summaryrefslogtreecommitdiff
path: root/net-firewall
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-02-14 05:36:28 +0000
committerV3n3RiX <venerix@koprulu.sector>2024-02-14 05:36:28 +0000
commitf7379fa6ffb6e47eabc62d0d832a5bcad1db9591 (patch)
tree0ea3c5b242d79d2dfc54aefaf93cfe627998bc78 /net-firewall
parent5ee866097f7722d669e9a3b4ca2906105852e6ec (diff)
gentoo auto-resync : 14:02:2024 - 05:36:28
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/Manifest.gzbin4234 -> 4229 bytes
-rw-r--r--net-firewall/ipset/Manifest3
-rw-r--r--net-firewall/ipset/files/ipset.initd-r6105
-rw-r--r--net-firewall/ipset/ipset-7.20.ebuild2
4 files changed, 108 insertions, 2 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index fe01ba59f5de..12d2ec194356 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
Binary files differ
diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest
index 7ab00d236d06..d781a3a945e7 100644
--- a/net-firewall/ipset/Manifest
+++ b/net-firewall/ipset/Manifest
@@ -1,8 +1,9 @@
AUX ipset.confd-r1 666 BLAKE2B 852963fd27d11f58305f33cc9be84d5eabde73f5af4924d97ad188505fa64b2c75f31ece180e2992d275738305b7a731afc8b911314a9f202320c0c61053fc9b SHA512 6020665ba30fc9efa7c16714c1ff7a0961153175b70ca5817f72c4123537e0ff9a977b8ca71914ef8b49d431601b73275b2ab6f848d521b53680b0cd7bcaca82
AUX ipset.initd-r5 3375 BLAKE2B e548d1fecdb7785eacd7611881db589488c15871b9ba28bf6a6c3ba2cacddb0428b7a29426cdbefe23d3c060c5431155d9e75c14ea4e3cde889979aa111e745b SHA512 d6162f713609df66f9b30c179045fe96dfe6f85e6b13f53eaaba5d9d09bd082bf74749ef0ff5e97039658036370dfb49f16071765d3f7c3901fae540264ccf96
+AUX ipset.initd-r6 3386 BLAKE2B 1b3c0de0cc45fe80d3e0ba8a90fb2433ec3a6c2df38d50030cafea0b67562644918186e82e1c92a314f8e75939a0302a1574ae78fedbc9da9016ac3d0fd82e20 SHA512 ca821d2d22826d10f87e0c318b52faf10a339174f2ab27fb427b87f41b824ea8b74523b776465dd43edd1fa3cb311b11a6c9972f1d24f007ad60b87895860d2d
AUX ipset.systemd-r1 492 BLAKE2B 78fd7b122e0fe08b36d36e736d18b7a5f0bf1aa78802f1bdc7abf69ad2ef9c0bcfb22ae84f8f6489aee6c147ee3c0be7ebfa600712bf6169940802466daf68ba SHA512 6574e48ce6b3c4f45122a8b387746793ceda62f68ec8b0f3f6f949f5650ab557f3f7eb75699e36d5bf04efbf39dc17e030cc44ea9d97891578d4c909669e6eb7
DIST ipset-7.19.tar.bz2 686712 BLAKE2B 04290b94be471aedd732601e1dc147a066933606152beb76ba1a21283aa2e3f8b891fd9575db73f2af67b446fb77a0ca6b2432ae606440ac9e9bf80e41d1f640 SHA512 0f4252e6d967b0f130a2c7a0307b17c6b7d48336e86b2f838ea176f5faaa0c9bbbf273060906b43d91e9b38a9f33c18918e33d02292839a6bc321181d5d7f84e
DIST ipset-7.20.tar.bz2 687123 BLAKE2B 24f44c887ba90379015d15d58351aedb80cc1d53638d0f4a868b1b6debec18e4c5336b626946bc7b3eb56c1b80d83ab236f287598f71e27bf44b9873dbb7eddf SHA512 d0b87ab889987a3febeaf3d73099a262aca86160878258b3bd1be064e52b55baa90601804b30ad3bbb363066c9fc1bbdfe8bc100414f801729215a892e186fc6
EBUILD ipset-7.19-r1.ebuild 3379 BLAKE2B 4dd28ea10c1aa885af34b2892498dea9a4fc3a534d66455ae6b708fa2e144849be836a8ffe1906e137dc6e7fc438862a726612b056d72f7163575515007c9c1d SHA512 9266874bbc29d0806c4e49e2238541e6659db19ee950b81703a2a66ad1623e2f367034e67b731a654673ec7717abc495f969eef83cd3c26527606e7c6228562c
-EBUILD ipset-7.20.ebuild 3385 BLAKE2B f250967ad6bbdff6e45b79cdf82f6060fba71161b30c4f7cfac15aa9e000bbe02c6bdc75c939cb21b07331dc9f5a315064d79ed68edf59e777561db0d89db277 SHA512 afcfce175a75eb1264e21ca213b5ed64984ef27a3f0497367c725ebc6784b4ca2a0426e679068c49bf65e40093db38e726ccd26f8ed3018c83feebd2dc2dfc35
+EBUILD ipset-7.20.ebuild 3385 BLAKE2B 62b9c287f10a7b87637fd5504ea48fe30c94d5cd709c9ca60a13a10d53b92c10a19414ef8cd3cdcb30dc11cf3acef2b4da308955a45174cd497f80899d4177be SHA512 ca4d764a7933ba1477ac38b941c166c1ec2d7a6b844ad14fafda1a4d7824d63fc5402c70ced16dd309757ecb33067a8d22b4d54da6f070ea78ff7db21e2e323f
MISC metadata.xml 475 BLAKE2B e1e06003a410249ed76d39b74ccbcd64b8572ff05f1c818729d787cecfb19cfa9c7e3463473688abc7a398efb908b0c7145bad88bbb7259e69f1b7d985584bcc SHA512 d0a3dca6593e8a62cbf5c325eb59b620137af8d8f5a463702c4d6ec102fd03b8adbbdcd9358777d0461f57a98d892d359d80b8f722d3f322f3d4766d762f6585
diff --git a/net-firewall/ipset/files/ipset.initd-r6 b/net-firewall/ipset/files/ipset.initd-r6
new file mode 100644
index 000000000000..949bdad76044
--- /dev/null
+++ b/net-firewall/ipset/files/ipset.initd-r6
@@ -0,0 +1,105 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="save"
+extra_started_commands="reload"
+
+IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save}
+
+depend() {
+ before iptables ip6tables
+}
+
+checkconfig() {
+ if [ ! -f "${IPSET_SAVE}" ] ; then
+ eerror "Not starting ${SVCNAME}. First create some rules then run:"
+ eerror "/etc/init.d/${SVCNAME} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ipset session"
+ ipset restore < "${IPSET_SAVE}"
+ eend $?
+}
+
+stop() {
+ # check if there are any references to current sets
+
+ if ! ipset list | gawk '
+ ($1 == "References:") { refcnt += $2 }
+ ($1 == "Type:" && $2 == "list:set") { set = 1 }
+ (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } }
+ (set && $1 == "Members:") {scan = 1}
+ END { if ((refcnt - setcnt) > 0) exit 1 }
+ '; then
+ eerror "ipset is in use, can't stop"
+ return 1
+ fi
+
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+
+ ebegin "Removing kernel IP sets"
+ ipset flush
+ ipset destroy
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ipsets"
+
+ # Loading sets from a save file is only additive (there is no
+ # automatic flushing or replacing). And, we can not remove sets
+ # that are currently used in existing iptables rules.
+ #
+ # Instead, we create new temp sets for any set that is already
+ # in use, and then atomically swap them into place.
+ #
+ # XXX: This does not clean out previously used ipsets that are
+ # not in the new saved policy--it can't, because they may still
+ # be referenced in the current iptables rules.
+
+
+ # Build a list of all currently used sets (if any).
+ running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}')
+ running_ipset_list="${running_ipset_list% }"
+
+ # Check the configured suffix, and make sure there are no collisions
+ if test -z "${TEMP_SUFFIX}" ; then
+ eend 1 "TEMP_SUFFIX cannot be empty"
+ return 1
+ elif echo "$running_ipset_list" | grep -q -E "${TEMP_SUFFIX}( |$)" ; then
+ eend 1 "Existing set(s) match TEMP_SUFFIX pattern ('${TEMP_SUFFIX}'), cannot continue"
+ return 1
+ fi
+
+ # Build a regular expression that matches those set names.
+ running_ipset_list_regex="$(echo "$running_ipset_list" | tr -s ' ' '|' )"
+
+ # Load up sets from the save file, but rename any set that already
+ # exists to a temporary name that we will swap later.
+ if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2${TEMP_SUFFIX} /" | ipset restore ; then
+ eend $? "Failed to load new ipsets"
+ fi
+
+ # Now for every set name that currently exists, atomically swap it
+ # with the temporary new one we created, and then destroy the old set.
+ for ipset_name in ${running_ipset_list} ; do
+ ipset swap ${ipset_name} ${ipset_name}${TEMP_SUFFIX} || eend $? "Failed to swap in new ipset $ipset_name"
+ ipset destroy ${ipset_name}${TEMP_SUFFIX} || eend $? "Failed to delete obsolete ipset ${ipset_name}${TEMP_SUFFIX}"
+ done
+ eend 0
+}
+
+save() {
+ ebegin "Saving ipset session"
+ checkpath --file --mode 0600 "${IPSET_SAVE}"
+ ipset -output save list > "${IPSET_SAVE}"
+ eend $?
+}
diff --git a/net-firewall/ipset/ipset-7.20.ebuild b/net-firewall/ipset/ipset-7.20.ebuild
index f1a25f936d47..433d477210f0 100644
--- a/net-firewall/ipset/ipset-7.20.ebuild
+++ b/net-firewall/ipset/ipset-7.20.ebuild
@@ -102,7 +102,7 @@ src_install() {
find "${ED}" -name '*.la' -delete || die
- newinitd "${FILESDIR}"/ipset.initd-r5 ${PN}
+ newinitd "${FILESDIR}"/ipset.initd-r6 ${PN}
newconfd "${FILESDIR}"/ipset.confd-r1 ${PN}
systemd_newunit "${FILESDIR}"/ipset.systemd-r1 ${PN}.service
keepdir /var/lib/ipset