gentoo resync : 12.01.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-01-12 16:58:08 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-01-12 16:58:08 +0000
commit: c8a77dfe4d3d307c1d5dd2650b7297447d8b609d (patch)
tree: 9ea78393bc3ecd6ab4de449383d4e97e5f3648ae /net-firewall
parent: 2891d29af8907ce881662f4a02844926d7a293c7 (diff)
16 files changed, 321 insertions, 29 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 41352e7040ba..5d9950f8a100 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest
index effebd51c57d..57e697c5c29a 100644
--- a/net-firewall/firehol/Manifest
+++ b/net-firewall/firehol/Manifest
@@ -1,12 +1,12 @@
-AUX firehol.conf.d 70 BLAKE2B 4cac98cfe930a9309fc38989c2887278018d757b3981d352a0f9835e2eeb76cd7ff8256814b4fd4dd0fd9d887145264a73fbae92452309ec96838b51447ff313 SHA512 e6b21b493526770bf5619d09b63f8e6cf7f94fb8059fc8ff2d1f19776cab1320218e103d73219534817464314430faca4e437644befa5330610d948c2ade1a35
-AUX firehol.initrd 1144 BLAKE2B 4be520c35519daf3467e55eb041ad8a70102c2bbeb023181fc39585077fe8dce3e6a7faf48814a7b56a094fad9d61b38af6ee7d4b9b4abbbc1c4b41cb2b6472e SHA512 c582e5f3ebdaf7a8f68c137936bf52600bef2d5f7dc4443db6fbc6eac16ad367d69cb936ad2c1bc6e0f6aa3fcaeac7efd8c40f056fa6ea9a7d876ca3c07767ac
-AUX fireqos.conf.d 65 BLAKE2B 121c8df85e9c110e45633c84f3fd4ba9e006bb70dffbdee1507f92d763c13ae9ce370a5807753d31b0033e23d39004ea147d9fb75bf4f2fbadc6baf070ccaca3 SHA512 4dd394f3d896d8bf782cf1157f5bf420ca0e9b2c6238986f3fb17630ec0e12bfcad4ffc6fe2258a7d257e157fed11e01aef26965f3d97c78643c6467639a822c
-AUX fireqos.initrd 832 BLAKE2B 15254240e2a3348b1e4780e5e9806fe335ba66146b2ad7e5af08bb8439f711f5bbde5b984d9885313b7045223627a7af06536a3f42001e4a61a0f893b09d4403 SHA512 87e5b8cff3a6c76780c5bf370e8f628c8e45aa2347d06e68aef65229b7b5f4a2770156019380e892991259145af55be7a84a2b55164530ec34e966baacd666cc
+AUX firehol.confd 70 BLAKE2B 4cac98cfe930a9309fc38989c2887278018d757b3981d352a0f9835e2eeb76cd7ff8256814b4fd4dd0fd9d887145264a73fbae92452309ec96838b51447ff313 SHA512 e6b21b493526770bf5619d09b63f8e6cf7f94fb8059fc8ff2d1f19776cab1320218e103d73219534817464314430faca4e437644befa5330610d948c2ade1a35
+AUX firehol.initd 1141 BLAKE2B 4bdeb545542780b4544c07ad675a2ab63c80177126841eaeab63cefb7755d5a55a4c74e4c2344b250823dfae1a074e53c7cfbaf0ff43315993e442da22337519 SHA512 db1aa27c4923a229c15db268e97e848f50f0515b75b84a6422c8e338c679ff71943286c9a2483c0d88b157cc925dc2d532923e14a559f33456f977680516b7c6
+AUX fireqos.confd 65 BLAKE2B 121c8df85e9c110e45633c84f3fd4ba9e006bb70dffbdee1507f92d763c13ae9ce370a5807753d31b0033e23d39004ea147d9fb75bf4f2fbadc6baf070ccaca3 SHA512 4dd394f3d896d8bf782cf1157f5bf420ca0e9b2c6238986f3fb17630ec0e12bfcad4ffc6fe2258a7d257e157fed11e01aef26965f3d97c78643c6467639a822c
+AUX fireqos.initd 829 BLAKE2B f09905f02189f155455886dd1896a183f2f529d0737939a7065bb52b57870f22805e3e6c029510cc5b57b36e596eb829bcc7651c6a80657ff4e399acc542fa90 SHA512 8364537d3e10c68d309fc40f4b2f88a2a593c38fd6f134b1c09cf937be00f7d96eeba05c83824c9460367bf892a8f79547321784c8f8a4708f856df9a88693f4
 DIST firehol-3.1.3.tar.xz 1476220 BLAKE2B 19ac9db805fc4452b447a45a7ed35c781bc8595f3ede0af7de0ff5a89ab50a9f8a634e0754869774d767b50d720019a5ac466e9d1726a75a34a283473b17a94b SHA512 6c75b57650d918cfc485f6eb01d69694acd5c7b487a10a566fc26b8d5e0cd6a6a9a09bd8d3219bf4e78aa4fe47f83e5ac399107a07770b787e1ccba3078c5f3f
 DIST firehol-3.1.4.tar.xz 1481320 BLAKE2B 0fabef4a853aece966a8f273cc82947a6e63ac44ccac2494d5d6a2f0916658a78cfe0c28cc2414e797411e4795216400b1fa95193a619f7e26fe545182a5fc44 SHA512 1a17b6e810274b346f66788c4c4736421583e6a4ed76df7a1d7f46dcb99e434460998c05755c8342941413d23c02e2ca0d0bf2123cb555a6c7513d24983a13ed
 DIST firehol-3.1.6.tar.xz 1484424 BLAKE2B aea45aa424b7b43ed0576916f52a785601a21489263c1b5c6abbf3b2b97db80bf2a2420ae8176cd55e335ab93c18a8209a47f467dba80a63cf2c319b3e3e27d8 SHA512 5ffa7e59d3f10a6c7d3f5b5ef9d93f1b2138063374a10cb0c1ac4e75578d6cf7755e154b51febf546563ba003f100af13f89bca3843b66a8d22b8fc2da3fadfe
-EBUILD firehol-3.1.3-r1.ebuild 1381 BLAKE2B 442b043dba8d51c41e2035a8be52fd6e1a2ca2062f4eb0ffc3e1d8b4708d447be8cc901bf617300956b09ac18047c1c52dfaeccfdd9e89737aee42f29b47c549 SHA512 4a621a3a5bfb636c4d1c599cc784f6b453e956c08e33a6c4fdef50018778e0f375ceae939de2d7b4f15cffee561601e3fd7bf41619831f3bbaa987779a94fd41
-EBUILD firehol-3.1.3.ebuild 1328 BLAKE2B d70a23bcbc413c4e0e50aae2487cbe6321da4e805cb39a844ba52a28d72485c4493b27c98922c03ac453fd57ed15ab4484189cee894adbb21e96fdf93e9c9629 SHA512 919cfa1cf6ea9e1023610501766b36888d95ad325bf23c528b99941fdb432c9cdd47c7a674a630df626cfb3a820ae77d7aee2a7564c8efc705e3c7a2a4c7b6c5
-EBUILD firehol-3.1.4.ebuild 1376 BLAKE2B f653d541e4c344863c6edefa8d71cd286b8f3319d0fdad6d564c6c5c8d34351e5f0d2a43211dab9e3a6fc31ae7b2c0325fe70d7d432932b163bd7331467c9afd SHA512 16aac22739391f331fad92136a2f12abcb4d50bbef6b95c23fa49cba98f20dcc8facf1ec4fd77154a60fcafdd274e7ed87bb545a83ebaeb19e3ccf47da763fe5
-EBUILD firehol-3.1.6.ebuild 1437 BLAKE2B 5bdd4fff150374ee0017c4035939845dbf9aecd5a4f090bf9a83a7be7fc3f4c0d4172fe95e1cccd0c7951656eaf972ef2a8dbdf0864becad5da8264ba603589e SHA512 2916e183be6474dc078b86779448f0028a21d523048339ad3d0718da676d74646a3336084a9a3f1063d5df2651087bf65431f5ba00c27dd5e374f9a1ab37282b
+EBUILD firehol-3.1.3-r1.ebuild 1374 BLAKE2B 5d4bb0400ffd486fea5302bd4288fdfdbf3839f5e6c30aa967afe7d5a613e42eaeada633e5c913e4eeed6123c4bd671f041769c2e424c9ef902c693c6229078b SHA512 17c008ecb04c267b5568360d1f89d6809a9aec17ccf3beb98979df91d5c5df568cca4b3c5df91e5ee6644dbb76cc7644de3fd22cbfd8c35bb5aae84d7d2ca919
+EBUILD firehol-3.1.3.ebuild 1321 BLAKE2B 5160111e2939d25a8cca9d4479d88facd80ae7c5dcd93a0e278481edaf1c912266d76157ab3db0d7908782946d6632d3abae71f0b64033cb7bceaec30b21f45e SHA512 6be61cbef86add228244d129e7ff9060cd90d74edc563f568aa55a1f17bd2a483c5c035d396feefefe6a5f92aca9fd63e1c9b0eec1aefd0f76721aa3a606deed
+EBUILD firehol-3.1.4.ebuild 1372 BLAKE2B f3249920863d8736d21da864e390828f05a368e58f8ab3d857151410a840c6c84a18d455b344a9a2ccc5516cb27a7b86a18d22cd67156b13a33e121e7a6e3fec SHA512 b9f5c95333e0f287eef761ae036bface8ec9e549786c1937f695fd37199cbcb3cd3d70a46fb56cb7224a1badf0e43ab4ad2cfacb171ed81c696bcdf2e2d374c1
+EBUILD firehol-3.1.6.ebuild 1433 BLAKE2B 00c0cd01a1a8addd0b6352ef9ce46e06fd33509e134ae637bd3701ffaedc0437c9670f593501f0fd8830237a1d047a899e20df7ecb24dccf408e0f14472400b0 SHA512 1f4e79dcc4dc6d567350979211feff43728951f4a6152e14a216b3bd3ed18a49d9b64747627a0221f1191ac8706012c96072bc503f6021465ca2b417eb25ee68
 MISC metadata.xml 434 BLAKE2B 43111da215ea3d6d6af807ee1b629a3ff72dfefe15fa429a6ea5b112cbfb881d1bf848b50a266c32b820a7aec3e14e419c64657cc0a205c1e759c77b64a17b52 SHA512 9ab3275ada67cf2da92f07d9a332f098330caa81b0a7f5d17a321a03cf6b441e029efab9a8f3eaaff7d7181eb503721aa954c14e0a7982e4f35e16c8eaa57898
diff --git a/net-firewall/firehol/files/firehol.conf.d b/net-firewall/firehol/files/firehol.confd
index c8b06e0eaf09..c8b06e0eaf09 100644
--- a/net-firewall/firehol/files/firehol.conf.d
+++ b/net-firewall/firehol/files/firehol.confd
diff --git a/net-firewall/firehol/files/firehol.initrd b/net-firewall/firehol/files/firehol.initd
index 05fc3a2f11c0..719f336c46f1 100644
--- a/net-firewall/firehol/files/firehol.initrd
+++ b/net-firewall/firehol/files/firehol.initd
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 extra_commands="save panic try"
diff --git a/net-firewall/firehol/files/fireqos.conf.d b/net-firewall/firehol/files/fireqos.confd
index 55fa2e037e01..55fa2e037e01 100644
--- a/net-firewall/firehol/files/fireqos.conf.d
+++ b/net-firewall/firehol/files/fireqos.confd
diff --git a/net-firewall/firehol/files/fireqos.initrd b/net-firewall/firehol/files/fireqos.initd
index 628cc9d3c4a1..de94ce9840e5 100644
--- a/net-firewall/firehol/files/fireqos.initrd
+++ b/net-firewall/firehol/files/fireqos.initd
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 depend() {
diff --git a/net-firewall/firehol/firehol-3.1.3-r1.ebuild b/net-firewall/firehol/firehol-3.1.3-r1.ebuild
index 866cded9cb60..db92d61855d5 100644
--- a/net-firewall/firehol/firehol-3.1.3-r1.ebuild
+++ b/net-firewall/firehol/firehol-3.1.3-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -57,8 +57,8 @@ src_configure() {
 src_install() {
 	default
 
-	newconfd "${FILESDIR}"/firehol.conf.d firehol
-	newinitd "${FILESDIR}"/firehol.initrd firehol
-	newconfd "${FILESDIR}"/fireqos.conf.d fireqos
-	newinitd "${FILESDIR}"/fireqos.initrd fireqos
+	newconfd "${FILESDIR}"/firehol.confd firehol
+	newinitd "${FILESDIR}"/firehol.initd firehol
+	newconfd "${FILESDIR}"/fireqos.confd fireqos
+	newinitd "${FILESDIR}"/fireqos.initd fireqos
 }
diff --git a/net-firewall/firehol/firehol-3.1.3.ebuild b/net-firewall/firehol/firehol-3.1.3.ebuild
index b153a88c3196..11a79fd5b628 100644
--- a/net-firewall/firehol/firehol-3.1.3.ebuild
+++ b/net-firewall/firehol/firehol-3.1.3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -54,8 +54,8 @@ src_configure() {
 src_install() {
 	default
 
-	newconfd "${FILESDIR}"/firehol.conf.d firehol
-	newinitd "${FILESDIR}"/firehol.initrd firehol
-	newconfd "${FILESDIR}"/fireqos.conf.d fireqos
-	newinitd "${FILESDIR}"/fireqos.initrd fireqos
+	newconfd "${FILESDIR}"/firehol.confd firehol
+	newinitd "${FILESDIR}"/firehol.initd firehol
+	newconfd "${FILESDIR}"/fireqos.confd fireqos
+	newinitd "${FILESDIR}"/fireqos.initd fireqos
 }
diff --git a/net-firewall/firehol/firehol-3.1.4.ebuild b/net-firewall/firehol/firehol-3.1.4.ebuild
index 67745a1203cb..d9c5fb2ca8de 100644
--- a/net-firewall/firehol/firehol-3.1.4.ebuild
+++ b/net-firewall/firehol/firehol-3.1.4.ebuild
@@ -57,8 +57,8 @@ src_configure() {
 src_install() {
 	default
 
-	newconfd "${FILESDIR}"/firehol.conf.d firehol
-	newinitd "${FILESDIR}"/firehol.initrd firehol
-	newconfd "${FILESDIR}"/fireqos.conf.d fireqos
-	newinitd "${FILESDIR}"/fireqos.initrd fireqos
+	newconfd "${FILESDIR}"/firehol.confd firehol
+	newinitd "${FILESDIR}"/firehol.initd firehol
+	newconfd "${FILESDIR}"/fireqos.confd fireqos
+	newinitd "${FILESDIR}"/fireqos.initd fireqos
 }
diff --git a/net-firewall/firehol/firehol-3.1.6.ebuild b/net-firewall/firehol/firehol-3.1.6.ebuild
index 626180343e17..8bddf14115b7 100644
--- a/net-firewall/firehol/firehol-3.1.6.ebuild
+++ b/net-firewall/firehol/firehol-3.1.6.ebuild
@@ -60,8 +60,8 @@ src_configure() {
 src_install() {
 	default
 
-	newconfd "${FILESDIR}"/firehol.conf.d firehol
-	newinitd "${FILESDIR}"/firehol.initrd firehol
-	newconfd "${FILESDIR}"/fireqos.conf.d fireqos
-	newinitd "${FILESDIR}"/fireqos.initrd fireqos
+	newconfd "${FILESDIR}"/firehol.confd firehol
+	newinitd "${FILESDIR}"/firehol.initd firehol
+	newconfd "${FILESDIR}"/fireqos.confd fireqos
+	newinitd "${FILESDIR}"/fireqos.initd fireqos
 }
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 1957586692d9..5e70d7dbeaf3 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,4 +1,7 @@
+AUX libexec/nftables-mk.sh 984 BLAKE2B 5a9a8005a814da3a16befcb8e59754f5fe7c6381c22d1992940c1f01cb420ff41418095f22ca9367cf230e71cee53b8a08568c5f160c525d8b9c5a8a6b5e8a7b SHA512 a09ae5b144c2424b8ec7d41fe7e2f84eb246e08a9a4b3bdfa19368a2d005fad6aa3538b64305cf357e704b646ae1b408629221d74e19a3b1d91b6d5ec41630a4
 AUX libexec/nftables.sh 3643 BLAKE2B 83818eb88db2d30c58b348e12b5c5baf7599f4e301ac12455a70f1c98e369e4febab3020ddb1c5b83e6d3777b3a98bd30a5baf73d90ac00e1278d88fc1565b8b SHA512 efc9b4f9520c78b6248f16bd5708669872e8abf949f6f4b81182f331f8532dfeaae2df648e8878e9b5cbd66c0259daab71035ea922754807654b2b3bc86b4352
+AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602
+AUX nftables-mk.init 2090 BLAKE2B 62f56586ca4ba0acbd3ac41f4904041d625388771bbafc32833055a5f3c00f251e1d9a04bb41dd672f33d13a0825f7e4470a30d7e874df1abd41508148ef42b0 SHA512 819b2d60b42207cb70d95b700557e873fe18c5f6e8437683240beb317f773cf8e18755086e24652a9bcff49c6f96af8cd9e3f3b62c9f433779eff4e3f3935197
 AUX nftables.confd 655 BLAKE2B 5512be1edd43e270941de3d9b66fda69e4afd7c7e6e970b232a044c2fd64f8e50b9b55a4fe670174c3eabf3d176ee0158c1043baec4b76b0802e7e97bc862fcf SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144
 AUX nftables.init 3069 BLAKE2B 68c6b2b81995bd909c00cc3527f891f04d0dd30532cd821c89b59fc7e3ea0dff0e98d767cee2c00a5462023fdf6f59e813dec7063768a34187f2404377e498f7 SHA512 ca761be0440945b21d5b002468baffb3299d0a3ac244aa895734dfdfaf442e7a73b757bcda99d958582064411d1b80b2cbcb4eb532bb219b4df407c9ed892661
 AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f11a8df6621c3c919e30a1ec1213f6db822c390609c01827fe9fc75c540effa3e3a7b6f93bd24e16ea19841bbfaab796ed SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0
@@ -8,5 +11,6 @@ DIST nftables-0.9.0.tar.gz 417981 BLAKE2B 4dfba4d71928f1694ffeb4871353fc373d88e2
 EBUILD nftables-0.8-r3.ebuild 1959 BLAKE2B a029fd4444f5aeddedfbdcb3659f879c4a8f6246c25042449cb5ffa7809401a7ef512275dc1f45c50b51bc2807b3679d1c386bcb2470522ba1a338dc728bdb15 SHA512 6bd510183e9d1cec3fa05970adccf28ac21c7ad839f3a6236ee584d1308c48988ee2b006630ecd558954cb80a7a8faf6e78ab9b06b29df4b2a69161a9e848c71
 EBUILD nftables-0.8.5.ebuild 1937 BLAKE2B b24ea2b8978dc0294c2d27a90aa205916ddeb04c2b66f0adc7e870705a6ffac8ac0e3bf5a95e3c79c27965f780c0ca94ba21bcb5abad49ce49b50ff00c2046fd SHA512 f5f461225c68ed17450380d467f79d87302f0d1c1d69ddb15f90b6a938ea79906e165e6564db8135f07eafc35fb89acfab7659a97d62c7c71ac0376953ff6954
 EBUILD nftables-0.9.0-r1.ebuild 2079 BLAKE2B 303d82b14d13f49c7ed5222d69025eaf0d73e3ec617655b33224b8a1f14e4a16a9d9e71a60270cb3e015bb009efb43ccb419a722a4780cdba50cc2ea341a3eda SHA512 68386a156baa050c83f6233516f8e37f871a2be203d71c751eeefbfbbfe52f114201c2a6eced8bfa194ca8e87c9ad62d6370096c0ceab6e60927cf236c12dfe6
+EBUILD nftables-0.9.0-r2.ebuild 2343 BLAKE2B d726f8bef9ddd5860fff0d91cf29185a32432fc24ad31b173330dd4f881809f66e62e805dcbb9d1e4bbc9f0c3c8185ceadaa4db7882266a1747f9d5f522e1e9e SHA512 953a2e64cf4ddc2591335b245ca8a0b18056cb55c46f7796fd1e4de2f774ab3bb2b3bb6be70b49c7c7d1b4d4780f1e5e3335b84d1d97e9a4a99443aecadc91e1
 EBUILD nftables-0.9.0.ebuild 1989 BLAKE2B 3c1e318030d8287b0db2b2ebda3e528703ac73bdf146c147c5c7f8929e9339f9c4c6df08fc829a0ad55f4634b0910e8acfeeb9a31577ba6e61663839c6978a5f SHA512 627c70f4bb60fdbea3f57e676acfb84ed0a4779b6b98b352be766463ca2c564ebcd1a540719e2085b59b8b87fd8dfe7bb1cc6b6d91ec5fe4aac79f53c3c1c496
-MISC metadata.xml 466 BLAKE2B 535df1fe78a4cc4da0375e8db9b3d641ed19736f1992d361203f2e2088aaad7d86a0d547cc9b9139f36837cf6edf6dadea3c17f54b562e6061db52579659f806 SHA512 59494d7efc5f49a417c623410bbda4f891a47a4e1a8a43c8b7357978618401e80595c52113d7aaf8a6171ccacca50fe101c9b5bdbe070f0e993829b72693c931
+MISC metadata.xml 701 BLAKE2B 14244e9f37e87bc6e4a9cc917b7f2e55bcb61135af3a9ff258334ef9d40ade40312760f30ddab907d75f4c4492cc8d8d2217d022f5e04672988c25d65ec1d85a SHA512 070e4dcaf6f323f93fac80352d2c2ae1512611ffc3261e7b3c85acee9f490f90e238b39aad2a7d4959c75fe7c96545b8c12318b09d4c56d8116df80364bf09a6
diff --git a/net-firewall/nftables/files/libexec/nftables-mk.sh b/net-firewall/nftables/files/libexec/nftables-mk.sh
new file mode 100644
index 000000000000..b6ad37867b6d
--- /dev/null
+++ b/net-firewall/nftables/files/libexec/nftables-mk.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+main() {
+	local NFTABLES_SAVE=${2:-'/var/lib/nftables/rules-save'}
+	case "$1" in
+		"check")
+			nft -c -f "${NFTABLES_SAVE}"
+		;;
+		"clear")
+			nft flush ruleset
+		;;
+		"list")
+			nft ${SAVE_OPTIONS} list ruleset
+		;;
+		"load")
+			( echo "flush ruleset;"; cat "${NFTABLES_SAVE}" ) | nft -f -
+		;;
+		"panic")
+			panic hard | nft -f -
+		;;
+		"soft_panic")
+			panic soft | nft -f -
+		;;
+		"store")
+			local tmp_save="${NFTABLES_SAVE}.tmp"
+			umask 600;
+			(
+				echo "#!/sbin/nft -f"
+				echo "flush ruleset;"
+				nft ${SAVE_OPTIONS} list ruleset
+			) > "$tmp_save" && mv ${tmp_save} ${NFTABLES_SAVE}
+		;;
+	esac
+}
+
+panic() {
+	local erule;
+	[ "$1" = soft ] && erule="ct state established,related accept;" || erule="";
+	cat <<EOF
+table inet filter {
+	chain input {
+		type filter hook input priority 0;
+		$erule
+		drop
+	}
+	chain forward {
+		type filter hook forward priority 0;
+		drop
+	}
+	chain output {
+		type filter hook output priority 0;
+		$erule
+		drop
+	}
+}
+EOF
+}
+
+main "$@"
diff --git a/net-firewall/nftables/files/nftables-mk.confd b/net-firewall/nftables/files/nftables-mk.confd
new file mode 100644
index 000000000000..5cda24030f93
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-mk.confd
@@ -0,0 +1,26 @@
+# /etc/conf.d/nftables
+
+# Location in which nftables initscript will save set rules on
+# service shutdown
+NFTABLES_SAVE="/var/lib/nftables/rules-save"
+
+# Options to pass to nft on save
+SAVE_OPTIONS="-n"
+
+# Save state on stopping nftables
+SAVE_ON_STOP="yes"
+
+# Only for OpenRC systems.
+# Set to "hard" or "soft" to panic when stopping instead of
+# clearing the rules
+# Soft panic loads a ruleset dropping any new or invalid connections
+# Hard panic loads a ruleset dropping all traffic
+PANIC_ON_STOP=""
+
+# If you need to log nftables messages as soon as nftables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/nftables/files/nftables-mk.init b/net-firewall/nftables/files/nftables-mk.init
new file mode 100644
index 000000000000..f7e3dce8ada2
--- /dev/null
+++ b/net-firewall/nftables/files/nftables-mk.init
@@ -0,0 +1,104 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="check clear list panic save soft_panic"
+extra_started_commands="reload"
+
+depend() {
+	need localmount #434774
+	before net
+}
+
+checkkernel() {
+	if ! /sbin/nft list ruleset >/dev/null 2>/dev/null ; then
+		eerror "Your kernel lacks nftables support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+
+checkconfig() {
+	if [ -z "${NFTABLES_SAVE}" -o ! -f "${NFTABLES_SAVE}" ] ; then
+		eerror "Not starting nftables. First create some rules then run:"
+		eerror "/etc/init.d/${SVCNAME} save"
+		return 1
+	fi
+	return 0
+}
+
+start_pre() {
+	checkconfig || return 1
+	checkkernel || return 1
+	check || return 1
+}
+
+start() {
+	ebegin "Loading ${SVCNAME} state and starting firewall"
+	/usr/libexec/nftables/nftables.sh load "${NFTABLES_SAVE}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+
+	ebegin "Stopping firewall"
+	if [ "${PANIC_ON_STOP}" = "hard" ]; then
+		/usr/libexec/nftables/nftables.sh panic
+	elif [ "${PANIC_ON_STOP}" = "soft" ]; then
+		/usr/libexec/nftables/nftables.sh soft_panic
+	else
+		/usr/libexec/nftables/nftables.sh clear
+	fi
+	eend $?
+}
+
+reload() {
+	start_pre || return 1
+	start
+}
+
+clear() {
+	ebegin "Clearing rules"
+	/usr/libexec/nftables/nftables.sh clear
+	eend $?
+}
+
+list() {
+	/usr/libexec/nftables/nftables.sh list
+}
+
+check() {
+	ebegin "Checking rules"
+	/usr/libexec/nftables/nftables.sh check "${NFTABLES_SAVE}"
+	eend $?
+}
+
+save() {
+	ebegin "Saving ${SVCNAME} state"
+	checkpath -q -d "$(dirname "${NFTABLES_SAVE}")"
+	checkpath -q -m 0600 -f "${NFTABLES_SAVE}"
+	/usr/libexec/nftables/nftables.sh store "${NFTABLES_SAVE}"
+	eend $?
+}
+
+panic() {
+	if service_started ${SVCNAME}; then
+		rc-service ${SVCNAME} zap
+	fi
+	ebegin "Dropping all packets"
+	/usr/libexec/nftables/nftables.sh panic
+	eend $?
+}
+
+soft_panic() {
+	if service_started ${SVCNAME}; then
+		rc-service ${SVCNAME} zap
+	fi
+	ebegin "Dropping new connections"
+	/usr/libexec/nftables/nftables.sh soft_panic
+	eend $?
+}
diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml
index 1a891a6e5330..dcc71d66d6f8 100644
--- a/net-firewall/nftables/metadata.xml
+++ b/net-firewall/nftables/metadata.xml
@@ -9,7 +9,12 @@
 		<email>prometheanfire@gentoo.org</email>
 		<name>Matthew Thode</name>
 	</maintainer>
+	<maintainer type="person">
+		<email>klondike@gentoo.org</email>
+		<name>Francisco Blas Izquierdo Riera</name>
+	</maintainer>
 	<use>
 		<flag name="json">Enable JSON support via <pkg>dev-libs/jansson</pkg></flag>
+		<flag name="modern_kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag>
 	</use>
 </pkgmetadata>
diff --git a/net-firewall/nftables/nftables-0.9.0-r2.ebuild b/net-firewall/nftables/nftables-0.9.0-r2.ebuild
new file mode 100644
index 000000000000..346d321bb376
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.0-r2.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools linux-info systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ia64 ~x86"
+IUSE="debug doc +gmp json +modern_kernel +readline"
+
+RDEPEND=">=net-libs/libmnl-1.0.3:0=
+	gmp? ( dev-libs/gmp:0= )
+	json? ( dev-libs/jansson )
+	readline? ( sys-libs/readline:0= )
+	>=net-libs/libnftnl-1.1.1:0="
+
+DEPEND="${RDEPEND}
+	>=app-text/docbook2X-0.8.8-r4
+	doc? ( >=app-text/dblatex-0.3.7 )
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig"
+
+S="${WORKDIR}/v${PV}"
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern_kernel && kernel_is lt 3 18; then
+			eerror "The modern_kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc pdf-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with readline cli)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	local mksuffix=""
+	use modern_kernel && mksuffix="-mk"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+	systemd_enable_service basic.target ${PN}-restore.service
+
+	docinto /usr/share/doc/${PF}/skels
+	dodoc "${D}"/etc/nftables/*
+	rm -R "${D}"/etc/nftables
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT%/}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f ${save_file} ]]; then
+		touch ${save_file}
+	fi
+
+	elog "If you are creating firewall rules before the next system restart "
+	elog "the nftables-restore service must be manually started in order to "
+	elog "save those rules on shutdown."
+}
author	V3n3RiX <venerix@redcorelinux.org>	2019-01-12 16:58:08 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-01-12 16:58:08 +0000
commit	c8a77dfe4d3d307c1d5dd2650b7297447d8b609d (patch)
tree	9ea78393bc3ecd6ab4de449383d4e97e5f3648ae /net-firewall
parent	2891d29af8907ce881662f4a02844926d7a293c7 (diff)