summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Black <dragonheart@gentoo.org>2007-02-06 13:10:41 +0000
committerDaniel Black <dragonheart@gentoo.org>2007-02-06 13:10:41 +0000
commit29766326d0b9c5064a6bde32a67a7067ed3ca5ab (patch)
treef1d89249ffa1554f6c2daa8ac8907d3e4afc42c7
parentstable on amd64 wrt security bug 159419 (diff)
downloadhistorical-29766326d0b9c5064a6bde32a67a7067ed3ca5ab.tar.gz
historical-29766326d0b9c5064a6bde32a67a7067ed3ca5ab.tar.bz2
historical-29766326d0b9c5064a6bde32a67a7067ed3ca5ab.zip
cleanout
Package-Manager: portage-2.1.2-r7
-rw-r--r--net-firewall/iptables/ChangeLog15
-rw-r--r--net-firewall/iptables/Manifest89
-rw-r--r--net-firewall/iptables/files/1.2.11-files/CAN-2004-0986.patch48
-rw-r--r--net-firewall/iptables/files/1.2.11-files/grsecurity-1.2.8-iptables.patch67
-rw-r--r--net-firewall/iptables/files/1.2.11-files/install_all_dev_files.patch79
-rw-r--r--net-firewall/iptables/files/1.2.11-files/install_ipv6_apps.patch13
-rw-r--r--net-firewall/iptables/files/1.2.11-files/iptables-1.2.9-imq1.diff222
-rw-r--r--net-firewall/iptables/files/1.2.11-files/iptables-layer7-0.9.0.patch384
-rw-r--r--net-firewall/iptables/files/1.2.11-files/round-robin.patch28
-rw-r--r--net-firewall/iptables/files/digest-iptables-1.2.11-r33
-rw-r--r--net-firewall/iptables/files/digest-iptables-1.3.5-r19
-rw-r--r--net-firewall/iptables/files/digest-iptables-1.3.5-r29
-rw-r--r--net-firewall/iptables/files/digest-iptables-1.3.5-r39
-rw-r--r--net-firewall/iptables/files/ip6tables-1.2.9-r1.confd9
-rw-r--r--net-firewall/iptables/files/ip6tables-1.2.9-r1.init73
-rw-r--r--net-firewall/iptables/files/iptables-1.2.9-r1.confd9
-rw-r--r--net-firewall/iptables/files/iptables-1.2.9-r1.init76
-rw-r--r--net-firewall/iptables/iptables-1.2.11-r3.ebuild169
-rw-r--r--net-firewall/iptables/iptables-1.3.5-r1.ebuild161
-rw-r--r--net-firewall/iptables/iptables-1.3.5-r2.ebuild161
-rw-r--r--net-firewall/iptables/iptables-1.3.5-r3.ebuild170
21 files changed, 21 insertions, 1782 deletions
diff --git a/net-firewall/iptables/ChangeLog b/net-firewall/iptables/ChangeLog
index d94abb49a25c..155055fdb62a 100644
--- a/net-firewall/iptables/ChangeLog
+++ b/net-firewall/iptables/ChangeLog
@@ -1,6 +1,19 @@
# ChangeLog for net-firewall/iptables
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.125 2007/02/06 12:21:22 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/ChangeLog,v 1.126 2007/02/06 13:10:41 dragonheart Exp $
+
+ 06 Feb 2007; Daniel Black <dragonheart@gentoo.org>
+ -files/1.2.11-files/iptables-layer7-0.9.0.patch,
+ -files/1.2.11-files/grsecurity-1.2.8-iptables.patch,
+ -files/ip6tables-1.2.9-r1.confd, -files/iptables-1.2.9-r1.confd,
+ -files/1.2.11-files/install_all_dev_files.patch,
+ -files/ip6tables-1.2.9-r1.init, -files/1.2.11-files/round-robin.patch,
+ -files/1.2.11-files/iptables-1.2.9-imq1.diff,
+ -files/iptables-1.2.9-r1.init, -files/1.2.11-files/CAN-2004-0986.patch,
+ -files/1.2.11-files/install_ipv6_apps.patch, -iptables-1.2.11-r3.ebuild,
+ -iptables-1.3.5-r1.ebuild, -iptables-1.3.5-r2.ebuild,
+ -iptables-1.3.5-r3.ebuild:
+ cleanout
06 Feb 2007; Daniel Black <dragonheart@gentoo.org> iptables-1.3.7.ebuild:
l7 now at 2.9 - no code change just different tarball. Bumping to avoid
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 5597c8cef55a..257588e69c26 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,34 +1,6 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-AUX 1.2.11-files/CAN-2004-0986.patch 1365 RMD160 a184a41e0b3ad611f271e22e35adf684213307a5 SHA1 a9b5e7ac2753dc55d776d16c9e2911d9c5574669 SHA256 15c98cb61c8a2787bb6e4f01f01fd29b0e6a2731e817349bd5fa4c4cd458bef3
-MD5 756f721b4c0c0646a174993befa199c4 files/1.2.11-files/CAN-2004-0986.patch 1365
-RMD160 a184a41e0b3ad611f271e22e35adf684213307a5 files/1.2.11-files/CAN-2004-0986.patch 1365
-SHA256 15c98cb61c8a2787bb6e4f01f01fd29b0e6a2731e817349bd5fa4c4cd458bef3 files/1.2.11-files/CAN-2004-0986.patch 1365
-AUX 1.2.11-files/grsecurity-1.2.8-iptables.patch 1192 RMD160 58daa8e044697bd50b0f94bedaa9601dca78c7a2 SHA1 6642c759c4923a6474422d44f4985e403a0c3191 SHA256 d4e3784157cbd561e69e720eba4864065161c6624a23febc4b5820836b221fd6
-MD5 e0672c939baef2c359a2c0e365453228 files/1.2.11-files/grsecurity-1.2.8-iptables.patch 1192
-RMD160 58daa8e044697bd50b0f94bedaa9601dca78c7a2 files/1.2.11-files/grsecurity-1.2.8-iptables.patch 1192
-SHA256 d4e3784157cbd561e69e720eba4864065161c6624a23febc4b5820836b221fd6 files/1.2.11-files/grsecurity-1.2.8-iptables.patch 1192
-AUX 1.2.11-files/install_all_dev_files.patch 2710 RMD160 57c46b60ecf46f555e21b7067ad7da96c1c18726 SHA1 35a550b34521638957be13052e9bc7ac4efe50de SHA256 4231eab305bb52140d7c7ba391be2081cfb8cb6500e436449b99b638268d5b5e
-MD5 c691998ac49fbed80c6f718ef222dbca files/1.2.11-files/install_all_dev_files.patch 2710
-RMD160 57c46b60ecf46f555e21b7067ad7da96c1c18726 files/1.2.11-files/install_all_dev_files.patch 2710
-SHA256 4231eab305bb52140d7c7ba391be2081cfb8cb6500e436449b99b638268d5b5e files/1.2.11-files/install_all_dev_files.patch 2710
-AUX 1.2.11-files/install_ipv6_apps.patch 826 RMD160 505c5832d20fad96839936da900a12b5f4209045 SHA1 6e5808694e17002f2312ea9a45b46fb577694a83 SHA256 0a7f666962e586b2be8d2d3d2947497b3e3837c78b57056ce065455518c78722
-MD5 ade9674a3d293afd0153fafe34a672d3 files/1.2.11-files/install_ipv6_apps.patch 826
-RMD160 505c5832d20fad96839936da900a12b5f4209045 files/1.2.11-files/install_ipv6_apps.patch 826
-SHA256 0a7f666962e586b2be8d2d3d2947497b3e3837c78b57056ce065455518c78722 files/1.2.11-files/install_ipv6_apps.patch 826
-AUX 1.2.11-files/iptables-1.2.9-imq1.diff 5093 RMD160 4d66c90d39596f01fee562dac989e17b64c8c205 SHA1 ce2a08c41c817729d31fc20c1b9a03b6f4c3376c SHA256 e3aa898ea102edd1da1a6929767cf7846be23b3eb9763c3e28c4d21613b6bbbc
-MD5 6616924151e96a5e9dca31aec2bf5a2b files/1.2.11-files/iptables-1.2.9-imq1.diff 5093
-RMD160 4d66c90d39596f01fee562dac989e17b64c8c205 files/1.2.11-files/iptables-1.2.9-imq1.diff 5093
-SHA256 e3aa898ea102edd1da1a6929767cf7846be23b3eb9763c3e28c4d21613b6bbbc files/1.2.11-files/iptables-1.2.9-imq1.diff 5093
-AUX 1.2.11-files/iptables-layer7-0.9.0.patch 10240 RMD160 f4fcaa18d1ea37434558d9f55e64552a19048890 SHA1 99ef6d966fba757603a7c05a939dd5942392d9f4 SHA256 3f35b949929935d24806a3ea2f3c4ce9d371864e9d7cf0d71940ff761342a25b
-MD5 6c09e9a3c17fa7f450b73c36643128f0 files/1.2.11-files/iptables-layer7-0.9.0.patch 10240
-RMD160 f4fcaa18d1ea37434558d9f55e64552a19048890 files/1.2.11-files/iptables-layer7-0.9.0.patch 10240
-SHA256 3f35b949929935d24806a3ea2f3c4ce9d371864e9d7cf0d71940ff761342a25b files/1.2.11-files/iptables-layer7-0.9.0.patch 10240
-AUX 1.2.11-files/round-robin.patch 740 RMD160 a14c756efd235fb16e1025d28f227080d79231e7 SHA1 4a867085e1a59abe912d6deba65197d32e846da5 SHA256 ab0cc951f72d52f8c60715415fe856d6a03ca59e5f9ed8ecf781812cf2d66932
-MD5 25092a0dbe459fedb76c577cc12d78d2 files/1.2.11-files/round-robin.patch 740
-RMD160 a14c756efd235fb16e1025d28f227080d79231e7 files/1.2.11-files/round-robin.patch 740
-SHA256 ab0cc951f72d52f8c60715415fe856d6a03ca59e5f9ed8ecf781812cf2d66932 files/1.2.11-files/round-robin.patch 740
AUX 1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 1315 RMD160 3665aaa6788261f16372c1e34810fe99fd60453c SHA1 b3c88dc5ceebc15aca73fcc02afdf8d0fa6a389f SHA256 f86e32f84af0e68b927b712a60e5d02d1bc27972537f476c71a311711fdcfc12
MD5 319d0b089a495ce1ab8ca02b3820dfe3 files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 1315
RMD160 3665aaa6788261f16372c1e34810fe99fd60453c files/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1 1315
@@ -53,26 +25,10 @@ AUX 1.3.5-files/iptables-1.3.5-log-prefix-no-empty-strings.patch 1607 RMD160 962
MD5 638f482b4704faf36ba7c6081b86fb55 files/1.3.5-files/iptables-1.3.5-log-prefix-no-empty-strings.patch 1607
RMD160 9624733334644b55136724a665e15afa7156f86a files/1.3.5-files/iptables-1.3.5-log-prefix-no-empty-strings.patch 1607
SHA256 5c7617471f98413f1af9ab2846336cbcdf8b2449402967a03b460683aa225bec files/1.3.5-files/iptables-1.3.5-log-prefix-no-empty-strings.patch 1607
-AUX ip6tables-1.2.9-r1.confd 266 RMD160 e42235c98c8fec22bad9e8953939d7d0dc64cd1d SHA1 e1fc7e8e9b0963d7ac0bee50dd97ae1ad637eefe SHA256 8434238fad47255691fda04dfff08ab65de44661678d680fab21cc51922a5c68
-MD5 dd4f4563c89d33fc6987043d95531e05 files/ip6tables-1.2.9-r1.confd 266
-RMD160 e42235c98c8fec22bad9e8953939d7d0dc64cd1d files/ip6tables-1.2.9-r1.confd 266
-SHA256 8434238fad47255691fda04dfff08ab65de44661678d680fab21cc51922a5c68 files/ip6tables-1.2.9-r1.confd 266
-AUX ip6tables-1.2.9-r1.init 1792 RMD160 e28e8c86026aac7aa49bd8e5fe84153516ebb28d SHA1 dbd1976916eb9b4c72669ccc5000c8dbf1c3f183 SHA256 e30d2daeb23958482f6655f63267779d1f029f19e1365dddda0febe015ddb8c0
-MD5 f74f2424c062e1b2f4b22e4e11db909b files/ip6tables-1.2.9-r1.init 1792
-RMD160 e28e8c86026aac7aa49bd8e5fe84153516ebb28d files/ip6tables-1.2.9-r1.init 1792
-SHA256 e30d2daeb23958482f6655f63267779d1f029f19e1365dddda0febe015ddb8c0 files/ip6tables-1.2.9-r1.init 1792
AUX ip6tables-1.3.2.confd 293 RMD160 2e5399355a930ab3c804c9cc46fe37763555a97e SHA1 0e82dbe8538f9168bb97939a03b73dd291e82760 SHA256 c93827ac2b8fdd83e2c36788053ee7567ceb13b3cbc5fcf40d186500e05c8104
MD5 dbef6253ff7e347e7fa35a02652ab684 files/ip6tables-1.3.2.confd 293
RMD160 2e5399355a930ab3c804c9cc46fe37763555a97e files/ip6tables-1.3.2.confd 293
SHA256 c93827ac2b8fdd83e2c36788053ee7567ceb13b3cbc5fcf40d186500e05c8104 files/ip6tables-1.3.2.confd 293
-AUX iptables-1.2.9-r1.confd 264 RMD160 9c78d094bbf5e3ee71e4f833f1bab0871bb767d4 SHA1 f44b21e8df73d2eb86f4c7a7277d2871d0c68abf SHA256 430d53a0c77cfd0b4d7760b68c36be0010c164cfa99aa0411775b6e88bbe7b74
-MD5 4e055c59114fd6abc5a27bdaa97d2946 files/iptables-1.2.9-r1.confd 264
-RMD160 9c78d094bbf5e3ee71e4f833f1bab0871bb767d4 files/iptables-1.2.9-r1.confd 264
-SHA256 430d53a0c77cfd0b4d7760b68c36be0010c164cfa99aa0411775b6e88bbe7b74 files/iptables-1.2.9-r1.confd 264
-AUX iptables-1.2.9-r1.init 1829 RMD160 82233608a26e8e19f7ac910350d80b90de24b1d3 SHA1 6800192426233d57a2eb104caf3b8f0f580d4eed SHA256 489caca55376fe49c613c87ec8e8577b654cf281a96ee94b9eedfafd0f310b22
-MD5 8ac77b3fbebfb5ceb9c6166823afe21d files/iptables-1.2.9-r1.init 1829
-RMD160 82233608a26e8e19f7ac910350d80b90de24b1d3 files/iptables-1.2.9-r1.init 1829
-SHA256 489caca55376fe49c613c87ec8e8577b654cf281a96ee94b9eedfafd0f310b22 files/iptables-1.2.9-r1.init 1829
AUX iptables-1.3.2.confd 290 RMD160 cb180068f86a608b16d850635ae909ea7b9cc059 SHA1 cb56dba4799eb3998b28e492c61265574c37d522 SHA256 351e123ba9e0ec7db2bcff42849aa627d29a3b2e77a47b82386f5e3a7e21bd30
MD5 956ebf5ab69e5a1e1d3983541eab643b files/iptables-1.3.2.confd 290
RMD160 cb180068f86a608b16d850635ae909ea7b9cc059 files/iptables-1.3.2.confd 290
@@ -85,32 +41,13 @@ AUX iptables-1.3.7-more-exact-check-grep.patch 602 RMD160 80c80f9d2a2567b164932a
MD5 0b0e12c269db9fd7c8e9835f0a9fd3fa files/iptables-1.3.7-more-exact-check-grep.patch 602
RMD160 80c80f9d2a2567b164932adc1e9ddb1392b34791 files/iptables-1.3.7-more-exact-check-grep.patch 602
SHA256 aa26f352dc2b870363b7de1586105a4bf19eb9a6c6703a23f64ef9656017021d files/iptables-1.3.7-more-exact-check-grep.patch 602
-DIST iptables-1.2.11.tar.bz2 156988 RMD160 66e0fa391444a1e169feaf2fc67b5f8622ec1d89 SHA1 1a2236e2705b02834aaa506632c08cf8a647efa2 SHA256 be7bd67232fddbe3ce81f40f5b79123380a2e67cd166ec06e650842f8acb373d
DIST iptables-1.3.0-imq1.diff 5369 RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 SHA1 bdf665cacc985fceaadf119ae7a756caca1589ad SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b
DIST iptables-1.3.5.tar.bz2 191820 RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 SHA1 6dbeeee13517fa02852960b6f6e51115c7548a09 SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c
DIST iptables-1.3.6.tar.bz2 185438 RMD160 54d9777f2116ad57253446c42619c726f68ae8f0 SHA1 d0c873b4ce1a928424f38fa8419c96be22fef5d0 SHA256 4394c3de8c55776e54a36a6fcd4f9eeed381f451883049f8268c34c3482f5f1b
DIST iptables-1.3.7.tar.bz2 196205 RMD160 8109f2d58eb33905bbbbc0cf871abc8172e7ddc0 SHA1 2f25e7a81fb3e81f92b0121d9dcd5a536854dc60 SHA256 0e00cea0029eaf7923a4a901265d5aa8159804b520fda9c12df54d350073ce02
-DIST netfilter-layer7-v2.1.tar.gz 89247 RMD160 cd2d455a16761b4fe2318d6d8a5671a535176d62 SHA1 5dc0c9bd1e3df3110cf724f3437a4b68d62b4dd3 SHA256 5022e8a349135f67045f4add47405af0d626c90a5e8b86ee01745755946e1390
-DIST netfilter-layer7-v2.2.tar.gz 88944 RMD160 cf421e6ef4acf5b9107feacaee6566d55ad21683 SHA1 55eaad3b4e46feff09910cd5e3c76c57ac12dc58 SHA256 e82cc356ece2bea3da2bb4b467063a96337ced4bde6127a44f0296245e74d57d
DIST netfilter-layer7-v2.3.tar.gz 105587 RMD160 4c5c5315cf1f193c9ceb605d8d9d9328b515c64d SHA1 cfbe80a6c5725732e4935692e4b0cf5b42abd4f0 SHA256 4a5e4475d05c8d0998e56d12e8e27eb9acf23ce80a53000783b2f609a6bb33aa
DIST netfilter-layer7-v2.6.tar.gz 122514 RMD160 31b68ae3baa0a340f2e4a555fd5124c3b977629d SHA1 6120eae8bd405d35d079774d191830d137643147 SHA256 c5a842c037e915eb72576e5861f0b048837719f1edf448775d9218b42c48e0aa
DIST netfilter-layer7-v2.9.tar.gz 122497 RMD160 0398b8b61b24eb5d28309a53af0279e9f201318d SHA1 c4a1d92855ad51413fbd7229fe9decfe45aac084 SHA256 7db0e22297f7ecec41bb973733d6970bab922b4c54f779239616fa26a2315969
-EBUILD iptables-1.2.11-r3.ebuild 5052 RMD160 f5d9a32239ba315c55422d3cd4dd7b0eb1bb6515 SHA1 3e8f9cf44a34682ada0b18e55a5ca8ba99621bc9 SHA256 fcc858795417b80b1f2f113e57b161703832a8416e8de7b098de26aedd4376ca
-MD5 33a251bfd2d6b0e3a7a786fdf78554e7 iptables-1.2.11-r3.ebuild 5052
-RMD160 f5d9a32239ba315c55422d3cd4dd7b0eb1bb6515 iptables-1.2.11-r3.ebuild 5052
-SHA256 fcc858795417b80b1f2f113e57b161703832a8416e8de7b098de26aedd4376ca iptables-1.2.11-r3.ebuild 5052
-EBUILD iptables-1.3.5-r1.ebuild 5059 RMD160 45c9b9729cd8f57a87541b04655953c5b24b4998 SHA1 a1b36b92660ed9169c630749a8af60891fd22093 SHA256 8829221162e3efc705bbf792695d45f2003e3691f9703a49cfed06722c10690c
-MD5 a13225ca53456b22ba77129c78370765 iptables-1.3.5-r1.ebuild 5059
-RMD160 45c9b9729cd8f57a87541b04655953c5b24b4998 iptables-1.3.5-r1.ebuild 5059
-SHA256 8829221162e3efc705bbf792695d45f2003e3691f9703a49cfed06722c10690c iptables-1.3.5-r1.ebuild 5059
-EBUILD iptables-1.3.5-r2.ebuild 5077 RMD160 0d1b6c9178f45d1a5b639ac56fb8367b44ff045c SHA1 7d17646a72488f7e94c3520d44457d82d0266799 SHA256 e474a32b06a9ddd3b7feaa589d069c5191f2f290591cd9d65015ce64917687ec
-MD5 d6e50a2e4a031240b4986b8002951922 iptables-1.3.5-r2.ebuild 5077
-RMD160 0d1b6c9178f45d1a5b639ac56fb8367b44ff045c iptables-1.3.5-r2.ebuild 5077
-SHA256 e474a32b06a9ddd3b7feaa589d069c5191f2f290591cd9d65015ce64917687ec iptables-1.3.5-r2.ebuild 5077
-EBUILD iptables-1.3.5-r3.ebuild 5241 RMD160 5991dc79f8ad2ccaa452df9bc0360ee2c4dd2326 SHA1 8212263500cb66619ba7d27f5838fac219f34c88 SHA256 d5102e65285357386d6635c1ac816320bfc8770ad0f6e1bad9c9dde38089faac
-MD5 394593497a454f0f24dcf449aacd07a7 iptables-1.3.5-r3.ebuild 5241
-RMD160 5991dc79f8ad2ccaa452df9bc0360ee2c4dd2326 iptables-1.3.5-r3.ebuild 5241
-SHA256 d5102e65285357386d6635c1ac816320bfc8770ad0f6e1bad9c9dde38089faac iptables-1.3.5-r3.ebuild 5241
EBUILD iptables-1.3.5-r4.ebuild 5769 RMD160 9e132a87381ff2ad4eba7a8a6addc875c6076997 SHA1 e83c7ae6b950924fb7e3c363219ca593059bb840 SHA256 b66f6d1cfa966447d80362e72bff886ed70f1404a92799117da1c38644f9db78
MD5 77f8722546ec5b6242214fa50a8b5bae iptables-1.3.5-r4.ebuild 5769
RMD160 9e132a87381ff2ad4eba7a8a6addc875c6076997 iptables-1.3.5-r4.ebuild 5769
@@ -127,26 +64,14 @@ EBUILD iptables-1.3.7.ebuild 5707 RMD160 e69b2f93c2a19bc67b2013d4f7b80281b563d6a
MD5 134691d67bd2cb53231c2c7f97e29885 iptables-1.3.7.ebuild 5707
RMD160 e69b2f93c2a19bc67b2013d4f7b80281b563d6a7 iptables-1.3.7.ebuild 5707
SHA256 67525baedf0976ff9ffc8b7224a406fdc7006e205e0ca68dc89bd38c833df1fb iptables-1.3.7.ebuild 5707
-MISC ChangeLog 25702 RMD160 94fce5dc44b95c9509fd1a22676b7361d0ea58a0 SHA1 51088cbbbb2159821a39dc665f49ecd10fa81db9 SHA256 9254eb3c6b4385438feb9514ff54decd51da6140d321209b3c21ea4aa760de94
-MD5 8b908c0706a2b5aba5c927b06d3ba430 ChangeLog 25702
-RMD160 94fce5dc44b95c9509fd1a22676b7361d0ea58a0 ChangeLog 25702
-SHA256 9254eb3c6b4385438feb9514ff54decd51da6140d321209b3c21ea4aa760de94 ChangeLog 25702
+MISC ChangeLog 26346 RMD160 93c26b1921ab0da4b04a6b058137e39bbcebff8f SHA1 7bff2f7284f4dec30b0034178223ec51528e8a38 SHA256 f2011f937ced05c6011ec1988d86ec496141147cb7458f278f21bee3f732e0b3
+MD5 350d6d1810fdc324a77986ad5fff3e9a ChangeLog 26346
+RMD160 93c26b1921ab0da4b04a6b058137e39bbcebff8f ChangeLog 26346
+SHA256 f2011f937ced05c6011ec1988d86ec496141147cb7458f278f21bee3f732e0b3 ChangeLog 26346
MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 metadata.xml 164
SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92 metadata.xml 164
-MD5 13a88a9390927b902c50843734a3bae4 files/digest-iptables-1.2.11-r3 250
-RMD160 3f1cbe40eb8c267d72842a5cec5681cb710449b7 files/digest-iptables-1.2.11-r3 250
-SHA256 b8bb323081b1c2700c2ce6fb31ae2ea180d3bbb0edcc404e6be23d6a50d00215 files/digest-iptables-1.2.11-r3 250
-MD5 4a0d337b8990fcc5411564ea9d8bca67 files/digest-iptables-1.3.5-r1 756
-RMD160 06ac6ffaeaf6cdad1b079eacfe04010503882906 files/digest-iptables-1.3.5-r1 756
-SHA256 91af3410c7dc59b6e89e0ef49860324769521f291bc7299de62392b8232f71e5 files/digest-iptables-1.3.5-r1 756
-MD5 d82cc3133eb927e81ab276517942bda8 files/digest-iptables-1.3.5-r2 756
-RMD160 d25e371e2340dab6d400d7b05a185b5dea41ae6d files/digest-iptables-1.3.5-r2 756
-SHA256 5526edeb288993a93689f0d39cacd94bc6dbd0f8f41ea3b4e30b1d4790acee72 files/digest-iptables-1.3.5-r2 756
-MD5 d82cc3133eb927e81ab276517942bda8 files/digest-iptables-1.3.5-r3 756
-RMD160 d25e371e2340dab6d400d7b05a185b5dea41ae6d files/digest-iptables-1.3.5-r3 756
-SHA256 5526edeb288993a93689f0d39cacd94bc6dbd0f8f41ea3b4e30b1d4790acee72 files/digest-iptables-1.3.5-r3 756
MD5 aad33073eeb74d8f8b7b7c1d8a15feda files/digest-iptables-1.3.5-r4 759
RMD160 b1301d3acf934885365d3dc23a56a0254f97f266 files/digest-iptables-1.3.5-r4 759
SHA256 77bb5fb7a5d08a68d83c29526ac411e6e40c1a8ae103bf446895f7b355bc5e7c files/digest-iptables-1.3.5-r4 759
@@ -162,7 +87,7 @@ SHA256 7d47914b31c063817423c4f38b8f047f2f9094f749991b37e12b3987f644d990 files/di
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5-ecc0.1.6 (GNU/Linux)
-iD8DBQFFyHLgmdTrptrqvGERAv6CAJ4np7fxruWiMeTdI41jNQV+KbsqTgCgiLH9
-wHo7HrmXfkiiIS33+pFUJ/E=
-=hy1a
+iD8DBQFFyH5vmdTrptrqvGERAsW0AJ0XjMYGwhv2E54q4y2ac5/PdeJgLACgjAuz
+6KDTPzjCACK4FXJLRdTeS9Q=
+=hwwX
-----END PGP SIGNATURE-----
diff --git a/net-firewall/iptables/files/1.2.11-files/CAN-2004-0986.patch b/net-firewall/iptables/files/1.2.11-files/CAN-2004-0986.patch
deleted file mode 100644
index 14a65e2dd190..000000000000
--- a/net-firewall/iptables/files/1.2.11-files/CAN-2004-0986.patch
+++ /dev/null
@@ -1,48 +0,0 @@
---- old/iptables_profectio/iptables.c (revision 3243)
-+++ new/iptables_profectio/iptables.c (working copy)
-@@ -1593,15 +1593,17 @@
- int procfile;
- char *ret;
-
-+#define PROCFILE_BUFSIZ 1024
- procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
- if (procfile < 0)
- return NULL;
-
-- ret = malloc(1024);
-+ ret = (char *) malloc(PROCFILE_BUFSIZ);
- if (ret) {
-- switch (read(procfile, ret, 1024)) {
-+ memset(ret, 0, PROCFILE_BUFSIZ);
-+ switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
- case -1: goto fail;
-- case 1024: goto fail; /* Partial read. Wierd */
-+ case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */
- }
- if (ret[strlen(ret)-1]=='\n')
- ret[strlen(ret)-1]=0;
-
---- old/iptables_profectio/ip6tables.c (revision 3243)
-+++ new/iptables_profectio/ip6tables.c (working copy)
-@@ -1595,15 +1595,17 @@
- int procfile;
- char *ret;
-
-+#define PROCFILE_BUFSIZ 1024
- procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
- if (procfile < 0)
- return NULL;
-
-- ret = malloc(1024);
-+ ret = malloc(PROCFILE_BUFSIZ);
- if (ret) {
-- switch (read(procfile, ret, 1024)) {
-+ memset(ret, 0, PROCFILE_BUFSIZ);
-+ switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
- case -1: goto fail;
-- case 1024: goto fail; /* Partial read. Wierd */
-+ case PROCFILE_BUFSIZ: goto fail; /* Partial read. Wierd */
- }
- if (ret[strlen(ret)-1]=='\n')
- ret[strlen(ret)-1]=0;
-
diff --git a/net-firewall/iptables/files/1.2.11-files/grsecurity-1.2.8-iptables.patch b/net-firewall/iptables/files/1.2.11-files/grsecurity-1.2.8-iptables.patch
deleted file mode 100644
index 929d77438c45..000000000000
--- a/net-firewall/iptables/files/1.2.11-files/grsecurity-1.2.8-iptables.patch
+++ /dev/null
@@ -1,67 +0,0 @@
---- extensions/libipt_stealth.c
-+++ extensions/libipt_stealth.c
-@@ -0,0 +1,64 @@
-+/* Shared library add-on to iptables to add stealth support.
-+ * Copyright (C) 2002 Brad Spengler <spender@grsecurity.net>
-+ * This netfilter module is licensed under the GNU GPL.
-+ */
-+
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <iptables.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+ printf("stealth v%s takes no options\n\n", IPTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+ {0}
-+};
-+
-+/* Initialize the match. */
-+static void
-+init(struct ipt_entry_match *m, unsigned int *nfcache)
-+{
-+ *nfcache |= NFC_UNKNOWN;
-+}
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ipt_entry *entry,
-+ unsigned int *nfcache,
-+ struct ipt_entry_match **match)
-+{
-+ return 0;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+ return;
-+}
-+
-+static
-+struct iptables_match stealth = {
-+ NULL,
-+ "stealth",
-+ IPTABLES_VERSION,
-+ IPT_ALIGN(0),
-+ IPT_ALIGN(0),
-+ &help,
-+ &init,
-+ &parse,
-+ &final_check,
-+ NULL,
-+ NULL,
-+ opts
-+};
-+
-+void _init(void)
-+{
-+ register_match(&stealth);
-+}
diff --git a/net-firewall/iptables/files/1.2.11-files/install_all_dev_files.patch b/net-firewall/iptables/files/1.2.11-files/install_all_dev_files.patch
deleted file mode 100644
index 410f15023845..000000000000
--- a/net-firewall/iptables/files/1.2.11-files/install_all_dev_files.patch
+++ /dev/null
@@ -1,79 +0,0 @@
---- Makefile
-+++ Makefile
-@@ -38,18 +38,22 @@
- CFLAGS += -DNO_SHARED_LIBS=1
- endif
-
--EXTRAS+=iptables iptables.o iptables.8
-+EXTRAS+=iptables iptables.o iptables.8 libiptables.a
- EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables $(DESTDIR)$(MANDIR)/man8/iptables.8
-+DEVEL_HEADERS+=include/iptables.h include/iptables_common.h
-+DEVEL_LIBS+=libiptables.a
-
- # No longer experimental.
- EXTRAS+=iptables-save iptables-restore
- EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/iptables-save $(DESTDIR)$(BINDIR)/iptables-restore $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8
-
- ifeq ($(DO_IPV6), 1)
--EXTRAS+=ip6tables ip6tables.o ip6tables.8
-+EXTRAS+=ip6tables ip6tables.o ip6tables.8 libip6tables.a
- EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
- EXTRAS+=ip6tables-save ip6tables-restore
- EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
-+DEVEL_HEADERS+=include/ip6tables.h
-+DEVEL_LIBS+=libip6tables.a
- endif
-
- # Sparc64 hack
-@@ -111,6 +115,8 @@
- print-extensions:
- @[ -n "$(OPTIONALS)" ] && echo Extensions found: $(OPTIONALS)
-
-+libiptables.a: libiptables.a(iptables.o)
-+
- iptables.o: iptables.c
- $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
-
-@@ -135,6 +141,8 @@
- @[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
- cp $< $@
-
-+libip6tables.a: libip6tables.a(ip6tables.o)
-+
- ip6tables.o: ip6tables.c
- $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" -c -o $@ $<
-
-@@ -183,7 +191,7 @@
- .PHONY: install-devel-headers
- install-devel-headers: $(DEVEL_HEADERS)
- @[ -d $(DESTDIR)$(INCDIR) ] || mkdir -p $(DESTDIR)$(INCDIR)
-- @cp -v $(DEVEL_HEADERS) $(DESTDIR)$(INCDIR)
-+ @cp -v --parents $(DEVEL_HEADERS) `echo $(DESTDIR)$(INCDIR) | sed -e "s:/include/\?::"`
-
- .PHONY: install-devel-libs
- install-devel-libs: $(DEVEL_LIBS)
---- libipq/Makefile
-+++ libipq/Makefile
-@@ -17,7 +17,7 @@
-
- DEVEL_LIBS+=libipq/libipq.a
-
--DEVEL_HEADERS+=include/libipq/libipq.h
-+DEVEL_HEADERS+=include/libipq/libipq.h include/libipq/ip_queue_64.h
-
- ifndef TOPLEVEL_INCLUDED
- local:
---- libiptc/Makefile
-+++ libiptc/Makefile
-@@ -16,8 +16,11 @@
- ifeq ($(DO_IPV6), 1)
- EXTRA_DEPENDS+= libiptc/libip6tc.d
- libiptc/libiptc.a: libiptc/libiptc.a(libiptc/libip6tc.o)
-+DEVEL_HEADERS+=include/libiptc/libip6tc.h
- endif
-
-+DEVEL_HEADERS+=include/libiptc/libiptc.h include/libiptc/ipt_kernel_headers.h
-+
- libiptc/libip4tc.d libiptc/libip6tc.d: %.d: %.c
- @-$(CC) -M -MG $(CFLAGS) $< | sed -e 's@^.*\.o:@$*.d libiptc/libiptc.a($*.o):@' > $@
- endif
diff --git a/net-firewall/iptables/files/1.2.11-files/install_ipv6_apps.patch b/net-firewall/iptables/files/1.2.11-files/install_ipv6_apps.patch
deleted file mode 100644
index ac5357283575..000000000000
--- a/net-firewall/iptables/files/1.2.11-files/install_ipv6_apps.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- Makefile
-+++ Makefile
-@@ -63,8 +63,8 @@
- ifeq ($(DO_IPV6), 1)
- EXTRAS+=ip6tables ip6tables.o
- EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables $(DESTDIR)$(MANDIR)/man8/ip6tables.8
--EXTRAS_EXP+=ip6tables-save ip6tables-restore
--EXTRA_INSTALLS_EXP+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
-+EXTRAS+=ip6tables-save ip6tables-restore
-+EXTRA_INSTALLS+=$(DESTDIR)$(BINDIR)/ip6tables-save $(DESTDIR)$(BINDIR)/ip6tables-restore # $(DESTDIR)$(MANDIR)/man8/iptables-restore.8 $(DESTDIR)$(MANDIR)/man8/iptables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-save.8 $(DESTDIR)$(MANDIR)/man8/ip6tables-restore.8
- endif
-
- # Sparc64 hack
diff --git a/net-firewall/iptables/files/1.2.11-files/iptables-1.2.9-imq1.diff b/net-firewall/iptables/files/1.2.11-files/iptables-1.2.9-imq1.diff
deleted file mode 100644
index 903e38f16498..000000000000
--- a/net-firewall/iptables/files/1.2.11-files/iptables-1.2.9-imq1.diff
+++ /dev/null
@@ -1,222 +0,0 @@
---- extensions.orig/.IMQ-test6 Thu Jan 1 01:00:00 1970
-+++ extensions/.IMQ-test6 Mon Jun 16 10:12:47 2003
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ
---- extensions.orig/libip6t_IMQ.c Thu Jan 1 01:00:00 1970
-+++ extensions/libip6t_IMQ.c Mon Jun 16 10:12:47 2003
-@@ -0,0 +1,102 @@
-+/* Shared library add-on to iptables to add IMQ target support. */
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <ip6tables.h>
-+#include <linux/netfilter_ipv6/ip6_tables.h>
-+#include <linux/netfilter_ipv6/ip6t_IMQ.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+ printf(
-+"IMQ target v%s options:\n"
-+" --todev <N> enqueue to imq<N>, defaults to 0\n",
-+IPTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+ { "todev", 1, 0, '1' },
-+ { 0 }
-+};
-+
-+/* Initialize the target. */
-+static void
-+init(struct ip6t_entry_target *t, unsigned int *nfcache)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data;
-+
-+ mr->todev = 0;
-+ *nfcache |= NFC_UNKNOWN;
-+}
-+
-+/* Function which parses command options; returns true if it
-+ ate an option */
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ip6t_entry *entry,
-+ struct ip6t_entry_target **target)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data;
-+
-+ switch(c) {
-+ case '1':
-+ if (check_inverse(optarg, &invert, NULL, 0))
-+ exit_error(PARAMETER_PROBLEM,
-+ "Unexpected `!' after --todev");
-+ mr->todev=atoi(optarg);
-+ break;
-+ default:
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+}
-+
-+/* Prints out the targinfo. */
-+static void
-+print(const struct ip6t_ip6 *ip,
-+ const struct ip6t_entry_target *target,
-+ int numeric)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
-+
-+ printf("IMQ: todev %u ", mr->todev);
-+}
-+
-+/* Saves the union ipt_targinfo in parsable form to stdout. */
-+static void
-+save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
-+
-+ printf("--todev %u", mr->todev);
-+}
-+
-+static
-+struct ip6tables_target imq
-+= { NULL,
-+ "IMQ",
-+ IPTABLES_VERSION,
-+ IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
-+ IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
-+ &help,
-+ &init,
-+ &parse,
-+ &final_check,
-+ &print,
-+ &save,
-+ opts
-+};
-+
-+void _init(void)
-+{
-+ register_target6(&imq);
-+}
---- extensions.orig/.IMQ-test Thu Jan 1 01:00:00 1970
-+++ extensions/.IMQ-test Mon Jun 16 10:12:47 2003
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ
---- extensions.orig/libipt_IMQ.c Thu Jan 1 01:00:00 1970
-+++ extensions/libipt_IMQ.c Mon Jun 16 10:12:47 2003
-@@ -0,0 +1,102 @@
-+/* Shared library add-on to iptables to add IMQ target support. */
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter_ipv4/ipt_IMQ.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+ printf(
-+"IMQ target v%s options:\n"
-+" --todev <N> enqueue to imq<N>, defaults to 0\n",
-+IPTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+ { "todev", 1, 0, '1' },
-+ { 0 }
-+};
-+
-+/* Initialize the target. */
-+static void
-+init(struct ipt_entry_target *t, unsigned int *nfcache)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data;
-+
-+ mr->todev = 0;
-+ *nfcache |= NFC_UNKNOWN;
-+}
-+
-+/* Function which parses command options; returns true if it
-+ ate an option */
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ipt_entry *entry,
-+ struct ipt_entry_target **target)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data;
-+
-+ switch(c) {
-+ case '1':
-+ if (check_inverse(optarg, &invert, NULL, 0))
-+ exit_error(PARAMETER_PROBLEM,
-+ "Unexpected `!' after --todev");
-+ mr->todev=atoi(optarg);
-+ break;
-+ default:
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+}
-+
-+/* Prints out the targinfo. */
-+static void
-+print(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target,
-+ int numeric)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
-+
-+ printf("IMQ: todev %u ", mr->todev);
-+}
-+
-+/* Saves the union ipt_targinfo in parsable form to stdout. */
-+static void
-+save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
-+
-+ printf("--todev %u", mr->todev);
-+}
-+
-+static
-+struct iptables_target imq
-+= { NULL,
-+ "IMQ",
-+ IPTABLES_VERSION,
-+ IPT_ALIGN(sizeof(struct ipt_imq_info)),
-+ IPT_ALIGN(sizeof(struct ipt_imq_info)),
-+ &help,
-+ &init,
-+ &parse,
-+ &final_check,
-+ &print,
-+ &save,
-+ opts
-+};
-+
-+void _init(void)
-+{
-+ register_target(&imq);
-+}
diff --git a/net-firewall/iptables/files/1.2.11-files/iptables-layer7-0.9.0.patch b/net-firewall/iptables/files/1.2.11-files/iptables-layer7-0.9.0.patch
deleted file mode 100644
index 1fee2e03c448..000000000000
--- a/net-firewall/iptables/files/1.2.11-files/iptables-layer7-0.9.0.patch
+++ /dev/null
@@ -1,384 +0,0 @@
---- extensions/.layer7-test
-+++ extensions/.layer7-test
-@@ -0,0 +1,2 @@
-+#! /bin/sh
-+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7
---- extensions/libipt_layer7.c
-+++ extensions/libipt_layer7.c
-@@ -0,0 +1,360 @@
-+/*
-+ Shared library add-on to iptables to add layer 7 matching support.
-+
-+ By Matthew Strait <quadong@users.sf.net>, Oct 2003.
-+
-+ http://l7-filter.sf.net
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version
-+ 2 of the License, or (at your option) any later version.
-+ http://www.gnu.org/licenses/gpl.txt
-+
-+ Based on libipt_string.c (C) 2000 Emmanuel Roger <winfield@freegates.be>
-+*/
-+
-+#define _GNU_SOURCE
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <ctype.h>
-+#include <dirent.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ipt_layer7.h>
-+
-+#define MAX_FN_LEN 256
-+
-+static char l7dir[MAX_FN_LEN] = "\0";
-+
-+/* Function which prints out usage message. */
-+static void help(void)
-+{
-+ printf(
-+ "LAYER7 match v%s options:\n"
-+ "--l7dir <directory> : Look for patterns here instead of /etc/l7-protocols/\n"
-+ " (--l7dir must be specified before --l7proto if used!)\n"
-+ "--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n",
-+ IPTABLES_VERSION);
-+ fputc('\n', stdout);
-+}
-+
-+static struct option opts[] = {
-+ { .name = "l7proto", .has_arg = 1, .flag = 0, .val = '1' },
-+ { .name = "l7dir", .has_arg = 1, .flag = 0, .val = '2' },
-+ { .name = 0 }
-+};
-+
-+/* Initialize the match. */
-+static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-+{
-+ *nfcache |= NFC_UNKNOWN;
-+}
-+
-+/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */
-+int parse_protocol_file(char * filename, const unsigned char * protoname, struct ipt_layer7_info *info)
-+{
-+ FILE * f;
-+ char * line = NULL;
-+ int len = 0;
-+
-+ enum { protocol, pattern, done } datatype = protocol;
-+
-+ f = fopen(filename, "r");
-+
-+ if(!f)
-+ {
-+ //fprintf(stderr, "Can't open %s\n", filename);
-+ return 0;
-+ }
-+
-+ while(getline(&line, &len, f) != -1)
-+ {
-+ if(strlen(line) < 2 || line[0] == '#')
-+ continue;
-+
-+ /* strip the pesky newline... */
-+ if(line[strlen(line) - 1] == '\n')
-+ line[strlen(line) - 1] = '\0';
-+
-+ if(datatype == protocol)
-+ {
-+ if(strcmp(line, protoname))
-+ exit_error(OTHER_PROBLEM,
-+ "Protocol name (%s) doesn't match file name (%s). Bailing out\n",
-+ protoname, filename);
-+
-+ if(strlen(line) >= MAX_PROTOCOL_LEN)
-+ exit_error(PARAMETER_PROBLEM,
-+ "Protocol name in %s too long!", filename);
-+ strncpy(info->protocol, line, MAX_PROTOCOL_LEN);
-+
-+ datatype = pattern;
-+ }
-+ else if(datatype == pattern)
-+ {
-+ if(strlen(line) >= MAX_PATTERN_LEN)
-+ exit_error(PARAMETER_PROBLEM, "Pattern in %s too long!", filename);
-+ strncpy(info->pattern, line, MAX_PATTERN_LEN);
-+
-+ datatype = done;
-+ break;
-+ }
-+ else
-+ exit_error(OTHER_PROBLEM, "Internal error");
-+ }
-+
-+ if(datatype != done)
-+ exit_error(OTHER_PROBLEM, "Failed to get all needed data from %s", filename);
-+
-+ if(line) free(line);
-+ fclose(f);
-+
-+ return 1;
-+
-+/*
-+ fprintf(stderr, "protocol: %s\npattern: %s\n\n",
-+ info->protocol,
-+ info->pattern);
-+*/
-+}
-+
-+static int hex2dec(char c)
-+{
-+ switch (c)
-+ {
-+ case '0' ... '9':
-+ return c - '0';
-+ case 'a' ... 'f':
-+ return c - 'a' + 10;
-+ case 'A' ... 'F':
-+ return c - 'A' + 10;
-+ default:
-+ exit_error(OTHER_PROBLEM, "hex2dec: bad value!\n");
-+ return 0;
-+ }
-+}
-+
-+/* takes a string with \xHH escapes and returns one with the characters
-+they stand for */
-+static char * pre_process(char * s)
-+{
-+ char * result = malloc(strlen(s) + 1);
-+ int sindex = 0, rindex = 0;
-+ while( sindex < strlen(s) )
-+ {
-+ if( sindex + 3 < strlen(s) &&
-+ s[sindex] == '\\' && s[sindex+1] == 'x' &&
-+ isxdigit(s[sindex + 2]) && isxdigit(s[sindex + 3]) )
-+ {
-+ /* carefully remember to call tolower here... */
-+ result[rindex] = tolower( hex2dec(s[sindex + 2])*16 +
-+ hex2dec(s[sindex + 3] ) );
-+ sindex += 3; /* 4 total */
-+ }
-+ else
-+ result[rindex] = tolower(s[sindex]);
-+
-+ sindex++;
-+ rindex++;
-+ }
-+ result[rindex] = '\0';
-+
-+ return result;
-+}
-+
-+#define MAX_SUBDIRS 128
-+char ** readl7dir(char * dirname)
-+{
-+ DIR * scratchdir;
-+ struct dirent ** namelist;
-+ char ** subdirs = malloc(MAX_SUBDIRS * sizeof(char *));
-+
-+ int n, d = 1;
-+ subdirs[0] = "";
-+
-+ n = scandir(dirname, &namelist, 0, alphasort);
-+
-+ if (n < 0)
-+ {
-+ perror("scandir");
-+ exit_error(OTHER_PROBLEM, "Couldn't open %s\n", dirname);
-+ }
-+ else
-+ {
-+ while(n--)
-+ {
-+ char fulldirname[MAX_FN_LEN];
-+
-+ snprintf(fulldirname, MAX_FN_LEN, "%s/%s", dirname, namelist[n]->d_name);
-+
-+ if((scratchdir = opendir(fulldirname)) != NULL)
-+ {
-+ closedir(scratchdir);
-+
-+ if(!strcmp(namelist[n]->d_name, ".") ||
-+ !strcmp(namelist[n]->d_name, ".."))
-+ /* do nothing */ ;
-+ else
-+ {
-+ subdirs[d] = malloc(strlen(namelist[n]->d_name) + 1);
-+ strcpy(subdirs[d], namelist[n]->d_name);
-+ d++;
-+ if(d >= MAX_SUBDIRS - 1)
-+ {
-+ fprintf(stderr,
-+ "Too many subdirectories, skipping the rest!\n");
-+ break;
-+ }
-+ }
-+ }
-+ free(namelist[n]);
-+ }
-+ free(namelist);
-+ }
-+
-+ subdirs[d] = NULL;
-+
-+ return subdirs;
-+}
-+
-+static void
-+parse_layer7_protocol(const unsigned char *s, struct ipt_layer7_info *info)
-+{
-+ char filename[MAX_FN_LEN];
-+ char * dir = NULL;
-+ char ** subdirs;
-+ int n = 0, done = 0;
-+
-+ if(strlen(l7dir) > 0)
-+ dir = l7dir;
-+ else
-+ dir = "/etc/l7-protocols";
-+
-+ subdirs = readl7dir(dir);
-+
-+ while(subdirs[n] != NULL)
-+ {
-+ int c = snprintf(filename, MAX_FN_LEN, "%s/%s/%s.pat", dir, subdirs[n], s);
-+
-+ //fprintf(stderr, "Trying to find pattern in %s ... ", filename);
-+
-+ if(c > MAX_FN_LEN)
-+ {
-+ exit_error(OTHER_PROBLEM,
-+ "Filename beginning with %s is too long!\n", filename);
-+ }
-+
-+ /* read in the pattern from the file */
-+ if(parse_protocol_file(filename, s, info))
-+ {
-+ //fprintf(stderr, "found\n");
-+ done = 1;
-+ break;
-+ }
-+
-+ //fprintf(stderr, "not found\n");
-+
-+ n++;
-+ }
-+
-+ if(!done)
-+ exit_error(OTHER_PROBLEM,
-+ "Couldn't find a pattern definition file for %s.\n", s);
-+
-+ /* process \xHH escapes and tolower everything. (our regex lib has no
-+ case insensitivity option.) */
-+ strncpy(info->pattern, pre_process(info->pattern), MAX_PATTERN_LEN);
-+}
-+
-+/* Function which parses command options; returns true if it ate an option */
-+static int parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ipt_entry *entry, unsigned int *nfcache,
-+ struct ipt_entry_match **match)
-+{
-+ struct ipt_layer7_info *layer7info =
-+ (struct ipt_layer7_info *)(*match)->data;
-+
-+ switch (c) {
-+ case '1':
-+ check_inverse(optarg, &invert, &optind, 0);
-+ parse_layer7_protocol(argv[optind-1], layer7info);
-+ if (invert)
-+ layer7info->invert = 1;
-+ *flags = 1;
-+ break;
-+
-+ case '2':
-+ /* not going to use this, but maybe we need to strip a ! anyway (?) */
-+ check_inverse(optarg, &invert, &optind, 0);
-+
-+ if(strlen(argv[optind-1]) >= MAX_FN_LEN)
-+ exit_error(PARAMETER_PROBLEM, "directory name too long\n");
-+
-+ strncpy(l7dir, argv[optind-1], MAX_FN_LEN);
-+
-+ *flags = 1;
-+ break;
-+
-+ default:
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+/* Final check; must have specified --pattern. */
-+static void final_check(unsigned int flags)
-+{
-+ if (!flags)
-+ exit_error(PARAMETER_PROBLEM,
-+ "LAYER7 match: You must specify `--pattern'");
-+}
-+
-+static void print_protocol(char s[], int invert, int numeric)
-+{
-+ fputs("l7proto ", stdout);
-+ if (invert) fputc('!', stdout);
-+ printf("%s ", s);
-+}
-+
-+/* Prints out the matchinfo. */
-+static void print(const struct ipt_ip *ip,
-+ const struct ipt_entry_match *match,
-+ int numeric)
-+{
-+ printf("LAYER7 ");
-+
-+ print_protocol(((struct ipt_layer7_info *)match->data)->protocol,
-+ ((struct ipt_layer7_info *)match->data)->invert, numeric);
-+}
-+/* Saves the union ipt_matchinfo in parsable form to stdout. */
-+static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
-+{
-+ const struct ipt_layer7_info *info =
-+ (const struct ipt_layer7_info*) match->data;
-+
-+ printf("--l7proto %s%s ", (info->invert) ? "! ": "", info->protocol);
-+}
-+
-+static struct iptables_match layer7 = {
-+ .name = "layer7",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
-+ .help = &help,
-+ .init = &init,
-+ .parse = &parse,
-+ .final_check = &final_check,
-+ .print = &print,
-+ .save = &save,
-+ .extra_opts = opts
-+};
-+
-+void _init(void)
-+{
-+ register_match(&layer7);
-+}
---- extensions/libipt_layer7.man
-+++ extensions/libipt_layer7.man
-@@ -0,0 +1,13 @@
-+This module matches packets based on the application layer data of
-+their connections. It uses regular expression matching to compare
-+the application layer data to regular expressions found it the layer7
-+configuration files. This is an experimental module which can be found at
-+http://l7-filter.sf.net. It takes two options.
-+.TP
-+.BI "--l7proto " "\fIprotocol\fP"
-+Match the specified protocol. The protocol name must match a file
-+name in /etc/l7-protocols/
-+.TP
-+.BI "--l7dir " "\fIdirectory\fP"
-+Use \fIdirectory\fP instead of /etc/l7-protocols/
-+
diff --git a/net-firewall/iptables/files/1.2.11-files/round-robin.patch b/net-firewall/iptables/files/1.2.11-files/round-robin.patch
deleted file mode 100644
index fcc339965425..000000000000
--- a/net-firewall/iptables/files/1.2.11-files/round-robin.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-RCS file: /data/cvspublic/iptables/iptables.c,v
-retrieving revision 1.68
-retrieving revision 1.70
---- iptables/iptables.c 2004/05/26 16:04:48 1.68
-+++ iptables/iptables.c 2004/08/03 22:38:39 1.70
-@@ -551,7 +551,7 @@
-
- while (host->h_addr_list[*naddr] != (char *) NULL)
- (*naddr)++;
-- addr = fw_calloc(*naddr, sizeof(struct in_addr));
-+ addr = fw_calloc(*naddr, sizeof(struct in_addr) * *naddr);
- for (i = 0; i < *naddr; i++)
- inaddrcpy(&(addr[i]),
- (struct in_addr *) host->h_addr_list[i]);
-@@ -2339,11 +2339,8 @@
- e = NULL;
- }
-
-- for (c = 0; c < nsaddrs; c++)
-- free(&saddrs[c]);
--
-- for (c = 0; c < ndaddrs; c++)
-- free(&daddrs[c]);
-+ free(saddrs);
-+ free(daddrs);
-
- if (opts != original_opts) {
- free(opts);
diff --git a/net-firewall/iptables/files/digest-iptables-1.2.11-r3 b/net-firewall/iptables/files/digest-iptables-1.2.11-r3
deleted file mode 100644
index 8c31eeb69b8e..000000000000
--- a/net-firewall/iptables/files/digest-iptables-1.2.11-r3
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 0a5f5f226e41ce408a895bec995e8c05 iptables-1.2.11.tar.bz2 156988
-RMD160 66e0fa391444a1e169feaf2fc67b5f8622ec1d89 iptables-1.2.11.tar.bz2 156988
-SHA256 be7bd67232fddbe3ce81f40f5b79123380a2e67cd166ec06e650842f8acb373d iptables-1.2.11.tar.bz2 156988
diff --git a/net-firewall/iptables/files/digest-iptables-1.3.5-r1 b/net-firewall/iptables/files/digest-iptables-1.3.5-r1
deleted file mode 100644
index cdf27e110210..000000000000
--- a/net-firewall/iptables/files/digest-iptables-1.3.5-r1
+++ /dev/null
@@ -1,9 +0,0 @@
-MD5 9adae8be9562775a176fc1b275b3cb29 iptables-1.3.0-imq1.diff 5369
-RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 iptables-1.3.0-imq1.diff 5369
-SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b iptables-1.3.0-imq1.diff 5369
-MD5 00fb916fa8040ca992a5ace56d905ea5 iptables-1.3.5.tar.bz2 191820
-RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 iptables-1.3.5.tar.bz2 191820
-SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c iptables-1.3.5.tar.bz2 191820
-MD5 551626a158c2a2cbfd937d27ecc7fac1 netfilter-layer7-v2.1.tar.gz 89247
-RMD160 cd2d455a16761b4fe2318d6d8a5671a535176d62 netfilter-layer7-v2.1.tar.gz 89247
-SHA256 5022e8a349135f67045f4add47405af0d626c90a5e8b86ee01745755946e1390 netfilter-layer7-v2.1.tar.gz 89247
diff --git a/net-firewall/iptables/files/digest-iptables-1.3.5-r2 b/net-firewall/iptables/files/digest-iptables-1.3.5-r2
deleted file mode 100644
index cb7e3908a25a..000000000000
--- a/net-firewall/iptables/files/digest-iptables-1.3.5-r2
+++ /dev/null
@@ -1,9 +0,0 @@
-MD5 9adae8be9562775a176fc1b275b3cb29 iptables-1.3.0-imq1.diff 5369
-RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 iptables-1.3.0-imq1.diff 5369
-SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b iptables-1.3.0-imq1.diff 5369
-MD5 00fb916fa8040ca992a5ace56d905ea5 iptables-1.3.5.tar.bz2 191820
-RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 iptables-1.3.5.tar.bz2 191820
-SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c iptables-1.3.5.tar.bz2 191820
-MD5 b590a0f6fe809f8e1852ee96687644f9 netfilter-layer7-v2.2.tar.gz 88944
-RMD160 cf421e6ef4acf5b9107feacaee6566d55ad21683 netfilter-layer7-v2.2.tar.gz 88944
-SHA256 e82cc356ece2bea3da2bb4b467063a96337ced4bde6127a44f0296245e74d57d netfilter-layer7-v2.2.tar.gz 88944
diff --git a/net-firewall/iptables/files/digest-iptables-1.3.5-r3 b/net-firewall/iptables/files/digest-iptables-1.3.5-r3
deleted file mode 100644
index cb7e3908a25a..000000000000
--- a/net-firewall/iptables/files/digest-iptables-1.3.5-r3
+++ /dev/null
@@ -1,9 +0,0 @@
-MD5 9adae8be9562775a176fc1b275b3cb29 iptables-1.3.0-imq1.diff 5369
-RMD160 8ca1fa3bfea02d27232d8d8cb0a12586dd4537b5 iptables-1.3.0-imq1.diff 5369
-SHA256 0f9d36e48b3f1e83ef9e1d39c19e7271a889a31c65c396c416200eb143f1795b iptables-1.3.0-imq1.diff 5369
-MD5 00fb916fa8040ca992a5ace56d905ea5 iptables-1.3.5.tar.bz2 191820
-RMD160 3364e0f37f67ba4aa9ac9caa6f11adb67887e528 iptables-1.3.5.tar.bz2 191820
-SHA256 1d8ee8634d167b0f1a8872b6547910c11bae676699faf2b4bc2c84a128449c3c iptables-1.3.5.tar.bz2 191820
-MD5 b590a0f6fe809f8e1852ee96687644f9 netfilter-layer7-v2.2.tar.gz 88944
-RMD160 cf421e6ef4acf5b9107feacaee6566d55ad21683 netfilter-layer7-v2.2.tar.gz 88944
-SHA256 e82cc356ece2bea3da2bb4b467063a96337ced4bde6127a44f0296245e74d57d netfilter-layer7-v2.2.tar.gz 88944
diff --git a/net-firewall/iptables/files/ip6tables-1.2.9-r1.confd b/net-firewall/iptables/files/ip6tables-1.2.9-r1.confd
deleted file mode 100644
index ef8e61552dd6..000000000000
--- a/net-firewall/iptables/files/ip6tables-1.2.9-r1.confd
+++ /dev/null
@@ -1,9 +0,0 @@
-# Location in which iptables initscript will save set rules on
-# service shutdown
-IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
-
-#Options to pass to iptables-save and iptables-restore
-SAVE_RESTORE_OPTIONS="-c"
-
-#Save state on stopping iptables
-SAVE_ON_STOP="yes"
diff --git a/net-firewall/iptables/files/ip6tables-1.2.9-r1.init b/net-firewall/iptables/files/ip6tables-1.2.9-r1.init
deleted file mode 100644
index 7e53cbbf195f..000000000000
--- a/net-firewall/iptables/files/ip6tables-1.2.9-r1.init
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/ip6tables-1.2.9-r1.init,v 1.5 2005/06/26 09:06:28 vapier Exp $
-
-opts="save reload"
-
-depend() {
- before net
- use logger
-}
-
-checkrules() {
- if [ ! -f ${IP6TABLES_SAVE} ]
- then
- eerror "Not starting ip6tables. First create some rules then run"
- eerror "/etc/init.d/ip6tables save"
- return 1
- fi
-}
-
-start() {
- checkrules || return 1
- ebegin "Loading ip6tables state and starting firewall"
- einfo "Restoring ip6tables ruleset"
- /sbin/ip6tables-restore ${SAVE_RESTORE_OPTIONS} < ${IP6TABLES_SAVE}
- eend $?
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ]; then
- save || return 1
- fi
- ebegin "Stopping firewall"
- for a in `cat /proc/net/ip6_tables_names`; do
- ip6tables -F -t $a
- ip6tables -X -t $a
-
- if [ $a == nat ]; then
- /sbin/ip6tables -t nat -P PREROUTING ACCEPT
- /sbin/ip6tables -t nat -P POSTROUTING ACCEPT
- /sbin/ip6tables -t nat -P OUTPUT ACCEPT
- elif [ $a == mangle ]; then
- /sbin/ip6tables -t mangle -P PREROUTING ACCEPT
- /sbin/ip6tables -t mangle -P INPUT ACCEPT
- /sbin/ip6tables -t mangle -P FORWARD ACCEPT
- /sbin/ip6tables -t mangle -P OUTPUT ACCEPT
- /sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
- elif [ $a == filter ]; then
- /sbin/ip6tables -t filter -P INPUT ACCEPT
- /sbin/ip6tables -t filter -P FORWARD ACCEPT
- /sbin/ip6tables -t filter -P OUTPUT ACCEPT
- fi
- done
- eend $?
-}
-
-reload() {
- ebegin "Flushing firewall"
- for a in `cat /proc/net/ip_tables_names`; do
- /sbin/ip6tables -F -t $a
- /sbin/ip6tables -X -t $a
- done
- eend $?
-
- start
-}
-
-save() {
- ebegin "Saving ip6tables state"
- /sbin/ip6tables-save ${SAVE_RESTORE_OPTIONS} > ${IP6TABLES_SAVE}
- eend $?
-}
diff --git a/net-firewall/iptables/files/iptables-1.2.9-r1.confd b/net-firewall/iptables/files/iptables-1.2.9-r1.confd
deleted file mode 100644
index a2d070fc48e3..000000000000
--- a/net-firewall/iptables/files/iptables-1.2.9-r1.confd
+++ /dev/null
@@ -1,9 +0,0 @@
-# Location in which iptables initscript will save set rules on
-# service shutdown
-IPTABLES_SAVE="/var/lib/iptables/rules-save"
-
-#Options to pass to iptables-save and iptables-restore
-SAVE_RESTORE_OPTIONS="-c"
-
-#Save state on stopping iptables
-SAVE_ON_STOP="yes"
diff --git a/net-firewall/iptables/files/iptables-1.2.9-r1.init b/net-firewall/iptables/files/iptables-1.2.9-r1.init
deleted file mode 100644
index 0f427cca027c..000000000000
--- a/net-firewall/iptables/files/iptables-1.2.9-r1.init
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.2.9-r1.init,v 1.6 2005/06/26 09:06:28 vapier Exp $
-
-opts="save reload"
-
-depend() {
- before net
- use logger
-}
-
-checkrules() {
- if [ ! -f ${IPTABLES_SAVE} ]
- then
- eerror "Not starting iptables. First create some rules then run"
- eerror "/etc/init.d/iptables save"
- return 1
- fi
-}
-
-start() {
- checkrules || return 1
- ebegin "Loading iptables state and starting firewall"
- einfo "Restoring iptables ruleset"
- /sbin/iptables-restore ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
- eend $?
-}
-
-stop() {
- if [ "${SAVE_ON_STOP}" = "yes" ]; then
- save || return 1
- fi
- ebegin "Stopping firewall"
- for a in `cat /proc/net/ip_tables_names`; do
- /sbin/iptables -F -t $a
- /sbin/iptables -X -t $a
-
- if [ $a == nat ]; then
- /sbin/iptables -t nat -P PREROUTING ACCEPT
- /sbin/iptables -t nat -P POSTROUTING ACCEPT
- /sbin/iptables -t nat -P OUTPUT ACCEPT
- elif [ $a == mangle ]; then
- /sbin/iptables -t mangle -P PREROUTING ACCEPT
- /sbin/iptables -t mangle -P INPUT ACCEPT
- /sbin/iptables -t mangle -P FORWARD ACCEPT
- /sbin/iptables -t mangle -P OUTPUT ACCEPT
- /sbin/iptables -t mangle -P POSTROUTING ACCEPT
- elif [ $a == filter ]; then
- /sbin/iptables -t filter -P INPUT ACCEPT
- /sbin/iptables -t filter -P FORWARD ACCEPT
- /sbin/iptables -t filter -P OUTPUT ACCEPT
- fi
- done
- eend $?
-}
-
-reload() {
- ebegin "Flushing firewall"
- for a in `cat /proc/net/ip_tables_names`; do
- /sbin/iptables -F -t $a
- /sbin/iptables -X -t $a
- done;
- eend $?
-
- start
-}
-
-save() {
- local ret
- ebegin "Saving iptables state"
- /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
- ret=$?
- chmod 0600 ${IPTABLES_SAVE}
- eend ${ret}
-}
diff --git a/net-firewall/iptables/iptables-1.2.11-r3.ebuild b/net-firewall/iptables/iptables-1.2.11-r3.ebuild
deleted file mode 100644
index 0f2ad4370d6b..000000000000
--- a/net-firewall/iptables/iptables-1.2.11-r3.ebuild
+++ /dev/null
@@ -1,169 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.2.11-r3.ebuild,v 1.17 2006/10/04 14:14:35 vapier Exp $
-
-inherit eutils flag-o-matic toolchain-funcs linux-info
-
-#extensions versions
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/"
-SRC_URI="http://www.iptables.org/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
-IUSE="ipv6 static extensions"
-
-DEPEND="virtual/os-headers
- extensions? ( virtual/linux-sources )"
-RDEPEND=""
-
-pkg_setup() {
- if use extensions ; then
- einfo "WARNING: 3rd party extensions has been enabled."
- einfo "This means that iptables will use your currently installed"
- einfo "kernel in /usr/src/linux as headers for iptables."
- einfo
- einfo "You may have to patch your kernel to allow iptables to build."
- einfo "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ for patches"
- einfo "for your kernel."
- linux-info_pkg_setup
- fi
-}
-
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- epatch "${FILESDIR}"/${PV}-files/grsecurity-1.2.8-iptables.patch
- epatch "${FILESDIR}"/${PV}-files/install_ipv6_apps.patch
- epatch "${FILESDIR}"/${PV}-files/install_all_dev_files.patch
- epatch "${FILESDIR}"/${PV}-files/round-robin.patch
- epatch "${FILESDIR}"/${PV}-files/CAN-2004-0986.patch ; # security bug 70240
- sed -i "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" extensions/Makefile
-
- if use extensions; then
- epatch "${FILESDIR}"/${PV}-files/iptables-1.2.9-imq1.diff
- epatch "${FILESDIR}"/${PV}-files/iptables-layer7-0.9.0.patch
-
- chmod +x extensions/.IMQ-test*
- chmod +x extensions/.childlevel-test*
- chmod +x extensions/.layer7-test*
-
- fi
-}
-
-src_compile() {
- replace-flags -O0 -O2
-
- if [ -z `get-flag O` ]; then
- append-flags -O2
- fi
-
- # prevent it from causing ICMP errors.
- # http://bugs.gentoo.org/show_bug.cgi?id=23645
- filter-flags "-fstack-protector"
-
- # iptables and libraries are now installed to /sbin and /lib, so that
- # systems with remote network-mounted /usr filesystems can get their
- # network interfaces up and running correctly without /usr.
-
- use ipv6 || myconf="${myconf} DO_IPV6=0"
- use static && myconf="${myconf} NO_SHARED_LIBS=0"
-
- if use extensions; then
- make COPT_FLAGS="${CFLAGS}" ${myconf} \
- PREFIX= \
- LIBDIR=/lib \
- BINDIR=/sbin \
- MANDIR=/usr/share/man \
- INCDIR=/usr/include \
- KERNEL_DIR=/usr/src/linux \
- CC="$(tc-getCC)" \
- || die "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables"
- else
- make COPT_FLAGS="${CFLAGS}" ${myconf} \
- PREFIX= \
- LIBDIR=/lib \
- BINDIR=/sbin \
- MANDIR=/usr/share/man \
- INCDIR=/usr/include \
- KERNEL_DIR=/usr \
- CC="$(tc-getCC)" \
- || die
- fi
-}
-
-src_install() {
- if use extensions; then
- make DESTDIR=${D} ${myconf} \
- PREFIX= \
- LIBDIR=/lib \
- BINDIR=/sbin \
- MANDIR=/usr/share/man \
- INCDIR=/usr/include \
- KERNEL_DIR=/usr/src/linux \
- install || die "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables"
-
- make DESTDIR=${D} ${myconf} \
- PREFIX= \
- LIBDIR=/usr/lib \
- BINDIR=/sbin \
- MANDIR=/usr/share/man \
- INCDIR=/usr/include \
- KERNEL_DIR=/usr/src/linux \
- install-devel || die "Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables"
- else
- make DESTDIR=${D} ${myconf} \
- LIBDIR=/lib \
- BINDIR=/sbin \
- MANDIR=/usr/share/man \
- INCDIR=/usr/include \
- KERNEL_DIR=/usr \
- install || die
-
- make DESTDIR=${D} ${myconf} \
- LIBDIR=/usr/lib \
- BINDIR=/sbin \
- MANDIR=/usr/share/man \
- INCDIR=/usr/include \
- KERNEL_DIR=/usr \
- install-devel || die
- fi
-
- dodoc COPYING
- dodir /var/lib/iptables ; keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.2.9-r1.init iptables
- newconfd "${FILESDIR}"/${PN}-1.2.9-r1.confd iptables
-
- if use ipv6; then
- dodir /var/lib/ip6tables ; keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/${PN/iptables/ip6tables}-1.2.9-r1.init ip6tables
- newconfd "${FILESDIR}"/${PN/iptables/ip6tables}-1.2.9-r1.confd ip6tables
- fi
-}
-
-pkg_postinst() {
- einfo "This package now includes an initscript which loads and saves"
- einfo "rules stored in /var/lib/iptables/rules-save"
- use ipv6 && einfo "and /var/lib/ip6tables/rules-save"
- einfo "This location can be changed in /etc/conf.d/iptables"
- einfo
- einfo "If you are using the iptables initsscript you should save your"
- einfo "rules using the new iptables version before rebooting."
- einfo
- einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
- einfo "iptables."
- einfo
- ewarn "!!! ipforwarding is now not a part of the iptables initscripts."
- einfo
- einfo "To enable ipforwarding at bootup:"
- einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
- if use ipv6 ; then
- einfo "and/or"
- einfo " net.ipv6.ip_forward = 1"
- einfo "for ipv6."
- fi
-}
diff --git a/net-firewall/iptables/iptables-1.3.5-r1.ebuild b/net-firewall/iptables/iptables-1.3.5-r1.ebuild
deleted file mode 100644
index 71ceaf34bf03..000000000000
--- a/net-firewall/iptables/iptables-1.3.5-r1.ebuild
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.5-r1.ebuild,v 1.10 2006/09/04 05:50:25 kumba Exp $
-
-inherit eutils flag-o-matic toolchain-funcs linux-info
-
-L7_PV="2.1"
-L7_P="netfilter-layer7-v${L7_PV}"
-L7_PATCH="iptables-layer7-${L7_PV}.patch"
-IMQ_PATCH="iptables-1.3.0-imq1.diff"
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
- extensions? (
- http://www.linuximq.net/patchs/${IMQ_PATCH}
- mirror://sourceforge/l7-filter/${L7_P}.tar.gz
- )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
-IUSE="ipv6 static extensions"
-
-DEPEND="virtual/os-headers
- extensions? ( virtual/linux-sources )"
-RDEPEND=""
-
-pkg_setup() {
- if use extensions ; then
- ewarn "WARNING: 3rd party extensions has been enabled."
- ewarn "This means that iptables will use your currently installed"
- ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
- ewarn
- ewarn "You may have to patch your kernel to allow iptables to build."
- ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
- ewarn "for your kernel."
- ewarn
- ewarn "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
- linux-info_pkg_setup
- fi
-}
-
-src_unpack() {
- unpack ${P}.tar.bz2
- use extensions && unpack ${L7_P}.tar.gz
- cd "${S}"
-
- EPATCH_OPTS="-p0" \
- epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
- EPATCH_OPTS="-p1" \
- epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
-
- # this provide's grsec's stealth match
- EPATCH_OPTS="-p0" \
- epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
- sed -i \
- -e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
- extensions/Makefile || die "failed to enable stealth extension"
-
- EPATCH_OPTS="-p1" \
- epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch
-
- if use extensions ; then
- EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
- EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
- chmod +x extensions/{.IMQ-test*,.childlevel-test*,.layer7-test*}
- fi
-}
-
-
-src_defs() {
- # these are used in both of src_compile and src_install
- myconf="${myconf} PREFIX="
- myconf="${myconf} LIBDIR=/$(get_libdir)"
- myconf="${myconf} BINDIR=/sbin"
- myconf="${myconf} MANDIR=/usr/share/man"
- myconf="${myconf} INCDIR=/usr/include"
- # iptables and libraries are now installed to /sbin and /lib, so that
- # systems with remote network-mounted /usr filesystems can get their
- # network interfaces up and running correctly without /usr.
- use ipv6 || myconf="${myconf} DO_IPV6=0"
- use static && myconf="${myconf} NO_SHARED_LIBS=0"
- export myconf
- if ! use extensions ; then
- export KERNEL_DIR="/usr"
- diemsg=""
- else
- diemsg="Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables"
- fi
- export diemsg
-}
-
-
-src_compile() {
- src_defs
-
- # iptables will NOT work correctly unless -O[123] are present!
- replace-flags -O0 -O2
- get-flag -O || append-flags -O2
-
- # prevent it from causing ICMP errors.
- # http://bugs.gentoo.org/show_bug.cgi?id=23645
- filter-flags -fstack-protector
-
- emake -j1 \
- COPT_FLAGS="${CFLAGS}" ${myconf} \
- KERNEL_DIR="${KERNEL_DIR}" \
- CC="$(tc-getCC)" \
- || die "${diemsg}"
-}
-
-src_install() {
- src_defs
- make ${myconf} \
- DESTDIR="${D}" \
- KERNEL_DIR="${KERNEL_DIR}" \
- install install-devel || die "${diemsg}"
-
- dodir /usr/$(get_libdir)
- mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
-
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-}
-
-pkg_postinst() {
- einfo "This package now includes an initscript which loads and saves"
- einfo "rules stored in /var/lib/iptables/rules-save"
- use ipv6 && einfo "and /var/lib/ip6tables/rules-save"
- einfo "This location can be changed in /etc/conf.d/iptables"
- einfo
- einfo "If you are using the iptables initsscript you should save your"
- einfo "rules using the new iptables version before rebooting."
- einfo
- einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
- einfo "iptables."
- einfo
- ewarn "!!! ipforwarding is now not a part of the iptables initscripts."
- einfo
- einfo "To enable ipforwarding at bootup:"
- einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
- if use ipv6 ; then
- einfo "and/or"
- einfo " net.ipv6.ip_forward = 1"
- einfo "for ipv6."
- fi
- if has_version '=net-firewall/iptables-1.2*' ; then
- echo
- ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
- ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
- ewarn "http://bugs.gentoo.org/92535"
- fi
-}
diff --git a/net-firewall/iptables/iptables-1.3.5-r2.ebuild b/net-firewall/iptables/iptables-1.3.5-r2.ebuild
deleted file mode 100644
index 2a8703863130..000000000000
--- a/net-firewall/iptables/iptables-1.3.5-r2.ebuild
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.5-r2.ebuild,v 1.1 2006/06/04 13:18:37 dragonheart Exp $
-
-inherit eutils flag-o-matic toolchain-funcs linux-info
-
-L7_PV="2.2"
-L7_P="netfilter-layer7-v${L7_PV}"
-L7_PATCH="iptables-layer7-${L7_PV}.patch"
-IMQ_PATCH="iptables-1.3.0-imq1.diff"
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
- extensions? (
- http://www.linuximq.net/patchs/${IMQ_PATCH}
- mirror://sourceforge/l7-filter/${L7_P}.tar.gz
- )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 static extensions"
-
-DEPEND="virtual/os-headers
- extensions? ( virtual/linux-sources )"
-RDEPEND=""
-
-pkg_setup() {
- if use extensions ; then
- ewarn "WARNING: 3rd party extensions has been enabled."
- ewarn "This means that iptables will use your currently installed"
- ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
- ewarn
- ewarn "You may have to patch your kernel to allow iptables to build."
- ewarn "Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches"
- ewarn "for your kernel."
- ewarn
- ewarn "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
- linux-info_pkg_setup
- fi
-}
-
-src_unpack() {
- unpack ${P}.tar.bz2
- use extensions && unpack ${L7_P}.tar.gz
- cd "${S}"
-
- EPATCH_OPTS="-p0" \
- epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
- EPATCH_OPTS="-p1" \
- epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
-
- # this provide's grsec's stealth match
- EPATCH_OPTS="-p0" \
- epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
- sed -i \
- -e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
- extensions/Makefile || die "failed to enable stealth extension"
-
- EPATCH_OPTS="-p1" \
- epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch
-
- if use extensions ; then
- EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
- EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
- chmod +x extensions/{.IMQ-test*,.childlevel-test*,.layer7-test*}
- fi
-}
-
-
-src_defs() {
- # these are used in both of src_compile and src_install
- myconf="${myconf} PREFIX="
- myconf="${myconf} LIBDIR=/$(get_libdir)"
- myconf="${myconf} BINDIR=/sbin"
- myconf="${myconf} MANDIR=/usr/share/man"
- myconf="${myconf} INCDIR=/usr/include"
- # iptables and libraries are now installed to /sbin and /lib, so that
- # systems with remote network-mounted /usr filesystems can get their
- # network interfaces up and running correctly without /usr.
- use ipv6 || myconf="${myconf} DO_IPV6=0"
- use static && myconf="${myconf} NO_SHARED_LIBS=0"
- export myconf
- if ! use extensions ; then
- export KERNEL_DIR="/usr"
- diemsg=""
- else
- diemsg="Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables"
- fi
- export diemsg
-}
-
-
-src_compile() {
- src_defs
-
- # iptables will NOT work correctly unless -O[123] are present!
- replace-flags -O0 -O2
- get-flag -O || append-flags -O2
-
- # prevent it from causing ICMP errors.
- # http://bugs.gentoo.org/show_bug.cgi?id=23645
- filter-flags -fstack-protector
-
- emake -j1 \
- COPT_FLAGS="${CFLAGS}" ${myconf} \
- KERNEL_DIR="${KERNEL_DIR}" \
- CC="$(tc-getCC)" \
- || die "${diemsg}"
-}
-
-src_install() {
- src_defs
- make ${myconf} \
- DESTDIR="${D}" \
- KERNEL_DIR="${KERNEL_DIR}" \
- install install-devel || die "${diemsg}"
-
- dodir /usr/$(get_libdir)
- mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
-
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-}
-
-pkg_postinst() {
- einfo "This package now includes an initscript which loads and saves"
- einfo "rules stored in /var/lib/iptables/rules-save"
- use ipv6 && einfo "and /var/lib/ip6tables/rules-save"
- einfo "This location can be changed in /etc/conf.d/iptables"
- einfo
- einfo "If you are using the iptables initsscript you should save your"
- einfo "rules using the new iptables version before rebooting."
- einfo
- einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
- einfo "iptables."
- einfo
- ewarn "!!! ipforwarding is now not a part of the iptables initscripts."
- einfo
- einfo "To enable ipforwarding at bootup:"
- einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
- if use ipv6 ; then
- einfo "and/or"
- einfo " net.ipv6.ip_forward = 1"
- einfo "for ipv6."
- fi
- if has_version '=net-firewall/iptables-1.2*' ; then
- echo
- ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
- ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
- ewarn "http://bugs.gentoo.org/92535"
- fi
-}
diff --git a/net-firewall/iptables/iptables-1.3.5-r3.ebuild b/net-firewall/iptables/iptables-1.3.5-r3.ebuild
deleted file mode 100644
index 244d6ffd309b..000000000000
--- a/net-firewall/iptables/iptables-1.3.5-r3.ebuild
+++ /dev/null
@@ -1,170 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.3.5-r3.ebuild,v 1.1 2006/07/09 06:27:22 dragonheart Exp $
-
-inherit eutils flag-o-matic toolchain-funcs linux-info
-
-L7_PV="2.2"
-L7_P="netfilter-layer7-v${L7_PV}"
-L7_PATCH="iptables-layer7-${L7_PV}.patch"
-IMQ_PATCH="iptables-1.3.0-imq1.diff"
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="http://www.iptables.org/ http://www.linuximq.net/ http://l7-filter.sf.net/"
-SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2
- imq? ( http://www.linuximq.net/patchs/${IMQ_PATCH} )
- l7filter? ( mirror://sourceforge/l7-filter/${L7_P}.tar.gz )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ipv6 static imq l7filter"
-
-DEPEND="virtual/os-headers
- l7filter? ( virtual/linux-sources )
- imq? ( virtual/linux-sources )"
-RDEPEND=""
-
-pkg_setup() {
- if use l7filter || use imq; then
- ewarn "WARNING: 3rd party extensions has been enabled."
- ewarn "This means that iptables will use your currently installed"
- ewarn "kernel in ${KERNEL_DIR} as headers for iptables."
- ewarn
- linux-info_pkg_setup
- fi
-
- if use l7filter && \
- [ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then
- die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this"
- fi
- if use imq && \
- [ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_IMQ.c" ]; then
- die "For IMQ support add a patch from http://www.linuximq.net/patches.html to your kernel"
- fi
-}
-
-src_unpack() {
- unpack ${P}.tar.bz2
- use l7filter && unpack ${L7_P}.tar.gz
- cd "${S}"
-
- EPATCH_OPTS="-p0" \
- epatch "${FILESDIR}"/1.3.1-files/install_ipv6_apps.patch
- EPATCH_OPTS="-p1" \
- epatch "${FILESDIR}"/1.3.1-files/install_all_dev_files.patch-1.3.1
-
- # this provide's grsec's stealth match
- EPATCH_OPTS="-p0" \
- epatch "${FILESDIR}"/1.3.1-files/grsecurity-1.2.8-iptables.patch-1.3.1
- sed -i \
- -e "s/PF_EXT_SLIB:=/PF_EXT_SLIB:=stealth /g" \
- extensions/Makefile || die "failed to enable stealth extension"
-
- EPATCH_OPTS="-p1" \
- epatch "${FILESDIR}"/1.3.1-files/${PN}-1.3.1-compilefix.patch
-
- # bug #139726
- epatch "${FILESDIR}"/1.3.5-files/${P}-errno.patch
-
- if use imq ; then
- EPATCH_OPTS="-p1" epatch "${DISTDIR}"/${IMQ_PATCH}
- chmod +x extensions/{.IMQ-test*,.childlevel-test*}
- fi
- if use l7filter ; then
- EPATCH_OPTS="-p1" epatch "${WORKDIR}"/${L7_P}/${L7_PATCH}
- chmod +x extensions/.layer7-test*
- fi
-}
-
-
-src_defs() {
- # these are used in both of src_compile and src_install
- myconf="${myconf} PREFIX="
- myconf="${myconf} LIBDIR=/$(get_libdir)"
- myconf="${myconf} BINDIR=/sbin"
- myconf="${myconf} MANDIR=/usr/share/man"
- myconf="${myconf} INCDIR=/usr/include"
- # iptables and libraries are now installed to /sbin and /lib, so that
- # systems with remote network-mounted /usr filesystems can get their
- # network interfaces up and running correctly without /usr.
- use ipv6 || myconf="${myconf} DO_IPV6=0"
- use static && myconf="${myconf} NO_SHARED_LIBS=0"
- export myconf
- if ! use l7filter && ! use imq; then
- export KERNEL_DIR="/usr"
- diemsg="failure"
- else
- diemsg="failure - with l7filter or imq patch added"
- fi
- export diemsg
-}
-
-
-src_compile() {
- src_defs
-
- # iptables will NOT work correctly unless -O[123] are present!
- replace-flags -O0 -O2
- get-flag -O || append-flags -O2
-
- # prevent it from causing ICMP errors.
- # http://bugs.gentoo.org/show_bug.cgi?id=23645
- filter-flags -fstack-protector
-
- emake -j1 \
- COPT_FLAGS="${CFLAGS}" ${myconf} \
- KERNEL_DIR="${KERNEL_DIR}" \
- CC="$(tc-getCC)" \
- || die "${diemsg}"
-}
-
-src_install() {
- src_defs
- make ${myconf} \
- DESTDIR="${D}" \
- KERNEL_DIR="${KERNEL_DIR}" \
- install install-devel || die "${diemsg}"
-
- dodir /usr/$(get_libdir)
- mv -f "${D}"/$(get_libdir)/*.a "${D}"/usr/$(get_libdir)
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables
- newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
-
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables
- newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
- fi
-}
-
-pkg_postinst() {
- einfo "This package now includes an initscript which loads and saves"
- einfo "rules stored in /var/lib/iptables/rules-save"
- use ipv6 && einfo "and /var/lib/ip6tables/rules-save"
- einfo "This location can be changed in /etc/conf.d/iptables"
- einfo
- einfo "If you are using the iptables initsscript you should save your"
- einfo "rules using the new iptables version before rebooting."
- einfo
- einfo "If you are upgrading to a >=2.4.21 kernel you may need to rebuild"
- einfo "iptables."
- einfo
- ewarn "!!! ipforwarding is not a part of the iptables initscripts."
- einfo
- einfo "To enable ipforwarding at bootup:"
- einfo "/etc/sysctl.conf and set net.ipv4.ip_forward = 1"
- if use ipv6 ; then
- einfo "and/or"
- einfo " net.ipv6.ip_forward = 1"
- einfo "for ipv6."
- fi
- if has_version '=net-firewall/iptables-1.2*' ; then
- echo
- ewarn "When upgrading from iptables-1.2.x, you may be unable to remove"
- ewarn "rules added with iptables-1.2.x. This is a known issue, please see:"
- ewarn "http://bugs.gentoo.org/92535"
- fi
-}