,
+- atomic_read(&sk->sk_wmem_alloc),
++ compat_refcount_read(&sk->sk_wmem_alloc),
+ wmem_peak);
+ } else
+ seq_printf(seq, " 0 0 %u\n", wmem_peak);
+@@ -864,7 +864,7 @@ static int nf_seq_show(struct seq_file *seq, void *v)
+ seq_printf(seq, ", sndbuf %u, filled %u, peak %u;"
+ " err: sndbuf reached %u, connect %u, cberr %u, other %u\n",
+ sk->sk_sndbuf,
+- atomic_read(&sk->sk_wmem_alloc),
++ compat_refcount_read(&sk->sk_wmem_alloc),
+ atomic_read(&usock->wmem_peak),
+ usock->err_full,
+ usock->err_connect,
+@@ -2031,7 +2031,7 @@ static void netflow_sendmsg(void *buffer, const int len)
+ printk(KERN_INFO "netflow_sendmsg: sendmsg(%d, %d) [%u %u]\n",
+ snum,
+ len,
+- atomic_read(&usock->sock->sk->sk_wmem_alloc),
++ compat_refcount_read(&usock->sock->sk->sk_wmem_alloc),
+ usock->sock->sk->sk_sndbuf);
+ ret = kernel_sendmsg(usock->sock, &msg, &iov, 1, (size_t)len);
+ if (ret < 0) {
+@@ -2054,7 +2054,7 @@ static void netflow_sendmsg(void *buffer, const int len)
+ printk(KERN_ERR "ipt_NETFLOW: sendmsg[%d] error %d: data loss %llu pkt, %llu bytes%s\n",
+ snum, ret, pdu_packets, pdu_traf, suggestion);
+ } else {
+- unsigned int wmem = atomic_read(&usock->sock->sk->sk_wmem_alloc);
++ unsigned int wmem = compat_refcount_read(&usock->sock->sk->sk_wmem_alloc);
+ if (wmem > atomic_read(&usock->wmem_peak))
+ atomic_set(&usock->wmem_peak, wmem);
+ NETFLOW_STAT_INC(exported_pkt);
diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch
new file mode 100644
index 000000000000..bd9bedd3d998
--- /dev/null
+++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch
@@ -0,0 +1,61 @@
+commit c16ffc6cb679b3377a0d4a30a6bbcf5e2f3d0214
+Author: ABC <abc@telekom.ru>
+Date: Sun May 22 22:07:14 2016 +0300
+
+ Support ETHTOOL_xLINKSETTINGS API (new in linux 4.6).
+
+ Thus, making support for 4.6 kernels.
+ Reference to linux commit:
+ https://github.com/torvalds/linux/commit/3f1ac7a700d
+
+ Fixes #56, thanks karel-un.
+
+diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
+index 067fd50..d27eea2 100644
+--- a/ipt_NETFLOW.c
++++ b/ipt_NETFLOW.c
+@@ -3904,7 +3904,13 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ {
+ struct ethtool_drvinfo info = { 0 };
+ const struct ethtool_ops *ops = dev->ethtool_ops;
++#ifndef ETHTOOL_GLINKSETTINGS
+ struct ethtool_cmd ecmd;
++#define _KSETTINGS(x, y) (x)
++#else
++ struct ethtool_link_ksettings ekmd;
++#define _KSETTINGS(x, y) (y)
++#endif
+ int len = size;
+ int n;
+
+@@ -3933,11 +3939,11 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ /* only get_settings for running devices to not trigger link negotiation */
+ if (dev->flags & IFF_UP &&
+ dev->flags & IFF_RUNNING &&
+- !__ethtool_get_settings(dev, &ecmd)) {
++ !_KSETTINGS(__ethtool_get_settings(dev, &ecmd), __ethtool_get_link_ksettings(dev, &ekmd))) {
+ char *s, *p;
+
+ /* append basic parameters: speed and port */
+- switch (ethtool_cmd_speed(&ecmd)) {
++ switch (_KSETTINGS(ethtool_cmd_speed(&ecmd), ekmd.base.speed)) {
+ case SPEED_10000: s = "10Gb"; break;
+ case SPEED_2500: s = "2.5Gb"; break;
+ case SPEED_1000: s = "1Gb"; break;
+@@ -3945,7 +3951,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d
+ case SPEED_10: s = "10Mb"; break;
+ default: s = "";
+ }
+- switch (ecmd.port) {
++ switch (_KSETTINGS(ecmd.port, ekmd.base.port)) {
+ case PORT_TP: p = "tp"; break;
+ case PORT_AUI: p = "aui"; break;
+ case PORT_MII: p = "mii"; break;
+@@ -3964,6 +3970,7 @@ ret:
+ ops->complete(dev);
+ return size - len;
+ }
++#undef _KSETTINGS
+
+ static const unsigned short netdev_type[] =
+ {ARPHRD_NETROM, ARPHRD_ETHER, ARPHRD_AX25,
diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild
new file mode 100644
index 000000000000..f82263fe40cd
--- /dev/null
+++ b/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+MY_PN="${PN/_/-}"
+MY_P="${MY_PN}-${PV}"
+inherit linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="https://sourceforge.net/projects/ipt-netflow"
+SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+IUSE="debug snmp"
+
+RDEPEND="
+ net-firewall/iptables
+ snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+ virtual/linux-sources
+ virtual/pkgconfig
+"
+
+# set S before MODULE_NAMES
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ BUILD_TARGETS="all"
+ MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+ IPT_LIB="/usr/$(get_libdir)/xtables"
+ local CONFIG_CHECK="~IP_NF_IPTABLES"
+ use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+ linux-mod_pkg_setup
+}
+
+src_prepare() {
+ sed -i \
+ -e 's:make -C:$(MAKE) -C:g' \
+ -e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \
+ -e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' \
+ Makefile.in || die
+
+ # Checking for directory is enough
+ sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die
+
+ # bug #455984
+ eapply "${FILESDIR}/${PN}-2.0-configure.patch"
+
+ # Compatibility with kernel 4.6
+ eapply "${FILESDIR}/${P}-linux-4.6.patch"
+
+ # Compatibility with kernel 4.10, bug #617484
+ eapply "${FILESDIR}/${P}-linux-4.10.patch"
+
+ # Compatibility with kernel 4.13, bug #630446
+ eapply "${FILESDIR}/${P}-linux-4.13.patch"
+
+ eapply_user
+}
+
+do_conf() {
+ echo ./configure $*
+ ./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+ local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+ # this configure script is not based on autotools
+ # ipt-src need to be defined, see bug #455984
+ do_conf \
+ --disable-dkms \
+ --ipt-lib="${IPT_LIB}" \
+ --ipt-src="/usr/" \
+ --ipt-ver="${IPT_VERSION}" \
+ --kdir="${KV_DIR}" \
+ --kver="${KV_FULL}" \
+ $(use debug && echo '--enable-debugfs') \
+ $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+ emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+ linux-mod_src_install
+ exeinto "${IPT_LIB}"
+ doexe libipt_NETFLOW.so
+ use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+ doheader ipt_NETFLOW.h
+ dodoc README*
+}
diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild
new file mode 100644
index 000000000000..c2ed5f6f4274
--- /dev/null
+++ b/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+MY_PN="${PN/_/-}"
+MY_P="${MY_PN}-${PV}"
+inherit linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="https://sourceforge.net/projects/ipt-netflow"
+SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="debug natevents snmp"
+
+RDEPEND="
+ net-firewall/iptables
+ snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+ virtual/linux-sources
+ virtual/pkgconfig
+"
+
+# set S before MODULE_NAMES
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ BUILD_TARGETS="all"
+ MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+ IPT_LIB="/usr/$(get_libdir)/xtables"
+ local CONFIG_CHECK="~IP_NF_IPTABLES"
+ use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+ use natevents && CONFIG_CHECK+=" NF_CONNTRACK_EVENTS NF_NAT_NEEDED"
+ linux-mod_pkg_setup
+}
+
+src_prepare() {
+ sed -i \
+ -e 's:make -C:$(MAKE) -C:g' \
+ -e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \
+ -e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' \
+ Makefile.in || die
+
+ # Checking for directory is enough
+ sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die
+
+ # bug #455984
+ eapply "${FILESDIR}/${PN}-2.0-configure.patch"
+
+ # Compatibility with kernel 4.6
+ eapply "${FILESDIR}/${P}-linux-4.6.patch"
+
+ # Compatibility with kernel 4.10, bug #617484
+ eapply "${FILESDIR}/${P}-linux-4.10.patch"
+
+ # Compatibility with kernel 4.13, bug #630446
+ eapply "${FILESDIR}/${P}-linux-4.13.patch"
+
+ eapply_user
+}
+
+do_conf() {
+ echo ./configure $*
+ ./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+ local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+ # this configure script is not based on autotools
+ # ipt-src need to be defined, see bug #455984
+ do_conf \
+ --disable-dkms \
+ --enable-aggregation \
+ --enable-direction \
+ --enable-macaddress \
+ --enable-vlan \
+ --ipt-lib="${IPT_LIB}" \
+ --ipt-src="/usr/" \
+ --ipt-ver="${IPT_VERSION}" \
+ --kdir="${KV_DIR}" \
+ --kver="${KV_FULL}" \
+ $(use debug && echo '--enable-debugfs') \
+ $(use natevents && echo '--enable-natevents') \
+ $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+ emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+ linux-mod_src_install
+ exeinto "${IPT_LIB}"
+ doexe libipt_NETFLOW.so
+ use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+ doheader ipt_NETFLOW.h
+ dodoc README*
+}
diff --git a/net-firewall/ipt_netflow/metadata.xml b/net-firewall/ipt_netflow/metadata.xml
new file mode 100644
index 000000000000..76cfd5175511
--- /dev/null
+++ b/net-firewall/ipt_netflow/metadata.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>pinkbyte@gentoo.org</email>
+ <name>Sergey Popov</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+ </maintainer>
+ <use>
+ <flag name="natevents">Netflow NAT translation events (NEL) support</flag>
+ </use>
+ <upstream>
+ <remote-id type="sourceforge">ipt-netflow</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
new file mode 100644
index 000000000000..c5d061fca356
--- /dev/null
+++ b/net-firewall/iptables/Manifest
@@ -0,0 +1,22 @@
+AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10
+AUX iptables-1.4.13-r1.init 2766 SHA256 2c9dcf73db7740350d41504633671e95287a349838acd5faa6d3b27418c9d6d0 SHA512 9b74344043f48ce2a4691f09199cfa752bd7ee360d912d412fe1cf51de54821b0d082c9585a11b84020454f9759af78ff097d7dfc8f5148ef9e987e6d990edde WHIRLPOOL dbd6af2c45e8e894bb03e818ef43695626fc0228530e5c7ba066e440be3c12bd54e873d31805a1053bd34c4341dda6c64b3eff2e94b51767ad2d0d390ef5a377
+AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b
+AUX iptables-1.4.21-configure.patch 1066 SHA256 73454c278b48fae5debcdb72ada8f2d60a36b5134cb1052b1a332b83169cbdc0 SHA512 45445d1460072ed19ba617be983be82094fdd0535a25de4f6159173de4a08be9bee9da13c7aeea419291beb92402ca25efba3a0e269510e221f7eacc8bcd5176 WHIRLPOOL 55c56c9e0711409c54b8635dc9b480be885c852b60ac336a32b3a48586c85ba5b7b9a0b4d2d427f7d646dfdc4d49c9fe6957ed39eac5cdd7de3526249f99e6ed
+AUX iptables-1.4.21-static-connlabel-config.patch 2195 SHA256 e03de480a940b0ac386bba2ec681f724ba39f5e53153398e061f2d74ae491c49 SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1 WHIRLPOOL c1b79bb8e9a915d27940b443c564d0d00ccbd31728b8519bd18a6957ca7085c19dd09592d94a4aecee48102303a000130eba85710ad1de1533ef783ef1c28811
+AUX iptables.init 2787 SHA256 5b644ff18c49f81983e75be40f52bd15606b5ec668f1c478406c18c6c4c9a528 SHA512 317c71bee98f5b1bbfd17ea961e5e268532c2320fc865b7876f7cc4e02a66b6a012fc336f8880045a83e101f161197c0a1d106220af6240407cebafbf38022db WHIRLPOOL 7b5b790b4f3d228b99523a250d11e0b53380f3cd69d7f845d77373d1ca31106974b5c728a6c6dd247ae135b8c0a92ca021cac7fd0459e13f9ade01a20a404a60
+AUX systemd/ip6tables-restore.service 398 SHA256 611fb01a539f421a06d443ac5bec4ee412699021bb8f99bcc52056b825b72baa SHA512 4df4f73b14e123c463003656631d1affa431f722c9f598cdde6a63a531432aa3f97635b32c59aa2e1ddc4b45f500169c88da1c055fccac6c8ce89db23d015a7a WHIRLPOOL eabe0338f58a300ea53c15e09e35f8c1eb10ac9574213fbe30aff75eb350eaa676f0c927a14e24e7b2eaad6b69124645ff0df995204e65f2a23f0bc00d5d2e1c
+AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6
+AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0
+AUX systemd/iptables-restore.service 394 SHA256 611debe959039341f2ee93c276290046365622e4a168c98a9f39684bee9565de SHA512 f0d042b487beaaa0dab0884ccb12c1cb63f9f5949b58187dcd4fcdb28a5b9874fd7b9cc8c14862f8a311a6e4016e2472edc51a776904c9940e1280da7dd3c01b WHIRLPOOL 8fc540b450347ea78e56d03591be2d22bbccadbe65dfe021c23231f9efcda3405d5555a6d5b93f38fbf5cc16855d397da104a873a5dd0fa01270d3b542f9403d
+AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db
+AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3
+DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200
+DIST iptables-1.6.0.tar.bz2 608288 SHA256 4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60 SHA512 60360910db76e3265fb7b6456a55b91708263bde9c4e5b9cadf3832d2e2a9db3e6cb60c82e278ea0672618bd5c9566c374e00d19d35a2e8f330116c3ab6aaf51 WHIRLPOOL e5ab2398b0650883d31ea144777a6b00904a4e02434f0420037aa54cfc5e47359b95604e945ae3a1abbf3037c37aea2143d3a5457a500e12f1c1139b11655015
+DIST iptables-1.6.1.tar.bz2 620890 SHA256 0fc2d7bd5d7be11311726466789d4c65fb4c8e096c9182b56ce97440864f0cf5 SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8 WHIRLPOOL e34fffbad8a5aea278cdfd11f042e2318862f8e6045a94a2eff35e6cb233ec62d030d83838613338ca2d928f6982cebf9665d039ba61218399139745c9cb08f9
+EBUILD iptables-1.4.21-r1.ebuild 2440 SHA256 175cacc8552ae92ca05b938d706acdb345ee488081972e1d5d666ef532a5a012 SHA512 b8cc233407d3cdec4ac916c61f7dcacd0ab23ca344205d48be9ab1a6be52275e595c1a64ba48b0e2e122d6ad762b8ae73883cb3c98c646e0d2ec233a8ccc8155 WHIRLPOOL b292ce7fcdf1a68d553bfd258c7d9f6a7cb3c47aab86f82b94fe4d97ad0fbc704adbfe9371f0db5202fbf6ff3fc249e07ff37804ff934ff64078b9ec9bf789e4
+EBUILD iptables-1.4.21-r4.ebuild 2973 SHA256 c7a60f6ae50344f860a0780c3ed960dfc29a0e9d4bf438aa3533607ec9fdb4bc SHA512 a8ac1de33f16d4d5b2b21aa145ec33a05dae62ba045d269a84e5f58539900d23d39b9a923dab9a1b61514009a263ecacb50563eeb0b6e4e1b3ba673d76fb0594 WHIRLPOOL 0d081a592b28ddffc501767b1478a631bd934f780748b6b53b2746cae499b8b829fd6aad9c0ac9afa11efd777cdc201b22d1fb46978cb5ec1a286415fff913a0
+EBUILD iptables-1.6.0-r1.ebuild 3097 SHA256 c5f6f3b579f8b39325b5aa9c3232f6ecf692385989d5e440a91f6ce91d19c2c5 SHA512 8c30729a0c00a78a53960034748016717210c977fca971efbb68fb5c188c4ba9fbcffb4c0c84396ccfcb0f0045c8ece8f2b7e213d61c05b6cd5b8701cfbbfbdc WHIRLPOOL 9d758ffe70b7b578c0f67041feb398ab83c6f46adde72cf0c1c5d590aac5ef550aa4c81bf00ca49c3fcd6c174efa343806fc1bd07b242f5076a5cfcb88a76ecf
+EBUILD iptables-1.6.1-r1.ebuild 3105 SHA256 a8e2244d7cc4bf08f52cfd8893d75db34edbb8d28ce9a12309352690ae3277c4 SHA512 8e8ecf87f5535d562922f2c57988947f81e804c8d094d20fe7a90c0ff3288c8b1fe43a4d5123ec226f9930709487ed9745f5d1081e2c63a2001635dfdcc5bccd WHIRLPOOL 65242c872dd2c2a7165388f27ebd4b18386571024b430eed034391125c1f046369d3314f204626a7abc0e29d3076fa8b9040d5c26e96aa9b8942d592462248a9
+MISC ChangeLog 9263 SHA256 a7cd952f78c9b527ae0dbc5ec3d654ceb7f74143003be019abb1f3809b08e08b SHA512 078ec1b34dbe48e83ea9ab618198b8c702f81ee3085cbf67ca203b64fbe414f2dfef5b6e89710e073178afda31e001f83ff572cb2236fbd260c753aaab92785c WHIRLPOOL b9b6c738e050c27eb9ae144762d4efcbac9adeecd162981d3db7c68cbace6827b1aada551d50220949e28da9074d6747ebe043ebec52a3a13e0cb6ce30c570e7
+MISC ChangeLog-2015 53266 SHA256 899937b46b0928ec409e58139647df2d10a1641c8d3e325b69307b4219d562b8 SHA512 904982cacd86d993475dfc7e078a66e5390b788ee29fc4b4f57401396420fdff076d35aefceb1b34814876e4acc0746faa23348152ed2acd62b0753cda938900 WHIRLPOOL 7e1ba68e5f9b5c8e75924c10c8fc54c2441450a2ebe7a0ed05f035e5932ef5447aacd29193219025e6a33984247935feb25bf041c8caab9df74dbda77345f38d
+MISC metadata.xml 1450 SHA256 12a59ccb10431b7760a10a4421f05fd3763eb14c91d27239f04d9bcacec548ab SHA512 3cd157fddc3a2aeca4ba563509b021ae52f02e23a721488eaf47b2aa701e6fee5ab8432603ca9999e6854b4d8a69950cf1a156104ee5db35f9232302326601f1 WHIRLPOOL 4d48988fd6ec8b53a643206c939789a773ab59253506c4659b83f7d563bd558924845dd04bb03702dff160cc49f72a319fa68b7e1e49988022270eeac7cfe82c
diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd
new file mode 100644
index 000000000000..3bb36989d37e
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/ip6tables
+
+# Location in which iptables initscript will save set rules on
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init
new file mode 100644
index 000000000000..b410b4ff52bf
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init
@@ -0,0 +1,129 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+iptables|ip6tables) ;;
+*) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+ iptables) iptables_proc="/proc/net/ip_tables_names"
+ iptables_save=${IPTABLES_SAVE};;
+ ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+ iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+set_table_policy() {
+ local chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+ local chain
+ for chain in ${chains} ; do
+ ${iptables_bin} -t ${table} -P ${chain} ${policy}
+ done
+}
+
+checkkernel() {
+ if [ ! -e ${iptables_proc} ] ; then
+ eerror "Your kernel lacks ${iptables_name} support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
+checkconfig() {
+ if [ ! -f ${iptables_save} ] ; then
+ eerror "Not starting ${iptables_name}. First create some rules then run:"
+ eerror "/etc/init.d/${iptables_name} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ${iptables_name} state and starting firewall"
+ ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+ checkkernel || return 1
+ ebegin "Stopping firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ set_table_policy $a ACCEPT
+
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+ done
+ eend $?
+}
+
+reload() {
+ checkkernel || return 1
+ checkrules || return 1
+ ebegin "Flushing firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+ done
+ eend $?
+
+ start
+}
+
+checkrules() {
+ ebegin "Checking rules"
+ ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+check() {
+ # Short name for users of init.d script.
+ checkrules
+}
+
+save() {
+ ebegin "Saving ${iptables_name} state"
+ checkpath -q -d "$(dirname "${iptables_save}")"
+ checkpath -q -m 0600 -f "${iptables_save}"
+ ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+ eend $?
+}
+
+panic() {
+ checkkernel || return 1
+ if service_started ${iptables_name}; then
+ rc-service ${iptables_name} stop
+ fi
+
+ local a
+ ebegin "Dropping all packets"
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+
+ set_table_policy $a DROP
+ done
+ eend $?
+}
diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd
new file mode 100644
index 000000000000..7225374c3a8a
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
new file mode 100644
index 000000000000..e827885f1688
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-configure.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/557586
+
+From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 15 Aug 2015 14:12:39 -0400
+Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE
+
+The 3rd arg is used when --{enable,disable}-foo are passed in, not when
+the feature is enabled. Use the existing $enableval instead.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/configure
++++ b/configure
+@@ -11898,14 +11898,14 @@ fi
+
+ # Check whether --enable-bpf-compiler was given.
+ if test "${enable_bpf_compiler+set}" = set; then :
+- enableval=$enable_bpf_compiler; enable_bpfc="yes"
++ enableval=$enable_bpf_compiler; enable_bpfc="$enableval"
+ else
+ enable_bpfc="no"
+ fi
+
+ # Check whether --enable-nfsynproxy was given.
+ if test "${enable_nfsynproxy+set}" = set; then :
+- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes"
++ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval"
+ else
+ enable_nfsynproxy="no"
+ fi
diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
new file mode 100644
index 000000000000..a4183d6d4025
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch
@@ -0,0 +1,77 @@
+https://bugs.gentoo.org/558234
+http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
+
+From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 5 Sep 2014 20:45:56 +0200
+Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
+ _init hook
+
+else, static builds will print this for every iptables invocation,
+even 'iptables -L'. Delay open until we need to translate a mapping.
+
+Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ extensions/libxt_connlabel.c | 27 ++++++++++++++++++++-------
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
+index c84a167..1f83095 100644
+--- a/extensions/libxt_connlabel.c
++++ b/extensions/libxt_connlabel.c
+@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
+ XTOPT_TABLEEND,
+ };
+
++/* cannot do this via _init, else static builds might spew error message
++ * for every iptables invocation.
++ */
++static void connlabel_open(void)
++{
++ if (map)
++ return;
++
++ map = nfct_labelmap_new(NULL);
++ if (!map && errno)
++ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
++ strerror(errno));
++}
++
+ static void connlabel_mt_parse(struct xt_option_call *cb)
+ {
+ struct xt_connlabel_mtinfo *info = cb->data;
+ int tmp;
+
++ connlabel_open();
+ xtables_option_parse(cb);
+
+ switch (cb->entry->id) {
+@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
+
+ static const char *connlabel_get_name(int b)
+ {
+- const char *name = nfct_labelmap_get_name(map, b);
++ const char *name;
++
++ connlabel_open();
++
++ name = nfct_labelmap_get_name(map, b);
+ if (name && strcmp(name, ""))
+ return name;
+ return NULL;
+@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
+
+ void _init(void)
+ {
+- map = nfct_labelmap_new(NULL);
+- if (!map) {
+- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
+- connlabel_mt_reg.name, strerror(errno));
+- return;
+- }
+ xtables_register_match(&connlabel_mt_reg);
+ }
+--
+2.4.4
+
diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init
new file mode 100755
index 000000000000..10394c6f09cf
--- /dev/null
+++ b/net-firewall/iptables/files/iptables.init
@@ -0,0 +1,129 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+iptables|ip6tables) ;;
+*) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+ iptables) iptables_proc="/proc/net/ip_tables_names"
+ iptables_save=${IPTABLES_SAVE};;
+ ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+ iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+set_table_policy() {
+ local chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+ local chain
+ for chain in ${chains} ; do
+ ${iptables_bin} -w -t ${table} -P ${chain} ${policy}
+ done
+}
+
+checkkernel() {
+ if [ ! -e ${iptables_proc} ] ; then
+ eerror "Your kernel lacks ${iptables_name} support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
+checkconfig() {
+ if [ ! -f ${iptables_save} ] ; then
+ eerror "Not starting ${iptables_name}. First create some rules then run:"
+ eerror "/etc/init.d/${iptables_name} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ${iptables_name} state and starting firewall"
+ ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+ checkkernel || return 1
+ ebegin "Stopping firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ set_table_policy $a ACCEPT
+
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
+ done
+ eend $?
+}
+
+reload() {
+ checkkernel || return 1
+ checkrules || return 1
+ ebegin "Flushing firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
+ done
+ eend $?
+
+ start
+}
+
+checkrules() {
+ ebegin "Checking rules"
+ ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+check() {
+ # Short name for users of init.d script.
+ checkrules
+}
+
+save() {
+ ebegin "Saving ${iptables_name} state"
+ checkpath -q -d "$(dirname "${iptables_save}")"
+ checkpath -q -m 0600 -f "${iptables_save}"
+ ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+ eend $?
+}
+
+panic() {
+ checkkernel || return 1
+ if service_started ${iptables_name}; then
+ rc-service ${iptables_name} stop
+ fi
+
+ local a
+ ebegin "Dropping all packets"
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
+
+ set_table_policy $a DROP
+ done
+ eend $?
+}
diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service
new file mode 100644
index 000000000000..c149e92ba900
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore ip6tables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=ip6tables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables/files/systemd/ip6tables-store.service b/net-firewall/iptables/files/systemd/ip6tables-store.service
new file mode 100644
index 000000000000..9975378353d3
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store ip6tables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables/files/systemd/ip6tables.service b/net-firewall/iptables/files/systemd/ip6tables.service
new file mode 100644
index 000000000000..0a6d7fa1c8ab
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore ip6tables firewall rules
+
+[Install]
+Also=ip6tables-store.service
+Also=ip6tables-restore.service
diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service
new file mode 100644
index 000000000000..2474ee3ec419
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore iptables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=iptables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables/files/systemd/iptables-store.service b/net-firewall/iptables/files/systemd/iptables-store.service
new file mode 100644
index 000000000000..aa16e75e9ccf
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store iptables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables/files/systemd/iptables.service b/net-firewall/iptables/files/systemd/iptables.service
new file mode 100644
index 000000000000..3643a3e31034
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore iptables firewall rules
+
+[Install]
+Also=iptables-store.service
+Also=iptables-restore.service
diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
new file mode 100644
index 000000000000..05b4e957ca31
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="conntrack ipv6 netlink static-libs"
+
+RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.4.21-r4.ebuild b/net-firewall/iptables/iptables-1.4.21-r4.ebuild
new file mode 100644
index 000000000000..b873bc7ffcfa
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r4.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT="0/10"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink pcap static-libs"
+
+RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ epatch "${FILESDIR}"/${P}-configure.patch #557586
+ epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable pcap bpf-compiler) \
+ $(use_enable pcap nfsynproxy) \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.6.0-r1.ebuild b/net-firewall/iptables/iptables-1.6.0-r1.ebuild
new file mode 100644
index 000000000000..11aff3774610
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.6.0-r1.ebuild
@@ -0,0 +1,112 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT="0/11"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+RDEPEND="
+ conntrack? ( net-libs/libnetfilter_conntrack )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0
+ >=net-libs/libnftnl-1.0.5
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable nftables) \
+ $(use_enable pcap bpf-compiler) \
+ $(use_enable pcap nfsynproxy) \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ # Deal with parallel build errors.
+ use nftables && emake -C iptables xtables-config-parser.h
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.6.1-r1.ebuild b/net-firewall/iptables/iptables-1.6.1-r1.ebuild
new file mode 100644
index 000000000000..4132b8a76807
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.6.1-r1.ebuild
@@ -0,0 +1,112 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot tracks libxtables as that's the one other packages generally link
+# against and iptables changes. Will have to revisit if other sonames change.
+SLOT="0/12"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+
+RDEPEND="
+ conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+ netlink? ( net-libs/libnfnetlink )
+ nftables? (
+ >=net-libs/libmnl-1.0
+ >=net-libs/libnftnl-1.0.5
+ )
+ pcap? ( net-libs/libpcap )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+ nftables? (
+ sys-devel/flex
+ virtual/yacc
+ )
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ # Hack around struct mismatches between userland & kernel for some ABIs. #472388
+ use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable nftables) \
+ $(use_enable pcap bpf-compiler) \
+ $(use_enable pcap nfsynproxy) \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ # Deal with parallel build errors.
+ use nftables && emake -C iptables xtables-config-parser.h
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
+ if use ipv6 ; then
+ systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
+ fi
+
+ # Move important libs to /lib #332175
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml
new file mode 100644
index 000000000000..92f454ba7f63
--- /dev/null
+++ b/net-firewall/iptables/metadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+</maintainer>
+<use>
+ <flag name="conntrack">Build against <pkg>net-libs/libnetfilter_conntrack</pkg> when enables the connlabel matcher</flag>
+ <flag name="netlink">Build against libnfnetlink which enables the nfnl_osf util</flag>
+ <flag name="nftables">Support nftables kernel interface</flag>
+ <flag name="pcap">Build against <pkg>net-libs/libpcap</pkg> which enables the nfbpf_compile util</flag>
+</use>
+<longdescription>
+ iptables is the userspace command line program used to set up, maintain, and
+ inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a
+ part of packet filtering framework which allows the stateless and stateful
+ packet filtering, all kinds of network address and port translation, and is a
+ flexible and extensible infrastructure with multiple layers of API's for 3rd
+ party extensions. The iptables package also includes ip6tables. ip6tables is
+ used for configuring the IPv6 packet filter.
+
+ Note that some extensions (e.g. imq and l7filter) are not included into
+ official kernel sources so you have to patch the sources before installation.
+</longdescription>
+<upstream>
+ <remote-id type="cpe">cpe:/a:netfilter_core_team:iptables</remote-id>
+</upstream>
+</pkgmetadata>
diff --git a/net-firewall/itval/Manifest b/net-firewall/itval/Manifest
new file mode 100644
index 000000000000..650c004ab03c
--- /dev/null
+++ b/net-firewall/itval/Manifest
@@ -0,0 +1,5 @@
+DIST ITVal-20121104.tar.bz2 71398 SHA256 dba3bcd2876b28fad4baedfd39a4d8ddd658d128e50c6f53253d321a082dcf42 SHA512 145f464154d0c88e6c43a16a6ea59f3f6f525612c99032bd5acb934975d46568a40b25996a92d63d190afbe2f129010fb7cdb843dced9eae4ec925b97ee17eca WHIRLPOOL 6c4ebb99b496988749559e83d6170e2f7c211cb9afe7e079a2591f11e01fc679dee5e94b030291bc76995f760b1ad3f056a5a64b110757f93e9d3e3cdbe8bdd2
+EBUILD itval-1.2_p20121104.ebuild 691 SHA256 55c96e63b9fa4627abc10c60d3f432ee44b0c824d13b73a415b30c539098e6ba SHA512 6bb6448aaba54292ea29ab788bb5b5da15b09f6b431c3933f98f574005e9ede3fc7bc939253692d42a3194b1a723e5813799ef837be673508bd5a84d8e163324 WHIRLPOOL f215ec26994eeb76f16c3393c718c3c9bf02903e95022d347a3b5c81415d85abcbdd0d9ac18127d0432759c3522bcccf734d4591e329fb47d62d4fc5079edf19
+MISC ChangeLog 3047 SHA256 822ab751e5ed63f1f83440ff74db39b2b1a1d1b51dca6a87cc2ec2aae560ec21 SHA512 162b80d73e51d098ef2f0f7fbd00e31a17db85a7aa0994dba7f3e9d054b47e3f5729a0db34e9f8d968616c3e66afbf7a07ba803a1dc790dc1bb310f099ad892d WHIRLPOOL e3c51c1a0a0ccb2e29c46938e2813765827461070def5296b2c0e2f38586b516fffebe668443e39ef9940b319ed6bda02281b88e5957f4431ffee7480da7d16b
+MISC ChangeLog-2015 1492 SHA256 a59c5e0b7f8ff8f59ed446e41b475371b565bfa02c4b79195614651e31427c32 SHA512 e7d5254e7b6b07d16b311b1363c250e0f599d814613e77be247705807248b3ae82d896c2480388ac000f6359ef9dea2dca91b9469fd82267063a637f298dad45 WHIRLPOOL a27998d4693746cebb3341b297110e1720211dc9d2fcb9c9744b9b3ae482d40583351954187af77f7a0bd5d7fdc1390afb8b84f847b4fd253c62e9c943d8b07a
+MISC metadata.xml 355 SHA256 ea7daee2322b0b45364a4c9f2cf30291048048d0aa947410fd540ce8bd766330 SHA512 5d2237882022cc28ffcf8f5bf3fc1884d7b18bda49ffb6b3b7ae878e0e47e4b775e268601a031e0aecaeae5b1067a61efb3e061f966150bf20189e3a60eb2df5 WHIRLPOOL 0d078699898759fe86b144ad54fb7eb2d5b1539102d5e55b87ed1156c68f05c892b59b2356f0e751b8d2d6cbd014e3868fc195ffed655f9ab07309ac0abcdaf5
diff --git a/net-firewall/itval/itval-1.2_p20121104.ebuild b/net-firewall/itval/itval-1.2_p20121104.ebuild
new file mode 100644
index 000000000000..4f5b701647f9
--- /dev/null
+++ b/net-firewall/itval/itval-1.2_p20121104.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+CMAKE_IN_SOURCE_BUILD=1
+inherit cmake-utils versionator
+
+MY_PN="ITVal"
+MY_PV="$(get_version_component_range 3)"
+MY_PV="${MY_PV/p/}"
+MY_P="${MY_PN}-${MY_PV}"
+
+DESCRIPTION="Iptables policy testing and validation tool"
+HOMEPAGE="http://itval.sourceforge.net"
+SRC_URI="https://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+RDEPEND="dev-libs/fddl"
+DEPEND="
+ sys-devel/flex
+ sys-devel/bison
+ ${RDEPEND}
+"
+
+S=${WORKDIR}/${MY_P}
+
+DOCS=( AUTHORS ChangeLog README RELEASE )
+
+src_install() {
+ default
+ doman man/ITVal.n
+}
diff --git a/net-firewall/itval/metadata.xml b/net-firewall/itval/metadata.xml
new file mode 100644
index 000000000000..162f7b1d9361
--- /dev/null
+++ b/net-firewall/itval/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="sourceforge">itval</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/lutelwall/Manifest b/net-firewall/lutelwall/Manifest
new file mode 100644
index 000000000000..1b6a5af16ce4
--- /dev/null
+++ b/net-firewall/lutelwall/Manifest
@@ -0,0 +1,6 @@
+AUX lutelwall 354 SHA256 d47332b38da25e66abec501c8e4c4db3c9368f8d0b932d3747140aa8609ee932 SHA512 43b9c9ba93d65767bfc1d6a36ee4acb98a3d671784d021a0cf501390b79d9d38c0913b63c693098941868fc65c17a1625f087e679a0fcbb9a3adf5f6009be4e1 WHIRLPOOL 1594eff24c514705fa47dd4843a14e5460f513b28a5b77c714f8ef60757a2cef5772ff71dd0965c97c27f5fa0878fd9be29a3a085b58b9cad291ef8b6b0187f9
+DIST lutelwall-0.99.tar.gz 29209 SHA256 92ab7ab320cbefd694cd5ba3799e6143244402eac65ffcd4b52528bc31d1a1f8 SHA512 8812048c9e4ec3beff2214ed3ceb2d980d769ada686a934af22baec76a3670e51ddb171097adbfb78c63ce9bc25554b1da93ec8c86f59457277fd4651cf1068c WHIRLPOOL 842979556cecab887f9f050d5d92e0539c608023a694608d82e77a7d338ca6a6d8fc842dee49aa2def49dfeebc82faf23b12108e0363ec881395ced8279bdb76
+EBUILD lutelwall-0.99.ebuild 674 SHA256 acc9738f379d87d8203b2795bd4e784158e0106a076fcefe1beab8c0d5a44a57 SHA512 2df911e9bd0bca04b6d0ea6dac3834b70fd556e41c2f25286f601bee2eb3408de700110710ba1e12e3b53001cdab381b3c3955e47abd59fc61e938c8030ff936 WHIRLPOOL 4b5fa375eb53af61780c34d51aa693fe8e703c66252469580357516bba243263452421028401c6296df6393ee839757debdfa43da513bd9072b33c5b22bbfdf6
+MISC ChangeLog 2579 SHA256 9440b124ced474d7a6af35c7d792be89ecb84db701c1b7620e10f11ab015b14b SHA512 2f1d90cf31e9e938ee13cbd8d19921aef285e62e6abffde8febf51e4c16ae296496b2ea62aef35a1f9538357a6ed6de59c2522c62ba81b4446427cbda2f8b35b WHIRLPOOL 8f88efd4ffb10355153b8e4edded40b9eff0977409f0cac2f5f67971266180af166f64f99cd8377aa2b5b7f2b7d194417dbfb7e9d6ab1e4556d59e41874e82b9
+MISC ChangeLog-2015 2623 SHA256 2d992d61f6b01de0cccfd302bd55f5adb4f6abb1fe5ba4d1f949dadf5472ea15 SHA512 3736f59a7d1353b51c88a4332a97cce60c67a75497f9a308b04780bcf2970e92408c490e057d40adf3dfc79c000f94516b85ea7703e425779276a592c13d83d2 WHIRLPOOL 8c11412efc8a339c978ee665f9867a7a26e08e2d7ccb936b9ff5238a7dde22ce7223877bf20ef834cff74eff94a42829d036b490e2d98cdfb7670116aa08dbfe
+MISC metadata.xml 948 SHA256 02350889fceb7f9f3df508af31f99f8f26d2b42531f75b005c35ba83b921734f SHA512 353b8d5c30ddb2ef9c03a85fb548b7881d5b89f0e25ce730a8c12d77105b67f8e20bd071e34ec16fa5585d7c3a052b85cf1a9fc877784e9e6c6ec83514619f35 WHIRLPOOL 273b874b3f4bd9a3fc31bb27682e4e2fecb6c48d54c4e883fe905da10be7db3141911e5cccc30bfcfb51a4f2296af948efd52fa29fe469810e89b88acfe6ceaa
diff --git a/net-firewall/lutelwall/files/lutelwall b/net-firewall/lutelwall/files/lutelwall
new file mode 100644
index 000000000000..e99b3923a975
--- /dev/null
+++ b/net-firewall/lutelwall/files/lutelwall
@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+
+depend() {
+ need net
+ use logger
+}
+
+start() {
+ ebegin "Starting LutelWall"
+ /usr/sbin/lutelwall start
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping LutelWall"
+ /usr/sbin/lutelwall stop
+ eend $?
+}
+
+restart() {
+ stop
+ start
+}
diff --git a/net-firewall/lutelwall/lutelwall-0.99.ebuild b/net-firewall/lutelwall/lutelwall-0.99.ebuild
new file mode 100644
index 000000000000..05eb0624495b
--- /dev/null
+++ b/net-firewall/lutelwall/lutelwall-0.99.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+DESCRIPTION="IPTables firewall setup script"
+LICENSE="GPL-2"
+HOMEPAGE="http://www.lutel.pl/lutelwall/"
+SRC_URI="http://www.lutel.pl/wp-content/uploads/${PV}/${P}.tar.gz"
+SLOT="0"
+KEYWORDS="alpha ~amd64 ~ppc ~sparc x86"
+
+RDEPEND="
+ >=net-firewall/iptables-1.2.6
+ >=sys-apps/gawk-3.1
+ sys-apps/iproute2
+"
+
+src_install() {
+ insinto /etc
+ doins lutelwall.conf
+
+ dosbin lutelwall
+ doinitd "${FILESDIR}"/lutelwall
+
+ dodoc FEATURES ChangeLog
+}
+
+pkg_postinst() {
+ elog "Basic configuration file is /etc/lutelwall.conf"
+ elog "Adjust it to your needs before using"
+}
diff --git a/net-firewall/lutelwall/metadata.xml b/net-firewall/lutelwall/metadata.xml
new file mode 100644
index 000000000000..6f69603521f1
--- /dev/null
+++ b/net-firewall/lutelwall/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="person">
+ <email>tomek@lutel.pl</email>
+ <name>Tomek Lutelmowski</name>
+ <description>LuteWall developer, third party maintainer</description>
+</maintainer>
+<maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+</maintainer>
+<maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+</maintainer>
+<longdescription>
+LutelWall is high-level firewall configuration tool. It uses human-readable and easy
+to understand configuration to set up Netfilter in most secure way. Its flexibility
+allows firewall admins build from very simple, single-homed firewalls, to most complex
+ones - with multiple subnets, DMZ's and traffic redirections.
+</longdescription>
+</pkgmetadata>
diff --git a/net-firewall/metadata.xml b/net-firewall/metadata.xml
new file mode 100644
index 000000000000..7ba30053341a
--- /dev/null
+++ b/net-firewall/metadata.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<catmetadata>
+ <longdescription lang="en">
+ The net-firewall category contains network firewall software.
+ </longdescription>
+ <longdescription lang="de">
+ Die Kategorie net-firewall enthült Firewall-Software.
+ </longdescription>
+ <longdescription lang="es">
+ La categoría net-firewall contiene programas relacionados con
+ cortafuegos de redes.
+ </longdescription>
+ <longdescription lang="ja">
+ net-firewall カテゴリーにはネットワーク・ファイアウォールの
+ ソフトウェアが含まれています。
+ </longdescription>
+ <longdescription lang="nl">
+ De net-firewall categorie bevat firewall-software.
+ </longdescription>
+ <longdescription lang="vi">
+ Nhóm net-firewall chứa các phần mềm firewall.
+ </longdescription>
+ <longdescription lang="it">
+ La categoria net-firewall contiene software per firewall.
+ </longdescription>
+ <longdescription lang="pt">
+ A categoria net-firewall contém programas de firewall para
+ redes.
+ </longdescription>
+ <longdescription lang="pl">
+ Kategoria net-firewall zawiera ściany ogniowe (firewalle).
+ </longdescription>
+</catmetadata>
+
diff --git a/net-firewall/nfacct/Manifest b/net-firewall/nfacct/Manifest
new file mode 100644
index 000000000000..5bf71a4fbf1d
--- /dev/null
+++ b/net-firewall/nfacct/Manifest
@@ -0,0 +1,7 @@
+DIST nfacct-1.0.1.tar.bz2 257013 SHA256 81ef261616f313372a957431d17c5a0334984f06ceea190cf390479bf043e7c4 SHA512 4d428f51ce3b12382974de3cb7d502f6a18d9c0fd4446071fc2b5e932c44e4b33072202f8b9bd4bdf892a08a64533776bb8e9a0a7c4acc876cfec154f76227a1 WHIRLPOOL ab3983015154109389c831cf4ac8e6d4afb299b3f2d0d9e76ae6e23e716f0fcb00f3317dd0754f144a6650f5c42029d132c875aa7d90687e5f2ac8ca24c476aa
+DIST nfacct-1.0.2.tar.bz2 265449 SHA256 ecff2218754be318bce3c3a5d1775bab93bf4168b2c4aac465785de5655fbd69 SHA512 2d7a76a51ffb10601e67ceda2ce055e63a8da802a682aab3c96cfa38e1d9d0d7ae7fa204d17d555303216e2ceeb0965d6b25387634725cf35e0a7109d84b47b3 WHIRLPOOL 7ecc6a446b5a8cd920d7f29347cac340a7af2262fd52af8174d360df7eceadd424c157ad45e6008f2fa4c83d099eb198c733c472603de3ee27cc5d710e1d3300
+EBUILD nfacct-1.0.1.ebuild 537 SHA256 d421ab178c586c55424b62c29c5c65d725a457622a3dfbbaf2d52cf9f7a00e26 SHA512 0cf95c17506d5d8362ea879cf668773a93f48486fc72fdd02fe805b1b51449ebf24fc51b1226cadaef97723ba982f64d9a39554f96ceb665068ac1861b75bd8d WHIRLPOOL e02763cfad148a3d815c669374e2ceb7ccb62f0ad60fe3807c2f0342b6cfd63a0850dd8df2f48807b429b295d4ffec8be805fb9fe35cca7faf4d6d95f0f3e9a8
+EBUILD nfacct-1.0.2.ebuild 520 SHA256 d5e1d5425d2015e2df0941a9a0b8560371ab244ff4c995f500c9c8a0e22bb68e SHA512 dc77221c25764c913908b3b7693d1b74a075627c2c43ddbd900198c2db99e0579782534444f86a91709e5b6393d0ab0425373e66ad310fb9177afb7c3ebb3f27 WHIRLPOOL 2368fa267a2648d19c447eae054dc95024a1982399c78f6a6e51bed4b25f7d86316a886b3dccfb31dcb14b1ddd473f55dd136eea6fde6be1856af6ec2d562dd3
+MISC ChangeLog 2878 SHA256 242721f18b7862d2f6f8117835389005607113a84f333894c512d2347bb0e941 SHA512 ebc50f1386242f2178d70abaa86cb76272ba9c83a3ada32008f3308bc3cf15d6e690e11b6d88104f313fa0868d1c071091be5d0487c29bf8e71720c9d817d3a6 WHIRLPOOL e93fc6470c715e35206c5b50abd633db5ff8cb9c34bf7634c990bc0f3086930a91a4c25163bafe0017f3e0afb5f3ec7d05e51eaeda47054b5ec8e73d8f00f8fe
+MISC ChangeLog-2015 1242 SHA256 c473adb0143526f48bd13c64f052a0e6f41f1b87320aa606e91479a3710a86d5 SHA512 24c61b9590516f04f39768ccd6684a23fecf712e0f154b64735237598fd16aa365aee92ccdd049dc5f6a021ff6fd6279f8e7baa2bdef71cc50abf2d9724ba951 WHIRLPOOL 17efae2e33cfce9b5d2ecd2af97042dcb2dc185ee87f73ed7fdb37fb115b622ced606d07a16629ace65f283d7a088a635afafb38ede0d3278c5a418c30cadbd6
+MISC metadata.xml 280 SHA256 b04c5b9d91f6c4d6e36583488fd032751034d1e035085609c9bdf7677cf1e83f SHA512 8b56802e5524808b11ab857779ce04fb2d07cae87376f67490178601a9aecf7ad9f95743709b46048a425598d4cf8dcf01ef78cc97009d78e26a7728453150ef WHIRLPOOL 6f3756b9ac748acccb6ac5a4de133cf93988e8c904f606376fecbb6a21ce038e86437fecca43b2521538da2570d33ff1a6a1e0cab290a3d71a9b4f2734f16328
diff --git a/net-firewall/nfacct/metadata.xml b/net-firewall/nfacct/metadata.xml
new file mode 100644
index 000000000000..2c2a7923cfc8
--- /dev/null
+++ b/net-firewall/nfacct/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+ </maintainer>
+</pkgmetadata>
diff --git a/net-firewall/nfacct/nfacct-1.0.1.ebuild b/net-firewall/nfacct/nfacct-1.0.1.ebuild
new file mode 100644
index 000000000000..32b690bfce00
--- /dev/null
+++ b/net-firewall/nfacct/nfacct-1.0.1.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit linux-info
+
+DESCRIPTION="Command line tool to create/retrieve/delete accounting objects in NetFilter"
+HOMEPAGE="http://netfilter.org/projects/nfacct"
+SRC_URI="http://www.netfilter.org/projects/${PN}/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm x86"
+
+RDEPEND="net-libs/libmnl
+ >=net-libs/libnetfilter_acct-1.0.2"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+CONFIG_CHECK="~NETFILTER_NETLINK_ACCT"
diff --git a/net-firewall/nfacct/nfacct-1.0.2.ebuild b/net-firewall/nfacct/nfacct-1.0.2.ebuild
new file mode 100644
index 000000000000..3aeca55ee035
--- /dev/null
+++ b/net-firewall/nfacct/nfacct-1.0.2.ebuild
@@ -0,0 +1,24 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit linux-info
+
+DESCRIPTION="Command line tool to create/retrieve/delete accounting objects in NetFilter"
+HOMEPAGE="http://www.netfilter.org/projects/nfacct"
+SRC_URI="${HOMEPAGE}/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+
+RDEPEND="
+ net-libs/libmnl
+ >=net-libs/libnetfilter_acct-1.0.3
+"
+DEPEND="
+ ${RDEPEND}
+ virtual/pkgconfig
+"
+
+CONFIG_CHECK="~NETFILTER_NETLINK_ACCT"
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
new file mode 100644
index 000000000000..f24534c17483
--- /dev/null
+++ b/net-firewall/nftables/Manifest
@@ -0,0 +1,13 @@
+AUX libexec/nftables.sh 3643 SHA256 8f8ca76bc1f77d09b1198e144479cd8cf7f50cf787317522ac6c1978ca9b7e6b SHA512 efc9b4f9520c78b6248f16bd5708669872e8abf949f6f4b81182f331f8532dfeaae2df648e8878e9b5cbd66c0259daab71035ea922754807654b2b3bc86b4352 WHIRLPOOL d3ea74671d3686af9e70a22bf727b9f64ab735cd63270ca283013fc1ba0cad6750ca82127e968f028b65dfe905aeb6275b4e9c295a43f5c8dfe2a7b815a66c44
+AUX nftables-0.5-pdf-doc.patch 1663 SHA256 c55698efb6f40085f1037b12706ca5ab8ba551b8af3902b16ac2cbfc922607c2 SHA512 1925ba300068155ec38ed0631eea0bab1e17ac0b4b454b6f5bf6548961b0264dfd9c9be27e697b8fd7db1827cc670a132c3a716d0874535e29ddb696d1a3eedc WHIRLPOOL c8ea06f6dbbc8c2e4acfaf9ec082647b1ae4288c818d48b47e0b2f5c0cbc7bc6b924b93981b1dd6991923375ffa66a1733988a66ec001d87114962824ee4907f
+AUX nftables-0.6-null-payload-desc-fix.patch 411 SHA256 28bcb66a4d46cb1cb20376f38efb2d95d92983a1417cb500a4351870524c3bfe SHA512 034bfa338ef52b722df8441ab981f45c4eeb88c0d65aa4fcdbee1d17df93c7c3239786351632ccadada08ecae796d366b994bd3c20f576a853885517d4de6116 WHIRLPOOL d0b0ab1051bcdbc734f44fa361781babebfb052daf783bb0e0268d2c3d25f962d4e6f13bf141fcfe46701127c46f104b1740fc48e84266326e9a20553945bcc8
+AUX nftables.confd 655 SHA256 d5e3077345dfea02849a70aea220396322a10c3808f0303b988119adbc56fdbd SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 WHIRLPOOL e39d13f996e620aa82714cb18e4f57624faa302f2259a44cc065804edf95fe07a314f744d17a76be6941c3771da6b233a19ae5b6b2f63783847121c63339197f
+AUX nftables.init 3069 SHA256 be1f1628305b5989ef9de2b95aa4e6201f067eb1f32cd92bba6db6f27f4f325f SHA512 ca761be0440945b21d5b002468baffb3299d0a3ac244aa895734dfdfaf442e7a73b757bcda99d958582064411d1b80b2cbcb4eb532bb219b4df407c9ed892661 WHIRLPOOL 95aebd414c91f3a1e31e241c3d5b83bc998ff5e516c3b6d14b45c0e8bbbb39aba8435f602bc21f7591ef0f6aa71fd01ceb7f08cdab731723478b2a9fb7640c2a
+AUX systemd/nftables-restore.service 394 SHA256 ec9ca69ca916e0739de2eb229c8fee2a65a551a97886c4c0a69c35776f3f1c95 SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0 WHIRLPOOL 67eb5b72e81ca66ba079ffd3b574fd21d3ac3cb9fc3d4a3986b1b5543e4059adbdb633b432fa1bb71208a48b4e2eda425d1a09e4b853b7c555d48e8da2b92ded
+DIST nftables-0.6.tar.gz 252523 SHA256 85dd7fa4e741c0be02efddbc57b5d300e1147f09ec6f81d0399110f96dc958f0 SHA512 17f3b94687865e077dc082cf61b29ab2854fd1ffe18212a8d424f2876aef8db9780dd4d06dca8e6d093498151d47bab73e40e1f54062a83a23a3cbe75f27e921 WHIRLPOOL d15eaf81426d73bea28752f96727d291120120fb2aaa994d421d900974eb45062957435e077664fb916780f636ed9b61889dbec8b627d5d309512bae96f02874
+DIST nftables-0.7.tar.gz 292652 SHA256 192c9d92ee0c56eded599d1c54b0d68f4d9b0286f3d908579f0b9271aeba432f SHA512 6032720abf3af8a6dc0b4f507c6ae970447f504d59db4a34b2e0eea3c59962bc69d9ebfaa4e26a117747eb9d0224716a9709b96551b5479d914d7498f26ed43a WHIRLPOOL a999e85370bd9241daf015849ecdf5955f87a2d65f5525a6e75e9eda1bb87e1a84123c42e95f16c4469873a682409fea2ccc65a3af84a107b62d8c2a5727343d
+EBUILD nftables-0.6-r4.ebuild 2116 SHA256 81001d2c20ee1ca27bf40f397be44d2e830d9fdd48d4ea4b6aa7495d45b8db7b SHA512 4c1a3420d9d228ff1925d91ee0bdd285995b7d06b59453863e5b5fef12813c6f58d8487a10c880c313a328be79e69b49147f0a5c73e07554d665ff24ffe1f265 WHIRLPOOL 3486ed76af507f4a49e8a203d7bf4544b244319c803e272db2b59fb6d7aa53900f8b9e8146de99b2dce41372cf9cd6d03075fbd4577c5b38ba642a2f628c18c8
+EBUILD nftables-0.7.ebuild 2002 SHA256 c909b988d5ddde8cf9365667b8bd5d27314be4bb9a972ce651bc416d6739c33f SHA512 0b6efeee42b09b861a27fb11cf02b2096f5e66f8e80f92d8ed97bfeeabb8fe532b068761ffbadf7603cc6095ddd81abe313dd6f581b0719239411f740a0131bf WHIRLPOOL 2bee002b52161664bdd17ae47558b8a723ec603ab0c3c19454685a2511cd9e62d543db7007c0f64eeb35fef20a5b7edf119e8dfb8be852c2368861a95920ee29
+MISC ChangeLog 9200 SHA256 2dab66ea101a22a52b3f2cee4afbfa6dbb2545da809a22cbb10ef9341e08f25e SHA512 cf2cf5c185447f5adaf7f1c7be119f1d13e009f450e2e632234b23b132fb478defda597f09ce492aa7f1c846d2c34f2cf7e6f87b450e7713a843e21a09480e79 WHIRLPOOL 25f4c0eb5d2b5d4492636b6c4c5892e68ed6be83b8d8606785c2c583c91d9429dca75014c196d3f991e78b8e97968b526c83d0bc9277b3ab8c8fd919f1592bf3
+MISC ChangeLog-2015 1919 SHA256 36e610e38e898312082803dcc832cf1b808ff8f450e89f73610c8517cea6e045 SHA512 bb7cff250e90ba78e9e47692ddf126056d5d2b50cce7c3442de3b129ff00272e8b0ae2181f4898f424aac506783e4f978a5f2f1228827d3583402396a518e03b WHIRLPOOL b045fb1f27d640ad01b2fa3b28ba12df8d540b6b86657205d3a3bae303da17ccc5f09f441405579f662360200d98e45724b8f3cd579d55d21d82734545f9d98d
+MISC metadata.xml 372 SHA256 e9f3e17475668a443f853ade5d6032a2e6f44726dcc5175c2500a29e21d61910 SHA512 13f7b219a6a043a047b4be99f69cadf76b2a0c20800c1622f08dc9626ebc1115db79a3866fb19c1c00a98b66a692b42d42c2c3e66da654ff83e44d193da8a511 WHIRLPOOL b5a3ea672559d759343b4fb7e501871a485a68f66fbc9e1d7cb94bb11e5c236f253677e75c566a8d6282a87ce87a1109a38f5857b9cf2ffa0832e8dd52af0251
diff --git a/net-firewall/nftables/files/libexec/nftables.sh b/net-firewall/nftables/files/libexec/nftables.sh
new file mode 100755
index 000000000000..cc55f8566000
--- /dev/null
+++ b/net-firewall/nftables/files/libexec/nftables.sh
@@ -0,0 +1,149 @@
+#! /bin/sh
+
+main() {
+ local NFTABLES_SAVE=${2:-'/var/lib/nftables/rules-save'}
+ local retval
+ case "$1" in
+ "clear")
+ if ! use_legacy; then
+ nft flush ruleset
+ else
+ clear_legacy
+ fi
+ retval=$?
+ ;;
+ "list")
+ if ! use_legacy; then
+ nft list ruleset
+ else
+ list_legacy
+ fi
+ retval=$?
+ ;;
+ "load")
+ nft -f ${NFTABLES_SAVE}
+ retval=$?
+ ;;
+ "store")
+ local tmp_save="${NFTABLES_SAVE}.tmp"
+ if ! use_legacy; then
+ nft ${SAVE_OPTIONS} list ruleset > ${tmp_save}
+ else
+ save_legacy ${tmp_save}
+ fi
+ retval=$?
+ if [ ${retval} ]; then
+ mv ${tmp_save} ${NFTABLES_SAVE}
+ fi
+ ;;
+ esac
+ return ${retval}
+}
+
+clear_legacy() {
+ local l3f line table chain first_line
+
+ first_line=1
+ if manualwalk; then
+ for l3f in $(getfamilies); do
+ nft list tables ${l3f} | while read line; do
+ table=$(echo ${line} | sed "s/table[ \t]*//")
+ deletetable ${l3f} ${table}
+ done
+ done
+ else
+ nft list tables | while read line; do
+ l3f=$(echo ${line} | cut -d ' ' -f2)
+ table=$(echo ${line} | cut -d ' ' -f3)
+ deletetable ${l3f} ${table}
+ done
+ fi
+}
+
+list_legacy() {
+ local l3f
+
+ if manualwalk; then
+ for l3f in $(getfamilies); do
+ nft list tables ${l3f} | while read line; do
+ line=$(echo ${line} | sed "s/table/table ${l3f}/")
+ echo "$(nft list ${line})"
+ done
+ done
+ else
+ nft list tables | while read line; do
+ echo "$(nft list ${line})"
+ done
+ fi
+}
+
+save_legacy() {
+ tmp_save=$1
+ touch "${tmp_save}"
+ if manualwalk; then
+ for l3f in $(getfamilies); do
+ nft list tables ${l3f} | while read line; do
+ line=$(echo ${line} | sed "s/table/table ${l3f}/")
+ nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save}
+ done
+ done
+ else
+ nft list tables | while read line; do
+ nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}"
+ done
+ fi
+}
+
+use_legacy() {
+ local major_ver minor_ver
+
+ major_ver=$(uname -r | cut -d '.' -f1)
+ minor_ver=$(uname -r | cut -d '.' -f2)
+
+ [ $major_ver -ge 4 -o $major_ver -eq 3 -a $minor_ver -ge 18 ] && return 1
+ return 0
+}
+
+CHECK_TABLE_NAME="GENTOO_CHECK_TABLE"
+
+getfamilies() {
+ local l3f families
+
+ for l3f in ip arp ip6 bridge inet; do
+ if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then
+ families="${families}${l3f} "
+ nft delete table ${l3f} ${CHECK_TABLE_NAME}
+ fi
+ done
+ echo ${families}
+}
+
+manualwalk() {
+ local result l3f=`getfamilies | cut -d ' ' -f1`
+
+ nft create table ${l3f} ${CHECK_TABLE_NAME}
+ nft list tables | read line
+ if [ $(echo $line | wc -w) -lt 3 ]; then
+ result=0
+ fi
+ result=1
+ nft delete table ${l3f} ${CHECK_TABLE_NAME}
+
+ return $result
+}
+
+deletetable() {
+ # family is $1
+ # table name is $2
+ nft flush table $1 $2
+ nft list table $1 $2 | while read l; do
+ chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2)
+ if [ -n "${chain}" ]; then
+ nft flush chain $1 $2 ${chain}
+ nft delete chain $1 $2 ${chain}
+ fi
+ done
+ nft delete table $1 $2
+}
+
+main "$@"
diff --git a/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch b/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch
new file mode 100644
index 000000000000..d09faa3ddd9f
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch
@@ -0,0 +1,52 @@
+Update configure script to include option to enable and disable PDF man page
+generation.
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -27,10 +27,16 @@
+ AC_CONFIG_HEADER([config.h])
+
+ AC_DEFINE([_GNU_SOURCE], [], [Enable various GNU extensions])
+ AC_DEFINE([_STDC_FORMAT_MACROS], [], [printf-style format macros])
+
++AC_ARG_ENABLE([pdf-doc],
++ AS_HELP_STRING([--disable-pdf-doc], [Disable PDF documentation]),
++ AS_IF([test "x$enable_pdf_doc" = "xno"], [enable_pdf_doc=no],
++ [enable_pdf_doc=yes]), [enable_pdf_doc=yes])
++AM_CONDITIONAL([BUILD_PDF], [test "x$enable_pdf_doc" == "xyes" ])
++
+ AC_ARG_ENABLE([debug],
+ AS_HELP_STRING([--enable-debug], [Disable debugging]),
+ AS_IF([test "x$enable_debug" = "xno"], [with_debug=no], [with_debug=yes]),
+ [with_debug=yes])
+ AC_SUBST(with_debug)
+@@ -61,15 +67,15 @@
+ )]
+ )
+ AC_SUBST(DB2MAN)
+ AM_CONDITIONAL([BUILD_MAN], [test -n "$DB2MAN"])
+
+-AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no])
+-AS_IF([test "$DBLATEX" == "no"],
+- [AC_MSG_WARN([dblatex not found, no PDF manpages will be built])]
+-)
+-AM_CONDITIONAL([BUILD_PDF], [test "$DBLATEX" == "found"])
++AM_COND_IF([BUILD_PDF], [
++ AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no])
++ AS_IF([test "$DBLATEX" == "no"],
++ [AC_MSG_ERROR([dblatex not found])])
++])
+
+ # Checks for libraries.
+ PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
+ PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.5])
+
+@@ -134,6 +140,7 @@
+
+ echo "
+ nft configuration:
+ cli support: ${with_cli}
+ enable debugging: ${with_debug}
+- use mini-gmp: ${with_mini_gmp}"
++ use mini-gmp: ${with_mini_gmp}
++ enable pdf documentation: ${enable_pdf_doc}"
diff --git a/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch
new file mode 100644
index 000000000000..3ea59e7aa490
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch
@@ -0,0 +1,14 @@
+diff --git a/src/payload.c b/src/payload.c
+index ac0e917..9ba980a 100644
+--- a/src/payload.c
++++ b/src/payload.c
+@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
+ base = ctx->protocol[left->payload.base].desc;
+ desc = proto_find_upper(base, proto);
+
++ if (!desc)
++ return;
++
+ assert(desc->base <= PROTO_BASE_MAX);
+ if (desc->base == base->base) {
+ assert(base->length > 0);
diff --git a/net-firewall/nftables/files/nftables.confd b/net-firewall/nftables/files/nftables.confd
new file mode 100644
index 000000000000..e83a4b962061
--- /dev/null
+++ b/net-firewall/nftables/files/nftables.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/nftables
+
+# Location in which nftables initscript will save set rules on
+# service shutdown
+NFTABLES_SAVE="/var/lib/nftables/rules-save"
+
+# Options to pass to nft on save
+SAVE_OPTIONS="-n"
+
+# Save state on stopping nftables
+SAVE_ON_STOP="yes"
+
+# If you need to log nftables messages as soon as nftables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init
new file mode 100644
index 000000000000..cf4ab8b5f44b
--- /dev/null
+++ b/net-firewall/nftables/files/nftables.init
@@ -0,0 +1,124 @@
+#!/sbin/openrc-run
+# Copyright 2014-2017 Nicholas Vinson
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="clear list panic save"
+extra_started_commands="reload"
+depend() {
+ need localmount #434774
+ before net
+}
+
+start_pre() {
+ checkkernel || return 1
+ checkconfig || return 1
+ return 0
+}
+
+clear() {
+ /usr/libexec/nftables/nftables.sh clear || return 1
+ return 0
+}
+
+list() {
+ /usr/libexec/nftables/nftables.sh list || return 1
+ return 0
+}
+
+panic() {
+ checkkernel || return 1
+ if service_started ${RC_SVCNAME}; then
+ rc-service ${RC_SVCNAME} stop
+ fi
+
+ ebegin "Dropping all packets"
+ clear
+ if nft create table ip filter >/dev/null 2>&1; then
+ nft -f /dev/stdin <<-EOF
+ table ip filter {
+ chain input {
+ type filter hook input priority 0;
+ drop
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ drop
+ }
+ chain output {
+ type filter hook output priority 0;
+ drop
+ }
+ }
+ EOF
+ fi
+ if nft create table ip6 filter >/dev/null 2>&1; then
+ nft -f /dev/stdin <<-EOF
+ table ip6 filter {
+ chain input {
+ type filter hook input priority 0;
+ drop
+ }
+ chain forward {
+ type filter hook forward priority 0;
+ drop
+ }
+ chain output {
+ type filter hook output priority 0;
+ drop
+ }
+ }
+ EOF
+ fi
+}
+
+reload() {
+ checkkernel || return 1
+ ebegin "Flushing firewall"
+ clear
+ start
+}
+
+save() {
+ ebegin "Saving nftables state"
+ checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
+ checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
+ export SAVE_OPTIONS
+ /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE}
+ return $?
+}
+
+start() {
+ ebegin "Loading nftables state and starting firewall"
+ clear
+ /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE}
+ eend $?
+}
+
+stop() {
+ if yesno ${SAVE_ON_STOP:-yes}; then
+ save || return 1
+ fi
+
+ ebegin "Stopping firewall"
+ clear
+ eend $?
+}
+
+checkconfig() {
+ if [ ! -f ${NFTABLES_SAVE} ]; then
+ eerror "Not starting nftables. First create some rules then run:"
+ eerror "rc-service nftables save"
+ return 1
+ fi
+ return 0
+}
+
+checkkernel() {
+ if ! nft list tables >/dev/null 2>&1; then
+ eerror "Your kernel lacks nftables support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
diff --git a/net-firewall/nftables/files/systemd/nftables-restore.service b/net-firewall/nftables/files/systemd/nftables-restore.service
new file mode 100644
index 000000000000..4b68b0a5b09e
--- /dev/null
+++ b/net-firewall/nftables/files/systemd/nftables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Store and restore nftables firewall rules
+ConditionPathExists=/var/lib/nftables/rules-save
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save
+ExecStop=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml
new file mode 100644
index 000000000000..c3018163bf38
--- /dev/null
+++ b/net-firewall/nftables/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+ </maintainer>
+ <maintainer type="person">
+ <email>prometheanfire@gentoo.org</email>
+ <name>Matthew Thode</name>
+ </maintainer>
+</pkgmetadata>
diff --git a/net-firewall/nftables/nftables-0.6-r4.ebuild b/net-firewall/nftables/nftables-0.6-r4.ebuild
new file mode 100644
index 000000000000..be9f30bcfbe3
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.6-r4.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools linux-info systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://netfilter.org/projects/nftables/"
+SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="debug doc gmp +readline xml"
+
+RDEPEND=">=net-libs/libmnl-1.0.3
+ gmp? ( dev-libs/gmp:0= )
+ readline? ( sys-libs/readline:0= )
+ >=net-libs/libnftnl-1.0.6[xml(-)?]
+ "
+DEPEND="${RDEPEND}
+ >=app-text/docbook2X-0.8.8-r4
+ doc? ( >=app-text/dblatex-0.3.7 )
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig"
+
+S="${WORKDIR}/v${PV}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.5-pdf-doc.patch"
+ "${FILESDIR}/${P}-null-payload-desc-fix.patch"
+)
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --sbindir="${EPREFIX}"/sbin \
+ $(use_enable doc pdf-doc) \
+ $(use_enable debug) \
+ $(use_with readline cli) \
+ $(use_with !gmp mini_gmp)
+}
+
+src_install() {
+ default
+
+ dodir /usr/libexec/${PN}
+ exeinto /usr/libexec/${PN}
+ doexe "${FILESDIR}"/libexec/${PN}.sh
+
+ newconfd "${FILESDIR}"/${PN}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}.init ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+ systemd_enable_service basic.target ${PN}-restore.service
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT%/}/var/lib/nftables/rules-save"
+
+ elog "In order for the nftables-restore systemd service to start, "
+ elog "the file, ${save_file}, must exist. To create this "
+ elog "file run the following command: "
+ elog ""
+ elog " touch '${save_file}'"
+ elog ""
+ elog "Afterwards, the nftables-restore service should be manually started "
+ elog "to ensure firewall changes are stored on system shutdown. The "
+ elog "systemd service will function normally thereafter."
+}
diff --git a/net-firewall/nftables/nftables-0.7.ebuild b/net-firewall/nftables/nftables-0.7.ebuild
new file mode 100644
index 000000000000..30376495f198
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.7.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools linux-info systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://netfilter.org/projects/nftables/"
+SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="debug doc gmp +readline"
+
+RDEPEND=">=net-libs/libmnl-1.0.3
+ gmp? ( dev-libs/gmp:0= )
+ readline? ( sys-libs/readline:0= )
+ >=net-libs/libnftnl-1.0.7"
+
+DEPEND="${RDEPEND}
+ >=app-text/docbook2X-0.8.8-r4
+ doc? ( >=app-text/dblatex-0.3.7 )
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig"
+
+S="${WORKDIR}/v${PV}"
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --sbindir="${EPREFIX}"/sbin \
+ $(use_enable doc pdf-doc) \
+ $(use_enable debug) \
+ $(use_with readline cli) \
+ $(use_with !gmp mini_gmp)
+}
+
+src_install() {
+ default
+
+ dodir /usr/libexec/${PN}
+ exeinto /usr/libexec/${PN}
+ doexe "${FILESDIR}"/libexec/${PN}.sh
+
+ newconfd "${FILESDIR}"/${PN}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}.init ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+ systemd_enable_service basic.target ${PN}-restore.service
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT%/}/var/lib/nftables/rules-save"
+
+ elog "In order for the nftables-restore systemd service to start, "
+ elog "the file, ${save_file}, must exist. To create this "
+ elog "file run the following command: "
+ elog ""
+ elog " touch '${save_file}'"
+ elog ""
+ elog "Afterwards, the nftables-restore service should be manually started "
+ elog "to ensure firewall changes are stored on system shutdown. The "
+ elog "systemd service will function normally thereafter."
+}
diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest
new file mode 100644
index 000000000000..58d6afec99c9
--- /dev/null
+++ b/net-firewall/nufw/Manifest
@@ -0,0 +1,12 @@
+AUX nuauth-conf.d 62 SHA256 0ab7686ef414e37fb1cae532134ffda6958f0a492fcdc4e28245f70b7366ec2c SHA512 2304d60917eab68c8268205d006dddbacfc68c876ee6a36d90f5f21eceb6f5ba6b9bc82a3173b55dde825df44dee766e300848936f0629e650730f16112f2558 WHIRLPOOL 6f43825a5dc5c6a6720b04f5cebc8aca11487a9f4bc4db05a37c78985731e1c67cf87f48448164c5a5bd330c8b6f39b781d61e6a84e15ba6369aea55e26eb6ef
+AUX nuauth-init.d 545 SHA256 19e59c030ea314a46d3651622e08b2f23c24326990a5aeb90997df104827cc78 SHA512 f46646466cd33f09c27d4621d249b21b50362c802db059ffe57b80c4f97a3c50aa5d6a89fc2866caf57f2d9a4d4a6726ccf37be84185488f2e165aded29350a8 WHIRLPOOL 63fdd1c60277d5598797a3a533c347a6e53a4e777e3cda07531ace6d16dc43859aa1bf03ac7b22e1caab7a73d9af0c7e1e7a11242de53d1ccc21d1ab25fceb7c
+AUX nufw-2.2.22-gnutls-3.4.patch 3240 SHA256 faa93c5058d8b34dac575e8f0cd6ebf37a5c3cda793cab6087df935f43356bb6 SHA512 b0d426c2e42f49565c5520c63ea5501103ca131d339a356f0dee3eac065bd069b6e5366dee617f26e5d88ed38d60e91bdcb661da080ba5a70b5a4e8aadfe402b WHIRLPOOL 26d15f70cec65cb04edb6e8ecd1846017dee52a9ab6b20218c09c0a2b77a98722b5dd3a8eb51c4d1e41eafdc524c281b70dbb7d5946d3aac76ea247f8c1ee73c
+AUX nufw-2.2.22-var-run.patch 1438 SHA256 e68591a7b780ff514d7f5a66c8ee12e299d58fd96777491488960d75d61cb5f1 SHA512 f299a373e67f910fd816037fb916d1c116a98b6a8d1487e0e9e4c35713839d7f6f7189b31390a9616bb0cf77bcc2abb9077d9dc60c8b83571aa07291981c3383 WHIRLPOOL 131550c94e02c2650e01fd9f89437c968b6cd9a67f2f1d1bc09ccf202f71942d8475043f49b286fddeb71e63ec453924bb0acf157cef83634d1ac7acb9aaea9b
+AUX nufw-conf.d 122 SHA256 65df231f179c64d007efc1bb3dc09b6220af8c2793eb7fc11dc29e2631e687e8 SHA512 df48fc1843bf07e7ccfacd647caafc43752fdfa76da09a89d9ec0d76b79746c60c70f68c004c7e37899f195ae63adefc7d1c1b2c7b41da27911eb4cdc54212fb WHIRLPOOL a710ca94b0d942f8976b6a6fd5bf9fa971466581c439729357254b590dcd8b20dd4b62a5d59afacccf5e3fd4be9d044f34ff604e16998ef8cb32cdfd865e0bb9
+AUX nufw-init.d 273 SHA256 ce62222003235455cb9b4ba33d1fac953dd2a07eea5e78f382ea06bf4e03edcf SHA512 7f8b16532ae74b6aae8a9c7ef4a7509b66253f03a47c8ee521163a35db525e8c25b091289e10337307906a27e0aba558bd2a28dc0b91cbc09ce17ba78002d0e1 WHIRLPOOL 43549b3dbd47e61424bd4f4061963594d0c51e959d41b73b21d0a07bf9c69b21a77353fa0b896b7bae3d9b35fa9701fc451a06c3f89488276c7fb81e6f4617c3
+DIST nufw-2.2.22.tar.bz2 597491 SHA256 92603813b4138bfd52b5873c68d7c6e43f78885a414067e57bd2c1e8eba66b8c SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee WHIRLPOOL 5e493d2aa2c661dd9766670bb805f98849c82f1962d39ff3692481f7049740cc73455e6aa45b7ca20632b2e254be8bb953f9aebdeb7a46c525578fc7a9d007ba
+EBUILD nufw-2.2.22-r1.ebuild 2631 SHA256 cb904b423f3067f05a23c70546e61d46625e925d481f9c733fc88b851fc390cd SHA512 45e1cbc6deb24861633753cc268090bb4e21f6cd85aed8f1abae2f6aec1d7523dd1ce92043d60cb4229894577b9f0d34fad4ecbf2b5e7dffd7461a3f0b700bb0 WHIRLPOOL 9d3c1a40984ea8c2c10ad4531136070f6aecd0eff675d8eddbbe62616996b6e2f9c7650682179a89d2637e33c6b5902698d393320b60d1ba177397ce4cec7645
+EBUILD nufw-2.2.22-r2.ebuild 2642 SHA256 a3313d764b08261ab253a5c58546f7840de6bbc889cdf62c80ac900a36bb810b SHA512 8afdeab8d1794994a3f398ea4a741369752c52346cd1693978fc48f98b3798b180bea2fa66a7f94614e23067171742e3a3f10e4cb4edef3fa742825b867560fd WHIRLPOOL 14baded768af8ee708c20e15e0cfe846cb17d7eb65572bf27015854a00ef938b69e04f5cc4be932531f3b9891880af36e0f25cbbbca3d8b41086775d590298c0
+MISC ChangeLog 3133 SHA256 8c3e7753db2103309a989787111a8910d212c223c74aead0bb20957c0a1ddf71 SHA512 7fbb5a01a741fa8acdecf3adfb80f7981bd60dbf3068c47a7bdae04479526d7120916e77bdfeaffa6357a0e8016ab4f6dd846febb715370f461d342ec5f8151a WHIRLPOOL ce1f2919df66d4a757dd51cffe7a7297c2dd61730f7911fec81f1dbe0edc8a7ee53b164c5c597b556d321445b5039bda99348a814a9597efc29c02117c44d058
+MISC ChangeLog-2015 6478 SHA256 f79a1f8ac82776b02cca81f1912425cacb20a80add32c2f9a26445d444127907 SHA512 d518079ed50b77206bb4edfd9b029393309bd1ec6d8960ea9314ffa2cbb26a788c5931bcbab1b5e9fd22f7faec27471eb3d77967f053f19d76d8489aefe63389 WHIRLPOOL eb11a571f01b1f20c1510f5fada9b6a889c17125b50036628c721ddf96208e516f6c9ab316c843e1bf83efe9abc67d00319b9a83a5b391f346309b334aa2be87
+MISC metadata.xml 547 SHA256 5fa6d204f97c6a78e4444a3ec9d7bf82b357700316d8d8cf0c7e1f2e19da44a6 SHA512 29dea30db4101530fc810fd162a93aa7f87898f57a955f528a9259918a4a9c1d16dc1b7a790817846482b410a11e98f32987d409165a322fdfc8352bfd5383d5 WHIRLPOOL b983b968463071c98e7b009af91cfd1badddc46d230c736407aacfc2e938c0ec90079d8e0854b4eaeb833b8a9cdd92eb16b848298f01233fa9115862daec01e0
diff --git a/net-firewall/nufw/files/nuauth-conf.d b/net-firewall/nufw/files/nuauth-conf.d
new file mode 100644
index 000000000000..1ac750cf49fd
--- /dev/null
+++ b/net-firewall/nufw/files/nuauth-conf.d
@@ -0,0 +1,2 @@
+# configuration file for /etc/init.d/nuauth
+NUAUTH_OPTIONS=""
diff --git a/net-firewall/nufw/files/nuauth-init.d b/net-firewall/nufw/files/nuauth-init.d
new file mode 100644
index 000000000000..db9c10b8a0d5
--- /dev/null
+++ b/net-firewall/nufw/files/nuauth-init.d
@@ -0,0 +1,27 @@
+#!/sbin/openrc-run
+
+depend() {
+ before net
+}
+
+checkconfig() {
+ if [ ! -e /etc/nufw/nuauth.conf ]; then
+ eerror "You need a /etc/nufw/nuauth.conf file to run nuauth"
+ eerror "There is sample file in /usr/share/doc/nufw-version/"
+ return 1
+ fi
+}
+
+start() {
+ checkpath -d /run/nuauth
+ checkconfig || return 1
+ ebegin "Starting nuauth"
+ start-stop-daemon --start --quiet --exec /usr/sbin/nuauth -- -D ${NUAUTH_OPTIONS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping nuauth"
+ start-stop-daemon --stop --quiet --pidfile /run/nuauth/nuauth.pid
+ eend $?
+}
diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
new file mode 100644
index 000000000000..e75d2b3fd61d
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
@@ -0,0 +1,103 @@
+From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Sat, 4 Mar 2017 01:00:40 +0200
+Subject: [PATCH] ssl: drop call of deprecated
+ gnutls_certificate_type_set_priority()
+
+CTYPE-X.509 is the default value. Closes: #624077
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ src/clients/lib/libnuclient.c | 15 ++-------------
+ src/nufw/tls.c | 14 --------------
+ 2 files changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c
+index 917e75a..6e78c96 100644
+--- a/src/clients/lib/libnuclient.c
++++ b/src/clients/lib/libnuclient.c
+@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+ # define DH_BITS 1024
+ #endif
+
+-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+-
+ void nu_exit_clean(nuauth_session_t * session)
+ {
+ if (session->ct) {
+@@ -270,7 +267,7 @@ int check_key_perms(const char* filename)
+ return 1;
+ }
+
+-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st)
++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st)
+ {
+ printf("TLS error: server requests certificate, none configured\n");
+ return 0;
+@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session,
+ SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR);
+ return 0;
+ }
+- gnutls_certificate_client_set_retrieve_function(session->cred,
++ gnutls_certificate_set_retrieve_function(session->cred,
+ &_cb_request_cert);
+ }
+
+@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session)
+ return 0;
+ }
+
+- ret =
+- gnutls_certificate_type_set_priority(session->tls,
+- cert_type_priority);
+- if (ret < 0) {
+- return 0;
+- }
+ return 1;
+ }
+
+@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session)
+ gnutls_deinit(session->tls);
+ gnutls_init(&session->tls, GNUTLS_CLIENT);
+ gnutls_set_default_priority(session->tls);
+- gnutls_certificate_type_set_priority(session->tls,
+- cert_type_priority);
+ session->need_set_cred = 1;
+
+ /* close socket */
+diff --git a/src/nufw/tls.c b/src/nufw/tls.c
+index e7223eb..2d46820 100644
+--- a/src/nufw/tls.c
++++ b/src/nufw/tls.c
+@@ -506,8 +506,6 @@ void tls_connect()
+ gnutls_session *tls_session;
+ int tls_socket, ret;
+ #if USE_X509
+- const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+ tls.session = NULL;
+
+ /* compute patch key_file */
+@@ -655,18 +653,6 @@ void tls_connect()
+ return;
+ }
+ #if USE_X509
+- ret = gnutls_certificate_type_set_priority(*(tls_session),
+- cert_type_priority);
+- if (ret < 0) {
+- log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
+- "TLS: gnutls_certificate_type_set_priority() failed: %s",
+- gnutls_strerror(ret));
+- gnutls_certificate_free_credentials(tls.xcred);
+- gnutls_deinit(*tls_session);
+- free(tls_session);
+- return;
+- }
+-
+ /* put the x509 credentials to the current session */
+ ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE,
+ tls.xcred);
+--
+2.10.2
+
diff --git a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch
new file mode 100644
index 000000000000..f6bcc95e0006
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch
@@ -0,0 +1,45 @@
+--- a/src/nuauth/auth_srv.h
++++ b/src/nuauth/auth_srv.h
+@@ -162,7 +162,7 @@
+ #ifdef S_SPLINT_S
+ # define NUAUTH_PID_FILE "/usr/local/var/run/nuauth/nuauth.pid"
+ #else
+-# define NUAUTH_PID_FILE LOCAL_STATE_DIR "/run/nuauth/nuauth.pid"
++# define NUAUTH_PID_FILE "/run/nuauth/nuauth.pid"
+ #endif
+
+ /* define the number of threads that will do user check */
+--- a/src/nuauth/command.c
++++ b/src/nuauth/command.c
+@@ -26,7 +26,7 @@
+ #include <sys/un.h> /* unix socket */
+ #include <sys/stat.h> /* fchmod() */
+
+-#define SOCKET_FILENAME LOCAL_STATE_DIR "/run/nuauth/nuauth-command.socket"
++#define SOCKET_FILENAME "/run/nuauth/nuauth-command.socket"
+
+ const char* COMMAND_HELP =
+ "version: display nuauth version\n"
+--- a/src/nufw/main.c
++++ b/src/nufw/main.c
+@@ -54,7 +54,7 @@
+
+ /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined
+ * during compilation/installation) */
+-#define NUFW_PID_FILE LOCAL_STATE_DIR "/run/nufw.pid"
++#define NUFW_PID_FILE "/run/nufw.pid"
+
+ /**
+ * Stop threads and then wait until threads exit.
+--- a/src/nuauth/Makefile.am
++++ b/src/nuauth/Makefile.am
+@@ -26,9 +26,6 @@
+
+ nuauth_LDADD = $(GLIB_LIBS) -lm -lgnutls -lsasl2 -lnufw -L$(top_builddir)/src/include/
+
+-install-exec-local:
+- install -d "$(DESTDIR)$(localstatedir)/run/nuauth/"
+-
+ nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES)
+ @rm -f nuauth$(EXEEXT)
+ $(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD)
diff --git a/net-firewall/nufw/files/nufw-conf.d b/net-firewall/nufw/files/nufw-conf.d
new file mode 100644
index 000000000000..b2ea527744ec
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-conf.d
@@ -0,0 +1,2 @@
+# configuration file for /etc/init.d/nufw
+NUFW_OPTIONS="-k /etc/nufw/nufw.key -c /etc/nufw/nufw.pem -d 127.0.0.1 -p 4129"
diff --git a/net-firewall/nufw/files/nufw-init.d b/net-firewall/nufw/files/nufw-init.d
new file mode 100644
index 000000000000..fd97dd408c7b
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-init.d
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+
+depend() {
+ before net
+}
+
+start() {
+ ebegin "Starting nufw"
+ start-stop-daemon --start --quiet --exec /usr/sbin/nufw -- -D ${NUFW_OPTIONS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping nufw"
+ start-stop-daemon --stop --quiet --pidfile /run/nufw.pid
+ eend $?
+}
diff --git a/net-firewall/nufw/metadata.xml b/net-firewall/nufw/metadata.xml
new file mode 100644
index 000000000000..2d3a5a832ef3
--- /dev/null
+++ b/net-firewall/nufw/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+<email>netmon@gentoo.org</email>
+<name>Gentoo network monitoring and analysis project</name>
+</maintainer>
+<use>
+<flag name="nfconntrack">Use netfilter_conntrack</flag>
+<flag name="nfqueue">Use NFQUEUE instead of QUEUE</flag>
+<flag name="pam_nuauth">Add support for pam nufw from PAM</flag>
+<flag name="plaintext">Add support for authentication with plaintext files</flag>
+</use>
+</pkgmetadata>
diff --git a/net-firewall/nufw/nufw-2.2.22-r1.ebuild b/net-firewall/nufw/nufw-2.2.22-r1.ebuild
new file mode 100644
index 000000000000..79f0b9290942
--- /dev/null
+++ b/net-firewall/nufw/nufw-2.2.22-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+SSL_CERT_MANDATORY=1
+inherit autotools eutils multilib pam ssl-cert
+
+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"
+HOMEPAGE="http://www.nufw.org/"
+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 x86"
+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test"
+
+REQUIRED_USE="pam_nuauth? ( plaintext )"
+DEPEND="
+ dev-libs/cyrus-sasl
+ dev-libs/glib:2
+ dev-libs/libgcrypt:0
+ dev-python/ipy
+ net-firewall/iptables
+ net-libs/gnutls
+ ldap? ( >=net-nds/openldap-2 )
+ mysql? ( virtual/mysql )
+ nfconntrack? ( net-libs/libnetfilter_conntrack )
+ nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )
+ pam? ( sys-libs/pam )
+ pam_nuauth? ( sys-libs/pam )
+ postgres? ( dev-db/postgresql[server] )
+ prelude? ( dev-libs/libprelude )
+"
+RDEPEND=${DEPEND}
+
+RESTRICT="test"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-var-run.patch
+ sed -i \
+ -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \
+ -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \
+ conf/nuauth.conf || die
+ sed -i \
+ -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \
+ src/clients/pam_nufw/Makefile.am || die
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable debug) \
+ $(use_enable pam_nuauth pam-nufw) \
+ $(use_enable static) \
+ $(use_with ldap) \
+ $(use_with mysql mysql-auth) \
+ $(use_with mysql mysql-log) \
+ $(use_with nfconntrack) \
+ $(use_with nfqueue) \
+ $(use_with pam system-auth) \
+ $(use_with plaintext plaintext-auth) \
+ $(use_with postgres pgsql-log) \
+ $(use_with prelude prelude-log) \
+ $(use_with syslog syslog-log) \
+ $(use_with unicode utf8) \
+ --enable-shared \
+ --includedir="/usr/include/nufw" \
+ --localstatedir="/var" \
+ --sysconfdir="/etc/nufw" \
+ --with-mark-group \
+ --with-user-mark
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}"/nufw-init.d nufw
+ newconfd "${FILESDIR}"/nufw-conf.d nufw
+
+ newinitd "${FILESDIR}"/nuauth-init.d nuauth
+ newconfd "${FILESDIR}"/nuauth-conf.d nuauth
+
+ insinto /etc/nufw
+ doins conf/nuauth.conf
+
+ dodoc AUTHORS ChangeLog NEWS README TODO
+ docinto scripts
+ dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}
+ docinto conf
+ dodoc conf/*.{nufw,schema,conf,dump,xml}
+
+ if use pam; then
+ pamd_mimic system-auth nufw auth account password session
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ install_cert /etc/nufw/{nufw,nuauth}
+}
diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
new file mode 100644
index 000000000000..a3c6d2b4f822
--- /dev/null
+++ b/net-firewall/nufw/nufw-2.2.22-r2.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+SSL_CERT_MANDATORY=1
+inherit autotools eutils multilib pam ssl-cert
+
+DESCRIPTION="An enterprise grade authenticating firewall based on netfilter"
+HOMEPAGE="http://www.nufw.org/"
+SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 x86"
+IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test"
+
+REQUIRED_USE="pam_nuauth? ( plaintext )"
+DEPEND="
+ dev-libs/cyrus-sasl
+ dev-libs/glib:2
+ dev-libs/libgcrypt:0
+ dev-python/ipy
+ net-firewall/iptables
+ net-libs/gnutls
+ ldap? ( >=net-nds/openldap-2 )
+ mysql? ( virtual/mysql )
+ nfconntrack? ( net-libs/libnetfilter_conntrack )
+ nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue )
+ pam? ( sys-libs/pam )
+ pam_nuauth? ( sys-libs/pam )
+ postgres? ( dev-db/postgresql:*[server] )
+ prelude? ( dev-libs/libprelude )
+"
+RDEPEND=${DEPEND}
+
+PATCHES=(
+ "${FILESDIR}/${P}-var-run.patch"
+ "${FILESDIR}/${P}-gnutls-3.4.patch"
+)
+
+RESTRICT="test"
+
+src_prepare() {
+ default
+ sed -i \
+ -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \
+ -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \
+ conf/nuauth.conf || die
+ sed -i \
+ -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \
+ src/clients/pam_nufw/Makefile.am || die
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable debug) \
+ $(use_enable pam_nuauth pam-nufw) \
+ $(use_enable static) \
+ $(use_with ldap) \
+ $(use_with mysql mysql-auth) \
+ $(use_with mysql mysql-log) \
+ $(use_with nfconntrack) \
+ $(use_with nfqueue) \
+ $(use_with pam system-auth) \
+ $(use_with plaintext plaintext-auth) \
+ $(use_with postgres pgsql-log) \
+ $(use_with prelude prelude-log) \
+ $(use_with syslog syslog-log) \
+ $(use_with unicode utf8) \
+ --enable-shared \
+ --includedir="/usr/include/nufw" \
+ --localstatedir="/var" \
+ --sysconfdir="/etc/nufw" \
+ --with-mark-group \
+ --with-user-mark
+}
+
+src_install() {
+ default
+ prune_libtool_files
+
+ newinitd "${FILESDIR}"/nufw-init.d nufw
+ newconfd "${FILESDIR}"/nufw-conf.d nufw
+
+ newinitd "${FILESDIR}"/nuauth-init.d nuauth
+ newconfd "${FILESDIR}"/nuauth-conf.d nuauth
+
+ insinto /etc/nufw
+ doins conf/nuauth.conf
+
+ docinto scripts
+ dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh}
+ docinto conf
+ dodoc conf/*.{nufw,schema,conf,dump,xml}
+
+ if use pam; then
+ pamd_mimic system-auth nufw auth account password session
+ fi
+}
+
+pkg_postinst() {
+ install_cert /etc/nufw/{nufw,nuauth}
+}
diff --git a/net-firewall/pftop/Manifest b/net-firewall/pftop/Manifest
new file mode 100644
index 000000000000..34b61d874817
--- /dev/null
+++ b/net-firewall/pftop/Manifest
@@ -0,0 +1,6 @@
+DIST pftop-0.7-patches-3.tar.bz2 10611 SHA256 56826b18fb4b6559dd3ddec1d53ab7d84988dcb10f5b1abc6539f2f7ffb1ae22 SHA512 7c8f438e8fc1c507313cf9fe69da2b27bdc57e4cf27b8b0d6153fb0c269d417a59ff93cd74987809b131ae2d148b659ca00d93da1346a515b11c1d8bbfc67f1f WHIRLPOOL c4c5f833daa9aef066351dd924e581dfd595d8ee0b987ee5dd5693480eca540ebbb4c603a1ceb4fc87678473ea4790e026b0ad86775187581aa6e285c19fbc4f
+DIST pftop-0.7.tar.gz 59765 SHA256 afde859fab77597e4aae1ef6b87f1bb26a5ad8cb2b1d7316a12e5098153492af SHA512 e9be01704adc112bd1f5dc011f7900754d600df6be50e28ee4a937faabe00b627ed4d1565e92560d750e70f5117533c494565f616f3562eae61301642d438713 WHIRLPOOL af50aa66c7eecfa7bdd390f86e0953baac4ccd45652c6fadfbe952b201190fe402b667fb5c262449e503c3aac88916f23e6e2bc219803b5ea823670df85097dc
+EBUILD pftop-0.7-r2.ebuild 1233 SHA256 bebf71d34a0792a612a229df414e63e46fd3f7223d90cac4b1fd1e4779ea7e85 SHA512 c921daba289a5cb7e1bfc31364185bb1ef385283df0eaf9b5ea7d41866f82263f33a55899df2611349810716f3ec2ec0d663c0c25a05d043b74f1e70fbd28d33 WHIRLPOOL 345edc81e7618df1a0fd4b03c63de539932037b3a440936a7eeaa99ef7b29a9330819b973bc22a16dd46797ffab36c2d6cebaac715339189cbe42bb397d13cfe
+MISC ChangeLog 2849 SHA256 5e6249ea36c35d1bafb05881e1f26e4588c575567641c01f23dbefcf1f611da5 SHA512 83767051ee175a43e1b68646a9ae5bb61d9dc91bb8974b10190d63597ce7bd501de7da16c4c0e696dd1e358e06bf5e0c7626ba46b5e3d9a688b161a0b1430fae WHIRLPOOL f8bee53a97acae950bd81b0e6c7fc54ddfa16260e2e0c46a133778a2683f543e9f773ea36e932bff5630e28e7d789195f39924107d29a1f6c7f4d1043624baf0
+MISC ChangeLog-2015 1940 SHA256 e88b111738150ebffecf9017474fe8b8f27d775efec2197d63ac1e6da3ebea2f SHA512 fdf7d192e86fca31cb52c65d94f4acf5a5d665987826111993294071f9d8fd03b194786d902eee0b2c6d960beeb404e1f7c4a82097f73a9441ed2f2f674b8dd7 WHIRLPOOL 73b46fc0f0161f2fa2d38b055bd4e1ac76a56ee1eaba3f06b0384b08679af35c3e8c449fb2d51185fa87fe984ff686f2952e08ff2f6b9d946e3097e7e5cc179d
+MISC metadata.xml 349 SHA256 9de8354235e53f5c26052762eacb38247be55e893834dea5560356af4082a655 SHA512 90bdc41abf6957dbaa912df1db6731ed1b7b3ac557fec239b2dfd2f7c23b066df13ff8c5534cd36d05780a07cb4ba287d8ffe4551054a5507280fdfdaca47c24 WHIRLPOOL 2361888d4462b1dde987f847727089386987041d9cf4dc3cbd40302f03640f53b00a9f9ca00e3b18c2e37c566041764814763fa44feecb3e4b6d0e0d04c32272
diff --git a/net-firewall/pftop/metadata.xml b/net-firewall/pftop/metadata.xml
new file mode 100644
index 000000000000..eb54224c8109
--- /dev/null
+++ b/net-firewall/pftop/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>bsd@gentoo.org</email>
+ <name>BSD Project</name>
+ </maintainer>
+ <use>
+ <flag name="altq">Enable altq(4) support — alternate queuing of network packets.</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-firewall/pftop/pftop-0.7-r2.ebuild b/net-firewall/pftop/pftop-0.7-r2.ebuild
new file mode 100644
index 000000000000..ede062387ec1
--- /dev/null
+++ b/net-firewall/pftop/pftop-0.7-r2.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=4
+PATCH_PV=3
+
+inherit bsdmk flag-o-matic eutils
+
+DESCRIPTION="Tool for real-time display of active states and rule statistics for pf"
+HOMEPAGE="http://www.eee.metu.edu.tr/~canacar/pftop/"
+SRC_URI="http://www.eee.metu.edu.tr/~canacar/${P}.tar.gz
+ mirror://gentoo/${P}-patches-${PATCH_PV}.tar.bz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~x86-fbsd"
+IUSE="altq"
+
+RDEPEND="sys-libs/ncurses"
+
+src_prepare() {
+ epatch "${WORKDIR}"/patches/*
+}
+
+src_compile() {
+ # OS_LEVEL variable refers to the version of pf shipped with OpenBSD.
+ # On FreeBSD we have to know it.
+ local OSLEVEL
+
+ case ${CHOST} in
+ *-openbsd*)
+ local obsdver=${CHOST/*-openbsd/}
+ OSLEVEL=${obsdver//.}
+ ;;
+ *-freebsd[78]*) OSLEVEL=41 ;;
+ *-freebsd9*) OSLEVEL=45 ;;
+ *)
+ die "Your OS/Version is not supported (${CHOST}), please report."
+ ;;
+ esac
+ append-flags "-DHAVE_SNPRINTF -DHAVE_VSNPRINTF -DOS_LEVEL=${OSLEVEL}"
+ use altq && append-flags "-DHAVE_ALTQ"
+ mkmake LOCALBASE="/usr" CFLAGS="${CFLAGS}" || die "pmake failed"
+}
+
+src_install() {
+ mkinstall DESTDIR="${D}" LOCALBASE="/usr" MANDIR="/usr/share/man/man" \
+ NO_MANCOMPRESS= install || die
+}
diff --git a/net-firewall/pglinux/Manifest b/net-firewall/pglinux/Manifest
new file mode 100644
index 000000000000..991afd7eaa13
--- /dev/null
+++ b/net-firewall/pglinux/Manifest
@@ -0,0 +1,5 @@
+DIST pgl-2.3.1.tar.gz 605656 SHA256 1b5c6d233baa943b42254c95ed2853d036f3f246feaebc073e3c91c05a4c98b4 SHA512 f23d44ad6448814ba0a2c90292ff4a933d31fed942886d63c50bb62fb56e1af70df72e09070ad3cd27c878f322576326040c330fbdbda63128ad304375b02a1e WHIRLPOOL f36f2d740f2b760d70e90de2e8004932289130b76119af80e478b0e8136d0dffb167c941b54b602a6f1857c9a3f8df1e7b4c6ed5c02099c008bec601ab967e2b
+EBUILD pglinux-2.3.1.ebuild 2364 SHA256 814fe04bbc33e3663225b7adea87de21d100f81de1262b67bbf0bf99b676fb63 SHA512 5cec196b62f8654d4da1d03732ecbb63aa263118277c998c127b7f69a4e594d432a93e6e04c9bf51af2af0202b451167c6ee583ec6d17cd51eccbc93d053511d WHIRLPOOL 8f9affd84cac40cace1700d7a14b197e80c16c8427469452647ac63de5a79be5a4eaf35f758c33afd9c35d8a5850415c31f072a04d0e41d00604c6d5310be766
+MISC ChangeLog 4805 SHA256 badfc3708b18786eaef537aaf802c137b169adda8bd7fc1e5d69b9fda20b83cc SHA512 4f13586b8082e5ed7c57b07340fa91c05db235920b021c7636639bdc4d4214d825ce93bf080108e7ac9e850742ece5222f508ede1f298697c873541383770a55 WHIRLPOOL 28f47f823ee6c0baf5096575f03e3c0958a0904fed295cbdf6c18ba6a1bda2475cf28a885417473770384f1f5f2677f5d47ccd2f142cd52afcd05217ba852a73
+MISC ChangeLog-2015 3668 SHA256 cf247c113d334dd230fd44602a780bd2b2b237edabfabce07243879539e6f46c SHA512 edf54b955f83610f16b49a4ddb0bf683f280627515ed83ec0bd33bac584fdc70ac9e46f3514d725131ddf20071d80bc3fc9f0c80996bdfa3840db7bb805ed256 WHIRLPOOL 96bdd353e8a30873c73e8dd7a58e90b0947ace53129f181ddb85d38c6e142a2ea322a3c328a6fc55f2531ac87a5bf1822b29c918731f08caccb8513c0c4a0ea6
+MISC metadata.xml 882 SHA256 3df0fb92322d2e78d34ded34757164f79618cdd76e384bda33cd4a39ec54dcfe SHA512 34297f9b8e083798fedc61991300cb4d9a2eb5fff8065656590a51d732e2d4e187f05db08b336ace3b24982362e1aa3b0b18b6eebc8ddf9a72e81f27be424672 WHIRLPOOL 095dcdf6b37396f792e7c2cde112a637cc65a4a7f734edc8199d5877108db921f08e05f1dc29fa729016eb2057442d09288362886a2292c369c23698b022ca05
diff --git a/net-firewall/pglinux/metadata.xml b/net-firewall/pglinux/metadata.xml
new file mode 100644
index 000000000000..cd9a336cff52
--- /dev/null
+++ b/net-firewall/pglinux/metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+ <upstream>
+ <changelog>https://sourceforge.net/news/?group_id=131687</changelog>
+ <doc lang="en">https://sourceforge.net/projects/peerguardian/support</doc>
+ <bugs-to>https://sourceforge.net/tracker/?group_id=131687</bugs-to>
+ <remote-id type="sourceforge">peerguardian</remote-id>
+ </upstream>
+ <use>
+ <flag name="cron">Install cron script</flag>
+ <flag name="logrotate">Install logrotate.d file</flag>
+ </use>
+ <longdescription lang="en">
+ PeerGuardian Linux (pgl) is a privacy oriented firewall application. It blocks
+ connections to and from hosts specified in huge blocklists (thousands or
+ millions of IP ranges). pgl is based on the Linux kernel netfilter framework
+ and iptables.
+ </longdescription>
+</pkgmetadata>
diff --git a/net-firewall/pglinux/pglinux-2.3.1.ebuild b/net-firewall/pglinux/pglinux-2.3.1.ebuild
new file mode 100644
index 000000000000..e524edf5a018
--- /dev/null
+++ b/net-firewall/pglinux/pglinux-2.3.1.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit eutils gnome2-utils linux-info systemd
+
+MY_P="pgl-${PV}"
+
+DESCRIPTION="Privacy oriented firewall application"
+HOMEPAGE="https://sourceforge.net/projects/peerguardian/"
+SRC_URI="mirror://sourceforge/peerguardian/${MY_P}.tar.gz"
+
+LICENSE="GPL-3"
+KEYWORDS="amd64 x86"
+SLOT="0"
+IUSE="cron dbus logrotate networkmanager qt4 zlib"
+REQUIRED_USE="qt4? ( dbus )"
+
+COMMON_DEPEND="
+ net-libs/libnetfilter_queue
+ net-libs/libnfnetlink
+ dbus? ( sys-apps/dbus )
+ zlib? ( sys-libs/zlib )
+ qt4? ( sys-auth/polkit-qt[qt4]
+ dev-qt/qtcore:4
+ dev-qt/qtdbus:4
+ dev-qt/qtgui:4
+ || ( kde-plasma/kde-cli-tools[kdesu] kde-apps/kdesu x11-misc/ktsuss )
+ )
+"
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig
+ sys-devel/libtool:2
+"
+RDEPEND="${COMMON_DEPEND}
+ net-firewall/iptables
+ sys-apps/sysvinit
+ cron? ( virtual/cron )
+ logrotate? ( app-admin/logrotate )
+ networkmanager? ( net-misc/networkmanager:= )
+"
+
+CONFIG_CHECK="~NETFILTER_NETLINK
+ ~NETFILTER_NETLINK_QUEUE
+ ~NETFILTER_XTABLES
+ ~NETFILTER_XT_TARGET_NFQUEUE
+ ~NETFILTER_XT_MATCH_IPRANGE
+ ~NETFILTER_XT_MARK
+ ~NETFILTER_XT_MATCH_MULTIPORT
+ ~NETFILTER_XT_MATCH_STATE
+ ~NF_CONNTRACK
+ ~NF_CONNTRACK_IPV4
+ ~NF_DEFRAG_IPV4
+ ~IP_NF_FILTER
+ ~IP_NF_IPTABLES
+ ~IP_NF_TARGET_REJECT"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ default
+ sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' pglcmd/init/pgl.gentoo.in || die
+}
+
+src_configure() {
+ econf \
+ --localstatedir=/var \
+ $(use_enable logrotate) \
+ $(use_enable cron) \
+ $(use_enable networkmanager) \
+ $(use_enable zlib) \
+ $(use_enable dbus) \
+ --disable-lowmem \
+ --with-iconsdir=/usr/share/icons/hicolor/128x128/apps \
+ --with-gentoo-init \
+ $(use_with qt4) \
+ --with-systemd="$(systemd_get_systemunitdir)"
+}
+
+src_install() {
+ default
+ keepdir /var/{lib,log,spool}/pgl
+ rm -rf "${ED%/}"/tmp || die
+ prune_libtool_files --modules
+}
+
+pkg_preinst() {
+ gnome2_icon_savelist
+}
+
+pkg_postinst() {
+ elog "optional dependencies:"
+ elog " app-arch/p7zip (needed for blocklists packed as .7z)"
+ elog " app-arch/unzip (needed for blocklists packed as .zip)"
+ elog " virtual/mta (needed to send informational (blocklist updates) and"
+ elog " warning mails (if pglcmd.wd detects a problem.))"
+
+ gnome2_icon_cache_update
+}
+
+pkg_postrm() {
+ gnome2_icon_cache_update
+}
diff --git a/net-firewall/psad/Manifest b/net-firewall/psad/Manifest
new file mode 100644
index 000000000000..fbf046025b38
--- /dev/null
+++ b/net-firewall/psad/Manifest
@@ -0,0 +1,12 @@
+AUX psad-2.2.4-var-run.patch 589 SHA256 e4182e086cad3f4534baab0357cc327a8adcaa4c783abae86d8d5427fc591417 SHA512 dfd46dc06ef1f5bacb1424dc3ef9df23c5dc28abe6c6b1ffcbf7720e1d134e983e581831e7ed04074592bd1865f3628c753b313b7df1f7fdf84d438e82c25464 WHIRLPOOL f447483b8b3fdcbf542513c541c027b6b27eeec1abc1b0af2daa9481fd772c25e41454080b5cecf9808dded85e3af2c574d890e3755a8913553ca9229b9a6af3
+DIST psad-2.2.5.tar.bz2 1243987 SHA256 736d446266227cb65511d792c85224573c95ea4dc3bde3d5c65bc19084f57452 SHA512 195a06420cf821d182a5422705ba2d407fd35f23887430e61925cad0eada7d20e2416eaf6317857a5aec2f1264a280a7e0128cc301f17dcf20cf833a9f0efb6e WHIRLPOOL fac4797e0a399d4f5edf2179c21d37791d184ee1e334b9b8fb2707405afc10ca0c0d4ab43cd274f34cf8ba9453189066b1d46b955d0533fa357e376ef3817f1f
+DIST psad-2.4.3.tar.bz2 1395260 SHA256 e482de4602ab72dba868dcdd1078ad3645d49ab02a9eb116dd117c1a5a20f8c5 SHA512 8a25ef377e3f4f406c2179a42217110a670f1c0eb8e7991e32a99fd695ca1866218274e9aaeb48552e1bd9bd91b5fbf34b226d767c28f1db27f15b08fba2b0e8 WHIRLPOOL a1c06df2cd67baa3e2b519094ffcccd027aab47352c00cd3147a8d3db2366ce8cbea42c37f5e8adcd9c2532af215bd87ed5d925e376cf8d965725e4f5cf4c7ea
+DIST psad-2.4.4.tar.bz2 1429113 SHA256 4a8dad05554f779c359fb1091b07b37219dd4321d85e162a5885a11efaec1901 SHA512 0437a489fcb54458dbb33e0139385e577a89db0c07bd872e4e56780feb8033080d59c99aeff419f3c94b22be8fb41995674749123d15f7d578cc8b0a77d7783f WHIRLPOOL 5ab47d1b23659058ed17f484d7b5aa2c2dad5412f06dfde2fc0032ae50c2d25e9ab9a05bcad29547dd9dc69b0268ec7601917d60d4178bf8032f661aa7ef742c
+DIST psad-2.4.5.tar.bz2 1631602 SHA256 2de1115325bd7c95d32ce0bdee5028c43a86c2893203b5fc1ba6bdfe8ba182d1 SHA512 6466cf3191092672557fb6c044c6126290f1d89aea37a20aad1b3eb148b5b8be5bc2cf3700938b91263d7403f776613f304bd491c24a7e16b0975b81f24481a0 WHIRLPOOL 87bbd23cf4419e6a85cbb4fdb7a08dfe3e1aeb10c1542766d4b708a837182dea2859d5db982f2d91a67331b80c2e6728391917964f6dd555b70c3a38f7e7d607
+EBUILD psad-2.2.5.ebuild 1867 SHA256 5907a00070175bd9311ff1298364e5d90a4a324aa606d1b59e7bc289f4037b12 SHA512 3eed54b311474cd74352f93e8ca8061f9e5149041251c3e4034c6d81ecf28233f29f2a9597863e4a0eb7bc04b9812d589d3e0f1214241103678116761b2b8ba2 WHIRLPOOL 8efdc258398833639a78423b5fe32021f39fb8d1df9fadb58090d961787f6c65c58462f430ade28176ad58b514630342d3262239f88ac204ebbaff1045082e1b
+EBUILD psad-2.4.3.ebuild 1897 SHA256 86cb786a5681b7d32fcf40b04680e03dc2efec276a502231b1a2b5c398347a68 SHA512 5d12f26624e1315f15656ef70a57588bffd5cd492452008109ccda58aa76fe771ecd3c110e081d66f3cb4c0c700ec64377f765f5c20a35fce13fa3ff82a78077 WHIRLPOOL a745424dc83ee2d817cf2467ac975695a265c0dc1d86df3553d231ef39b39bfb534ff2adb3c4c712c7a1470bd47736cb9b6152a5b0649d699ef63b464e8aec5c
+EBUILD psad-2.4.4.ebuild 1904 SHA256 a54988d01200d8cf10318a0ade1b96218edbb5152929298ee70445c345ab35d5 SHA512 d14a9739f329c2692cde9d26d54d6742b27d4269ac0ce93091d9b96a153afac2ea242ea5297afd86e33ce8d47615d3c462b60c1525b6f1c3c50692ec8a525092 WHIRLPOOL 28255452f1c1e5f243c947b8d8701f39f8bbdbdb57a54805866281158ea13d9e23e03901083f425fb31686c3d92fb1ecd31aeffbcab04ef352075af0a079f16e
+EBUILD psad-2.4.5.ebuild 1921 SHA256 42b222cff2a4e945d8f2bb5c646e5fb6ab1c75122a8a3ff4996505ecf1cfc059 SHA512 bb1cb04edec855a03db0c8f233893378580490c53e4c7527e8b6b7ca2d298100fa2510b2b68ddfdf183cba446cfb4df2a6a1fe31b48cde90d7513de42b3631dc WHIRLPOOL 0523b4ab30f963f61ef54c890324ad6f6faaadf18c11dc1ed29769db9bbc5085b5e7873dd865c26cea1c337cf7f60cd5c80ab3c7d9a672658df9f55a971f2cd2
+MISC ChangeLog 2795 SHA256 6f4cd1d2278282b170cf8b1f1a1bfa64bf7839f89e5606d1400559e72b33cf96 SHA512 65030159a65e8155376a6222b61386a2766333cf72640da1a3a449c87373dc881d26033ecc7179828a1917364d9a01c9bd38adb09303375d94eb966d351b0e4c WHIRLPOOL 51b36ef1c8fdebe6fd6f5fcbe4c445cb4a5d88aa143cf3809e8a4d25b896f19e01ca8345a7f0acc7ebace489973d73d03a87ceaa34f9b89673968bcbdecefd83
+MISC ChangeLog-2015 14175 SHA256 3a1c9b801bc22111418b71a299c313d7b1efe641c01fee45e1c0100a098e14c8 SHA512 891e32e6c30e45bc49e3ea01eb79f9b56293e97a5866089156f40ad549b459def60cd9162f8d6971c057b5e194868868040f77ad38b62190d74eaea3b25f9398 WHIRLPOOL 93ed4e50c4e2e406c3c0f3e4cc6e0b9a3b25040b9d900e0fc3dad12bdd3b1bc79ef61a90945188874239444d88df75865fb4cc21918460ac14a1808ff0b9de81
+MISC metadata.xml 276 SHA256 d15d6b6bd9ffc8a642c7469d01788ba9158efb4ca27fcf3324d9e52d1b70ec93 SHA512 f0e6c6bc89659e01e157d9bf30d0a2f3fd2d71bc26c8d12489c4a44fc5237159946e25b46e7295ab4676aea63559194977a0b1e76aced31d81cf6387dd0f4250 WHIRLPOOL 26b9e81575f613b751f76234013c30a8da84a1c0dd75c12b8df32706ee753691bbc889a2dec5001cc8c4b05c47aca49ed9fabbb5a6fefed74aaa86d6c3f56cee
diff --git a/net-firewall/psad/files/psad-2.2.4-var-run.patch b/net-firewall/psad/files/psad-2.2.4-var-run.patch
new file mode 100644
index 000000000000..7e6c9d29081d
--- /dev/null
+++ b/net-firewall/psad/files/psad-2.2.4-var-run.patch
@@ -0,0 +1,19 @@
+--- a/init-scripts/psad-init.gentoo
++++ b/init-scripts/psad-init.gentoo
+@@ -1,4 +1,4 @@
+-#!/sbin/runscript
++#!/sbin/openrc-run
+ ## Copyright 2006 Michael Rash
+ # Distributed under the terms of the GNU General Public License v2
+ # Author: Michael Rash
+@@ -19,6 +19,10 @@
+
+ start() {
+ checkconfig || return 1
++ checkpath -q -d -m 755 -o root:root /run/psad
++ checkpath -q -d -m 755 -o root:root /var/lib/psad
++ checkpath -q -d -m 755 -o root:root /var/log/psad
++ [ -p /var/lib/psad/psadfifo ] || mknod -m 600 /var/lib/psad/psadfifo p
+
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon \
diff --git a/net-firewall/psad/metadata.xml b/net-firewall/psad/metadata.xml
new file mode 100644
index 000000000000..74c2baebb4ec
--- /dev/null
+++ b/net-firewall/psad/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+</maintainer>
+</pkgmetadata>
diff --git a/net-firewall/psad/psad-2.2.5.ebuild b/net-firewall/psad/psad-2.2.5.ebuild
new file mode 100644
index 000000000000..f45bb3101a38
--- /dev/null
+++ b/net-firewall/psad/psad-2.2.5.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+#PERL_EXPORT_PHASE_FUNCTIONS=no
+inherit eutils perl-module toolchain-funcs
+
+DESCRIPTION="Port Scanning Attack Detection daemon"
+SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2"
+HOMEPAGE="http://www.cipherdyne.org/psad"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="alpha amd64 ppc ~sparc x86"
+
+DEPEND="virtual/perl-ExtUtils-MakeMaker"
+RDEPEND="
+ dev-perl/Bit-Vector
+ dev-perl/Date-Calc
+ dev-perl/NetAddr-IP
+ dev-perl/Unix-Syslog
+ net-firewall/iptables
+ net-misc/whois
+ virtual/logger
+ virtual/mailx
+ virtual/perl-Storable
+"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-2.2.4-var-run.patch
+
+ sed -i \
+ -e 's|/usr/bin/gcc|$(CC)|g' \
+ -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \
+ Makefile || die
+ # Fix up default paths
+ sed -i \
+ -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \
+ psad.conf || die
+}
+
+src_configure() {
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ SRC_PREP="no" perl-module_src_configure
+ done
+}
+
+src_compile() {
+ tc-export CC
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_compile
+ done
+}
+
+src_install() {
+ newbin pscan psad-pscan
+
+ insinto /usr
+ dosbin kmsgsd psad psadwatchd
+ newsbin fwcheck_psad.pl fwcheck_psad
+
+ insinto /etc/psad
+ doins \
+ *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \
+ protocols signatures
+
+ newinitd init-scripts/psad-init.gentoo psad
+
+ doman *.8
+
+ dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README SCAN_LOG
+
+ insinto /etc/psad/snort_rules
+ doins deps/snort_rules/*
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_install
+ done
+}
diff --git a/net-firewall/psad/psad-2.4.3.ebuild b/net-firewall/psad/psad-2.4.3.ebuild
new file mode 100644
index 000000000000..79b1d6323a88
--- /dev/null
+++ b/net-firewall/psad/psad-2.4.3.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+#PERL_EXPORT_PHASE_FUNCTIONS=no
+inherit eutils perl-module toolchain-funcs
+
+DESCRIPTION="Port Scanning Attack Detection daemon"
+SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2"
+HOMEPAGE="http://www.cipherdyne.org/psad"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+
+DEPEND="virtual/perl-ExtUtils-MakeMaker"
+RDEPEND="
+ dev-perl/Bit-Vector
+ dev-perl/Date-Calc
+ dev-perl/NetAddr-IP
+ dev-perl/Unix-Syslog
+ net-firewall/iptables
+ net-misc/whois
+ virtual/logger
+ virtual/mailx
+ virtual/perl-Storable
+"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-2.2.4-var-run.patch
+
+ sed -i \
+ -e 's|/usr/bin/gcc|$(CC)|g' \
+ -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \
+ Makefile || die
+ # Fix up default paths
+ sed -i \
+ -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \
+ psad.conf || die
+}
+
+src_configure() {
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ SRC_PREP="no" perl-module_src_configure
+ done
+}
+
+src_compile() {
+ tc-export CC
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_compile
+ done
+}
+
+src_install() {
+ newbin pscan psad-pscan
+
+ insinto /usr
+ dosbin kmsgsd psad psadwatchd
+ newsbin fwcheck_psad.pl fwcheck_psad
+
+ insinto /etc/psad
+ doins \
+ *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \
+ protocols signatures
+
+ newinitd init-scripts/psad-init.gentoo psad
+
+ doman *.8
+
+ dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES FW_HELP README \
+ README.SYSLOG SCAN_LOG
+
+ insinto /etc/psad/snort_rules
+ doins deps/snort_rules/*
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_install
+ done
+}
diff --git a/net-firewall/psad/psad-2.4.4.ebuild b/net-firewall/psad/psad-2.4.4.ebuild
new file mode 100644
index 000000000000..7470cc6b3cdc
--- /dev/null
+++ b/net-firewall/psad/psad-2.4.4.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+#PERL_EXPORT_PHASE_FUNCTIONS=no
+inherit perl-module toolchain-funcs
+
+DESCRIPTION="Port Scanning Attack Detection daemon"
+SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2"
+HOMEPAGE="http://www.cipherdyne.org/psad"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+
+DEPEND="virtual/perl-ExtUtils-MakeMaker"
+RDEPEND="
+ dev-perl/Bit-Vector
+ dev-perl/Date-Calc
+ dev-perl/NetAddr-IP
+ dev-perl/Unix-Syslog
+ net-firewall/iptables
+ net-misc/whois
+ virtual/logger
+ virtual/mailx
+ virtual/perl-Storable
+"
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.2.4-var-run.patch
+)
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's|/usr/bin/gcc|$(CC)|g' \
+ -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \
+ Makefile || die
+ # Fix up default paths
+ sed -i \
+ -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \
+ psad.conf || die
+}
+
+src_configure() {
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ SRC_PREP="no" perl-module_src_configure
+ done
+}
+
+src_compile() {
+ tc-export CC
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_compile
+ done
+}
+
+src_install() {
+ newbin pscan psad-pscan
+
+ insinto /usr
+ dosbin kmsgsd psad psadwatchd
+ newsbin fwcheck_psad.pl fwcheck_psad
+
+ insinto /etc/psad
+ doins \
+ *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \
+ protocols signatures
+
+ newinitd init-scripts/psad-init.gentoo psad
+
+ doman *.8
+
+ dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES FW_HELP README \
+ README.SYSLOG SCAN_LOG
+
+ insinto /etc/psad/snort_rules
+ doins deps/snort_rules/*
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_install
+ done
+}
diff --git a/net-firewall/psad/psad-2.4.5.ebuild b/net-firewall/psad/psad-2.4.5.ebuild
new file mode 100644
index 000000000000..fa26cc018d83
--- /dev/null
+++ b/net-firewall/psad/psad-2.4.5.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+#PERL_EXPORT_PHASE_FUNCTIONS=no
+inherit perl-module toolchain-funcs
+
+DESCRIPTION="Port Scanning Attack Detection daemon"
+SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2"
+HOMEPAGE="http://www.cipherdyne.org/psad"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+
+DEPEND="virtual/perl-ExtUtils-MakeMaker"
+RDEPEND="
+ dev-perl/Bit-Vector
+ dev-perl/Date-Calc
+ dev-perl/NetAddr-IP
+ dev-perl/Unix-Syslog
+ net-firewall/iptables
+ net-misc/whois
+ virtual/logger
+ virtual/mailx
+ virtual/perl-Storable
+"
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.2.4-var-run.patch
+)
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's|/usr/bin/gcc|$(CC)|g' \
+ -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \
+ Makefile || die
+ # Fix up default paths
+ sed -i \
+ -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \
+ psad.conf || die
+}
+
+src_configure() {
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ SRC_PREP="no" perl-module_src_configure
+ done
+}
+
+src_compile() {
+ tc-export CC
+ default
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_compile
+ done
+}
+
+src_install() {
+ newbin misc/pscan psad-pscan
+
+ insinto /usr
+ dosbin kmsgsd psad psadwatchd
+ newsbin fwcheck_psad.pl fwcheck_psad
+
+ insinto /etc/psad
+ doins \
+ *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \
+ protocols signatures
+
+ newinitd init-scripts/psad-init.gentoo psad
+
+ doman doc/*.8
+
+ dodoc doc/BENCHMARK CREDITS Change* doc/FW_EXAMPLE_RULES README \
+ doc/README.SYSLOG doc/SCAN_LOG
+
+ insinto /etc/psad/snort_rules
+ doins deps/snort_rules/*
+
+ local deps_subdir
+ for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
+ cd "${S}"/deps/${deps_subdir} || die
+ perl-module_src_install
+ done
+}
diff --git a/net-firewall/quicktables/Manifest b/net-firewall/quicktables/Manifest
new file mode 100644
index 000000000000..d2c0b24c95ff
--- /dev/null
+++ b/net-firewall/quicktables/Manifest
@@ -0,0 +1,5 @@
+DIST quicktables-2.3.tar.gz 20287 SHA256 f96c39dd72227b0056899d635531c3836a64a300183d657a12a5625d435155f6 SHA512 4a2a7c98d353724b845a8c474c39a2759a51ad4dae38a327d2db614a9e872ca3d1d05b150ab1e6815d461ec575590c5793a9342300524197fd9a52d294e55766 WHIRLPOOL 77a5b7c658d07604672afd346ad3248ef8110bd3a057bab74869c076609fefaad45213cbecff02f91734915662c0012196767b24fc55f0073c16fb877c961813
+EBUILD quicktables-2.3.ebuild 418 SHA256 b7292dd1ef6e89177848a8a80eb301b1d4445f0da32a5a2c75c4710d7699dd44 SHA512 69518d43fc18970baa7923e985f14e1895553bd1b3b735ad0927af913e43a4644963af4495cb70addc283d42a7b49ae9621ba67eeee20fe9c018e07214c86ace WHIRLPOOL 3359a5164fc1ad24d2c01bed15cec94aaded478dc6e3bb0eb6d0200b41917a3f33f52b8c8675978aa9d9a3cfc8cd1e4ff8bce363ea3f38b1b2565e630a072361
+MISC ChangeLog 2534 SHA256 2d6185b2be8752bc2559328f44b7ab9b918a0c65c2526b80d89d22a25d09ea94 SHA512 5c7fbd0b6281455acfd6a0b0d2b257963528aeff0eb5566d688d7b8869ac3a57983f2804558f30bb44885d5982c6448c955664e84f99a6212f1a60258024eaed WHIRLPOOL fbc414b13b762674f6037f24038f00906cb9c9135171fccf5cecbc75e373de86872c7ce11519d0d2513a2da0d55ee13502087e98ce83d607cc7efa97af253729
+MISC ChangeLog-2015 647 SHA256 e5f123cbe5a6c3c9de2b3336393793418b1e6b5ba65b3f5f75b962ea040b029a SHA512 a4efe14c64d6dc4b47647873e6044db6d114f59cd34c95d7f18f27625c2e9edb259fd6ca69cc0956e80353e7cad735977b5687f23e910161a8c0a04027a240d1 WHIRLPOOL e8454679000050e3f6cc9f852733b778db79a12e0640d05814f44620d9c104d372b9d94453581ab1bc9dd03e4b77a063acc595437d83f2a44c8aa12b64272404
+MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968
diff --git a/net-firewall/quicktables/metadata.xml b/net-firewall/quicktables/metadata.xml
new file mode 100644
index 000000000000..6f49eba8f496
--- /dev/null
+++ b/net-firewall/quicktables/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<!-- maintainer-needed -->
+</pkgmetadata>
diff --git a/net-firewall/quicktables/quicktables-2.3.ebuild b/net-firewall/quicktables/quicktables-2.3.ebuild
new file mode 100644
index 000000000000..9abcb7ee6637
--- /dev/null
+++ b/net-firewall/quicktables/quicktables-2.3.ebuild
@@ -0,0 +1,18 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+DESCRIPTION="a quick iptables script generator"
+HOMEPAGE="http://qtables.radom.org/"
+SRC_URI="http://qtables.radom.org/files/${P}.tar.gz"
+
+LICENSE="GPL-2"
+IUSE=""
+KEYWORDS="~amd64 ~ppc ~x86"
+SLOT="0"
+
+RDEPEND="net-firewall/iptables"
+
+src_install() {
+ dosbin quicktables-2.3 || die
+ dodoc changes readme todo
+}
diff --git a/net-firewall/rtsp-conntrack/Manifest b/net-firewall/rtsp-conntrack/Manifest
new file mode 100644
index 000000000000..1fd353e7175b
--- /dev/null
+++ b/net-firewall/rtsp-conntrack/Manifest
@@ -0,0 +1,5 @@
+DIST rtsp-module-3.7.tar.gz 11474 SHA256 a8333924e9553ec25ed0707b8e78637bf055e654a888ff7e40634f356102068a SHA512 480316f41f7e9a2a75b73b3edcbbdc98bf293f013a5549c6829659e601d2d1ec0ac94f7a2519cd6e40d41cbd02cf64f81fe2a371c703c3b0ba36d200fe29a3c1 WHIRLPOOL c76f20fb016a11c036d452998a6892af055247dccb7fa6e35c5c4bd2954fcc2a7b2d1403612d05c19d278ff4222faaaaa31284e81d7c135ed7cac47f2b3c69d3
+EBUILD rtsp-conntrack-3.7.ebuild 879 SHA256 db83aade58e267f18a7058f2030ee040853296d65f4108f5aad15e9758e696eb SHA512 0c13d2e618b37c9ec7d0712f8ff7d18bbcb6a9fcc8e9b29fdfe980f18b2fcf4961a5f336d7dae9975557e597de59302b0b5da3818a5d360d8ec6c22ffc611b58 WHIRLPOOL 9e48f9dd5b7bb964dc1191c697c098c1f9e2f796c8b8b28e93a0572cba6a09935e8cf2c71f16d4efd934cf5628c63343c083e2e53f6de0bea9f628ecf5e06a4b
+MISC ChangeLog 2197 SHA256 14df61893bfe37e6bbeddb83b3355d626755523c1b3cfae4b357f6d89c12d8d8 SHA512 066f68c57a29f88c59b76284e17e40faaa1269ae4d69b825e12c392777d9d57943ec39a55752b82c1f54c2f6478e172540efa352f77385a5c82c8a382a58e74d WHIRLPOOL 5f36a49d0ba6c408b1bf22441dfb40f5343e775833fc8e870b1baa9ea66ee3c46b2eb7d943455ebcefea275b9a282df20e4cce84496d64298dd7fadaaa2c6639
+MISC ChangeLog-2015 726 SHA256 34d9c6af97fda6277d914cf634b9dbaf52ad0a47f21af28e6ed889cbf731bf72 SHA512 d679708090c1baf887a894698afba5c7200f18cef3e76dc27b08f61265ae72d2a57be5c54a07c5de8faf88bce551c78ca3a937e9c6fbede16cb0b7a84ce53b2f WHIRLPOOL e5c8ef6f4fb6ac9017b9edbfff423dddfe32ae07e816e11b077a4befb4e249c2eb64da43d7e13050af8348ae2e78e05c08e88281864bc12fc059f9b90597cdae
+MISC metadata.xml 247 SHA256 fb925313d1ae70feaa6db91150f34a2157b48e884e8f47d773640af149e3744b SHA512 96c55c2979dd6a4c4761fce9b5a0be387b11fcf197ef903d8680ae82f01a2caea93b1238bed1ac96d3eb250744e2149a507e0424ac017b4324f0806a54e72c4a WHIRLPOOL 142b4295733faec48b0ca9eb6d3561799ff743481aabf2b74ecf6d717d972b4961979c7b6bf32b9840cb34e47d22fe2befb9b0ef8ec0d3f28f6416069128d3c7
diff --git a/net-firewall/rtsp-conntrack/metadata.xml b/net-firewall/rtsp-conntrack/metadata.xml
new file mode 100644
index 000000000000..5b159fbcadd1
--- /dev/null
+++ b/net-firewall/rtsp-conntrack/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>pinkbyte@gentoo.org</email>
+ <name>Sergey Popov</name>
+ </maintainer>
+</pkgmetadata>
diff --git a/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild
new file mode 100644
index 000000000000..51d0c0cf892b
--- /dev/null
+++ b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+inherit eutils linux-mod versionator
+
+DESCRIPTION="RTSP conntrack module for Netfilter"
+HOMEPAGE="http://mike.it-loops.com/rtsp"
+SRC_URI="http://mike.it-loops.com/rtsp/rtsp-module-${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+S="${WORKDIR}/rtsp"
+
+BUILD_TARGETS="all"
+MODULE_NAMES="
+ nf_conntrack_rtsp(net/netfilter::)
+ nf_nat_rtsp(net/ipv4/netfilter::)"
+MODULESD_NF_CONNTRACK_RTSP_DOCS="README.rst"
+
+CONFIG_CHECK="NF_CONNTRACK"
+WARNING_NF_CONNTRACK="You must enable NF_CONNTRACK in your kernel, otherwise ${PN} would not work"
+
+BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1"
+
+pkg_setup() {
+ linux-mod_pkg_setup
+ kernel_is -lt $(get_version_components) && die "This version of ${PN} would not work on kernels <= ${PV}"
+}
+
+src_prepare() {
+ epatch_user
+}
diff --git a/net-firewall/sanewall/Manifest b/net-firewall/sanewall/Manifest
new file mode 100644
index 000000000000..2e6d2dda21e7
--- /dev/null
+++ b/net-firewall/sanewall/Manifest
@@ -0,0 +1,7 @@
+AUX sanewall.confd 120 SHA256 b489da8c9a2254956191429aec83cfda2a33ca6624e3fe7f41ca38fbd6d67bd8 SHA512 5b8468d6e167ab00e37481618650f4844cb186465097a3cbca8a462940f324d50447d464d8db58666c77909231c3d664022bd7979501d3496ad627bf726cfa7e WHIRLPOOL f50ed841d8bf38ce0d81a413103a9934eb2ba8281c6902e4a37e93cd891dfb2f067e2ffdd903541d9d3a17c34a553094dc47eb3d0b4809c51c46bc14fe4a6146
+AUX sanewall.initd 1051 SHA256 4c7c5f4c0495014639ed26ca93c7cf63efc42af6857dbb22140fb033ea7094f7 SHA512 2272e7ee2a7d2c0bf97d1fdfb0cfd2b271626d8934545fca20c1c3757b4b90f5f715417c0e2d48e900a12a4d72a5fb0005294ef753b3c1b1ed8d5f217da7f571 WHIRLPOOL a32eb4009aa6eada5f1099b11ad61ece16b99a311364997149f06484d0f932fe71231371c6e287766a49fe0f341dd156a58e739a1202e5461812d1de6a2bd242
+DIST sanewall-1.1.6.tar.xz 585316 SHA256 c26a339a1ac945aa0ddffbbb92ac4dff07302da8d9de6983832e91e123c4b00e SHA512 73260197b88816e90b15fc244a5940c290ec99c82eb8e50338b4f0f88710900c8cd18920c6f319205e527859c0696da28798428ab04b03c7f355c1d8ba6f7ca0 WHIRLPOOL cf906c539c4d348837fc93e46e7cf3d1d94cadcd111db918c265fa78133b35befd69ea2bdef782a054b035f40130821291b11965c7846220eaf4551237bcfb78
+EBUILD sanewall-1.1.6-r2.ebuild 1495 SHA256 98f1df3a3689021135167c005f148b54f47bc2e8ada6a7c00bcd2cbbccfe01eb SHA512 41faef759794c9cbdce600d70e611ee0edf510d2d9f3604bb55849e702b19085a10f7c8d05a8636f19a0c4ba21004c77c968790556a4687b39129ffeeb5aed7d WHIRLPOOL 4745dcbdf1350c8ca2ff51aa09b9c0ca5381dcc0230e50b9886d8ebe5aea0896d901b831e5cf92c96225fd5536e95c74d39f95b17fb4032f0fdf3883209a2d81
+MISC ChangeLog 3395 SHA256 46e183d6124ec933289eeec5783fa39ae239dcdea95a51014df2f93c9323348e SHA512 02afec425c31557a492a1a28f91e0a07b983e75af2231133082fe411ea50f09a61bcd84ee437a944ee665b946708b991e63b1d5dec5909f8fafd48c3a6e59d95 WHIRLPOOL e86e65d89710ee177f12a3b61b4a4a2f24eb1da8ad6ee649f87f608d51d151e3bee05d7802d8fb113cdf4188b514ecb2a62b7c7fbd57bed9cb5e9078696f959b
+MISC ChangeLog-2015 1291 SHA256 894e6aed9b6ac605aa86990a79836cbd7822bc696b01b93fd0374f2400e28027 SHA512 0251984de693d86f16363aba0927fbfafb6131ee2d1d039d30816873031d3aad8ab88c38338fcc919c343b3c2b42dbf79bcaf9eb878aec30c769fdf8bdad57b1 WHIRLPOOL 23f652748328d6eb34a72428a7c87c4af893458a5209e0e74410749a439ce34110593a21c4d6c7648b237e86dc029564d74e4c1bb4ca7d113787f9287b113eca
+MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968
diff --git a/net-firewall/sanewall/files/sanewall.confd b/net-firewall/sanewall/files/sanewall.confd
new file mode 100644
index 000000000000..2193b04d49bf
--- /dev/null
+++ b/net-firewall/sanewall/files/sanewall.confd
@@ -0,0 +1,5 @@
+# location of sanewall config
+SANEWALL_CONFIG="/etc/sanewall/sanewall.conf"
+
+# arguments for sanewall
+#SANEWALL_OPTS=""
diff --git a/net-firewall/sanewall/files/sanewall.initd b/net-firewall/sanewall/files/sanewall.initd
new file mode 100644
index 000000000000..c13d2df106ad
--- /dev/null
+++ b/net-firewall/sanewall/files/sanewall.initd
@@ -0,0 +1,56 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save panic try"
+extra_started_commands="reload"
+
+depend() {
+ need localmount
+ after bootmisc
+ before net
+ provide firewall
+}
+
+start_pre() {
+ if [ ! -f ${SANEWALL_CONFIG} ]; then
+ eerror "Not starting sanewall, missing config file ${SANEWALL_CONFIG}."
+ return 1
+ fi
+}
+
+start() {
+ ebegin "Starting sanewall"
+ /usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} start >/dev/null
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping sanewall"
+ /usr/sbin/sanewall ${SANEWALL_OPTS} stop >/dev/null
+ eend $?
+}
+
+try() {
+ ebegin "Trying sanewall configuration"
+ /usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} try
+ eend $?
+}
+
+status() {
+ ebegin "Showing sanewall status"
+ /usr/sbin/sanewall ${SANEWALL_OPTS} status
+ eend $?
+}
+
+panic() {
+ ebegin "sanewall panic"
+ /usr/sbin/sanewall ${SANEWALL_OPTS} panic
+ eend $?
+}
+
+save() {
+ ebegin "Saving sanewall configuration"
+ /usr/sbin/sanewall ${SANEWALL_OPTS} save
+ eend $?
+}
diff --git a/net-firewall/sanewall/metadata.xml b/net-firewall/sanewall/metadata.xml
new file mode 100644
index 000000000000..6f49eba8f496
--- /dev/null
+++ b/net-firewall/sanewall/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<!-- maintainer-needed -->
+</pkgmetadata>
diff --git a/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild b/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild
new file mode 100644
index 000000000000..c9997782098b
--- /dev/null
+++ b/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit linux-info
+
+DESCRIPTION="iptables firewall generator (fork of firehol)"
+HOMEPAGE="http://www.sanewall.org/"
+SRC_URI="http://download.sanewall.org/releases/${PV}/${P}.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+DEPEND="app-arch/xz-utils"
+RDEPEND="net-firewall/iptables[ipv6]
+ sys-apps/iproute2[-minimal]
+ virtual/modutils
+ || (
+ net-misc/wget
+ net-misc/curl
+ )"
+
+pkg_setup() {
+ local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \
+ ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \
+ ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \
+ ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER"
+
+ get_version
+ if [[ ${KV_PATCH} -ge 25 ]] ; then
+ CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}"
+ else
+ CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}"
+ fi
+ linux-info_pkg_setup
+}
+
+src_configure() {
+ econf --docdir="/usr/share/doc/${PF}"
+}
+
+src_install() {
+ default
+ newconfd "${FILESDIR}"/${PN}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}.initd ${PN}
+}
+
+pkg_postinst() {
+ # install default configuration if it doesn't exist
+ if [[ ! -e "${ROOT}"/etc/${PN}/${PN}.conf ]] ; then
+ einfo "Installing a sample configuration to ${ROOT}/etc/${PN}/${PN}.conf"
+ cp "${ROOT}"/etc/${PN}/${PN}.conf.example "${ROOT}"/etc/${PN}/${PN}.conf || die
+ fi
+}
diff --git a/net-firewall/shapecfg/Manifest b/net-firewall/shapecfg/Manifest
new file mode 100644
index 000000000000..dcd266cc39bb
--- /dev/null
+++ b/net-firewall/shapecfg/Manifest
@@ -0,0 +1,7 @@
+AUX README.shaper 1698 SHA256 d642f4db8392a4603fbe28c120ae0febad6e1ad1a62e680835227af35c787ab9 SHA512 1c71dec95441defe5353a481639788a024a4bdff413958362989c784eeeecc098f4edea7a94f5c643cd83fd0ec8a24c321985579596c766e468f34e9b1c74f47 WHIRLPOOL bad2ce469b90ea8335716003d48d83b20714ebb637a129cc04e5391e612d903981dcb66462e297fb9002f20af5fb6ada707d793710a153d75b835bd22db2ca78
+AUX shapercfg-2.0.36-glibc.patch 372 SHA256 d1eb3d35c96747a6d79ae1cebd3cbd47e068584c618b65d956683962b501081b SHA512 d9fae6594a0992fda9cc11c9c395be37f72ea8e2f3cfdf05a4657f98dfec8787f031c4b1a2725b970a1c6467c60e682beb5478e6bce1e987ddbde531d693ce42 WHIRLPOOL 0926277f936b508c90cfdc2f3bb5bce8b819ad71d9e7b5213c8b54b49067f7a4dfc473701f361c07195c19ec648b78be5a9dac49c10af77df17646e2a7bbd496
+DIST shaper.36.tar.gz 671 SHA256 33abccecf7628da63e668042b3f6d5ac94df6036f8194d86d233964f15400323 SHA512 5e2e7149b68e8256ec7d38c9bf5bd9de53867a9b5c859610ed21c3edbef458ba28e9bb3a3d95ee2f048483b5ca3020d474eeb15bac161eb14b3726212b9216fe WHIRLPOOL 7625cae34a0877b4eb550c182f3f93c8856f60d4a4ddcd3f9b808ace12b195d6ea7416ffef1fcbff95750207a4b529118b7e5f26ac06c26c34c138135c2a1b91
+EBUILD shapecfg-36.ebuild 721 SHA256 e561d07926b44d4bbe34bea1ed19f5a25deab4145ff7b47e68b989354b113900 SHA512 76fb88e64aba6aef8d3d7161ea1af9ad960981d5c64db2b2c4889080bfcce13ecbd646b5d492fb30ac4127b61649b501721e6f93c6f5188799ee1202fe7595ba WHIRLPOOL f9efe35508cffcc9e6c964231672e2fb15add01e9357f38017e2e10e8d899fda895e04d9e32c0b0e0972fb457157c24fc59a78cc6b5c60021ceaa59f1b5787ea
+MISC ChangeLog 3238 SHA256 0025f4233c428d9fa75426dcf59b6a44d98b225166837cb2aca82495a589725c SHA512 8f752fee7816af4d007ad0811852627de20eac61595a8c29bcbd45be30bc1b101d6cd45f628231f4abb151b4caddbc43fe432b380cd6e1892061d1a0a6a12ab4 WHIRLPOOL c44133668de869fa714205c3dadcad9aa01ab96e4217252158763746ee4f07b2f1c10d231ef5786b11693547e33802c7c978c4386a0a8940d9e97108376f0853
+MISC ChangeLog-2015 626 SHA256 fea5ab9e2457fc7c399a9ba67fc9dd58709a8909060a1839d4cee411bcabea46 SHA512 dc82980b3a58896c6c699497fd82455c980882d163b1ac21f4ba2c319e2ec57100237931a89f4d96752e41705aaf311d618daf7662b05f736340ba1197286645 WHIRLPOOL 7f33597481753f796d141d6db54bdc1a68729c4a80f0c35abd92afef057393334d1d1b5fb1500af7bffef4b085f8045ff1ef5fd6cd0116222c95f7bfa65b56f5
+MISC metadata.xml 244 SHA256 ffdbeb4c645efad13e8aeb89f087143dae128eb717af78d46c47ffb81c11cb50 SHA512 d922092251c07becd0effd06de2ed063038394b7396c9a303e4e234ac514ec7a3c9f00e76503f4bb435ac5dce5401f3d05495def1ce94d63fa9d823dda1e3a54 WHIRLPOOL 90572f1bcc80e6f3ff795d929c267dd746b59b111f4f97342e700ee2f8f1f0ceb644f34a04a83f80d3cb6a5c9bba60f0c677a5cfbd1c910a68e855a7b6cfd578
diff --git a/net-firewall/shapecfg/files/README.shaper b/net-firewall/shapecfg/files/README.shaper
new file mode 100644
index 000000000000..60c2b4d6afb6
--- /dev/null
+++ b/net-firewall/shapecfg/files/README.shaper
@@ -0,0 +1,50 @@
+
+Traffic Shaper For Linux
+
+This is the current ALPHA release of the traffic shaper for Linux. It works
+within the following limits:
+
+o Minimum shaping speed is currently about 9600 baud (it can only
+ shape down to 1 byte per clock tick)
+
+o Maximum is about 256K, it will go above this but get a bit blocky.
+
+o If you ifconfig the master device that a shaper is attached to down
+ then your machine will follow.
+
+o The shaper must be a module.
+
+
+Setup:
+
+A shaper device is configured using the shapeconfig program.
+Typically you will do something like this
+
+shapecfg attach shaper0 eth1
+shapecfg speed shaper0 64000
+ifconfig shaper0 myhost netmask 255.255.255.240 broadcast 1.2.3.4.255 up
+route add -net some.network netmask a.b.c.d dev shaper0
+
+The shaper should have the same IP address as the device it is attached to
+for normal use.
+
+Gotchas:
+
+ The shaper shapes transmitted traffic. It's rather impossible to
+shape received traffic except at the end (or a router) transmitting it.
+
+ Gated/routed/rwhod/mrouted all see the shaper as an additional device
+and will treat it as such unless patched. Note that for mrouted you can run
+mrouted tunnels via a traffic shaper to control bandwidth usage.
+
+ The shaper is device/route based. This makes it very easy to use
+with any setup BUT less flexible. You may well want to combine this patch
+with Mike McLagan 's patch to allow routes to be
+specified by source/destination pairs.
+
+ There is no "borrowing" or "sharing" scheme. This is a simple
+traffic limiter. I'd like to implement Van Jacobson and Sally Floyd's CBQ
+architecture into Linux one day (maybe in 2.1 sometime) and do this with
+style.
+
+
diff --git a/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch b/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch
new file mode 100644
index 000000000000..3fb6a36ae50b
--- /dev/null
+++ b/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch
@@ -0,0 +1,15 @@
+--- shaper/shapecfg.c.glibc Tue Sep 29 20:24:02 1998
++++ shaper/shapecfg.c Tue Sep 29 20:29:27 1998
+@@ -3,9 +3,9 @@
+ #include <stdlib.h>
+ #include <linux/types.h>
+ #include <netinet/in.h>
+-#include <linux/if.h>
+-#include <linux/if_shaper.h>
+-#include <linux/sockios.h>
++#include <net/if.h>
++#include <net/if_shaper.h>
++#include <sys/ioctl.h>
+
+ void usage(char *name)
+ {
diff --git a/net-firewall/shapecfg/metadata.xml b/net-firewall/shapecfg/metadata.xml
new file mode 100644
index 000000000000..30d444a41f42
--- /dev/null
+++ b/net-firewall/shapecfg/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+ <upstream>
+ <remote-id type="sourceforge">cbqinit</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/shapecfg/shapecfg-36.ebuild b/net-firewall/shapecfg/shapecfg-36.ebuild
new file mode 100644
index 000000000000..862128700d3d
--- /dev/null
+++ b/net-firewall/shapecfg/shapecfg-36.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="configuration tool for setting traffic bandwidth parameters"
+HOMEPAGE="ftp://archive.download.redhat.com/pub/redhat/linux/9/en/os/i386/SRPMS https://sourceforge.net/projects/cbqinit"
+SRC_URI="mirror://gentoo/shaper.${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE=""
+
+DEPEND=""
+
+S=${WORKDIR}/shaper
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/shapercfg-2.0.36-glibc.patch
+ rm -f Makefile
+}
+
+src_compile() {
+ append-flags -Wall
+ emake shapecfg || die
+}
+
+src_install() {
+ dobin shapecfg || die
+ dodoc "${FILESDIR}"/README.shaper
+}
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest
new file mode 100644
index 000000000000..fe1674c7e4f7
--- /dev/null
+++ b/net-firewall/shorewall/Manifest
@@ -0,0 +1,62 @@
+AUX shorewall-init-01_remove-ipset-functionality-r1.patch 799 SHA256 c847e50428e17ba37b072c0e14d6b77839342ad290334083124af1d59b7bca45 SHA512 c8686cb9345abd1036a8fdc6cbdaacc21a69df9dc536393a65675a2ae19c9cfb71d71cc66a9776135ad923414bde783f01dfa69600d1cfaafd618fcea65c8dcf WHIRLPOOL c2a9945b08e178a99e23d9ef752d220992ee783f90a3ef02072821f5340493d37a59c07a96ae0a60abc8b7f32bc9ae1e7ff1feed102aa7afffdb70b27997b8fe
+AUX shorewall-init-01_remove-ipset-functionality.patch 740 SHA256 ae880cdf3c4a7a2f1c1d128f345f847e1a18054349c03d6a6fecf8ca3dffc87d SHA512 aa35a780fe353970c4fe589ea7f57b010d58276aa51d7212459e80812a234aba8094bf85e7370b2b260a90ad36f80815bfe3a83178c5c7ca40cb15df9dcea0b6 WHIRLPOOL 2748ff87ddf254c18ac5c152fc61f4088ce6e2af911a1f90d5bfd9731ffc4a070f809bdf9683c15168fb1dab7b70be79ea898412609fc14f6692df97bb151318
+AUX shorewall-init.confd 152 SHA256 990ae5e4498ddf071de317f7746fb3eadca77fab37631d814f2f56d588ff2937 SHA512 105393c3cbdd1820066e41ed941b6a79cafde3196eb723c06ca984fc663370d6902757467339b6b4ebfb8d00167b9f85311b6842dadc564029313eb36f1a389b WHIRLPOOL d24e38eb1ab20799a515543f586dfc95854d2eeb5dff10cc8ddd1fb7878cc854c9115dde8bdf9387e349cdb75381c8ce03972d05bae858c8ae04efa75ece0299
+AUX shorewall-init.initd 4357 SHA256 bc5bffdca1957d413182ad247f8d4082faef9517ff01c32a4485c8daa0493033 SHA512 5cb410e0fe0391fd467f212b3e1cf3ec4c7fa3289de2341edbf301ce9087e7cba05a36999a8203d7bce28ac35a429c10bc017a96b750aec1bf257987aec23245 WHIRLPOOL 5dab913af5c253d3fdc0edfece0eade26b6630f174183b1befd2339f1fa901b022286614fa2a7e563aa452157df4b8ee4d322cc1efeb6edf446c490d7ae4420d
+AUX shorewall-init.readme 1233 SHA256 01439a974c15797954f3b9ce8fc7dbd8c81baff79e6a4e81e745416103896ce3 SHA512 8dbb70cc381b81ae811dcbfbcff63f5de0ba776472107a7d3b53e912fe50f20acb59f5da2aecec5de87ad0513a40fb4b4dfa30b51ff5f4b0da9186504870304a WHIRLPOOL a4293a49656253e3d7903b5a067d67b1bffdb1fffb3d92a43a2c32dd8a796998c67ad66beb756b4c45db618ab72b0dbc1bc81f183976c174b483bb4a2401a643
+AUX shorewall-init.systemd 389 SHA256 06e6e307997f3cf33135fcd9c6f0cbe3439ea693a4881188f9b07e33600d3451 SHA512 458c5fb5d894f307cec27fd42d05a1b16f10d556afd11a7b73f75be8eb072aa5256ba6095b4e3454694b9bc3e6cf80d7f40314bbe368ebfd4646074a12669f4c WHIRLPOOL 72b32aad7ad3d6d35cee28aaeca562b46a9636b4f347016ddc16e9a10f27aa69a0f4657ab89daa95f19ad5332d1bdf815c1182e4188862e015d4ac453747014c
+AUX shorewall-lite.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04
+AUX shorewall-lite.initd-r2 2236 SHA256 4637dff8741acd93e07163c51259710b5aab4a0460b8de0be8fa2f0c6d451b93 SHA512 3277922dd65ea573ddc210f07f42831b18275157a595c95517e7306cccd75e2884d30acd36288b2082becf3879977a85efdd0456fc27466d2acff3cd921f6d0f WHIRLPOOL 251914570326868920b2c6ec243b717e2284011dc0c71fb4626faaac6b5f7d224ce78b16da2e8e38dd4d1dfea8e56a490c552c15baec3eb4753fc851528a5da9
+AUX shorewall-lite.systemd 603 SHA256 6af780b780dfe3adfbcbd1f7418e6ae836ec420c0e23cf104f441c21917e6f98 SHA512 b9ac8ca1f31d29dfbd6a3e9387932ebf954e18c634df7e6118c55e3eaaf20a835e47e0bad07bb4ae1c47e76cda91bb3d03cd59f61805e48c194833b86d14a54d WHIRLPOOL e3261e2f21390352533c635efc0de801e35e2d0f9a47f225180de4b3e56df2766d1bf3a889efb364701562c55de1f94c69bd7180780aa3b595ba01a01bdfe8c0
+AUX shorewall.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04
+AUX shorewall.initd-r2 2652 SHA256 f856ecacfc758831ddba5f41444ec86f4a4cff0113cfe6a15e862afec52d7c46 SHA512 aee8747282dd8e7ecc7cd50ce358d8701f7bff3e5325d3da474aaa31edbf0833345338774fa51648498e398672f9a0ddefc49f3c2c09f5bf075571d9247c6858 WHIRLPOOL c71c4a3bbb4114ac61a403acbfffd137126fd0c1fb30fe83483a530639213da003244b53c01c952b56407e5c660ae17ec4e8b22c2cd4f3a01fee4e5accaf5055
+AUX shorewall.systemd 568 SHA256 90765e232ab1697e0aad47ba756823c9cd4fe6892af5b3b4ee18be4ca4d1c671 SHA512 eee635ce7818c416f3563fa8453d580a77451bc87bf12a285649ab22eb68c8d001ce54a8ba70742f46c7b1104acc3e2b9aba4878267992ad84f9042b625b0634 WHIRLPOOL ff7fdfa74343b5c38898be62f73b04381cdfe036abf3e0e65200b5a3ec1d5942074aa4dca3cac015f338dc016b3dca6d8dd706c7aefe7dbaf37bfb1b6e2d8372
+AUX shorewall6-lite.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04
+AUX shorewall6-lite.initd-r1 2469 SHA256 e25dc2c646e38fd09c9f355a7765c6946ea55a19e99969e1856a75774d88c77c SHA512 036af6bafbbdf1e8f6a69efdf0ffb69992b262cd0c4ac7cc1ab7e3fec8d8b023e8528dc8fcfbff43f4a70f5eff0d1e48fea34007b9b3bb76b0c94615eb494ce7 WHIRLPOOL d0ebc2d8fb516af6b645ceb92ac222f85cb11a2b96aaad2575cc4b52ea0dbd28a8f1600a340fdbc08038b4909a9211b915e1238f662a9e3be0c67b31dd33866c
+AUX shorewall6-lite.systemd 612 SHA256 1335ad400127a701b389288d81c5ffb95ba75b7edcc055061cee48e382c42295 SHA512 0bd832d4f8857bf9b1c9c776a53739d8666f002d1caab29c976a248916cf1eb5806d6b59dbf7ee8a120a3158b10e6fa6e179e34fe9fa6077a794ffa7d1e06cec WHIRLPOOL 645f73fdd7a99899fd8266d1903723481fbbf48e12efd5e44617c739c3165110ef0e082381c2821c94c99736f6ffa66d6db228afa4294587bcd729ef19d1bb6c
+AUX shorewall6.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04
+AUX shorewall6.initd-r1 3168 SHA256 abad250a922cea9c9a5774bcad1a5de006d40511faef59b07c62356e1abc818c SHA512 3149b1848ed76b1d04466195810572c96cf1a68ffce6005c8c6cca08df7d7c8914f3c185ed80a357cf30cef23f076559ccb1df3236f443abf089133eeffe42b3 WHIRLPOOL 4f0597ab7853a633856ea2c492608b306f4d1a54f7912f45055bb10f1561a90221e8b3a0925d3e14e44c46ad6b3e37f04c89eb3a5a2a44b5060b7c3354ff5f7e
+AUX shorewall6.systemd 577 SHA256 84543b65bfcdc02bb9d364b997a0805320508b6614c64eed7ffd3035a6097f14 SHA512 96b69df246a18e8b7dbfdbe78959da1baa8f2a97eb290853d4040a895f2ae91b97addd2ab4e4e19345960ffe8f1b099442f40ce319b27f0d4d8d7d4780d2e78d WHIRLPOOL ace953292744d4187b32471c828f053f5e816067d396418fca6f4638e6770491e3e5404c8252edf565bf68d53aca2bb096eaf5f4614adee46fdb975231852d36
+AUX shorewallrc-r1 2075 SHA256 300c00dd1f71ca0ef3f3244ab3fb19ad63493242b7d414450de6bbd47db403e2 SHA512 9cf87d5b5807b224a325c9d038f159e55d277ad3eca62a1fd82d06d9ec1d0f71e58b239c57532b9b081271c7ab6f90b281cea1dca0bb9ea26e1e1c8ddaf3a691 WHIRLPOOL d7c135563e67f4bfca6c0cdb7aecc2792334ea6601e46f45dfd6d88fd4eeccde45f3adf86d55f1884dbc22cf9d0b8990fd82d441288089cc367237fa83a9fb39
+DIST shorewall-5.1.5.2.tar.bz2 520374 SHA256 ca33a7bc9c590638575edb8a530b76a9b0bd844877bef7df7c23646e839e137b SHA512 aed35f0a00944d70bb2bdab195f151e3770e73dabe07a59c1b6dd7fce5147866c73d44325df9ded475c37b258cf7c31c8d1348c58476fadd5b98217b7f0b3888 WHIRLPOOL ac0489f4ec152ff57a6da6be2c86b0fe45281ad9bb09e3fd53aba11b94252bb44ec5a71f069e2541b5c4912922fcfbbbce6004804c395e17929c78465a0cd102
+DIST shorewall-5.1.6.1.tar.bz2 522476 SHA256 90702872726c30434ef87c19be1742ae5f04b4e0b1f9ee7761810b618b38a05e SHA512 604ee6150add87a5c121e863ec3d65f454b6ae1724236c80c08e2ce3365512966126f9d28d07c7e6a273d5626e02e5625015f91f6a7166b830f6ccb667f731ba WHIRLPOOL f0e70c3949e9f9b59a5f5a19ee1023ecc6dc2ece2e420245f67fa2d7197939bc1197402366d8a560d7e29231accd5ea1456a005df30c7deaa82f25e01375ff2a
+DIST shorewall-5.1.7.1.tar.bz2 523943 SHA256 386223522c12c5279ec522efed137e3f1b5f638e396bbdef3e3d077104f8c053 SHA512 14ff5d4a19d355d489a6dd4ebdd1901112b8ac0cfdba1e0903ff9ac775fa02e3b923294b200dae1fb3113c7b7d43673b28877cf6dab8a07a844cb31b42393137 WHIRLPOOL 8717e3902fefcca580e189be80647caf39c76d1a0097f3d4e9ef5e2ff9f8c71b5a02e2b472d26abe57ce2f243b9ebba197a6fcbf84d566a7f49ff357f74e81a7
+DIST shorewall-5.1.7.2.tar.bz2 524263 SHA256 e7c4cde2d04894ddf6e8dd8a8f96e96e04574181807cfe9f78915fa0dfc836e4 SHA512 05599609b50189e300cd71eda6876ac5e8878a2d2ab7c1635afc1b79f1ab3c9bc92c1ac1758aa8996d10bb37783d1fa29c76adaa879ec93bc12669c3dbdbed9b WHIRLPOOL a2fcc48c9c51161c4a2ec692fa29215824a412056fdc15203892e6a9752c2239722462be89f26c4e7374ceb0131ba35df87847a3f16329438c57ec8f8dec0208
+DIST shorewall-5.1.7.tar.bz2 523676 SHA256 d19e6461fee8e497d3d569d69b4e0fed7736870171dd15ad8287e48facb25be0 SHA512 24f8dff494ee39926cb25680f62b2cd9073ab80b249ab57af5419af2211fc964d64e0bafb651879ba519677e0f844d5617cefe09f769369572c9c1a00149bce6 WHIRLPOOL 503fbf422b3888073cc64cdc4ba43c90a376b139252df3c146266d7da238b3aad92c1d778f5d1e8a45e4b9f1e6255e5c623c1b0530be68e95b184f7d56d0d21e
+DIST shorewall-core-5.1.5.2.tar.bz2 77435 SHA256 24ca9c2e506cadda1fcbf621b376db0ebb3f3802cecc53d1518753a9cb77d450 SHA512 d4e0ef22d288e6addc2ce41813f2bab56fa142893ea495ef59dd1a636995e2a71e88477c38cac1004f055a7333ab0db27a334ca586b88558d6b781966712bff2 WHIRLPOOL 526495ae9a13a2e0dfc6dc7fffec0a7f8dd1be111be35ff2356bcf403c12c7e76993c82b2cb5b76541fa613856b23a5499b86a7a72b52062e7a21bd3b61e9082
+DIST shorewall-core-5.1.6.1.tar.bz2 78891 SHA256 31b48d50ce9a6b256739679c03ea4c6c219149b34201e6637f0ed2ccc6dd3530 SHA512 090425813791bc78531a46c493a54cadc3ac6106963c87abb3c48f0863267f71bccad644209f2893f9f1ec06057595242f12fbd59312c7e8dd932f0c3bc29236 WHIRLPOOL c255fd892a299fe8ef56a923b4c8511df2cbc21ce8821f90257b2e9a1fd66a20ec2a5070365dc7a6b43e40c0b0645c845b122a67b4dbc6e71e8a9f1de919b13b
+DIST shorewall-core-5.1.7.1.tar.bz2 79801 SHA256 482d2d283cc891c7746c8f44cf745e7d54615f65e9eb67874a5c1d548f15c5ba SHA512 5a11a5f85518df3b57b77e16f8b8c7ff7b169a86d87ce21beb764e5a3e9651d1d07f4d5fe50ed0c15c22b7bd608aaca8aced9c0b892d7f50c712195fa22c77a9 WHIRLPOOL 62e6d98a376f90219b47b24432cf81f8654bed04b899136efedf0931b97543f9cdb6cd7459ea168a525c24477197fa0b61f5a21e0aadfc42893e42777983a4c4
+DIST shorewall-core-5.1.7.2.tar.bz2 80213 SHA256 c1f78229d9633ea6b35ec067c9724003e2929a39ae54ccd8e6875776d155cd70 SHA512 73c547d6985f17f5c2f2fe4a846a7db76fe514edbc03b7b2f191b437405ac6175cbe3dba615839bb46658031f7cd74ce26221cac42869818e5131b1836d43951 WHIRLPOOL e58a64514f50b375670908cea228610abab9bdb7a8300d04a3c728a70b662da144711e09124fa6149e61c941d165f93a65d162cedbc739eb670ddad4d86f76ff
+DIST shorewall-core-5.1.7.tar.bz2 79711 SHA256 c94baf58a61b79407fbaea84a6439d323b17d02912dd81838f7b5ed07ccf1340 SHA512 91836595a3f0df8db6d26eeef47207e94364748e55762de771340ed368ea10be2c445680a57a2864fdfa68b35da18ee256cc0f8dcf6c53494c39f09da8ae829d WHIRLPOOL 4fd47f0b46c2881917561b9234acc38548fb9d4a1ef1e2f706a8eaceeb1d44aa0753a93fecddb7ebc80be9e19c20fdd853c22ca2ab7ae21e092aba7e60921b58
+DIST shorewall-docs-html-5.1.5.2.tar.bz2 4218574 SHA256 18a601050b6fcf6b5839ead037e96ee28ae85eb34262d7d614183cbee6169ef5 SHA512 a66161a601f5417bde8612a154c3886dbf81985e127955bbec213dcaa0e4778b2a3aabbf1dcf257d36db0806b5822bce5fa11a555da36427abbf0deb8f6f1501 WHIRLPOOL d8607b0c7ea3b7bd7b685e99895867f9e37bc2a0c8a5520a59311696fc0e2817452e36865c08e7b758a72fd9a546bf5ef6a47f4098f993cf8c95ad4e1f426dd8
+DIST shorewall-docs-html-5.1.6.1.tar.bz2 4218958 SHA256 db1d61b013f035a2e7d515f483d789fa160fe7a250e12e9efec5a79fb2ef1144 SHA512 c620209dd6fd9f044088e11e1adf8bee5c481bb27db76bfae5f42fae242dc139526cc457507251d5d00e55a652b358aa7ac3586ec10e28210e00f75932007277 WHIRLPOOL 36936c55029db3875f1a14014eb2c25845412f74bec22205a24919faa34c8b447539bbaa29189ed547bd63989ba20d1c4376fc5fd4d02d4c227f10d733fc0835
+DIST shorewall-docs-html-5.1.7.1.tar.bz2 4219011 SHA256 4f7c5d85945aff85ba4287d0afd63fa476afae0f3b22ed1cdc661cf18f963001 SHA512 af1c97e4e23ba9a80963161124e26ee322b8ef8900457c5e98a34e8af795d3122bb3b54cf026148543e33c7045827d51d07b3af913d9472646e07bda339695c3 WHIRLPOOL b29a81f77a006aaaf8ea1881925dcdb102219d67657c529f733b996011743118a9c743a4496db673fd38a25c114703529698d1986f562be70c73ac47f25095d5
+DIST shorewall-docs-html-5.1.7.2.tar.bz2 4218919 SHA256 348e9bf9c97e97aa3f8f425e30da9f6c89d2b7c5a035a21ac4c3e792ef33ac95 SHA512 b9c85d228b65ecf6b9e29ba316b8cf878a06832bc94f62e2ca8793c02c95bae7be934dd45dc572b31d8e4cff00e1092c8c8681d7c1fc4759c5700a1b8f868f55 WHIRLPOOL 01c51b28a9bcbed7e9a8d257ef01ecc113ba0ad095fce02d6fc17b3b341fd5d340281dfe1db0699ae1ff81e990f9413436d9fa0920846ae9f4b4298a483bede3
+DIST shorewall-docs-html-5.1.7.tar.bz2 4218629 SHA256 81a9906479bab465e61b420cc9904487ccb490f10bcaef4a5487ec5ff46a1428 SHA512 c24351701983c8b0e6b429094084cbfec1360eaaf4cae8c58b3513c3783957ae1b16a5b0443f07b6ccb4cbf5726324b7670f07dfe5fe1b0e58ec127d305baa4e WHIRLPOOL a31f6822011fb90e4e6b00f20f7f604a4cb4a6f67fc2563754bfb447a2fb2a09a86001412d3d47190f6ce388bdc321ec99fc32fd23015566fe0381f8a1f6a4c2
+DIST shorewall-init-5.1.5.2.tar.bz2 32646 SHA256 1ae9771f20ca3ede897fe0ee4443d65011dde37d6ecc146150ba22c980b6f272 SHA512 de67e167bbdd5e2860e01fb55f07b695011ce7473b98b374f605263eb0aa66e7de645cd7716526ecbf01bf8b65fb5e08294c85bf55ec45b54b78f1b66e80565c WHIRLPOOL d1f1d05b384b63b087e48afa90ded85e333d1ca1d8e90196de2540c8705239f55326ffa5d421f6c03e651e6d7076e18786ab47009c09f31de2cc6fe13910ac36
+DIST shorewall-init-5.1.6.1.tar.bz2 34153 SHA256 ad20b348e32f6cc332521b07ef89a891978453e56cfe7fbe916d1f83ae594194 SHA512 f6ea4aad0c0da6da8436dcb27441088cefd8312e37cc6d62187fd8210790b2be5452cc06f1823f1958c53cdec2e4b14abc5be31a7c029739838f5bbc6d143a00 WHIRLPOOL b5d6f01c5670a60a3471f1fffbd341ca914c20d39516ad5bf63693c7ebda882c0fa572d5839f28ef94d40a95216a1b13573b470fe14676f0421aebde62769fd6
+DIST shorewall-init-5.1.7.1.tar.bz2 35144 SHA256 e814448295918102fd83da6286925c59fc3387a211d9cf0e808509613e9b571b SHA512 dfbab688e60475e6e69279f4c48ce7492227ca3d541b171f2e4308793d7b6bd46cce7899a6ad0f1c48e817db576ddf3dea9d826d36ff5745f8f84c98cc6317f7 WHIRLPOOL d58ffd4fb4f643a6692f080f512b2be86bab43fe7701555408ecd5c34ead78374d960a6c6528579a7e68db53fdaa9bd7d1201f51a3bc3c0a4e6fee532bcea858
+DIST shorewall-init-5.1.7.2.tar.bz2 35347 SHA256 f47900550045901a38a96fbcad6e401f86cc53ba0a94c44e1b3903b0e6358609 SHA512 9f295da51cbfe7c2fa3aab4029b18ff4bb9c4834d852e2a4cc3770fbed6eae79797000053ad7097ba831e01f710bf4c030d1f3b0cda93cb8da3dc3befa6ae0f4 WHIRLPOOL 1d47c4211959193334e921a82fe50b2cfb353ac6f3635bb96d1b8500a8dacaf2ddf2d62f96874dd3c2d9f4dd9d7e7f689fee4254b528bf1fe92a47fff5d8cca5
+DIST shorewall-init-5.1.7.tar.bz2 34955 SHA256 c0a0218d209846cde2581ecc93d70eb8ae26bea976647db2f1fa887140f10811 SHA512 3951b24a0e992c45021d5e79d5ab4a1480559ba321c4c5c57b40068373bb4b14f45edf525e9cc384657167330ef8f6cec46374c84a8dcc7fb641a88e27e40a4d WHIRLPOOL f319cf109987cf627794d60beabcf988a2cb2a54abacdd84a46e60344960ed9371adeb6367fd3318ebe9e24a562a199a3ed98edca31a1e992757ab2db252f58e
+DIST shorewall-lite-5.1.5.2.tar.bz2 38424 SHA256 acf092c051ce4e19b0aa67b1828511ec446006133c4451d9c13f60275025a397 SHA512 300793d3a123ab63cde988667a53e931adf7f40e6987bb5b57a60376502ad4ec46316e45bc0c589f82f3fb118ee6f78a0646f7aa5ef522791eea10e7ff2430da WHIRLPOOL 2a8b775d87601cb4e792fe817e0d2e7eaaf6b162eb9ed762081ec502239d1dc33d3843e9742b532d582939dc143561de617246aeb27a83448625bc4935d78505
+DIST shorewall-lite-5.1.6.1.tar.bz2 39930 SHA256 64424e0c69aff83fc02a73db5b1c7ee10fb916d317c027987ba40c8aff6ddd8f SHA512 69cfca2e703680238b32c8ffe3431a9267625faa3a03bed28593f0b0e8a5accc7d58ef4b91b77f87fc44e09f279d41e0302094e1d5255fc3ed1f6fc51863c07b WHIRLPOOL cb993586c09297aeaf8a37cbde8afa99f93687b62b1a5551e70e10ffa9633ba67077dc9323af583293c7e1d07b0ba558d2b1a124709fef147021bf9c5cffee9e
+DIST shorewall-lite-5.1.7.1.tar.bz2 40847 SHA256 7e9f09a34eca462f58aaf3f43326a830d924d3868b6cb82a3d1f27875aee128c SHA512 5422c3a0fd53d37d615a81d1bc2273042ca1011ae64f357c295fb81b49962ab8a51343a7eb71819018fb6f1f3c9045b27a6b289974ad3bd436d8c85f24c5da63 WHIRLPOOL bf3baba44eda3457af584e0dcbe1e312dd2d890c9650523856b43a93f747b7ce0677ea0c5320ab51d1c4f733a5c4951505eae19223b4a9aeeaf5673a7eb6567f
+DIST shorewall-lite-5.1.7.2.tar.bz2 41048 SHA256 e5f4f97031ef81ef599391279e18c26762f3db6dffc5fee33f3e93f37d92618c SHA512 385b072f93015259b6bb57a07c62815ac27c858c63254cd968240761a230e8b781207ee9f1cc9e6caab43e8f12c60e42cfcbaa6f938c964184b14e5d360bee83 WHIRLPOOL fe88d3f7df02164fe17f141dc1dfce9f082688ee133f93e8af63b4046981cf879560bff4a148fc21739f84d76bf3eda58906bf280fda81fc8bbec5f21f277535
+DIST shorewall-lite-5.1.7.tar.bz2 40648 SHA256 c55d2077bfc72f50bd49457984060d9cc0cabdefa26674662f8a68ccf1aad65f SHA512 a6ac156496aa52ff4bcaa4f6b72b3e0bcb93876a029a54f81989fd3d02ef2fbc9ebf870731912080c59e5f3afd56ebffc17fcaaf30716ad65693b72130e05500 WHIRLPOOL 974815a3ea8032638905da17fbc7f46441cb73cc4660f57f733fcd571a4ea606658db00c98518e914fe681a67effe19e5e681e0b1afccd5986bff7b6d86d68cb
+DIST shorewall6-5.1.5.2.tar.bz2 188754 SHA256 c215a762ebb9c0a35be7463e1a2db2397ee1c01ab32c2224528f8de4a5ac9ac6 SHA512 1dbb7304f1f349ceb84a34c397a8c12e4fc5e9bdcd001d72881dbf76dda37e8e8448419f00c705e430f5f2e57cf3a7f9dc834cde6119d18cbeabf9d5a0e67e35 WHIRLPOOL 0daf72a3755b83b1ac3c6d90911149410cb9918f9ad312bd16f90c900880e32e852f5cb89791fdd68f14c1ae2389a365a23b94f430e227c687ab820d1b6d7619
+DIST shorewall6-5.1.6.1.tar.bz2 191131 SHA256 4732c560aa9166b35fbefaeecf6dcedf9f5224e1f56a739b3b1d30724af3affc SHA512 a26acc30f81c7419d9cbb8fd9f0a95c4647e4247b5f4f6232fc414abdba85c85ad8b127f441137cffa1dd88e7bebfba8a785416f54df36f77a36a50b4971b0f1 WHIRLPOOL a9cbe284762ee8af930808c8bb25931860ea9014e00c5b1f2d99ae48ffd31fa96a92dd0bb7ab43bbc44a7d02c5e8e5c334d938db3414b1c0e7069175f04fe026
+DIST shorewall6-5.1.7.1.tar.bz2 191749 SHA256 d950eb1acdffa5d6af19f4f9cc81c76e293c75af26f847452ca53401f9d7093b SHA512 fdea35fb2b6d9e7418d2c2d9124a3c05e42080240aa6e2faa23ef004e2b4ef7e1a05f965d6cdf1c3b224a7c226724a3f2e68b597c026d3b8abdc0326cb545b2a WHIRLPOOL 2dcff81b201b601ad5d5dab38a39344f3dffcfc2e90fe8b39ef31b4f3070295871cc87b5b17e3f9651c9131c1df4702413cb8735d4953088f6df99a8a01ce568
+DIST shorewall6-5.1.7.2.tar.bz2 192087 SHA256 8cddd2baafe71ebfd9aa691400bc320ab0672791f5d8f1e82067d91c3586deba SHA512 2ce5beb6be5ce9a5f9b1f116468f2834188938c5893ca2a9fdc7d76ab43ed487a7dd59cca5a8098ecee06274c1c359543ff57f2d3efa5e4ed8fc728702f6a689 WHIRLPOOL db5b3569689d3dd05e82316e9d7851f72e18b7df1a84b768bf6ceb546bf470843d31834a0e3d5a40e6c83597b65633efc9507eb75709a66f1c1d7223162792c2
+DIST shorewall6-5.1.7.tar.bz2 191614 SHA256 624fe000c881a75109f65f5fb11480a2f997b06237db546e51aeee2ed49dd10d SHA512 9423d6a141c61e1ca5546fd21e5db145c917d6e6825805ff404f5531449a0125f8288d0954e101231fa4d0a521e6db3993b4b312caba3188e41bc579eef350c3 WHIRLPOOL 7635d78eecf9f3e13b98e0577dff7687be34abdbeb8eee7d152ef1a0610dd9e82bf18024185ffe14caaa47053b809307e47b2aa111f7d03a8595a35d7c297ccf
+DIST shorewall6-lite-5.1.5.2.tar.bz2 38137 SHA256 0b65ef615be93f921af6d8c11f702f2c46ba18d989fe12fe048732c53cf841de SHA512 e8961abdb7c105820d8420f623cbff72af33e2d35701bb0f81f2fad5364e91b88d5d1317d4ffc8e00c3b32d50c96f6c0dccda20cd981c5f6cc7aaf1662af8d27 WHIRLPOOL d3b04c2c6e9f3a10b8bbc0da1e5691dc3e428501ee52547e548eed05b14d54aec243111f711cb66ecc734efe5217dffa0230b1045296f90a60da88c390ba33bf
+DIST shorewall6-lite-5.1.6.1.tar.bz2 39636 SHA256 a25a1430a09d797991f0028f76f5252b86ef898801fc8eb3e6c8ca695d1d2a98 SHA512 eb059a1d991e72cd7b4522ddecb5557918803b5ce8c79552919d7c2798aaab96548b2dea5950f9c3311091950307496c034d63f5389f745b6282074d20d9afbc WHIRLPOOL 2ffae1f3afafcf576d11265562f9f22e6d58061b509d9ef7fceb57980b1d8c8a598efd39aaec5e3bdbff4004a39741eccb0fec8ed0417ff9f36a09e417bb9047
+DIST shorewall6-lite-5.1.7.1.tar.bz2 40514 SHA256 a199a395ce4d23081338955c68fbf657c25e972b2656ef370544854074fa672c SHA512 a8fd7e33d1558fbebb53d1dc19c3784aac2d6095e1404c44030cd513cee5a6330632c50e86eedb0a6773b67acc77ca0d2fb26352c3f784abc8ac936d6f96c437 WHIRLPOOL 0276cbf74644205042dff963124e655fb8f0e14aca31f5550833f95ae84f1b569be77473324e8603b523d5dc67a0de74d6459b8634c2519af6eb5fc84276992e
+DIST shorewall6-lite-5.1.7.2.tar.bz2 40737 SHA256 bf22e67559ebdeff464cd910b97578a4c82f5fcc87bc77aeeb9fb4a5ca2a71be SHA512 9125d4380b91f0bcaaedfef6bd5ba89ada0391bf322cd1a00deb239eebc2e818a994844a653daa2e8784bb21ad7ed51798fcaa129e28da08c66de4163fe13bdc WHIRLPOOL 12c5e8036ae08d312ee52af40157f7ad8c18e0ccc8475845b22a3ce7647a73105b8a2f9034851f3e547ed6c47b2a7f0ef566de6dc96a19a20b1da429cd90a170
+DIST shorewall6-lite-5.1.7.tar.bz2 40346 SHA256 2fa19a4c5046c05e4e5cf28d4b50dab0061f05f2a17cb0f8fd265812276cb975 SHA512 6e118b2fa369aa42dfade55b3b4c8855b3d950fd664c5cf2c22539c99e2065e8924e86970ea0f17b7b8930d1c28220bc425ef4329222f0c11feb872ba0145eb9 WHIRLPOOL 2f5be4d88e48e4ef535e60e050343ef78b2c4fdfa9918e79947e43107d3e8d46272c7c6f1134f4762b48894a9334daed2ddef4fa3843cf4670be54b9bb799714
+EBUILD shorewall-5.1.5.2.ebuild 16128 SHA256 cba49be9d3db23d946b260230f6bac2cfd2a7129b6c28a347c0ddd7990ae87a3 SHA512 2e7819897605c85866379b0bc9afd6bf89b1aacab27fc74917e0eae5816fdc2907201898be665d292c7a49fcfa1d0055e1b983a6881ab4dc83b691d6c2eaf0b6 WHIRLPOOL b0d80a8a547fce661a54ee4968ea875f33f7bfeba97d05b32aad6ab99e0a3471d77453c50cf678a5eb045056f878ea1dc060d92a61a5392294e344f97acee383
+EBUILD shorewall-5.1.6.1.ebuild 16135 SHA256 ba21c1957048088e635f857f9e4c932b1a60318384b9c89daf1822126eaca9e0 SHA512 f820651601fb30da69461a97cb590ebd519f37f0cd28866c64ad8389348b8700e4f25f43661cc4f3bf4ad13ff3cd0211035f528daa53b72b49597fb2a63ab30d WHIRLPOOL 0ecb98e00a3db7b215a3b5489c73912291aa70ff66f284a9653d97db5218bca9891028f8f0af2d60c1354c24c8fc835bbfe3ed26ec0de41b5701eaf9441f6e9a
+EBUILD shorewall-5.1.7.1.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252
+EBUILD shorewall-5.1.7.2.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252
+EBUILD shorewall-5.1.7.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252
+MISC ChangeLog 20688 SHA256 7aae34526acf517056612b27d66a66d7ef22cb12bdfdf6e125386397b50ce3b3 SHA512 82bfaee85f9880adf5e5d0c5c116ee1c12f2cdcf09257419a0fed75c899c77569b2e96250d9eb073bfa0af7d80e241d30da88e0e8f8325ad35042fc511d41d4e WHIRLPOOL 6c24b24142e84fbd8b306ffd357bd7b0345e8cf2d498d6158ce2e9d9291defd6fa9aa40447b7cc1a8660ab76e8d167225fe289d57cb9b7b67c15768aeaed157f
+MISC ChangeLog-2015 45029 SHA256 14c5a921b9bf1d140687dca0c9413f6ac23d4e2e9949fae1ce3b904b740fcbb2 SHA512 1140e3d6294d81b9511f6ef68dcf3d7bf84fa19423a7dde2540f9b96dd5dece1c60c1e02881a5ccf2a9a30fc3b7182ee890d59bc99a11827216106227e1ad5ab WHIRLPOOL fe4e74862743493a9cba6889481a081102977a60ee5ff0d31a155e79ca253e3b7740a93dac2ea3a3496949fcd08a6f99f7fe005836155522762d2df404b39621
+MISC metadata.xml 2254 SHA256 a8cdd75aab250e4e1001054d71fd9cb0e29bf0882de84593068787be2d3ecd3b SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33 WHIRLPOOL 078d62ca37deb03f7097c7d45e3f0fe3106a277a852be3dfafb4dbe59f30a8f618423978d79ff81cd362638eb8d197f8dc40decf49740d74934475fb6266b00d
diff --git a/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch
new file mode 100644
index 000000000000..8b7925d6dceb
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch
@@ -0,0 +1,30 @@
+diff -rupN old/shorewall-init-5.1.7/shorewall-init new/shorewall-init-5.1.7/shorewall-init
+--- old/shorewall-init-5.1.7/shorewall-init 2017-09-18 18:28:43.000000000 +0200
++++ new/shorewall-init-5.1.7/shorewall-init 2017-09-23 15:46:03.489914459 +0200
+@@ -80,10 +80,6 @@ shorewall_start () {
+ fi
+ done
+
+- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+- ipset -R < "$SAVE_IPSETS"
+- fi
+-
+ return 0
+ }
+
+@@ -101,15 +97,6 @@ shorewall_stop () {
+ fi
+ done
+
+- if [ -n "$SAVE_IPSETS" ]; then
+- mkdir -p $(dirname "$SAVE_IPSETS")
+- if ipset -S > "${SAVE_IPSETS}.tmp"; then
+- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
+- else
+- rm -f "${SAVE_IPSETS}.tmp"
+- fi
+- fi
+-
+ return 0
+ }
+
diff --git a/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch
new file mode 100644
index 000000000000..8b60eb245fc0
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch
@@ -0,0 +1,28 @@
+diff -rupN old/shorewall-init-4.6.10.1/shorewall-init new/shorewall-init-4.6.10.1/shorewall-init
+--- old/shorewall-init-4.6.10.1/shorewall-init 2015-06-09 20:02:00.000000000 +0200
++++ new/shorewall-init-4.6.10.1/shorewall-init 2015-06-14 17:16:17.396424059 +0200
+@@ -78,10 +78,6 @@ shorewall_start () {
+ fi
+ done
+
+- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+- ipset -R < "$SAVE_IPSETS"
+- fi
+-
+ return 0
+ }
+
+@@ -99,13 +95,6 @@ shorewall_stop () {
+ fi
+ done
+
+- if [ -n "$SAVE_IPSETS" ]; then
+- mkdir -p $(dirname "$SAVE_IPSETS")
+- if ipset -S > "${SAVE_IPSETS}.tmp"; then
+- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+- fi
+- fi
+-
+ return 0
+ }
+
diff --git a/net-firewall/shorewall/files/shorewall-init.confd b/net-firewall/shorewall/files/shorewall-init.confd
new file mode 100644
index 000000000000..1b126be4e8bf
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-init.confd
@@ -0,0 +1,6 @@
+# List the Shorewall products Shorewall-init should
+# initialize (space-separated list).
+#
+# Sample: PRODUCTS="shorewall shorewall6-lite"
+#
+PRODUCTS=""
diff --git a/net-firewall/shorewall/files/shorewall-init.initd b/net-firewall/shorewall/files/shorewall-init.initd
new file mode 100644
index 000000000000..95873ef5eeee
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-init.initd
@@ -0,0 +1,191 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc"
+CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}"
+
+description="Puts Shorewall in a safe state at boot time"
+description="${description} prior to bringing up the network."
+
+required_files="$SHOREWALLRC_FILE"
+
+depend() {
+ need localmount
+ before net
+ after bootmisc ipset tmpfiles.setup ulogd
+}
+
+
+. $SHOREWALLRC_FILE
+
+checkconfig() {
+ local PRODUCT=
+
+ if [ -z "${VARLIB}" ]; then
+ eerror "\"VARLIB\" isn't defined or empty! Please check" \
+ "\"${SHOREWALLRC_FILE}\"."
+
+ return 1
+ fi
+
+ if [ -z "${PRODUCTS}" ]; then
+ eerror "${SVCNAME} isn't configured! Please check" \
+ "\"${CONFIG_FILE}\"."
+
+ return 1
+ fi
+
+ for PRODUCT in ${PRODUCTS}; do
+ if [ ! -x ${SBINDIR}/${PRODUCT} ]; then
+ eerror "Invalid product \"${PRODUCT}\" specified" \
+ "in \"${CONFIG_FILE}\"!"
+ eerror "Maybe \"${PRODUCT}\" isn't installed?"
+
+ return 1
+ fi
+ done
+
+ return 0
+}
+
+check_firewall_script() {
+ if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then
+ ebegin "Checking \"${STATEDIR}/firewall\""
+ ${SBINDIR}/${PRODUCT} compile -c 1>/dev/null
+ eend $?
+ fi
+
+ if [ ! -x ${STATEDIR}/firewall ]; then
+ eerror "\"${PRODUCT}\" isn't configured!"
+
+ if [ ${PRODUCT} = shorewall-lite -o ${PRODUCT} = shorewall6-lite ]; then
+ eerror "Please go to your 'administrative system'" \
+ "and deploy the compiled firewall" \
+ "configuration for this system."
+ fi
+
+ return 1
+ fi
+
+ return 0
+}
+
+is_allowed_to_be_executed() {
+ # This is not a real service. shorewall-init is an intermediate
+ # script to put your Shorewall-based firewall into a safe state
+ # at boot time prior to bringing up the network.
+ # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz
+ # for more information.
+ # When your system is up, there is no need to call shorewall-init.
+ # Please call shorewall{,6,-lite,6-lite} directly. That's the
+ # reason why we are preventing start, stop or restart here.
+
+ local PRODUCT=
+
+ if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then
+ # Starting shorewall-init is only allowed at boot time
+ eerror "This is a boot service, which can only be started" \
+ "at boot."
+ eerror "If you want to get your shorewall-based firewall" \
+ "into the same safe boot state again, run"
+ eerror ""
+ eindent
+ for PRODUCT in ${PRODUCTS}; do
+ eerror "/etc/init.d/${PRODUCT} stop"
+ done
+ eoutdent
+ eerror ""
+ eerror "Yes, \"stop\" and not start."
+ eerror ""
+ return 1
+ fi
+
+ if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then
+ # Stopping shorewall-init is only allowed at shutdown
+ eerror "This is a boot service, which cannot be stopped."
+ eerror "If you really want to stop your Shorewall-based" \
+ "firewall the same way this service would stop" \
+ "Shorewall at shutdown, please run"
+ eerror ""
+ eindent
+ for PRODUCT in ${PRODUCTS}; do
+ eerror "/etc/init.d/${PRODUCT} clear"
+ done
+ eoutdent
+ eerror ""
+ eerror "Keep in mind that this will clear (=bring down)" \
+ "your firewall!"
+ eerror ""
+ return 1
+ fi
+
+ if [ "${RC_CMD}" = "restart" ]; then
+ eerror "This is a boot service, which cannot be restarted."
+ eerror "If you want to restart any of your Shorewall-based" \
+ "firewalls, run"
+ eerror ""
+ eindent
+ for PRODUCT in ${PRODUCTS}; do
+ eerror "/etc/init.d/${PRODUCT} restart"
+ done
+ eoutdent
+ eerror ""
+ return 1
+ fi
+
+ return 0
+}
+
+set_statedir() {
+ STATEDIR=
+ local VARDIR=
+
+ if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
+ STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} )
+ fi
+
+ [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT}
+}
+
+start_pre() {
+ checkconfig || return 1
+
+ is_allowed_to_be_executed || return 1
+}
+
+start() {
+ local PRODUCT=
+ local STATEDIR=
+
+ for PRODUCT in ${PRODUCTS}; do
+ set_statedir
+
+ check_firewall_script || return 1
+
+ ebegin "Initializing \"${PRODUCT}\""
+ ${STATEDIR}/firewall stop 1>/dev/null
+ eend $?
+ done
+}
+
+stop_pre() {
+ checkconfig || return 1
+
+ is_allowed_to_be_executed || return 1
+}
+
+stop() {
+ local PRODUCT=
+ local STATEDIR=
+
+ for PRODUCT in ${PRODUCTS}; do
+ set_statedir
+
+ check_firewall_script || return 1
+
+ ebegin "Clearing \"${PRODUCT}\""
+ ${STATEDIR}/firewall clear 1>/dev/null
+ eend $?
+ done
+}
diff --git a/net-firewall/shorewall/files/shorewall-init.readme b/net-firewall/shorewall/files/shorewall-init.readme
new file mode 100644
index 000000000000..f7b13fed3de6
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-init.readme
@@ -0,0 +1,30 @@
+shorewall-init from upstream offers two features (taken from [1]):
+
+ 1. It can 'close' the firewall before the network interfaces are
+ brought up during boot.
+
+ 2. It can change the firewall state as the result of interfaces
+ being brought up or taken down.
+
+On Gentoo we only support the first feature -- the firewall lockdown during
+boot.
+
+We do not support the second feature, because Gentoo doesn't support a
+if-{up,down}.d folder like other distributions do. If you would want to use
+such a feature, you would have to add a custom action to /etc/conf.d/net
+(please refer to the Gentoo Linux Handbook [2] for more information).
+If you are able to add your custom {pre,post}{up,down} action, your are
+also able to specify what shorewall{6,-lite,6-lite} should do, so there is
+no need for upstream's scripts in Gentoo.
+
+If you disagree with us, feel free to open a bug [3] and contribute your
+solution for Gentoo.
+
+Upstream's original init script also supports saving and restoring of
+ipsets. Please use the init script from net-firewall/ipset if you need
+such a feature.
+
+
+[1] http://www.shorewall.net/Shorewall-init.html
+[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5
+[3] https://bugs.gentoo.org
diff --git a/net-firewall/shorewall/files/shorewall-init.systemd b/net-firewall/shorewall/files/shorewall-init.systemd
new file mode 100644
index 000000000000..2b4695855f3a
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-init.systemd
@@ -0,0 +1,18 @@
+#
+# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+[Unit]
+Description=shorewall-init
+Documentation=http://www.shorewall.net/Shorewall-init.html
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+StandardOutput=syslog
+ExecStart=/sbin/shorewall-init start
+ExecStop=/sbin/shorewall-init stop
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/shorewall/files/shorewall-lite.confd-r1 b/net-firewall/shorewall/files/shorewall-lite.confd-r1
new file mode 100644
index 000000000000..daef3054274a
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-lite.confd-r1
@@ -0,0 +1,19 @@
+# Global start/restart/stop options
+#
+OPTIONS="-tvv"
+
+# Start options
+#
+STARTOPTIONS=""
+
+# Stop options
+#
+STOPOPTIONS=""
+
+# Reload options
+#
+RELOADOPTIONS=""
+
+# Restart options
+#
+RESTARTOPTIONS=""
diff --git a/net-firewall/shorewall/files/shorewall-lite.initd-r2 b/net-firewall/shorewall/files/shorewall-lite.initd-r2
new file mode 100644
index 000000000000..b319a0e7af2b
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-lite.initd-r2
@@ -0,0 +1,90 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+if [ "${RC_SVCNAME}" = "shorewall6-lite" ]; then
+ PRODUCT_NAME="Shorewall6-Lite"
+ command="/usr/sbin/shorewall6-lite"
+else
+ PRODUCT_NAME="Shorewall-Lite"
+ command="/usr/sbin/shorewall-lite"
+fi
+
+description="The Shoreline Firewall Lite, more commonly known as \"${PRODUCT_NAME}\", is"
+description="${description} a high-level tool for configuring Netfilter."
+
+extra_commands="clear"
+extra_started_commands="reload reset"
+
+description_clear="Clear will remove all rules and chains installed by"
+description_clear="${description_clear} ${PRODUCT_NAME}. The firewall is"
+description_clear="${description_clear} then wide open and unprotected."
+
+description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes"
+description_reload="${description_reload} that the firewall is already started."
+description_reload="${description_reload} Existing connections are maintained."
+
+description_reset="All the packet and byte counters in the firewall are reset."
+
+depend() {
+ provide firewall
+ after ulogd
+}
+
+clear() {
+ ebegin "Clearing all ${RC_SVCNAME} rules and setting policy to ACCEPT"
+ ${command} ${OPTIONS} clear 1>/dev/null
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ${RC_SVCNAME}"
+ ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null
+ eend $?
+}
+
+reset() {
+ ebegin "Resetting the packet and byte counters in ${RC_SVCNAME}"
+ ${command} ${OPTIONS} reset 1>/dev/null
+ eend $?
+}
+
+restart() {
+ local _retval
+ ebegin "Restarting ${RC_SVCNAME}"
+ ${command} status 1>/dev/null
+ _retval=$?
+ if [ ${_retval} = '0' ]; then
+ svc_start
+ else
+ ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
+ fi
+ eend $?
+}
+
+start() {
+ ebegin "Starting ${RC_SVCNAME}"
+ ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
+ eend $?
+}
+
+status() {
+ local _retval
+ ${command} status 1>/dev/null
+ _retval=$?
+ if [ ${_retval} = '0' ]; then
+ einfo 'status: started'
+ mark_service_started "${SVCNAME}"
+ return 0
+ else
+ einfo 'status: stopped'
+ mark_service_stopped "${SVCNAME}"
+ return 3
+ fi
+}
+
+stop() {
+ ebegin "Stopping ${RC_SVCNAME}"
+ ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
+ eend $?
+}
diff --git a/net-firewall/shorewall/files/shorewall-lite.systemd b/net-firewall/shorewall/files/shorewall-lite.systemd
new file mode 100644
index 000000000000..a9d66e732bb1
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall-lite.systemd
@@ -0,0 +1,20 @@
+#
+# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V5.0
+#
+[Unit]
+Description=Shorewall IPv4 firewall lite
+Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html
+Wants=network-online.target
+After=network-online.target
+Conflicts=iptables.service firewalld.service iptables-restore.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/etc/conf.d/shorewall-lite
+StandardOutput=syslog
+ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
+ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/shorewall/files/shorewall.confd-r1 b/net-firewall/shorewall/files/shorewall.confd-r1
new file mode 100644
index 000000000000..daef3054274a
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall.confd-r1
@@ -0,0 +1,19 @@
+# Global start/restart/stop options
+#
+OPTIONS="-tvv"
+
+# Start options
+#
+STARTOPTIONS=""
+
+# Stop options
+#
+STOPOPTIONS=""
+
+# Reload options
+#
+RELOADOPTIONS=""
+
+# Restart options
+#
+RESTARTOPTIONS=""
diff --git a/net-firewall/shorewall/files/shorewall.initd-r2 b/net-firewall/shorewall/files/shorewall.initd-r2
new file mode 100644
index 000000000000..4826610e2216
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall.initd-r2
@@ -0,0 +1,107 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+if [ "${RC_SVCNAME}" = "shorewall6" ]; then
+ PRODUCT_NAME="Shorewall6"
+ command="/usr/sbin/shorewall6"
+else
+ PRODUCT_NAME="Shorewall"
+ command="/usr/sbin/shorewall"
+fi
+
+description="The Shoreline Firewall, more commonly known as \"${PRODUCT_NAME}\", is"
+description="${description} a high-level tool for configuring Netfilter."
+
+extra_commands="check clear"
+extra_started_commands="refresh reload reset"
+
+description_check="Checks if the configuration will compile or not."
+
+description_clear="Clear will remove all rules and chains installed by"
+description_clear="${description_clear} ${PRODUCT_NAME}. The firewall is then"
+description_clear="${description_clear} wide open and unprotected."
+
+description_refresh="The mangle table will be refreshed along with the"
+description_refresh="${description_refresh} blacklist chain (if any)."
+
+description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes"
+description_reload="${description_reload} that the firewall is already started."
+description_reload="${description_reload} Existing connections are maintained."
+
+description_reset="All the packet and byte counters in the firewall are reset."
+
+depend() {
+ provide firewall
+ after ulogd
+}
+
+check() {
+ ebegin "Checking ${RC_SVCNAME} configuration"
+ ${command} ${OPTIONS} check 1>/dev/null
+ eend $?
+}
+
+clear() {
+ ebegin "Clearing all ${RC_SVCNAME} rules and setting policy to ACCEPT"
+ ${command} ${OPTIONS} clear 1>/dev/null
+ eend $?
+}
+
+refresh() {
+ ebegin "Refreshing ${RC_SVCNAME} rules"
+ ${command} ${OPTIONS} refresh 1>/dev/null
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ${RC_SVCNAME}"
+ ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null
+ eend $?
+}
+
+reset() {
+ ebegin "Resetting the packet and byte counters in ${RC_SVCNAME}"
+ ${command} ${OPTIONS} reset 1>/dev/null
+ eend $?
+}
+
+restart() {
+ local _retval
+ ebegin "Restarting ${RC_SVCNAME}"
+ ${command} status 1>/dev/null
+ _retval=$?
+ if [ ${_retval} = '0' ]; then
+ svc_start
+ else
+ ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
+ fi
+ eend $?
+}
+
+start() {
+ ebegin "Starting ${RC_SVCNAME}"
+ ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
+ eend $?
+}
+
+status() {
+ local _retval
+ ${command} status 1>/dev/null
+ _retval=$?
+ if [ ${_retval} = '0' ]; then
+ einfo 'status: started'
+ mark_service_started "${SVCNAME}"
+ return 0
+ else
+ einfo 'status: stopped'
+ mark_service_stopped "${SVCNAME}"
+ return 3
+ fi
+}
+
+stop() {
+ ebegin "Stopping ${RC_SVCNAME}"
+ ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
+ eend $?
+}
diff --git a/net-firewall/shorewall/files/shorewall.systemd b/net-firewall/shorewall/files/shorewall.systemd
new file mode 100644
index 000000000000..0844178b0d1f
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall.systemd
@@ -0,0 +1,20 @@
+#
+# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
+#
+[Unit]
+Description=Shorewall IPv4 firewall
+Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html
+Wants=network-online.target
+After=network-online.target
+Conflicts=iptables.service firewalld.service iptables-restore.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/etc/conf.d/shorewall
+StandardOutput=syslog
+ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
+ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/shorewall/files/shorewall6-lite.confd-r1 b/net-firewall/shorewall/files/shorewall6-lite.confd-r1
new file mode 100644
index 000000000000..daef3054274a
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall6-lite.confd-r1
@@ -0,0 +1,19 @@
+# Global start/restart/stop options
+#
+OPTIONS="-tvv"
+
+# Start options
+#
+STARTOPTIONS=""
+
+# Stop options
+#
+STOPOPTIONS=""
+
+# Reload options
+#
+RELOADOPTIONS=""
+
+# Restart options
+#
+RESTARTOPTIONS=""
diff --git a/net-firewall/shorewall/files/shorewall6-lite.initd-r1 b/net-firewall/shorewall/files/shorewall6-lite.initd-r1
new file mode 100644
index 000000000000..9db79c334513
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall6-lite.initd-r1
@@ -0,0 +1,92 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is'
+description="${description} a high-level tool for configuring Netfilter."
+
+extra_commands="clear"
+extra_started_commands="reload reset"
+
+description_clear="Clear will remove all rules and chains installed by"
+description_clear="${description_clear} Shorewall6 Lite. The firewall is"
+description_clear="${description_clear} then wide open and unprotected."
+
+description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes"
+description_reload="${description_reload} that the firewall is already started."
+description_reload="${description_reload} Existing connections are maintained."
+
+description_reset="All the packet and byte counters in the firewall are reset."
+
+command="/usr/sbin/shorewall6-lite"
+
+depend() {
+ provide firewall
+ after ulogd
+}
+
+status() {
+ local _retval
+ ${command} status 1>/dev/null
+ _retval=$?
+ if [ ${_retval} = '0' ]; then
+ einfo 'status: started'
+ mark_service_started "${SVCNAME}"
+ return 0
+ else
+ einfo 'status: stopped'
+ mark_service_stopped "${SVCNAME}"
+ return 3
+ fi
+}
+
+start() {
+ ebegin "Starting shorewall6-lite"
+ ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping shorewall6-lite"
+ ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
+ eend $?
+}
+
+restart() {
+ # shorewall comes with its own control script that includes a
+ # restart function, so refrain from calling svc_stop/svc_start
+ # here. Note that this comment is required to fix bug 55576;
+ # runscript.sh greps this script... (09 Jul 2004 agriffis)
+
+ ebegin "Restarting shorewall6-lite"
+ ${command} status 1>/dev/null
+ if [ $? != 0 ] ; then
+ svc_start
+ else
+ ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
+ fi
+ eend $?
+}
+
+clear() {
+ # clear will remove all the rules and bring the system to an unfirewalled
+ # state. (21 Nov 2004 eldad)
+
+ ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT"
+ ${command} ${OPTIONS} clear 1>/dev/null
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading shorewall6-lite"
+ ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null
+ eend $?
+}
+
+reset() {
+ # reset the packet and byte counters in the firewall
+
+ ebegin "Resetting the packet and byte counters in shorewall6-lite"
+ ${command} ${OPTIONS} reset 1>/dev/null
+ eend $?
+}
diff --git a/net-firewall/shorewall/files/shorewall6-lite.systemd b/net-firewall/shorewall/files/shorewall6-lite.systemd
new file mode 100644
index 000000000000..5ca1a0d2d1a8
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall6-lite.systemd
@@ -0,0 +1,20 @@
+#
+# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V5.0
+#
+[Unit]
+Description=Shorewall IPv6 firewall lite
+Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html
+Wants=network-online.target
+After=network-online.target
+Conflicts=ip6tables.service firewalld.service ip6tables-restore.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/etc/conf.d/shorewall6-lite
+StandardOutput=syslog
+ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
+ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/shorewall/files/shorewall6.confd-r1 b/net-firewall/shorewall/files/shorewall6.confd-r1
new file mode 100644
index 000000000000..daef3054274a
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall6.confd-r1
@@ -0,0 +1,19 @@
+# Global start/restart/stop options
+#
+OPTIONS="-tvv"
+
+# Start options
+#
+STARTOPTIONS=""
+
+# Stop options
+#
+STOPOPTIONS=""
+
+# Reload options
+#
+RELOADOPTIONS=""
+
+# Restart options
+#
+RESTARTOPTIONS=""
diff --git a/net-firewall/shorewall/files/shorewall6.initd-r1 b/net-firewall/shorewall/files/shorewall6.initd-r1
new file mode 100644
index 000000000000..43a7d1b1f410
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall6.initd-r1
@@ -0,0 +1,117 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is'
+description="${description} a high-level tool for configuring Netfilter."
+
+extra_commands="check clear"
+extra_started_commands="refresh reload reset"
+
+description_check="Checks if the configuration will compile or not."
+
+description_clear="Clear will remove all rules and chains installed by"
+description_clear="${description_clear} Shorewall6. The firewall is then"
+description_clear="${description_clear} wide open and unprotected."
+
+description_refresh="The mangle table will be refreshed along with the"
+description_refresh="${description_refresh} blacklist chain (if any)."
+
+description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes"
+description_reload="${description_reload} that the firewall is already started."
+description_reload="${description_reload} Existing connections are maintained."
+
+description_reset="All the packet and byte counters in the firewall are reset."
+
+command="/usr/sbin/shorewall6"
+
+depend() {
+ provide firewall
+ after ulogd
+}
+
+status() {
+ local _retval
+ ${command} status 1>/dev/null
+ _retval=$?
+ if [ ${_retval} = '0' ]; then
+ einfo 'status: started'
+ mark_service_started "${SVCNAME}"
+ return 0
+ else
+ einfo 'status: stopped'
+ mark_service_stopped "${SVCNAME}"
+ return 3
+ fi
+}
+
+start() {
+ ebegin "Starting shorewall6"
+ ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping shorewall6"
+ ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
+ eend $?
+}
+
+restart() {
+ # shorewall comes with its own control script that includes a
+ # restart function, so refrain from calling svc_stop/svc_start
+ # here. Note that this comment is required to fix bug 55576;
+ # runscript.sh greps this script... (09 Jul 2004 agriffis)
+
+ ebegin "Restarting shorewall6"
+ ${command} status 1>/dev/null
+ if [ $? != 0 ] ; then
+ svc_start
+ else
+ ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
+ fi
+ eend $?
+}
+
+clear() {
+ # clear will remove all the rules and bring the system to an unfirewalled
+ # state. (21 Nov 2004 eldad)
+
+ ebegin "Clearing all shorewall rules and setting policy to ACCEPT"
+ ${command} ${OPTIONS} clear 1>/dev/null
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading shorewall6"
+ ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null
+ eend $?
+}
+
+reset() {
+ # reset the packet and byte counters in the firewall
+
+ ebegin "Resetting the packet and byte counters in shorewall6"
+ ${command} ${OPTIONS} reset 1>/dev/null
+ eend $?
+}
+
+refresh() {
+ # refresh the rules involving the broadcast addresses of firewall
+ # interfaces, the black list, traffic control rules and
+ # ECN control rules
+
+ ebegin "Refreshing shorewall6 rules"
+ ${command} ${OPTIONS} refresh 1>/dev/null
+ eend $?
+}
+
+check() {
+ # perform cursory validation of the zones, interfaces, hosts, rules
+ # and policy files. CAUTION: does not parse and validate the generated
+ # iptables commands.
+
+ ebegin "Checking shorewall6 configuration"
+ ${command} ${OPTIONS} check 1>/dev/null
+ eend $?
+}
diff --git a/net-firewall/shorewall/files/shorewall6.systemd b/net-firewall/shorewall/files/shorewall6.systemd
new file mode 100644
index 000000000000..182c71bd0803
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewall6.systemd
@@ -0,0 +1,20 @@
+#
+# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V5.0
+#
+[Unit]
+Description=Shorewall IPv6 firewall
+Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html
+Wants=network-online.target
+After=network-online.target
+Conflicts=ip6tables.service firewalld.service ip6tables-restore.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/etc/conf.d/shorewall6
+StandardOutput=syslog
+ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS
+ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/shorewall/files/shorewallrc-r1 b/net-firewall/shorewall/files/shorewallrc-r1
new file mode 100644
index 000000000000..3fc48c392404
--- /dev/null
+++ b/net-firewall/shorewall/files/shorewallrc-r1
@@ -0,0 +1,24 @@
+#
+# Gentoo Shorewall 5.1 rc file
+#
+BUILD=gentoo #Default is to detect the build system
+HOST=gentoo #Gentoo GNU Linux
+PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc.
+SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
+LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
+PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
+CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed
+SBINDIR=${PREFIX}/sbin #Directory where system administration programs are installed
+MANDIR=${PREFIX}/share/man #Directory where manpages are installed.
+INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed.
+INITFILE=${PRODUCT} #Name of the product's installed SysV init script
+INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script
+ANNOTATED= #If non-zero, annotated configuration files are installed
+SERVICEDIR=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
+SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file
+SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR
+SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed
+SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
+VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored.
+VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored.
+DEFAULT_PAGER=${PAGER} #Pager to use if none specified in shorewall[6].conf
diff --git a/net-firewall/shorewall/metadata.xml b/net-firewall/shorewall/metadata.xml
new file mode 100644
index 000000000000..e985bb0b02bf
--- /dev/null
+++ b/net-firewall/shorewall/metadata.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>whissi@gentoo.org</email>
+ <name>Thomas Deutschmann</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>netmon@gentoo.org</email>
+ <name>Gentoo network monitoring and analysis project</name>
+ </maintainer>
+ <longdescription lang="en">
+ The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter.
+ You describe your firewall/gateway requirements using entries in a set of configuration files.
+ Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and
+ tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements.
+ Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a
+ standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus
+ take advantage of Netfilter's connection state tracking capabilities.
+
+ Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and
+ there is no "Shorewall process" left running in your system. The /usr/sbin/shorewall program can be used at
+ any time to monitor the Netfilter firewall.
+ </longdescription>
+ <upstream>
+ <doc lang="en">http://shorewall.net/Documentation_Index.html</doc>
+ <remote-id type="sourceforge">shorewall</remote-id>
+ </upstream>
+ <use>
+ <flag name="init">Adds the capability to place the firewall in a safe state prior to bringing up the network interfaces</flag>
+ <flag name="ipv4">Installs everything needed to create a full IPv4 firewall</flag>
+ <flag name="ipv6">Adds the capability to create a full IPv6 firewall (requires <pkg>net-firewall/shorewall</pkg> ipv4 USE flag)</flag>
+ <flag name="lite4">Installs everything needed to just *run* an IPv4 compiled firewall script created with <pkg>net-firewall/shorewall</pkg> ipv4 USE flag</flag>
+ <flag name="lite6">Installs everything needed to just *run* an IPv6 compiled firewall script created with <pkg>net-firewall/shorewall</pkg> ipv6 USE flag</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-firewall/shorewall/shorewall-5.1.5.2.ebuild b/net-firewall/shorewall/shorewall-5.1.5.2.ebuild
new file mode 100644
index 000000000000..20be5c54927e
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.1.5.2.ebuild
@@ -0,0 +1,456 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info prefix systemd versionator
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="http://www.shorewall.net/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+ MY_URL_PREFIX='development/'
+
+ _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
+ _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
+ if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
+ MY_URL_SUFFIX="-${_tmp_suffix}"
+ fi
+
+ # Cleaning up temporary variables
+ unset _tmp_last_index
+ unset _tmp_suffix
+else
+ KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
+fi
+
+SRC_URI="
+ http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+ ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+ ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+ lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+ lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+ init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+ doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+# that's why we force the user to select at least one "real" Shorewall product
+#
+# See http://shorewall.net/download.htm#Which
+REQUIRED_USE="
+ ipv6? ( ipv4 )
+ || ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.20
+ >=sys-apps/iproute2-3.8.0[-minimal]
+ >=sys-devel/bc-1.06.95
+ ipv4? (
+ >=dev-lang/perl-5.16
+ virtual/perl-Digest-SHA
+ )
+ ipv6? (
+ >=dev-perl/Socket6-0.230.0
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ lite6? (
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ init? ( >=sys-apps/coreutils-8.20 )
+ selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+ !net-firewall/shorewall-core
+ !net-firewall/shorewall6
+ !net-firewall/shorewall-lite
+ !net-firewall/shorewall6-lite
+ !net-firewall/shorewall-init
+ !<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+ local CONFIG_CHECK="~NF_CONNTRACK"
+
+ local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+ local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+ if use ipv4 || use lite4; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+ local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+ local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+ fi
+
+ if use ipv6 || use lite6; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+ local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+ local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+ fi
+
+ check_extra_config
+}
+
+pkg_setup() {
+ if [[ -n "${DIGEST}" ]]; then
+ einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+ unset DIGEST
+ fi
+}
+
+src_prepare() {
+ # We are moving each unpacked source from MY_P_* to MY_PN_*.
+ # This allows us to use patches from upstream and keeps epatch_user working
+
+ einfo "Preparing shorewallrc ..."
+ cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+ eprefixify "${S}"/shorewallrc.gentoo
+
+ # shorewall-core
+ mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+ ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ eend 0
+
+ # shorewall
+ if use ipv4; then
+ mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-init
+ if use init; then
+ mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+ cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+ cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+ cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+ eend 0
+
+ eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+ cd "${S}"/${MY_PN_INIT} || die
+ eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality.patch
+ cd "${S}" || die
+ fi
+
+ # shorewall-docs-html
+ if use doc; then
+ mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+ fi
+
+ eapply_user
+}
+
+src_configure() {
+ :;
+}
+
+src_compile() {
+ :;
+}
+
+src_install() {
+ # shorewall-core
+ einfo "Installing ${MY_P_CORE} ..."
+ DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+ dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+ # shorewall
+ if use ipv4; then
+ einfo "Installing ${MY_P_IPV4} ..."
+ keepdir /var/lib/shorewall
+ DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+ fi
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ einfo "Installing ${MY_P_IPV6} ..."
+ keepdir /var/lib/shorewall6
+ DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+ fi
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ einfo "Installing ${MY_P_LITE4} ..."
+ keepdir /var/lib/shorewall-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ einfo "Installing ${MY_P_LITE6} ..."
+ keepdir /var/lib/shorewall6-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+ fi
+
+ # shorewall-init
+ if use init; then
+ einfo "Installing ${MY_P_INIT} ..."
+ DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+ dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+ if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
+ # On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+ # so we don't need a logrotate configuration file for shorewall-init
+ einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
+ rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
+ fi
+
+ if [[ -d "${D}etc/NetworkManager" ]]; then
+ # On Gentoo, we don't support NetworkManager
+ # so we don't need this folder at all
+ einfo "Removing unused \"${D}etc/NetworkManager\" ..."
+ rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
+ fi
+
+ if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
+ # This script isn't supported on Gentoo
+ rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
+ fi
+ fi
+
+ if use doc; then
+ einfo "Installing ${MY_P_DOCS} ..."
+ docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+ fi
+}
+
+pkg_postinst() {
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+
+ # Show first steps for shorewall/shorewall6
+ local _PRODUCTS=""
+ if use ipv4; then
+ _PRODUCTS="shorewall"
+
+ if use ipv6; then
+ _PRODUCTS="${_PRODUCTS}/shorewall6"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+ elog ""
+ elog " /etc/shorewall/shorewall.conf"
+
+ if use ipv6; then
+ elog " /etc/shorewall6/shorewall6.conf"
+ fi
+
+ elog ""
+ elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+ elog ""
+ elog " # rc-update add shorewall default"
+
+ if use ipv6; then
+ elog " # rc-update add shorewall6 default"
+ fi
+ fi
+
+ # Show first steps for shorewall-lite/shorewall6-lite
+ _PRODUCTS=""
+ if use lite4; then
+ _PRODUCTS="shorewall-lite"
+ fi
+
+ if use lite6; then
+ if [[ -z "${_PRODUCTS}" ]]; then
+ _PRODUCTS="shorewall6-lite"
+ else
+ _PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ if use ipv4; then
+ elog ""
+ fi
+
+ elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+ elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+ elog ""
+ elog "To read more about ${_PRODUCTS}, please visit"
+ elog " http://shorewall.net/CompiledPrograms.html"
+ elog ""
+ elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+ elog ""
+
+ if use lite4; then
+ elog " # rc-update add shorewall-lite default"
+ fi
+
+ if use lite6; then
+ elog " # rc-update add shorewall6-lite default"
+ fi
+ fi
+
+ if use init; then
+ elog ""
+ elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+ elog ""
+ elog " # rc-update add shorewall-init boot"
+ elog ""
+ elog "and review \$PRODUCTS in"
+ elog ""
+ elog " /etc/conf.d/shorewall-init"
+ fi
+
+ fi
+
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+ # This is an upgrade
+
+ elog "You are upgrading from a previous major version. It is highly recommended that you read"
+ elog ""
+ elog " - /usr/share/doc/shorewall*/releasenotes.tx*"
+ elog " - http://shorewall.net/Shorewall-5.html#idp51151872"
+
+ if use ipv4; then
+ elog ""
+ elog "You can auto-migrate your configuration using"
+ elog ""
+ elog " # shorewall update -A"
+
+ if use ipv6; then
+ elog " # shorewall6 update -A"
+ fi
+
+ elog ""
+ elog "*after* you have merged the changed files using one of the configuration"
+ elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+ elog ""
+ elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+ elog "please read the shorewall[6] man page first."
+ fi
+
+ # Show this elog only once
+ break
+ fi
+ done
+
+ if ! use init; then
+ elog ""
+ elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+ elog "before your shorewall-based firewall is ready to start."
+ elog ""
+ elog "To read more about shorewall-init, please visit"
+ elog " http://www.shorewall.net/Shorewall-init.html"
+ fi
+
+ if ! has_version "net-firewall/conntrack-tools"; then
+ elog ""
+ elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+ elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+ fi
+
+ if ! has_version "dev-perl/Devel-NYTProf"; then
+ elog ""
+ elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+ fi
+}
diff --git a/net-firewall/shorewall/shorewall-5.1.6.1.ebuild b/net-firewall/shorewall/shorewall-5.1.6.1.ebuild
new file mode 100644
index 000000000000..ea2ef11ce095
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.1.6.1.ebuild
@@ -0,0 +1,456 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info prefix systemd versionator
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="http://www.shorewall.net/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+ MY_URL_PREFIX='development/'
+
+ _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
+ _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
+ if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
+ MY_URL_SUFFIX="-${_tmp_suffix}"
+ fi
+
+ # Cleaning up temporary variables
+ unset _tmp_last_index
+ unset _tmp_suffix
+else
+ KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+SRC_URI="
+ http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+ ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+ ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+ lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+ lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+ init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+ doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+# that's why we force the user to select at least one "real" Shorewall product
+#
+# See http://shorewall.net/download.htm#Which
+REQUIRED_USE="
+ ipv6? ( ipv4 )
+ || ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.20
+ >=sys-apps/iproute2-3.8.0[-minimal]
+ >=sys-devel/bc-1.06.95
+ ipv4? (
+ >=dev-lang/perl-5.16
+ virtual/perl-Digest-SHA
+ )
+ ipv6? (
+ >=dev-perl/Socket6-0.230.0
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ lite6? (
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ init? ( >=sys-apps/coreutils-8.20 )
+ selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+ !net-firewall/shorewall-core
+ !net-firewall/shorewall6
+ !net-firewall/shorewall-lite
+ !net-firewall/shorewall6-lite
+ !net-firewall/shorewall-init
+ !<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+ local CONFIG_CHECK="~NF_CONNTRACK"
+
+ local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+ local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+ if use ipv4 || use lite4; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+ local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+ local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+ fi
+
+ if use ipv6 || use lite6; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+ local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+ local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+ fi
+
+ check_extra_config
+}
+
+pkg_setup() {
+ if [[ -n "${DIGEST}" ]]; then
+ einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+ unset DIGEST
+ fi
+}
+
+src_prepare() {
+ # We are moving each unpacked source from MY_P_* to MY_PN_*.
+ # This allows us to use patches from upstream and keeps epatch_user working
+
+ einfo "Preparing shorewallrc ..."
+ cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+ eprefixify "${S}"/shorewallrc.gentoo
+
+ # shorewall-core
+ mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+ ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ eend 0
+
+ # shorewall
+ if use ipv4; then
+ mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-init
+ if use init; then
+ mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+ cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+ cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+ cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+ eend 0
+
+ eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+ cd "${S}"/${MY_PN_INIT} || die
+ eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality.patch
+ cd "${S}" || die
+ fi
+
+ # shorewall-docs-html
+ if use doc; then
+ mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+ fi
+
+ eapply_user
+}
+
+src_configure() {
+ :;
+}
+
+src_compile() {
+ :;
+}
+
+src_install() {
+ # shorewall-core
+ einfo "Installing ${MY_P_CORE} ..."
+ DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+ dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+ # shorewall
+ if use ipv4; then
+ einfo "Installing ${MY_P_IPV4} ..."
+ keepdir /var/lib/shorewall
+ DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+ fi
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ einfo "Installing ${MY_P_IPV6} ..."
+ keepdir /var/lib/shorewall6
+ DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+ fi
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ einfo "Installing ${MY_P_LITE4} ..."
+ keepdir /var/lib/shorewall-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ einfo "Installing ${MY_P_LITE6} ..."
+ keepdir /var/lib/shorewall6-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+ fi
+
+ # shorewall-init
+ if use init; then
+ einfo "Installing ${MY_P_INIT} ..."
+ DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+ dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+ if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
+ # On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+ # so we don't need a logrotate configuration file for shorewall-init
+ einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
+ rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
+ fi
+
+ if [[ -d "${D}etc/NetworkManager" ]]; then
+ # On Gentoo, we don't support NetworkManager
+ # so we don't need this folder at all
+ einfo "Removing unused \"${D}etc/NetworkManager\" ..."
+ rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
+ fi
+
+ if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
+ # This script isn't supported on Gentoo
+ rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
+ fi
+ fi
+
+ if use doc; then
+ einfo "Installing ${MY_P_DOCS} ..."
+ docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+ fi
+}
+
+pkg_postinst() {
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+
+ # Show first steps for shorewall/shorewall6
+ local _PRODUCTS=""
+ if use ipv4; then
+ _PRODUCTS="shorewall"
+
+ if use ipv6; then
+ _PRODUCTS="${_PRODUCTS}/shorewall6"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+ elog ""
+ elog " /etc/shorewall/shorewall.conf"
+
+ if use ipv6; then
+ elog " /etc/shorewall6/shorewall6.conf"
+ fi
+
+ elog ""
+ elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+ elog ""
+ elog " # rc-update add shorewall default"
+
+ if use ipv6; then
+ elog " # rc-update add shorewall6 default"
+ fi
+ fi
+
+ # Show first steps for shorewall-lite/shorewall6-lite
+ _PRODUCTS=""
+ if use lite4; then
+ _PRODUCTS="shorewall-lite"
+ fi
+
+ if use lite6; then
+ if [[ -z "${_PRODUCTS}" ]]; then
+ _PRODUCTS="shorewall6-lite"
+ else
+ _PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ if use ipv4; then
+ elog ""
+ fi
+
+ elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+ elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+ elog ""
+ elog "To read more about ${_PRODUCTS}, please visit"
+ elog " http://shorewall.net/CompiledPrograms.html"
+ elog ""
+ elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+ elog ""
+
+ if use lite4; then
+ elog " # rc-update add shorewall-lite default"
+ fi
+
+ if use lite6; then
+ elog " # rc-update add shorewall6-lite default"
+ fi
+ fi
+
+ if use init; then
+ elog ""
+ elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+ elog ""
+ elog " # rc-update add shorewall-init boot"
+ elog ""
+ elog "and review \$PRODUCTS in"
+ elog ""
+ elog " /etc/conf.d/shorewall-init"
+ fi
+
+ fi
+
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+ # This is an upgrade
+
+ elog "You are upgrading from a previous major version. It is highly recommended that you read"
+ elog ""
+ elog " - /usr/share/doc/shorewall*/releasenotes.tx*"
+ elog " - http://shorewall.net/Shorewall-5.html#idp51151872"
+
+ if use ipv4; then
+ elog ""
+ elog "You can auto-migrate your configuration using"
+ elog ""
+ elog " # shorewall update -A"
+
+ if use ipv6; then
+ elog " # shorewall6 update -A"
+ fi
+
+ elog ""
+ elog "*after* you have merged the changed files using one of the configuration"
+ elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+ elog ""
+ elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+ elog "please read the shorewall[6] man page first."
+ fi
+
+ # Show this elog only once
+ break
+ fi
+ done
+
+ if ! use init; then
+ elog ""
+ elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+ elog "before your shorewall-based firewall is ready to start."
+ elog ""
+ elog "To read more about shorewall-init, please visit"
+ elog " http://www.shorewall.net/Shorewall-init.html"
+ fi
+
+ if ! has_version "net-firewall/conntrack-tools"; then
+ elog ""
+ elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+ elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+ fi
+
+ if ! has_version "dev-perl/Devel-NYTProf"; then
+ elog ""
+ elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+ fi
+}
diff --git a/net-firewall/shorewall/shorewall-5.1.7.1.ebuild b/net-firewall/shorewall/shorewall-5.1.7.1.ebuild
new file mode 100644
index 000000000000..3b7545ca47d4
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.1.7.1.ebuild
@@ -0,0 +1,456 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info prefix systemd versionator
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="http://www.shorewall.net/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+ MY_URL_PREFIX='development/'
+
+ _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
+ _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
+ if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
+ MY_URL_SUFFIX="-${_tmp_suffix}"
+ fi
+
+ # Cleaning up temporary variables
+ unset _tmp_last_index
+ unset _tmp_suffix
+else
+ KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+SRC_URI="
+ http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+ ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+ ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+ lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+ lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+ init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+ doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+# that's why we force the user to select at least one "real" Shorewall product
+#
+# See http://shorewall.net/download.htm#Which
+REQUIRED_USE="
+ ipv6? ( ipv4 )
+ || ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.20
+ >=sys-apps/iproute2-3.8.0[-minimal]
+ >=sys-devel/bc-1.06.95
+ ipv4? (
+ >=dev-lang/perl-5.16
+ virtual/perl-Digest-SHA
+ )
+ ipv6? (
+ >=dev-perl/Socket6-0.230.0
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ lite6? (
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ init? ( >=sys-apps/coreutils-8.20 )
+ selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+ !net-firewall/shorewall-core
+ !net-firewall/shorewall6
+ !net-firewall/shorewall-lite
+ !net-firewall/shorewall6-lite
+ !net-firewall/shorewall-init
+ !<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+ local CONFIG_CHECK="~NF_CONNTRACK"
+
+ local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+ local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+ if use ipv4 || use lite4; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+ local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+ local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+ fi
+
+ if use ipv6 || use lite6; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+ local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+ local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+ fi
+
+ check_extra_config
+}
+
+pkg_setup() {
+ if [[ -n "${DIGEST}" ]]; then
+ einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+ unset DIGEST
+ fi
+}
+
+src_prepare() {
+ # We are moving each unpacked source from MY_P_* to MY_PN_*.
+ # This allows us to use patches from upstream and keeps epatch_user working
+
+ einfo "Preparing shorewallrc ..."
+ cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+ eprefixify "${S}"/shorewallrc.gentoo
+
+ # shorewall-core
+ mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+ ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ eend 0
+
+ # shorewall
+ if use ipv4; then
+ mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-init
+ if use init; then
+ mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+ cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+ cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+ cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+ eend 0
+
+ eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+ cd "${S}"/${MY_PN_INIT} || die
+ eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch
+ cd "${S}" || die
+ fi
+
+ # shorewall-docs-html
+ if use doc; then
+ mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+ fi
+
+ eapply_user
+}
+
+src_configure() {
+ :;
+}
+
+src_compile() {
+ :;
+}
+
+src_install() {
+ # shorewall-core
+ einfo "Installing ${MY_P_CORE} ..."
+ DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+ dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+ # shorewall
+ if use ipv4; then
+ einfo "Installing ${MY_P_IPV4} ..."
+ keepdir /var/lib/shorewall
+ DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+ fi
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ einfo "Installing ${MY_P_IPV6} ..."
+ keepdir /var/lib/shorewall6
+ DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+ fi
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ einfo "Installing ${MY_P_LITE4} ..."
+ keepdir /var/lib/shorewall-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ einfo "Installing ${MY_P_LITE6} ..."
+ keepdir /var/lib/shorewall6-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+ fi
+
+ # shorewall-init
+ if use init; then
+ einfo "Installing ${MY_P_INIT} ..."
+ DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+ dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+ if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
+ # On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+ # so we don't need a logrotate configuration file for shorewall-init
+ einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
+ rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
+ fi
+
+ if [[ -d "${D}etc/NetworkManager" ]]; then
+ # On Gentoo, we don't support NetworkManager
+ # so we don't need this folder at all
+ einfo "Removing unused \"${D}etc/NetworkManager\" ..."
+ rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
+ fi
+
+ if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
+ # This script isn't supported on Gentoo
+ rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
+ fi
+ fi
+
+ if use doc; then
+ einfo "Installing ${MY_P_DOCS} ..."
+ docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+ fi
+}
+
+pkg_postinst() {
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+
+ # Show first steps for shorewall/shorewall6
+ local _PRODUCTS=""
+ if use ipv4; then
+ _PRODUCTS="shorewall"
+
+ if use ipv6; then
+ _PRODUCTS="${_PRODUCTS}/shorewall6"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+ elog ""
+ elog " /etc/shorewall/shorewall.conf"
+
+ if use ipv6; then
+ elog " /etc/shorewall6/shorewall6.conf"
+ fi
+
+ elog ""
+ elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+ elog ""
+ elog " # rc-update add shorewall default"
+
+ if use ipv6; then
+ elog " # rc-update add shorewall6 default"
+ fi
+ fi
+
+ # Show first steps for shorewall-lite/shorewall6-lite
+ _PRODUCTS=""
+ if use lite4; then
+ _PRODUCTS="shorewall-lite"
+ fi
+
+ if use lite6; then
+ if [[ -z "${_PRODUCTS}" ]]; then
+ _PRODUCTS="shorewall6-lite"
+ else
+ _PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ if use ipv4; then
+ elog ""
+ fi
+
+ elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+ elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+ elog ""
+ elog "To read more about ${_PRODUCTS}, please visit"
+ elog " http://shorewall.net/CompiledPrograms.html"
+ elog ""
+ elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+ elog ""
+
+ if use lite4; then
+ elog " # rc-update add shorewall-lite default"
+ fi
+
+ if use lite6; then
+ elog " # rc-update add shorewall6-lite default"
+ fi
+ fi
+
+ if use init; then
+ elog ""
+ elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+ elog ""
+ elog " # rc-update add shorewall-init boot"
+ elog ""
+ elog "and review \$PRODUCTS in"
+ elog ""
+ elog " /etc/conf.d/shorewall-init"
+ fi
+
+ fi
+
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+ # This is an upgrade
+
+ elog "You are upgrading from a previous major version. It is highly recommended that you read"
+ elog ""
+ elog " - /usr/share/doc/shorewall*/releasenotes.tx*"
+ elog " - http://shorewall.net/Shorewall-5.html#idp51151872"
+
+ if use ipv4; then
+ elog ""
+ elog "You can auto-migrate your configuration using"
+ elog ""
+ elog " # shorewall update -A"
+
+ if use ipv6; then
+ elog " # shorewall6 update -A"
+ fi
+
+ elog ""
+ elog "*after* you have merged the changed files using one of the configuration"
+ elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+ elog ""
+ elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+ elog "please read the shorewall[6] man page first."
+ fi
+
+ # Show this elog only once
+ break
+ fi
+ done
+
+ if ! use init; then
+ elog ""
+ elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+ elog "before your shorewall-based firewall is ready to start."
+ elog ""
+ elog "To read more about shorewall-init, please visit"
+ elog " http://www.shorewall.net/Shorewall-init.html"
+ fi
+
+ if ! has_version "net-firewall/conntrack-tools"; then
+ elog ""
+ elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+ elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+ fi
+
+ if ! has_version "dev-perl/Devel-NYTProf"; then
+ elog ""
+ elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+ fi
+}
diff --git a/net-firewall/shorewall/shorewall-5.1.7.2.ebuild b/net-firewall/shorewall/shorewall-5.1.7.2.ebuild
new file mode 100644
index 000000000000..3b7545ca47d4
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.1.7.2.ebuild
@@ -0,0 +1,456 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info prefix systemd versionator
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="http://www.shorewall.net/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+ MY_URL_PREFIX='development/'
+
+ _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
+ _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
+ if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
+ MY_URL_SUFFIX="-${_tmp_suffix}"
+ fi
+
+ # Cleaning up temporary variables
+ unset _tmp_last_index
+ unset _tmp_suffix
+else
+ KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+SRC_URI="
+ http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+ ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+ ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+ lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+ lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+ init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+ doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+# that's why we force the user to select at least one "real" Shorewall product
+#
+# See http://shorewall.net/download.htm#Which
+REQUIRED_USE="
+ ipv6? ( ipv4 )
+ || ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.20
+ >=sys-apps/iproute2-3.8.0[-minimal]
+ >=sys-devel/bc-1.06.95
+ ipv4? (
+ >=dev-lang/perl-5.16
+ virtual/perl-Digest-SHA
+ )
+ ipv6? (
+ >=dev-perl/Socket6-0.230.0
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ lite6? (
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ init? ( >=sys-apps/coreutils-8.20 )
+ selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+ !net-firewall/shorewall-core
+ !net-firewall/shorewall6
+ !net-firewall/shorewall-lite
+ !net-firewall/shorewall6-lite
+ !net-firewall/shorewall-init
+ !<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+ local CONFIG_CHECK="~NF_CONNTRACK"
+
+ local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+ local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+ if use ipv4 || use lite4; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+ local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+ local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+ fi
+
+ if use ipv6 || use lite6; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+ local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+ local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+ fi
+
+ check_extra_config
+}
+
+pkg_setup() {
+ if [[ -n "${DIGEST}" ]]; then
+ einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+ unset DIGEST
+ fi
+}
+
+src_prepare() {
+ # We are moving each unpacked source from MY_P_* to MY_PN_*.
+ # This allows us to use patches from upstream and keeps epatch_user working
+
+ einfo "Preparing shorewallrc ..."
+ cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+ eprefixify "${S}"/shorewallrc.gentoo
+
+ # shorewall-core
+ mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+ ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ eend 0
+
+ # shorewall
+ if use ipv4; then
+ mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-init
+ if use init; then
+ mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+ cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+ cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+ cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+ eend 0
+
+ eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+ cd "${S}"/${MY_PN_INIT} || die
+ eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch
+ cd "${S}" || die
+ fi
+
+ # shorewall-docs-html
+ if use doc; then
+ mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+ fi
+
+ eapply_user
+}
+
+src_configure() {
+ :;
+}
+
+src_compile() {
+ :;
+}
+
+src_install() {
+ # shorewall-core
+ einfo "Installing ${MY_P_CORE} ..."
+ DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+ dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+ # shorewall
+ if use ipv4; then
+ einfo "Installing ${MY_P_IPV4} ..."
+ keepdir /var/lib/shorewall
+ DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+ fi
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ einfo "Installing ${MY_P_IPV6} ..."
+ keepdir /var/lib/shorewall6
+ DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+ fi
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ einfo "Installing ${MY_P_LITE4} ..."
+ keepdir /var/lib/shorewall-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ einfo "Installing ${MY_P_LITE6} ..."
+ keepdir /var/lib/shorewall6-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+ fi
+
+ # shorewall-init
+ if use init; then
+ einfo "Installing ${MY_P_INIT} ..."
+ DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+ dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+ if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
+ # On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+ # so we don't need a logrotate configuration file for shorewall-init
+ einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
+ rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
+ fi
+
+ if [[ -d "${D}etc/NetworkManager" ]]; then
+ # On Gentoo, we don't support NetworkManager
+ # so we don't need this folder at all
+ einfo "Removing unused \"${D}etc/NetworkManager\" ..."
+ rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
+ fi
+
+ if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
+ # This script isn't supported on Gentoo
+ rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
+ fi
+ fi
+
+ if use doc; then
+ einfo "Installing ${MY_P_DOCS} ..."
+ docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+ fi
+}
+
+pkg_postinst() {
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+
+ # Show first steps for shorewall/shorewall6
+ local _PRODUCTS=""
+ if use ipv4; then
+ _PRODUCTS="shorewall"
+
+ if use ipv6; then
+ _PRODUCTS="${_PRODUCTS}/shorewall6"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+ elog ""
+ elog " /etc/shorewall/shorewall.conf"
+
+ if use ipv6; then
+ elog " /etc/shorewall6/shorewall6.conf"
+ fi
+
+ elog ""
+ elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+ elog ""
+ elog " # rc-update add shorewall default"
+
+ if use ipv6; then
+ elog " # rc-update add shorewall6 default"
+ fi
+ fi
+
+ # Show first steps for shorewall-lite/shorewall6-lite
+ _PRODUCTS=""
+ if use lite4; then
+ _PRODUCTS="shorewall-lite"
+ fi
+
+ if use lite6; then
+ if [[ -z "${_PRODUCTS}" ]]; then
+ _PRODUCTS="shorewall6-lite"
+ else
+ _PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ if use ipv4; then
+ elog ""
+ fi
+
+ elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+ elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+ elog ""
+ elog "To read more about ${_PRODUCTS}, please visit"
+ elog " http://shorewall.net/CompiledPrograms.html"
+ elog ""
+ elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+ elog ""
+
+ if use lite4; then
+ elog " # rc-update add shorewall-lite default"
+ fi
+
+ if use lite6; then
+ elog " # rc-update add shorewall6-lite default"
+ fi
+ fi
+
+ if use init; then
+ elog ""
+ elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+ elog ""
+ elog " # rc-update add shorewall-init boot"
+ elog ""
+ elog "and review \$PRODUCTS in"
+ elog ""
+ elog " /etc/conf.d/shorewall-init"
+ fi
+
+ fi
+
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+ # This is an upgrade
+
+ elog "You are upgrading from a previous major version. It is highly recommended that you read"
+ elog ""
+ elog " - /usr/share/doc/shorewall*/releasenotes.tx*"
+ elog " - http://shorewall.net/Shorewall-5.html#idp51151872"
+
+ if use ipv4; then
+ elog ""
+ elog "You can auto-migrate your configuration using"
+ elog ""
+ elog " # shorewall update -A"
+
+ if use ipv6; then
+ elog " # shorewall6 update -A"
+ fi
+
+ elog ""
+ elog "*after* you have merged the changed files using one of the configuration"
+ elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+ elog ""
+ elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+ elog "please read the shorewall[6] man page first."
+ fi
+
+ # Show this elog only once
+ break
+ fi
+ done
+
+ if ! use init; then
+ elog ""
+ elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+ elog "before your shorewall-based firewall is ready to start."
+ elog ""
+ elog "To read more about shorewall-init, please visit"
+ elog " http://www.shorewall.net/Shorewall-init.html"
+ fi
+
+ if ! has_version "net-firewall/conntrack-tools"; then
+ elog ""
+ elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+ elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+ fi
+
+ if ! has_version "dev-perl/Devel-NYTProf"; then
+ elog ""
+ elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+ fi
+}
diff --git a/net-firewall/shorewall/shorewall-5.1.7.ebuild b/net-firewall/shorewall/shorewall-5.1.7.ebuild
new file mode 100644
index 000000000000..3b7545ca47d4
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.1.7.ebuild
@@ -0,0 +1,456 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info prefix systemd versionator
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="http://www.shorewall.net/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+ MY_URL_PREFIX='development/'
+
+ _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
+ _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
+ if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
+ MY_URL_SUFFIX="-${_tmp_suffix}"
+ fi
+
+ # Cleaning up temporary variables
+ unset _tmp_last_index
+ unset _tmp_suffix
+else
+ KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+SRC_URI="
+ http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+ ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+ ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+ lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+ lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+ init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+ doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+# that's why we force the user to select at least one "real" Shorewall product
+#
+# See http://shorewall.net/download.htm#Which
+REQUIRED_USE="
+ ipv6? ( ipv4 )
+ || ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+ >=net-firewall/iptables-1.4.20
+ >=sys-apps/iproute2-3.8.0[-minimal]
+ >=sys-devel/bc-1.06.95
+ ipv4? (
+ >=dev-lang/perl-5.16
+ virtual/perl-Digest-SHA
+ )
+ ipv6? (
+ >=dev-perl/Socket6-0.230.0
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ lite6? (
+ >=net-firewall/iptables-1.4.20[ipv6]
+ >=sys-apps/iproute2-3.8.0[ipv6]
+ )
+ init? ( >=sys-apps/coreutils-8.20 )
+ selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+ !net-firewall/shorewall-core
+ !net-firewall/shorewall6
+ !net-firewall/shorewall-lite
+ !net-firewall/shorewall6-lite
+ !net-firewall/shorewall-init
+ !<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+ local CONFIG_CHECK="~NF_CONNTRACK"
+
+ local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+ local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+ if use ipv4 || use lite4; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+ local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+ local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+ fi
+
+ if use ipv6 || use lite6; then
+ CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+ local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+ local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+ fi
+
+ check_extra_config
+}
+
+pkg_setup() {
+ if [[ -n "${DIGEST}" ]]; then
+ einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+ unset DIGEST
+ fi
+}
+
+src_prepare() {
+ # We are moving each unpacked source from MY_P_* to MY_PN_*.
+ # This allows us to use patches from upstream and keeps epatch_user working
+
+ einfo "Preparing shorewallrc ..."
+ cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+ eprefixify "${S}"/shorewallrc.gentoo
+
+ # shorewall-core
+ mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+ ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ eend 0
+
+ # shorewall
+ if use ipv4; then
+ mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+ cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+ cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+ eend 0
+ fi
+
+ # shorewall-init
+ if use init; then
+ mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+ ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+ ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+ cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+ cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+ cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+ cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+ eend 0
+
+ eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+ cd "${S}"/${MY_PN_INIT} || die
+ eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch
+ cd "${S}" || die
+ fi
+
+ # shorewall-docs-html
+ if use doc; then
+ mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+ fi
+
+ eapply_user
+}
+
+src_configure() {
+ :;
+}
+
+src_compile() {
+ :;
+}
+
+src_install() {
+ # shorewall-core
+ einfo "Installing ${MY_P_CORE} ..."
+ DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+ dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+ # shorewall
+ if use ipv4; then
+ einfo "Installing ${MY_P_IPV4} ..."
+ keepdir /var/lib/shorewall
+ DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+ fi
+ fi
+
+ # shorewall6
+ if use ipv6; then
+ einfo "Installing ${MY_P_IPV6} ..."
+ keepdir /var/lib/shorewall6
+ DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+
+ if use doc; then
+ dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+ fi
+ fi
+
+ # shorewall-lite
+ if use lite4; then
+ einfo "Installing ${MY_P_LITE4} ..."
+ keepdir /var/lib/shorewall-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+ fi
+
+ # shorewall6-lite
+ if use lite6; then
+ einfo "Installing ${MY_P_LITE6} ..."
+ keepdir /var/lib/shorewall6-lite
+ DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+ fi
+
+ # shorewall-init
+ if use init; then
+ einfo "Installing ${MY_P_INIT} ..."
+ DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+ dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+ if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
+ # On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+ # so we don't need a logrotate configuration file for shorewall-init
+ einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
+ rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
+ fi
+
+ if [[ -d "${D}etc/NetworkManager" ]]; then
+ # On Gentoo, we don't support NetworkManager
+ # so we don't need this folder at all
+ einfo "Removing unused \"${D}etc/NetworkManager\" ..."
+ rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
+ fi
+
+ if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
+ # This script isn't supported on Gentoo
+ rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
+ fi
+ fi
+
+ if use doc; then
+ einfo "Installing ${MY_P_DOCS} ..."
+ docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+ fi
+}
+
+pkg_postinst() {
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+
+ # Show first steps for shorewall/shorewall6
+ local _PRODUCTS=""
+ if use ipv4; then
+ _PRODUCTS="shorewall"
+
+ if use ipv6; then
+ _PRODUCTS="${_PRODUCTS}/shorewall6"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+ elog ""
+ elog " /etc/shorewall/shorewall.conf"
+
+ if use ipv6; then
+ elog " /etc/shorewall6/shorewall6.conf"
+ fi
+
+ elog ""
+ elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+ elog ""
+ elog " # rc-update add shorewall default"
+
+ if use ipv6; then
+ elog " # rc-update add shorewall6 default"
+ fi
+ fi
+
+ # Show first steps for shorewall-lite/shorewall6-lite
+ _PRODUCTS=""
+ if use lite4; then
+ _PRODUCTS="shorewall-lite"
+ fi
+
+ if use lite6; then
+ if [[ -z "${_PRODUCTS}" ]]; then
+ _PRODUCTS="shorewall6-lite"
+ else
+ _PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+ fi
+ fi
+
+ if [[ -n "${_PRODUCTS}" ]]; then
+ if use ipv4; then
+ elog ""
+ fi
+
+ elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+ elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+ elog ""
+ elog "To read more about ${_PRODUCTS}, please visit"
+ elog " http://shorewall.net/CompiledPrograms.html"
+ elog ""
+ elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+ elog ""
+
+ if use lite4; then
+ elog " # rc-update add shorewall-lite default"
+ fi
+
+ if use lite6; then
+ elog " # rc-update add shorewall6-lite default"
+ fi
+ fi
+
+ if use init; then
+ elog ""
+ elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+ elog ""
+ elog " # rc-update add shorewall-init boot"
+ elog ""
+ elog "and review \$PRODUCTS in"
+ elog ""
+ elog " /etc/conf.d/shorewall-init"
+ fi
+
+ fi
+
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+ # This is an upgrade
+
+ elog "You are upgrading from a previous major version. It is highly recommended that you read"
+ elog ""
+ elog " - /usr/share/doc/shorewall*/releasenotes.tx*"
+ elog " - http://shorewall.net/Shorewall-5.html#idp51151872"
+
+ if use ipv4; then
+ elog ""
+ elog "You can auto-migrate your configuration using"
+ elog ""
+ elog " # shorewall update -A"
+
+ if use ipv6; then
+ elog " # shorewall6 update -A"
+ fi
+
+ elog ""
+ elog "*after* you have merged the changed files using one of the configuration"
+ elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+ elog ""
+ elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+ elog "please read the shorewall[6] man page first."
+ fi
+
+ # Show this elog only once
+ break
+ fi
+ done
+
+ if ! use init; then
+ elog ""
+ elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+ elog "before your shorewall-based firewall is ready to start."
+ elog ""
+ elog "To read more about shorewall-init, please visit"
+ elog " http://www.shorewall.net/Shorewall-init.html"
+ fi
+
+ if ! has_version "net-firewall/conntrack-tools"; then
+ elog ""
+ elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+ elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+ fi
+
+ if ! has_version "dev-perl/Devel-NYTProf"; then
+ elog ""
+ elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+ fi
+}
diff --git a/net-firewall/ufw-frontends/Manifest b/net-firewall/ufw-frontends/Manifest
new file mode 100644
index 000000000000..ec97642e36e7
--- /dev/null
+++ b/net-firewall/ufw-frontends/Manifest
@@ -0,0 +1,7 @@
+AUX org.gentoo.pkexec.ufw-gtk.policy 778 SHA256 abeae0fbfffbc09f6f208c713612e8425d8a11268baeae774fd12ee8aacae1c0 SHA512 f2b47a01535d565d2d3f40266f61b5b0ee3ad5befa4aa9f704000000f111980ac219eccea7d22fe3b0995d91aa794c278daa4f6a6d36649cd0db7b53772bd61f WHIRLPOOL 7119bad2f11779a3beb8c2267c918d31048eb9d70e949cb14b0e3068594b148ca88fca46cd46ff3b6e17216c1be208596eee1be9d8d182396769dac1d892c8fd
+AUX ufw-frontends-0.3.2-no-log-crash.patch 2224 SHA256 4e0120c76321900bc8ede1acb5c2aaad8e37d1989365e0576da718f15bace2b1 SHA512 a68e414c92d6570ba7368526ddefae30897d79f7b352e841f69fa95435a1b14c26b551b37b3431830ee3df700d3a48fc62d454c9be8f8e59d070f5e47ece7ea7 WHIRLPOOL 1a3550ee0e1cde3740a5d56515181822bf46f349741572eeb76e2cc53be74ec0b0220b2eab3d4f0c7bedb414d4138f49b489b503db24d6a6951aa5988ad4de9a
+DIST ufw-frontends-0.3.2.tar.gz 85472 SHA256 7ff838d1f20a122307ef5e2bc94f6cbb5ea019a1d3d7ec72f7493c5f8c0a7910 SHA512 9f311596a3bad71562ca98acb8bf4d0d55990520cb5373c299dad05d1a1986e791eac984385013a511af4693a9988351ec37d8735ae6748818a9570db416b274 WHIRLPOOL 8b12a19c3338210d388b3d5ed24e22cbb49357d9fa9c768ad7b9ff8bcb6481cf4888048ec4c60266915a69095a90e2ce776a81f92f0f9692d8c2ef3fc4b669ed
+EBUILD ufw-frontends-0.3.2-r5.ebuild 1732 SHA256 1900583650e29f64fb526cb93709186cbdc10fe86620f5f8d1c7b81a0f8fb5cc SHA512 c72a46f0cd68c533fb4c573130fbc7d1ed5c7fe29ee9b0e93a336daf6f5f5392bb0488ac52d8c8fabd8a50fe81402381f6429dcc525b2b28ed6da0a8b6a1cd94 WHIRLPOOL 304a34b19abc464a551f8dc24a2b833f6252bfbed6b118705ba381e3974017da287a244e4ff4e1a2c360fb9f850c3df4ef0ddc39b20f78edc0956643cfd8aa8f
+MISC ChangeLog 3306 SHA256 a5ec494b04a01454594d451bfd595e1c9b4e54e145f744c33ce66b9fd1bb4075 SHA512 8c0dfc30631c5922800ba0ba789063bbbb3566647bb0b564745cd5c1affb1d2887e287b22c9519009366ba27da2e92521e6155b40b2219d800bd086c1d0b84ee WHIRLPOOL dffa4a7c355aac8b968c1bdc6e38cdb05851bf415a59504bd674042bfe03367b6f41312b2f3e60f0c76611e0f3a9ec40ad56f4180479f5d4c4436cf00521ff3d
+MISC ChangeLog-2015 2522 SHA256 ee4ac21cd338acbfece37091459f375aaba514d61a6f99b7ff84bfbda89fff08 SHA512 9c072320ae0523c34a26232ee181aae5cac8b10a61d81d53c088312220b1c1a01392defc5733ef86cda08b739b3644461da4a0501b746d43c32b31a881279e37 WHIRLPOOL 25cc8064cc516c855b48ebbe413fc666dc4db8cca98020042fd7508fa0e263815f2a9e0a6d3b019ceabbbff107e69acd0603a6e8832ce6f07eac739a06f6acd6
+MISC metadata.xml 917 SHA256 27898a6e1baa0c7b79728884555b1ac20f37472476684a50745d911ef8dbf0be SHA512 e61b8a84c60861b69cae3a0f0748e5ab7d730ab0b9356ba29f991bfe1656cefdcc5f7395058003ac073daf71c4f58e484fcdbf9278e991bc92d8a7badcf453a9 WHIRLPOOL 9ae029eb71c35d6ef0aa0006a9f78c53a2ce6da9daf6236c5d21f6586ce05e982c3f6f5a35d4bef30705a9e133395d60910cd25faa19d1ce0f0db31b04fe3be3
diff --git a/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy b/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy
new file mode 100644
index 000000000000..7410debbc818
--- /dev/null
+++ b/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>Gentoo</vendor>
+ <vendor_url>http://www.gentoo.org/</vendor_url>
+
+ <action id="org.gentoo.pkexec.ufw-gtk">
+ <message>Authentication is required to run the ufw configuration tool</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/ufw-gtk</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+
+</policyconfig>
diff --git a/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch b/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch
new file mode 100644
index 000000000000..f4adb49826ec
--- /dev/null
+++ b/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch
@@ -0,0 +1,61 @@
+From e7bcf87788588c3a38ce18c9a8d69bbe156860e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C5=82awomir=20Nizio?= <slawomir.nizio@sabayon.org>
+Date: Mon, 3 Mar 2014 08:31:47 +0100
+Subject: [PATCH] Fix crash when no log in supported location can be found
+
+This can happen for example on systems that use Journal
+from systemd.
+
+In this case, ufw-gtk exits with a traceback containing:
+IOError: [Errno 2] No such file or directory: '/var/log/messages.log'
+(this is the last log file tried).
+
+The patch works around the issue by handling the error
+and disabling the widget in the "Events" tab.
+---
+ gfw/frontend_gtk.py | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/gfw/frontend_gtk.py b/gfw/frontend_gtk.py
+index 75ebb33..75dfde0 100644
+--- a/gfw/frontend_gtk.py
++++ b/gfw/frontend_gtk.py
+@@ -33,14 +33,21 @@ from gfw.frontend import Frontend
+
+ class Notifier(gfw.event.Notifier):
+
+- def __init__(self, callback):
+- gfw.event.Notifier.__init__(self, callback)
++ def __init__(self, callback, inactive_handler):
++ self._active = False
++ try:
++ gfw.event.Notifier.__init__(self, callback)
++ except IOError:
++ inactive_handler()
++ return
++ self._active = True
+ self._w = gobject.io_add_watch(self._fd, gobject.IO_IN | gobject.IO_PRI,
+ self._trigger)
+
+ def __del__(self):
+- gfw.event.Notifier.__del__(self)
+- gobject.source_remove(self._w)
++ if self._active:
++ gfw.event.Notifier.__del__(self)
++ gobject.source_remove(self._w)
+
+
+ class Builder(gtk.Builder):
+@@ -90,7 +97,8 @@ class GtkFrontend(Frontend):
+ data = (timestamp, event, conn['IN'], conn['OUT'], conn['PROTO'],
+ conn['SRC'], spt, conn['DST'], dpt)
+ self.ui.events_model.append(data)
+- self._notifier = Notifier(callback)
++ self._notifier = Notifier(callback,
++ lambda: self.ui.events_view.set_sensitive(False))
+ self.ui.main_window.show_all()
+ ## FIXME: for the 0.3.0 release, hide the tab for the connections view
+ page = self.ui.view.get_nth_page(2)
+--
+1.9.0
+
diff --git a/net-firewall/ufw-frontends/metadata.xml b/net-firewall/ufw-frontends/metadata.xml
new file mode 100644
index 000000000000..a3ab739d57cd
--- /dev/null
+++ b/net-firewall/ufw-frontends/metadata.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>slawomir.nizio@sabayon.org</email>
+ <name>Sławomir Nizio</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <longdescription lang="en">Currently, UFW provides only a command-line interface (CLI) for user
+ interaction--the ufw command. This project implements graphical frontends
+ for UFW using PyGTK and PyQt (the latter in early stage of development).</longdescription>
+ <upstream>
+ <remote-id type="github">baudm/ufw-frontends</remote-id>
+ </upstream>
+ <use>
+ <flag name="policykit">Use pkexec to gain root privileges</flag>
+ <flag name="kde">Use kdesu to gain root privileges (note: the flag has lower priority than "policykit")</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r5.ebuild b/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r5.ebuild
new file mode 100644
index 000000000000..6110449589c7
--- /dev/null
+++ b/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r5.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+inherit distutils-r1
+
+DESCRIPTION="Provides graphical frontend to ufw"
+HOMEPAGE="https://github.com/baudm/ufw-frontends"
+SRC_URI="https://github.com/baudm/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+# CC-BY-NC-SA-3.0 is for a png file
+LICENSE="GPL-3 CC-BY-NC-SA-3.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="kde policykit"
+
+DEPEND=""
+RDEPEND="${DEPEND}
+ dev-python/pygobject:2[${PYTHON_USEDEP}]
+ dev-python/pygtk[${PYTHON_USEDEP}]
+ dev-python/pyinotify[${PYTHON_USEDEP}]
+ net-firewall/ufw[${PYTHON_USEDEP}]
+ !policykit? ( kde? ( kde-plasma/kde-cli-tools[kdesu] ) )
+ policykit? ( sys-auth/polkit )
+"
+
+# fix crash when no ufw logs in supported locations can be found
+PATCHES=( "${FILESDIR}/${P}-no-log-crash.patch" )
+
+python_prepare_all() {
+ if use policykit; then
+ sed -i 's/^Exec=su-to-root -X -c/Exec=pkexec/' \
+ share/ufw-gtk.desktop || die
+ elif use kde; then
+ sed -i 's/^Exec=su-to-root -X -c/Exec=kdesu/' \
+ share/ufw-gtk.desktop || die
+ fi
+
+ # don't try to override run() to install the script
+ # under /usr/sbin; it does not work with distutils-r1
+ # and so it is handled differently (in python_install)
+ sed -i '/cmdclass=/d' setup.py || die
+
+ # Qt version is unusable
+ rm gfw/frontend_qt.py || die
+ distutils-r1_python_prepare_all
+}
+
+python_install() {
+ distutils-r1_python_install --install-scripts="/usr/sbin"
+}
+
+python_install_all() {
+ distutils-r1_python_install_all
+
+ if use policykit; then
+ insinto /usr/share/polkit-1/actions/
+ doins "${FILESDIR}"/org.gentoo.pkexec.ufw-gtk.policy
+ elif ! use kde; then
+ rm "${ED}usr/share/applications/ufw-gtk.desktop" || die
+ fi
+}
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
new file mode 100644
index 000000000000..8b482e6c9f93
--- /dev/null
+++ b/net-firewall/ufw/Manifest
@@ -0,0 +1,19 @@
+AUX rsyslog/ufw.logrotate 178 SHA256 02d1a00ca68446fbe056a4c3aede319f77b3262e26092cc04ea46de8923d03f8 SHA512 d381a34b23d8656c316af69c07d49042d6c4def4cea3e51367210bce20681376fd0259a95b6b9403171c5d80732927a8880f3d401e13e6f76b505324eecb146b WHIRLPOOL 10b63f8966ad7ad0894a18216a0102fc8a102b14c8f9fb468a4a8d61ae13b1ec3176c7bb9ffb852f8aaa4ac7874584a8f8f5a2d6e98fa3fb56f5945e9bd99139
+AUX syslog-ng/syslog-ng.example 381 SHA256 70a795c1b20e2cdef38565d74b9de042c6666f860a2fd1b3bdc6f31dd451bc68 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e WHIRLPOOL 44874c68257b6f9a53e7fd1affc6ccf2492d9ec09a4700a17239fb3e413e2dcf2ede87eafb1e253d965c27a1c5ead36c413c8c84ec3ed55f5cf2191b927aacbe
+AUX syslog-ng/ufw.logrotate 269 SHA256 cddd86613bde19b45f0f935c65bb43721f69aefc14e7d629612b23ea3b5c5c97 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d WHIRLPOOL 5da4f8c615667d829ea4eb318ec01b712adf69002dcf8c3df7deba8fa3e49e426b1c00e468805ba571ed2f2ce05fa81b7e2ac83e7231de3f3305d6ce190264e5
+AUX ufw-0.31.1-move-path.patch 7071 SHA256 88a7b20696b731bac01b3c5d88b0353842b1228d3239cfebe1f2a47c1bdb6768 SHA512 66382ded35437e563c874dc01417a2735a2aa136a1e670fd3707c3311516a6d9a0e62a20679a4f5dcaa2edc0225535cf2410d7f86676b1e10eb309ecc3e24bc2 WHIRLPOOL 89e3165900def8380cade3eb62fc351be9e43c8055f4b71c356f3aa5356b0c57154e18485d94e0ca86462da7c55b1b4755de379a88f1958d313b93c0ec723715
+AUX ufw-0.33-dont-check-iptables.patch 1659 SHA256 8a3ae20d399e83aa9c779dfed1f65d99b277263681b1a3e7e9e86143d5fabd0a SHA512 8f92d4b79f1caf01cb97ec64014c7607a410fb0a36e5e87376707c026d714a060ae554591b6e5b3834b671acd4145dcca68a9373aa41051ef60c9dd409dd008d WHIRLPOOL 8f897654bde85d84b17dc32507c5a469fe04eb2201acb55bfd02a76346620399dbcb9c7d0ce19f48285f6eec5de0a5d96420483d6a0b7a4c31a41fa329f91180
+AUX ufw-0.34_pre805-bash-completion.patch 255 SHA256 673ee8092b1a41a78bfbfe68ab6f97665b821861b5be44fda3cecf5e3ab57acb SHA512 e3fceb0cbf683b82e9d9aa0aa0c41b1cde9aee59b6dd2d06ca80de0b980231fd999bdff3b2705f7ff8e90c9f2cc84a4ee11b34530630cf77a170ecfbf028550f WHIRLPOOL a267de2cc5615fdb9eac29fdcd4fade22ec3fc54bb6823c91965b0c7e668dbf4e19dc8d5f6fb8fca2be3700f4ac2c7bb71ee27f20d07b3fa1c1d528273ade63f
+AUX ufw-0.34_pre805-shebang.patch 675 SHA256 4348689359f3d80c1bcfe66d12710578ba31a5382bf078242b84e86f7233e38d SHA512 8954f679a993d65cb880ffce09b448626fd64dea93257f0faa97b8bec76dcbbda4fb0d19408655d6db387066a0ac94b962dca2e5febcc5b5685e9b16b97b4cad WHIRLPOOL 44c83c5e1795fa0db7ed40d1440df7b4220b869bd42a294ba0d8262fbb2b2e114154d0ce9a22e100db8ad7c1cd402eefacfe854679e7caecda4a251d98720f03
+AUX ufw-0.35-bash-completion.patch 259 SHA256 11748e3da794896fa3204fe28f84d15abece17d265b29b960267050ec28d9806 SHA512 9a59ff192e6fb3365c8585b984f4743a05f7cb18ae581a8b79c4afe39e43f12d993febf1319e1ee810483d610d970649e75c4b9dde891be728869b69c80b4709 WHIRLPOOL eedae7fb0a16317d04f215213b25750214e941001cfe81851b0a10546c65964a5a16a7a672d4937f4ed30fcfd737aed37d5bc220cac82b33695e4eed28338000
+AUX ufw-0.35-move-path.patch 7386 SHA256 a4eb14379372bf575a9a007ea965ddfbf0e9fdb3f6f911f980e90eab7b4c2d50 SHA512 eac6e0c96e7b0e501b3792671a21306049f40869fafc1d9c579c2424fb32b91987a846b3562c30513326433031ff46bc4df2bbb5706f7af18e6216f8f2b7546f WHIRLPOOL d62dc665951555bda2b228cac1ff983a45c52a451c9c32ec425698618d28d1bc8e1641bc2b4adc0cccd46ee545681226e1a016330c77d8e0a6124f7fc728dcbf
+AUX ufw-2.initd 2611 SHA256 7d668989a96d47cb5a9f71ae2e6000b469be6d1786f9cf3809b28461d42308ea SHA512 f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80 WHIRLPOOL 6e0924b89c7faf9a5aea81da0369283a54d90abd6f1113ec2c3093707f6ddcd2f87e53076edd9e53b14691c0dda9607a6cfca49c12cb06efb707d142e8160b0c
+AUX ufw.confd 219 SHA256 069aa7382b40aecebf26ef53f3f4c49890314e0357925c84b3c15f1d0b913be0 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 WHIRLPOOL e6c4537392921c63f8a57fab7ea269fbeea846468ef8968816d988556557495e8abb77aee9d60648a1483a599683613cf5ea832cbcf498a8828baa9abcd31752
+AUX ufw.service 329 SHA256 1c600d9b9425485a0536fdf77a39fbf94bfcaade686789d6c4f3f1aac08ffe69 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7 WHIRLPOOL a00069a5582b9c52b5ff9a9c88b03294140dd06596ea0fbcbd0e7f6de016b1eed97840728c932a82f18762c84c9e8849f86ee504b49931420f2d097bb9b0ebd6
+DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829
+DIST ufw-0.35.tar.gz 375310 SHA256 662f865bc83bf8aa1a40a6fe578bc2ce796ff60a1be2c1103def7db1b91f8509 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc WHIRLPOOL 789b163bf9cc3b27f231024f33a68d3637ca26cf71f202b438abbf16a2725485ba787b811a040d03d4f99fb8c510f8f9a25154e03d2387d3fb0f03a7c4624de7
+EBUILD ufw-0.34_pre805-r2.ebuild 5375 SHA256 71aef78be97fd63ddd8722041dfbaf87456059c99441bde8dcc608ef2e83ff59 SHA512 63d693768d88d6503cd50ce18bbdd048ed94f44d943e5d36e4523c0ee4918db37ba14616ecbd57df018d6144396285e1c34495813f456035c3a1bb42a6472951 WHIRLPOOL 29b288384da513ec8abcbb98b362fb1a2da899181f6311798484ff2c630ab62a3099b968a7e177cba14b5c2150fed78613ddeb264ff16b470a5c3e6d7ae0349c
+EBUILD ufw-0.35-r1.ebuild 5641 SHA256 ddd8b30244d01fc6b139aa0c63d436363507e7915322d7cd1499c5de2228d0db SHA512 094d8bb245be93148de7d5139fc161f0688dc1d57b4dd57476db4076b3b45b744105cf3b39de4243fe5eb0b77965535fa4f7d5a0cd86a301a368c962d789a393 WHIRLPOOL 3dc02f7068e213f40202f92f9911b604a2c5e5d4c916abb715d6cf7775b905e600af052af149a7e05afb9895c0925af885d7b8e7922674804754b2f3f6198fbc
+MISC ChangeLog 4651 SHA256 ca318d9d1b269d1582973cefec02747c0f3cddd7f8d477fc510cfb44bdada85c SHA512 b7256be9c482f474d5f82619f0dc5a3a9cf6e73fde582fb6fd0c46f07bb4e20e364b6f99fdf3d33d1d23fc7dfe5177c5acf2a096e2bdea09a486fe1e9009c2ed WHIRLPOOL b4889960738fed92941a4a9edeff3bcf4f8e48baf27ad739491dd9bfe74b01a16c88e533f94e5661b262a7372d51783cf0a90d5ae035c5ef4eb7e03fea1f0b01
+MISC ChangeLog-2015 4596 SHA256 6455b96eb0344e530635c59ed1b27be852adce2aa9ff63fb087c100b8706be3a SHA512 ca1fe76a2d6a1e02983f51cd4807360d5cf9c2a4db0ec383fe4cb256e3c0327214dcc67091eb94df6d0786bd8f7d391aa23c2a3096c954c26a1a331fac2fa184 WHIRLPOOL 656dcd650383507ac7a02cba12e67fa5e27502741a029275fb057c0af9efb7228bf2c6afc3da328ad26809c8033db3f034d241faf28dd048d26e0ec3429eb514
+MISC metadata.xml 537 SHA256 61416b9746e6ad9d4881ce56816be62d3f1e1f576f4e968eb9839ccb9bc9e52a SHA512 0fa137bf55e1506664168d3e56387c989ce0c7d5a8a0f8c36ce596e5f95a449e3bc35114188b786ebe5fc60d750c4240fafb4ca761f2e29000c23f9c01b5addc WHIRLPOOL 6c563c75a3687e706231ce922242a7c505a715746bb2c02c7d3a34284daa65644152182f600e73a37d3bec1d78cfb8a4d4eb5770e52b835edb61fb5aa1ccb841
diff --git a/net-firewall/ufw/files/rsyslog/ufw.logrotate b/net-firewall/ufw/files/rsyslog/ufw.logrotate
new file mode 100644
index 000000000000..f88ca8265bea
--- /dev/null
+++ b/net-firewall/ufw/files/rsyslog/ufw.logrotate
@@ -0,0 +1,13 @@
+/var/log/ufw.log
+{
+ rotate 5
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /etc/init.d/rsyslog reload >/dev/null 2>&1 || true
+ endscript
+}
diff --git a/net-firewall/ufw/files/syslog-ng/syslog-ng.example b/net-firewall/ufw/files/syslog-ng/syslog-ng.example
new file mode 100644
index 000000000000..41f7ce39cef7
--- /dev/null
+++ b/net-firewall/ufw/files/syslog-ng/syslog-ng.example
@@ -0,0 +1,13 @@
+# This is an example rule for app-admin/syslog-ng to separate ufw logs
+# from /var/log/messages.
+# Place those lines before "log" entries in /etc/syslog-ng/syslog-ng.conf.
+
+filter f_ufw { match("\\[UFW " value("MESSAGE")); };
+destination ufwfile { file("/var/log/ufw.log"); };
+log {
+ source(src);
+ filter(f_ufw);
+ destination(ufwfile);
+ destination(console_all);
+ flags(final);
+};
diff --git a/net-firewall/ufw/files/syslog-ng/ufw.logrotate b/net-firewall/ufw/files/syslog-ng/ufw.logrotate
new file mode 100644
index 000000000000..5080aa1bfa38
--- /dev/null
+++ b/net-firewall/ufw/files/syslog-ng/ufw.logrotate
@@ -0,0 +1,12 @@
+# logrotate snippet for ufw
+# requires app-admin/syslog-ng
+# copy the file into /etc/logrotate.d
+/var/log/ufw.log {
+ missingok
+ rotate 5
+ notifempty
+ sharedscripts
+ postrotate
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+ endscript
+}
diff --git a/net-firewall/ufw/files/ufw-0.31.1-move-path.patch b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch
new file mode 100644
index 000000000000..24d00ea68ccd
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch
@@ -0,0 +1,177 @@
+diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8
+--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before[6].rules
+@@ -41,7 +41,7 @@
+
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. It supports the following arguments:
+ .TP
+diff -Naur ufw-0.31.orig/README ufw-0.31/README
+--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100
+@@ -58,7 +58,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example. Consult
+@@ -72,9 +72,9 @@
+ /etc/defaults/ufw high level configuration
+ /etc/ufw/before[6].rules rules evaluated before UI added rules
+ /etc/ufw/after[6].rules rules evaluated after UI added rules
+-/lib/ufw/user[6].rules UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf kernel network tunables
+-/lib/ufw/ufw-init start script
++/usr/share/ufw/ufw-init start script
+
+
+ Usage
+@@ -149,7 +149,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -247,7 +247,7 @@
+
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -290,7 +290,7 @@
+
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py
+--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100
+@@ -54,7 +54,8 @@
+ return
+
+ real_confdir = os.path.join('/etc')
+- real_statedir = os.path.join('/lib', 'ufw')
++ # real_statedir = os.path.join('/lib', 'ufw')
++ real_statedir = os.path.join('/etc', 'ufw', 'user')
+ real_prefix = self.prefix
+ if self.home != None:
+ real_confdir = self.home + real_confdir
+@@ -116,7 +117,7 @@
+ self.copy_file('doc/ufw.8', manpage)
+ self.copy_file('doc/ufw-framework.8', manpage_f)
+
+- # Install state files and helper scripts
++ # Install state files
+ statedir = real_statedir
+ if self.root != None:
+ statedir = self.root + real_statedir
+@@ -127,8 +128,14 @@
+ self.copy_file('conf/user.rules', user_rules)
+ self.copy_file('conf/user6.rules', user6_rules)
+
+- init_helper = os.path.join(statedir, 'ufw-init')
+- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++ # Install helper scripts
++ sharedir = real_sharedir
++ if self.root != None:
++ sharedir = self.root + real_sharedir
++ self.mkpath(sharedir)
++
++ init_helper = os.path.join(sharedir, 'ufw-init')
++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+ self.copy_file('src/ufw-init', init_helper)
+ self.copy_file('src/ufw-init-functions', init_helper_functions)
+
+@@ -199,13 +206,18 @@
+
+ subprocess.call(["sed",
+ "-i",
++ "s%#SHARE_DIR#%" + real_sharedir + "%g",
++ file])
++
++ subprocess.call(["sed",
++ "-i",
+ "s%#VERSION#%" + ufw_version + "%g",
+ file])
+
+ # Install pristine copies of rules files
+- sharedir = real_sharedir
+- if self.root != None:
+- sharedir = self.root + real_sharedir
++ #sharedir = real_sharedir
++ #if self.root != None:
++ # sharedir = self.root + real_sharedir
+ rulesdir = os.path.join(sharedir, 'iptables')
+ self.mkpath(rulesdir)
+ for file in [ before_rules, after_rules, \
+diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py
+--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100
+@@ -22,7 +22,7 @@
+ import sys
+ import time
+
+-from ufw.common import UFWError, UFWRule, config_dir, state_dir
++from ufw.common import UFWError, UFWRule, config_dir, state_dir, share_dir
+ from ufw.util import warn, debug, msg, cmd, cmd_pipe
+ import ufw.backend
+
+@@ -40,7 +40,7 @@
+ files['rules6'] = os.path.join(state_dir, 'user6.rules')
+ files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+ files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+- files['init'] = os.path.join(state_dir, 'ufw-init')
++ files['init'] = os.path.join(share_dir, 'ufw-init')
+
+ ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
+
+diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init
+--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100
+@@ -18,8 +18,8 @@
+ #
+ set -e
+
+-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then
+- . "#STATE_PREFIX#/ufw-init-functions"
++if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then
++ . "#SHARE_DIR#/ufw-init-functions"
+ else
+ echo "Could not find $s (aborting)"
+ exit 1
+@@ -56,7 +56,7 @@
+ flush_builtins || exit "$?"
+ ;;
+ *)
+- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+ exit 1
+ ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
new file mode 100644
index 000000000000..b7eae3595cb5
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
@@ -0,0 +1,46 @@
+diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py
+--- ufw-0.32/setup.py 2012-07-06 17:46:29.000000000 +0200
++++ ufw-0.32.new/setup.py 2012-07-30 15:28:31.874547818 +0200
+@@ -225,41 +225,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
+- '/usr/local/bin']:
+- if e == "iptables":
+- if os.path.exists(os.path.join(dir, e)):
+- iptables_dir = dir
+- iptables_exe = os.path.join(iptables_dir, "iptables")
+- print("Found '%s'" % iptables_exe)
+- else:
+- continue
+-
+- if iptables_exe != "":
+- break
+-
+-
+-if iptables_exe == '':
+- print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+- sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+- if not os.path.exists(os.path.join(iptables_dir, e)):
+- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
+- sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+- (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', str(out))[1])
+-print("Found '%s' version '%s'" % (iptables_exe, version))
+-if version < "1.4":
+- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
++iptables_dir = '/sbin'
+
+ setup (name='ufw',
+ version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch
new file mode 100644
index 000000000000..dc922435de10
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch
@@ -0,0 +1,17 @@
+--- shell-completion/bash
++++ shell-completion/bash
+@@ -52,7 +52,6 @@
+ echo "numbered verbose"
+ }
+
+-have ufw &&
+ _ufw()
+ {
+ cur=${COMP_WORDS[COMP_CWORD]}
+@@ -83,5 +82,5 @@
+ fi
+ }
+
+-[ "$have" ] && complete -F _ufw ufw
++complete -F _ufw ufw
+
diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
new file mode 100644
index 000000000000..991f4c826ece
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
@@ -0,0 +1,15 @@
+--- a/setup.py
++++ b/setup.py
+@@ -107,12 +107,6 @@ class Install(_install, object):
+ for f in [ script, manpage, manpage_f ]:
+ self.mkpath(os.path.dirname(f))
+
+- # update the interpreter to that of the one the user specified for setup
+- print("Updating staging/ufw to use %s" % (sys.executable))
+- subprocess.call(["sed",
+- "-i",
+- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+- 'staging/ufw'])
+ self.copy_file('staging/ufw', script)
+ self.copy_file('doc/ufw.8', manpage)
+ self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
new file mode 100644
index 000000000000..fde635ddc335
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
@@ -0,0 +1,17 @@
+--- a/shell-completion/bash
++++ b/shell-completion/bash
+@@ -52,7 +52,6 @@
+ echo "numbered verbose"
+ }
+
+-have ufw &&
+ _ufw()
+ {
+ cur=${COMP_WORDS[COMP_CWORD]}
+@@ -83,5 +82,5 @@
+ fi
+ }
+
+-[ "$have" ] && complete -F _ufw ufw
++complete -F _ufw ufw
+
diff --git a/net-firewall/ufw/files/ufw-0.35-move-path.patch b/net-firewall/ufw/files/ufw-0.35-move-path.patch
new file mode 100644
index 000000000000..58af77215085
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.35-move-path.patch
@@ -0,0 +1,179 @@
+diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8
+--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before[6].rules
+@@ -41,7 +41,7 @@
+
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. It supports the following arguments:
+ .TP
+diff -Naur ufw-0.31.orig/README ufw-0.31/README
+--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100
+@@ -58,7 +58,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example. Consult
+@@ -72,9 +72,9 @@
+ /etc/defaults/ufw high level configuration
+ /etc/ufw/before[6].rules rules evaluated before UI added rules
+ /etc/ufw/after[6].rules rules evaluated after UI added rules
+-/lib/ufw/user[6].rules UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf kernel network tunables
+-/lib/ufw/ufw-init start script
++/usr/share/ufw/ufw-init start script
+
+
+ Usage
+@@ -149,7 +149,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -247,7 +247,7 @@
+
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -290,7 +290,7 @@
+
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py
+--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100
+@@ -54,7 +54,8 @@
+ return
+
+ real_confdir = os.path.join('/etc')
+- real_statedir = os.path.join('/lib', 'ufw')
++ # real_statedir = os.path.join('/lib', 'ufw')
++ real_statedir = os.path.join('/etc', 'ufw', 'user')
+ real_prefix = self.prefix
+ if self.home != None:
+ real_confdir = self.home + real_confdir
+@@ -116,7 +117,7 @@
+ self.copy_file('doc/ufw.8', manpage)
+ self.copy_file('doc/ufw-framework.8', manpage_f)
+
+- # Install state files and helper scripts
++ # Install state files
+ statedir = real_statedir
+ if self.root != None:
+ statedir = self.root + real_statedir
+@@ -127,8 +128,14 @@
+ self.copy_file('conf/user.rules', user_rules)
+ self.copy_file('conf/user6.rules', user6_rules)
+
+- init_helper = os.path.join(statedir, 'ufw-init')
+- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++ # Install helper scripts
++ sharedir = real_sharedir
++ if self.root != None:
++ sharedir = self.root + real_sharedir
++ self.mkpath(sharedir)
++
++ init_helper = os.path.join(sharedir, 'ufw-init')
++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+ self.copy_file('src/ufw-init', init_helper)
+ self.copy_file('src/ufw-init-functions', init_helper_functions)
+
+@@ -199,13 +206,18 @@
+
+ subprocess.call(["sed",
+ "-i",
++ "s%#SHARE_DIR#%" + real_sharedir + "%g",
++ f])
++
++ subprocess.call(["sed",
++ "-i",
+ "s%#VERSION#%" + ufw_version + "%g",
+ f])
+
+ # Install pristine copies of rules files
+- sharedir = real_sharedir
+- if self.root != None:
+- sharedir = self.root + real_sharedir
++ #sharedir = real_sharedir
++ #if self.root != None:
++ # sharedir = self.root + real_sharedir
+ rulesdir = os.path.join(sharedir, 'iptables')
+ self.mkpath(rulesdir)
+ for file in [ before_rules, after_rules, \
+diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py
+--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100
+@@ -38,6 +38,7 @@
+ files = {}
+ config_dir = _findpath(ufw.common.config_dir, datadir)
+ state_dir = _findpath(ufw.common.state_dir, datadir)
++ share_dir = _findpath(ufw.common.share_dir, datadir)
+
+ files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+ files['before_rules'] = os.ppath.join(config_dir, 'ufw/before.rules')
+@@ -45,7 +46,7 @@
+ files['rules6'] = os.path.join(state_dir, 'user6.rules')
+ files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+ files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+- files['init'] = os.path.join(_findpath(state_dir, rootdir), 'ufw-init')
++ files['init'] = os.path.join(_findpath(share_dir, rootdir), 'ufw-init')
+
+ ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
+
+diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init
+--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100
+@@ -18,10 +18,10 @@
+ #
+ set -e
+
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+- . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++ . "${rootdir}#SHARE_DIR#/ufw-init-functions"
+ else
+- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
++ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+ exit 1
+ fi
+
+@@ -56,7 +56,7 @@
+ flush_builtins || exit "$?"
+ ;;
+ *)
+- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+ exit 1
+ ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw-2.initd b/net-firewall/ufw/files/ufw-2.initd
new file mode 100644
index 000000000000..bccd83ddb3a2
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-2.initd
@@ -0,0 +1,136 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ before net
+ provide firewall
+}
+
+start() {
+ ebegin "Starting ufw"
+ _source_file || { eend $?; return $?; }
+
+ local enabled_in_cfg ret
+ _check_if_enabled_in_cfg
+ enabled_in_cfg=$?
+
+ # Avoid "Firewall already started, use 'force-reload'" message that
+ # appears if `ufw enable' had been run before start().
+ if _status_quiet; then
+ eend 0
+ return
+ fi
+
+ # The ufw_start function does the same: if ufw is disabled using `ufw disable',
+ # ufw_start would not start ufw and return 0, so let's handle this case.
+ case $enabled_in_cfg in
+ 0)
+ ufw_start
+ ret=$?
+ eend $ret "Failed to start ufw."
+ ;;
+ 1)
+ # see /etc/conf.d/<name>
+ if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
+ ret=1
+ eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first."
+ else
+ ret=0
+ eend 0
+ fi
+ ;;
+ 2)
+ ret=1
+ eend $ret "Failed to start ufw."
+ ;;
+ esac
+
+ return $ret
+}
+
+stop() {
+ ebegin "Stopping ufw"
+ _source_file || { eend $?; return $?; }
+ local enabled_in_cfg ret
+ _check_if_enabled_in_cfg
+ enabled_in_cfg=$?
+
+ # Same as above (unless --force is passed to ufw_stop).
+ case $enabled_in_cfg in
+ 0)
+ ufw_stop
+ ret=$?
+ ;;
+ 1)
+ einfo "INFO: ufw is configured to be disabled"
+ ufw_stop --force
+ ret=$?
+ ;;
+ 2)
+ ret=1
+ ;;
+ esac
+
+ eend $ret "Failed to stop ufw."
+ return $ret
+}
+
+_status_quiet() {
+ # return values: 0 - started, 1 - stopped, 2 - error
+ # Does not execute _source_file.
+ local ret
+ ufw_status > /dev/null
+ ret=$?
+ # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions.
+ case $ret in
+ 0) return 0 ;;
+ 3) return 1 ;;
+ *) return 2 ;;
+ esac
+}
+
+_source_file() {
+ local sourced_f="/usr/share/ufw/ufw-init-functions"
+ if [ ! -f "$sourced_f" ]; then
+ eerror "Cannot find file $sourced_f!"
+ return 1
+ fi
+
+ local _path=$PATH
+ if ! . "$sourced_f"; then
+ # PATH can be broken here, fix it...
+ PATH=$_path
+ eerror "Error sourcing file $sourced_f"
+ return 1
+ fi
+
+ if [ -z "$PATH" ]; then
+ PATH=$_path
+ else
+ PATH="${PATH}:${_path}"
+ fi
+ return 0
+}
+
+_check_if_enabled_in_cfg() {
+ # Check if user has enabled the firewall with "ufw enable".
+ # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.
+
+ local sourced_f="/etc/ufw/ufw.conf"
+ if [ ! -f "$sourced_f" ]; then
+ eerror "Cannot find file $sourced_f!"
+ return 2
+ fi
+
+ if ! . "$sourced_f"; then
+ eerror "Error sourcing file $sourced_f"
+ return 2
+ fi
+
+ if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
diff --git a/net-firewall/ufw/files/ufw.confd b/net-firewall/ufw/files/ufw.confd
new file mode 100644
index 000000000000..900d3bf67bd4
--- /dev/null
+++ b/net-firewall/ufw/files/ufw.confd
@@ -0,0 +1,5 @@
+# If equals to "yes", warnings that firewall is disabled
+# (using `ufw disable') will be suppressed and the service
+# will be considered started.
+# Default if unset or another value is "no".
+ufw_nonfatal_if_disabled=no
diff --git a/net-firewall/ufw/files/ufw.service b/net-firewall/ufw/files/ufw.service
new file mode 100644
index 000000000000..9d6972036a05
--- /dev/null
+++ b/net-firewall/ufw/files/ufw.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Uncomplicated Firewall
+DefaultDependencies=no
+Before=network.target sysinit.target
+After=systemd-sysctl.service
+ConditionPathExists=|/etc/ufw/ufw.conf
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/share/ufw/ufw-init start
+ExecStop=/usr/share/ufw/ufw-init stop
+
+[Install]
+WantedBy=multi-user.target \ No newline at end of file
diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
new file mode 100644
index 000000000000..b8103d2da1af
--- /dev/null
+++ b/net-firewall/ufw/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+ <longdescription lang="en">
+ The Uncomplicated Firewall (ufw) is a frontend for iptables and is
+ particularly well-suited for host-based firewalls. It provides a framework
+ for managing netfilter, as well as an easy to use command-line interface for
+ manipulating the firewall.
+</longdescription>
+ <upstream>
+ <remote-id type="launchpad">ufw</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild
new file mode 100644
index 000000000000..ec748222d329
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+PYTHON_COMPAT=( python{2_7,3_4} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 eutils linux-info distutils-r1 systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw"
+SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 ia64 ppc ppc64 sparc ~x86"
+IUSE="examples ipv6"
+
+DEPEND="sys-devel/gettext"
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+ !<kde-misc/kcm-ufw-0.4.2
+ !<net-firewall/ufw-frontends-0.3.2
+"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+ # Remove unnecessary build time dependency on net-firewall/iptables.
+ "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
+ # Move files away from /lib/ufw.
+ "${FILESDIR}"/${PN}-0.31.1-move-path.patch
+ # Remove shebang modification.
+ "${FILESDIR}"/${P}-shebang.patch
+ # Fix bash completions, bug #526300
+ "${FILESDIR}"/${P}-bash-completion.patch
+)
+
+pkg_pretend() {
+ local CONFIG_CHECK="~PROC_FS
+ ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+ ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+ ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+ if kernel_is -ge 2 6 39; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+ else
+ CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+ fi
+
+ # https://bugs.launchpad.net/ufw/+bug/1076050
+ if kernel_is -ge 3 4; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+ else
+ CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+ fi
+
+ CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+ check_extra_config
+
+ # Check for default, useful optional features.
+ if ! linux_config_exists; then
+ ewarn "Cannot determine configuration of your kernel."
+ return
+ fi
+
+ local nf_nat_ftp_ok="yes"
+ local nf_conntrack_ftp_ok="yes"
+ local nf_conntrack_netbios_ns_ok="yes"
+
+ linux_chkconfig_present \
+ NF_NAT_FTP || nf_nat_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+ # This is better than an essay for each unset option...
+ if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
+ || [[ ${nf_conntrack_netbios_ns_ok} = no ]]
+ then
+ echo
+ local mod_msg="Kernel options listed below are not set. They are not"
+ mod_msg+=" mandatory, but they are often useful."
+ mod_msg+=" If you don't need some of them, please remove relevant"
+ mod_msg+=" module name(s) from IPT_MODULES in"
+ mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+ mod_msg+=" Otherwise ufw may fail to start!"
+ ewarn "${mod_msg}"
+ if [[ ${nf_nat_ftp_ok} = no ]]; then
+ ewarn "NF_NAT_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_ftp_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+ fi
+ fi
+}
+
+python_prepare_all() {
+ # Set as enabled by default. User can enable or disable
+ # the service by adding or removing it to/from a runlevel.
+ sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+ || die "sed failed (ufw.conf)"
+
+ sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+ # If LINGUAS is set install selected translations only.
+ if [[ -n ${LINGUAS+set} ]]; then
+ _EMPTY_LOCALE_LIST="yes"
+ pushd locales/po > /dev/null || die
+
+ local lang
+ for lang in *.po; do
+ if ! has "${lang%.po}" ${LINGUAS}; then
+ rm "${lang}" || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+ done
+
+ popd > /dev/null || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+
+ distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+ newconfd "${FILESDIR}"/ufw.confd ufw
+ newinitd "${FILESDIR}"/ufw-2.initd ufw
+ systemd_dounit "${FILESDIR}/ufw.service"
+
+ exeinto /usr/share/${PN}
+ doexe tests/check-requirements
+
+ # users normally would want it
+ insinto /usr/share/doc/${PF}/logging/syslog-ng
+ doins "${FILESDIR}"/syslog-ng/*
+
+ insinto /usr/share/doc/${PF}/logging/rsyslog
+ doins "${FILESDIR}"/rsyslog/*
+ doins doc/rsyslog.example
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins examples/*
+ fi
+ newbashcomp shell-completion/bash ${PN}
+
+ [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
+
+ distutils-r1_python_install_all
+ python_replicate_script "${D}usr/sbin/ufw"
+}
+
+pkg_postinst() {
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ echo
+ elog "To enable ufw, add it to boot sequence and activate it:"
+ elog "-- # rc-update add ufw boot"
+ elog "-- # /etc/init.d/ufw start"
+ echo
+ elog "If you want to keep ufw logs in a separate file, take a look at"
+ elog "/usr/share/doc/${PF}/logging."
+ fi
+ if [[ -z ${REPLACING_VERSIONS} ]] \
+ || [[ ${REPLACING_VERSIONS} < 0.34 ]];
+ then
+ echo
+ elog "/usr/share/ufw/check-requirements script is installed."
+ elog "It is useful for debugging problems with ufw. However one"
+ elog "should keep in mind that the script assumes IPv6 is enabled"
+ elog "on kernel and net-firewall/iptables, and fails when it's not."
+ fi
+ echo
+ ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+ ewarn "default. See README, Remote Management section for more information."
+}
diff --git a/net-firewall/ufw/ufw-0.35-r1.ebuild b/net-firewall/ufw/ufw-0.35-r1.ebuild
new file mode 100644
index 000000000000..d5b5aa280a4d
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.35-r1.ebuild
@@ -0,0 +1,195 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 eutils linux-info distutils-r1 systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw"
+SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 ia64 ppc ppc64 ~sparc x86"
+IUSE="examples ipv6"
+
+DEPEND="sys-devel/gettext"
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+ !<kde-misc/kcm-ufw-0.4.2
+ !<net-firewall/ufw-frontends-0.3.2
+"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+ # Remove unnecessary build time dependency on net-firewall/iptables.
+ "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
+ # Move files away from /lib/ufw.
+ "${FILESDIR}"/${PN}-0.35-move-path.patch
+ # Remove shebang modification.
+ "${FILESDIR}"/${PN}-0.34_pre805-shebang.patch
+ # Fix bash completions, bug #526300
+ "${FILESDIR}"/${P}-bash-completion.patch
+)
+
+pkg_pretend() {
+ local CONFIG_CHECK="~PROC_FS
+ ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+ ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+ ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+ if kernel_is -ge 2 6 39; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+ else
+ CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+ fi
+
+ # https://bugs.launchpad.net/ufw/+bug/1076050
+ if kernel_is -ge 3 4; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+ else
+ CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+ fi
+
+ CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+ check_extra_config
+
+ # Check for default, useful optional features.
+ if ! linux_config_exists; then
+ ewarn "Cannot determine configuration of your kernel."
+ return
+ fi
+
+ local nf_nat_ftp_ok="yes"
+ local nf_conntrack_ftp_ok="yes"
+ local nf_conntrack_netbios_ns_ok="yes"
+
+ linux_chkconfig_present \
+ NF_NAT_FTP || nf_nat_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+ # This is better than an essay for each unset option...
+ if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
+ || [[ ${nf_conntrack_netbios_ns_ok} = no ]]
+ then
+ echo
+ local mod_msg="Kernel options listed below are not set. They are not"
+ mod_msg+=" mandatory, but they are often useful."
+ mod_msg+=" If you don't need some of them, please remove relevant"
+ mod_msg+=" module name(s) from IPT_MODULES in"
+ mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+ mod_msg+=" Otherwise ufw may fail to start!"
+ ewarn "${mod_msg}"
+ if [[ ${nf_nat_ftp_ok} = no ]]; then
+ ewarn "NF_NAT_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_ftp_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+ fi
+ fi
+}
+
+python_prepare_all() {
+ # Set as enabled by default. User can enable or disable
+ # the service by adding or removing it to/from a runlevel.
+ sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+ || die "sed failed (ufw.conf)"
+
+ sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+ # If LINGUAS is set install selected translations only.
+ if [[ -n ${LINGUAS+set} ]]; then
+ _EMPTY_LOCALE_LIST="yes"
+ pushd locales/po > /dev/null || die
+
+ local lang
+ for lang in *.po; do
+ if ! has "${lang%.po}" ${LINGUAS}; then
+ rm "${lang}" || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+ done
+
+ popd > /dev/null || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+
+ distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+ newconfd "${FILESDIR}"/ufw.confd ufw
+ newinitd "${FILESDIR}"/ufw-2.initd ufw
+ systemd_dounit "${FILESDIR}/ufw.service"
+
+ exeinto /usr/share/${PN}
+ doexe tests/check-requirements
+
+ # users normally would want it
+ insinto /usr/share/doc/${PF}/logging/syslog-ng
+ doins "${FILESDIR}"/syslog-ng/*
+
+ insinto /usr/share/doc/${PF}/logging/rsyslog
+ doins "${FILESDIR}"/rsyslog/*
+ doins doc/rsyslog.example
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins examples/*
+ fi
+ newbashcomp shell-completion/bash ${PN}
+
+ [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
+
+ distutils-r1_python_install_all
+ python_replicate_script "${D}usr/sbin/ufw"
+}
+
+pkg_postinst() {
+ local print_check_req_warn
+ print_check_req_warn=false
+
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ echo
+ elog "To enable ufw, add it to boot sequence and activate it:"
+ elog "-- # rc-update add ufw boot"
+ elog "-- # /etc/init.d/ufw start"
+ echo
+ elog "If you want to keep ufw logs in a separate file, take a look at"
+ elog "/usr/share/doc/${PF}/logging."
+ print_check_req_warn=true
+ else
+ for rv in ${REPLACING_VERSIONS}; do
+ local major=${rv%%.*}
+ local minor=${rv#${major}.}
+ if [[ ${major} -eq 0 && ${minor} -lt 34 ]]; then
+ print_check_req_warn=true
+ fi
+ done
+ fi
+ if $print_check_req_warn; then
+ echo
+ elog "/usr/share/ufw/check-requirements script is installed."
+ elog "It is useful for debugging problems with ufw. However one"
+ elog "should keep in mind that the script assumes IPv6 is enabled"
+ elog "on kernel and net-firewall/iptables, and fails when it's not."
+ fi
+ echo
+ ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+ ewarn "default. See README, Remote Management section for more information."
+}
diff --git a/net-firewall/xtables-addons/Manifest b/net-firewall/xtables-addons/Manifest
new file mode 100644
index 000000000000..0b1135a90820
--- /dev/null
+++ b/net-firewall/xtables-addons/Manifest
@@ -0,0 +1,5 @@
+DIST xtables-addons-2.13.tar.xz 322116 SHA256 d141879d438424764e953b97fbb16edafdf8ef6baa57f6e36e07b894a7775dfc SHA512 51cfa963d6f2f931b0361746e0b48f5ecf43a14e9e8d5297ef55faf0e9f8d1deb4641e88e3fea2afdbb3e39dd06d414de6057fb4a21e5184d4ea3d21b8028497 WHIRLPOOL 46463d4497d3b581868ea2a60216bfd198a8f540313c557abda3cb3033be9a853403d8d336f75ed6998d831435950efbacb462406f5d55848b76f12921f39e5f
+EBUILD xtables-addons-2.13.ebuild 5448 SHA256 2229745913b3f77329ea5e5e05b0acb46044de8d0a42cf7e6c275e709c210bdc SHA512 2fddc069312fa3ae39a1e67e95627b7c1eca04bac181012a462f5f596e052ba94497a8bf003c7bd6fbf701429ea16f8c6db348d6df515c3fb5fa631962732bc4 WHIRLPOOL 9d339580bd6262c5dce406af2fe674ec822453001da5f832c08f1bda54e17422d84d4187f686bd7386979941015ccd1b7fa42d9f6f52281e828aabb5241db075
+MISC ChangeLog 4324 SHA256 afc267fed8a3e247a50f43245c13919f9157ec360837b6131d54d062bbbae388 SHA512 e7eb34915db7db57522b98895afdfc47500d03dc7265cee04b6eea8f4f50426a2aae73202470630e10d6f48e4cf64ed8e51369785724d8146075ab439ccebd5b WHIRLPOOL 72ac47e18a45962c6bbf22f1209507770bd4a2fa30f42fb30f6d956de16250346c07b576d8ebc0f48e76c85d32533d54cbdf69128cbc6ed18134a8bd90a6f68a
+MISC ChangeLog-2015 8970 SHA256 96fe537b449a43efa68f2a9951887709d8329c7f97fe9c1392c59dd8041f8abd SHA512 b749f3d9723096aebb79bb71a336f0d055644ec55e5d169fe0335d05ed6286f15adec1b56c132405dc2311116a01120ebec27740b0819e07c2054e508f3dc58a WHIRLPOOL 24ecc94c0802fb43014c3656a3fcbfeb027523dc7b336db7eb7b68c05cba2f477779bfd1b5a9b232c3d55bd56d1437769655362acd1c66cf6d9e747e584b678f
+MISC metadata.xml 775 SHA256 1c33ffbc4d2428b7c135dc9dd36db40f2ac518ee1f1b745657acf5f189b13880 SHA512 85474ba552703d77bc7cc18ccef424f5eeb68e23eb41e14a8c360afcdcb2632a99420fda2dca57ea15dbda3f850d939c16b18cbdc96dbfcf31a6af3f40743f0c WHIRLPOOL b6baf2383e762d33e3c12b799212b14995aa5c451206d0dee3b98de77194324abb32ecefb4ad734f56c9ba8a2b46eb4b860aa77c1a7ccd20f7c094113e76610f
diff --git a/net-firewall/xtables-addons/metadata.xml b/net-firewall/xtables-addons/metadata.xml
new file mode 100644
index 000000000000..4a2b4663dd3b
--- /dev/null
+++ b/net-firewall/xtables-addons/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>blueness@gentoo.org</email>
+ <name>Anthony G. Basile</name>
+ </maintainer>
+ <longdescription>
+Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains
+extensions that were not, or are not yet, accepted in the main kernel/iptables
+packages.
+
+Xtables-addons is different from patch-o-matic in that you do not have to patch
+or recompile the kernel, sometimes recompiling iptables is also not needed. But
+please see the INSTALL file for the minimum requirements of this package.
+</longdescription>
+ <upstream>
+ <remote-id type="sourceforge">xtables-addons</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/xtables-addons/xtables-addons-2.13.ebuild b/net-firewall/xtables-addons/xtables-addons-2.13.ebuild
new file mode 100644
index 000000000000..344178cebcc0
--- /dev/null
+++ b/net-firewall/xtables-addons/xtables-addons-2.13.ebuild
@@ -0,0 +1,187 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils linux-info linux-mod multilib
+
+DESCRIPTION="iptables extensions not yet accepted in the main kernel"
+HOMEPAGE="http://xtables-addons.sourceforge.net/"
+SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="modules"
+
+MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq logmark ipmark echo dnetmap dhcpmac delude chaos account"
+
+for mod in ${MODULES}; do
+ IUSE="${IUSE} xtables_addons_${mod}"
+done
+
+DEPEND=">=net-firewall/iptables-1.4.5"
+
+RDEPEND="${DEPEND}
+ xtables_addons_geoip? (
+ app-arch/unzip
+ dev-perl/Text-CSV_XS
+ virtual/perl-Getopt-Long
+ )
+"
+
+DEPEND="${DEPEND}
+ virtual/linux-sources"
+
+SKIP_MODULES=""
+
+XA_check4internal_module() {
+ local mod=${1}
+ local version=${3}
+ local kconfigname=${3}
+
+ if use xtables_addons_${mod} && kernel_is -gt ${version}; then
+ ewarn "${kconfigname} should be provided by the kernel. Skipping its build..."
+ if ! linux_chkconfig_present ${kconfigname}; then
+ ewarn "Please enable ${kconfigname} target in your kernel
+ configuration or disable checksum module in ${PN}."
+ fi
+ # SKIP_MODULES in case we need to disable building of everything
+ # like having this USE disabled
+ SKIP_MODULES+=" ${mod}"
+ fi
+}
+
+pkg_setup() {
+ if use modules; then
+ get_version
+ check_modules_supported
+ CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR"
+ ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector"
+ linux-mod_pkg_setup
+
+ if ! linux_chkconfig_present IPV6; then
+ SKIP_IPV6_MODULES="ip6table_rawpost"
+ ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}"
+ fi
+ kernel_is -lt 3 7 && die "${P} requires kernel version >= 3.7, if you have older kernel please use 1.x version instead"
+ fi
+}
+
+# Helper for maintainer: cheks if all possible MODULES are listed.
+XA_qa_check() {
+ local all_modules
+ all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig")
+ if [[ ${all_modules} != ${MODULES} ]]; then
+ ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild."
+ ewarn "Please, update MODULES in ebuild."
+ ewarn "'${all_modules}'"
+ fi
+}
+
+# Is there any use flag set?
+XA_has_something_to_build() {
+ local mod
+ for mod in ${MODULES}; do
+ use xtables_addons_${mod} && return
+ done
+
+ eerror "All modules are disabled. What do you want me to build?"
+ eerror "Please, set XTABLES_ADDONS to any combination of"
+ eerror "${MODULES}"
+ die "All modules are disabled."
+}
+
+# Parse Kbuid files and generates list of sources
+XA_get_module_name() {
+ [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument."
+ local mod objdir build_mod sources_list
+ mod=${1}
+ objdir=${S}/extensions
+ # Take modules name from mconfig
+ build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig")
+ # strip .o, = and everything before = and print
+ sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\
+ {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \
+ "${objdir}/Kbuild")
+
+ if [[ -d ${S}/extensions/${sources_list} ]]; then
+ objdir=${S}/extensions/${sources_list}
+ sources_list=$(sed -n "/^obj-m/\
+ {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \
+ "${objdir}/Kbuild")
+ fi
+ for mod_src in ${sources_list}; do
+ has ${mod_src} ${SKIP_IPV6_MODULES} || \
+ echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})"
+ done
+}
+
+# Die on modules known to fail on certain kernel version.
+XA_known_failure() {
+ local module_name=$1
+ local KV_max=$2
+
+ if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then
+ eerror
+ eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above."
+ eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel."
+ eerror
+ die
+ fi
+}
+
+src_prepare() {
+ XA_qa_check
+ XA_has_something_to_build
+
+ # Bug #553630#c2. echo fails on linux-4 and above.
+ # This appears to be fixed, at least as of linux-4.2
+ # XA_known_failure "echo" 4
+
+ local mod module_name
+ if use modules; then
+ MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)"
+ fi
+ for mod in ${MODULES}; do
+ if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then
+ sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die
+ if use modules; then
+ for module_name in $(XA_get_module_name ${mod}); do
+ MODULE_NAMES+=" ${module_name}"
+ done
+ fi
+ else
+ sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die
+ fi
+ done
+ einfo "${MODULE_NAMES}" # for debugging
+
+ sed -e 's/depmod -a/true/' -i Makefile.in || die
+ sed -e '/^all-local:/{s: modules::}' \
+ -e '/^install-exec-local:/{s: modules_install::}' \
+ -i extensions/Makefile.in || die
+
+ use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in
+
+ eapply_user
+}
+
+src_configure() {
+ set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile
+ econf --prefix="${EPREFIX}/" \
+ --libexecdir="${EPREFIX}/$(get_libdir)/" \
+ --with-kbuild="${KV_DIR}"
+}
+
+src_compile() {
+ emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1
+ use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ use modules && linux-mod_src_install
+ dodoc -r README doc/*
+ find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+'
+}