proj/gentoo: Initial commit

This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.

This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.

Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed

42 files changed, 2588 insertions, 0 deletions

diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
new file mode 100644
index 000000000000..285a257c0005
--- /dev/null
+++ b/net-firewall/iptables/Manifest
@@ -0,0 +1,15 @@
+DIST iptables-1.4.10.tar.bz2 478007 SHA256 7544e437d2222078b15e6cd063b521c6f1ec4dac49e6af9ba3bfece2a6a93445 SHA512 264a974cc303cf9b352ccdf50d3aa1491167cdf1d7919074925645cc94d7f5e40d315cff048d0fab48e31853dcdad64bd65b83ef6fdd05f9e896be4e3317cd1e WHIRLPOOL 4ca6629ed2f43f1393be5a24284147272ff208d27e8bc073ccadb80f27887f2ef2c477e08ab2f8f22414cd11ab6a33dc42071f2ee3168e15026a76a3270cbc2e
+DIST iptables-1.4.11.1.tar.bz2 486926 SHA256 170c294698ca573477b1b2a3815e1563bf9929d182efef6cf0331a6e955c9ade SHA512 432dff8d1bc2b65cd636bb7a8d9ace5402db134df6e5e15c11c2bf1684d513a0f3cf70af099875fbddb25a1ef8868716b4a80791d7475848dd9d7917752d451a WHIRLPOOL ace3dc5ed59f98faea78cce2f1e673cb9b9726360cb1fcaa6ff73b9c36ba2ece8b415f191f1c6862a85829bb857202571bb851132a503ffb272c078d87889cbf
+DIST iptables-1.4.12.1.tar.bz2 473418 SHA256 77e6581f21f15946a814fa311236e5f3f7c6593180f9d695cea06aa95e464aba SHA512 ca8960d6d11faaba293e62169a32f8821d9240907d7ca11741dfca78ce92e32d5e2625f99786f55fb08d27ff7643e2531cc741aa0867f45df61248264b8ffe18 WHIRLPOOL b737fb2704511066d052227f7fe73a1ce64f427c614e56a1a681a7dcc37bac214448f9821b416a35cbe7efdf5436c49d0202f6da77aa0ec60de724137d28abda
+DIST iptables-1.4.12.tar.bz2 487036 SHA256 3e07a0beb746b580fbcfb04b3842ef0bd94a2f281786552f586415b26a7e971c SHA512 e61652cee5b3e691643769ac16dd9674ad7e2d5684f9e3146200be91a6db5674cead4525a97e232644f966692bea9143eb3b0c64a2dc01a32bf34834d3a0b4de WHIRLPOOL c5f5b29387322b36cce9c59fd548bb582b7b9b11da2616f5ff14c4ddc5eec8bc500da3756593406f5a5a4ab5b43d0f0b9d44b028b270479e10d1d8f716e1d0a0
+DIST iptables-1.4.13.tar.bz2 502942 SHA256 321e2600fc4541a958e44cafd85a42864b0035404097e0f2e082d474029b9ded SHA512 598b05aa1446172c65b5103bdd02e29f8c8253eb3395e8cabc33e664e7d7afb4a842deea4f0faaac4645acd29a4fbfc0c0675c55f67e38c822ae28b549eab73c WHIRLPOOL 44df42d7fd66349c6bdef8cfa6d80571e7ec7d58a7092b188ef41a8431cd02394835177bdc4d31255b8a115f088daba269f6ecb9230b8d04df6e01151a926017
+DIST iptables-1.4.14.tar.bz2 507123 SHA256 9be675696f41cd4f35cc332b667d285fe9489ca93c8e1f77804bd04b3315a522 SHA512 3bf6db564359acafa738068980793129982318317bea69f21282d80f40dcb1e16938f8e2928e6cdcc4e77d89b2bc3f6c45aad7eb11ff84063b78e5f8e1907f9e WHIRLPOOL 16f630e38272b76c3d7eefa83869902b0f111d9ffba2eca6fe885759619dc81f1c9fc1bfe2f946adc99edfdfc5f4002a331e412a8fef674f63bfb760aa44e868
+DIST iptables-1.4.15.tar.bz2 514830 SHA256 867c144e60075e7bebe6fcecf0b65169d5e2d1fa5ceec2ebd9780cd5026123ea SHA512 2ef559f1079838b2aa8348e66248aac7bc7549be93014ddbdaf730fbad168a657e20e031dcfd9ffa62ed45a52dbefc3683783a5d9b929d539d07ba6ad6adcfa0 WHIRLPOOL 8a56ed3cffd572f2202f172a3b903283452b4fd9647b6123530a1cc489a150bc88e7eb1f911f896b655d1de37f26c0a5eadd383c06103a0f395a82e1bc321b89
+DIST iptables-1.4.16.2.tar.bz2 536755 SHA256 4468ce7e1d68349a8e30f26110eb7969dbfdbf497d6c53758883123b3f2d6f6e SHA512 1ec9d12cc069a8acb1a443e7325c2bb98f0216e0a454413424b49c90bd6f4f94832ed1187a8fc75bdc7d80aa4ca9f3534e15799c46cb17344886d7b4ad34e4c0 WHIRLPOOL b0c782f41bb7d0df794064b1f57853ec664ddf0f899ab4b1f8cf51df0f98594065b7e7e3a77ee398cbb4fcc03fe360e67cf679bf6f9f730263ad29be394e76e0
+DIST iptables-1.4.16.3.tar.bz2 536872 SHA256 643ccf34099d53d5b839e1d889c05627745a51ec122648e76a9fcec3a8a9ec79 SHA512 c232a927fe63623cc0d336b4a09d7baad2d0c5a2a5e3b7ad083727e9f17cd0b668a826a4c5ff0bbb45233fee6c38c153710b13f458514516af7cf7df10d720e2 WHIRLPOOL 2dadcdb39f7741cb7b3c493bc36792a6edbdd9ddaa0c862d2ec0a6fbb89eb82c55f04ae407ab641f425208b15ef6e689af10ce6c03368e40652367c39dead75f
+DIST iptables-1.4.17.tar.bz2 541137 SHA256 51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925 SHA512 022f89cbf56408842bdeb1adbe05076addaad007599fdb662f32a1c134d743dade28c26842acc7545d2474903164be5fe3ec7fd1e276cd2c37bd3b33b8a30de1 WHIRLPOOL f2cb85d5f4080fce2c6673a58737ace3d55130f74c66207bc515d0c7b4ecd75bd7ac8540a862e8af133e740d34eee40833d72c9c3236c7ef4dc75cd43816ec41
+DIST iptables-1.4.18.tar.bz2 542308 SHA256 14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c SHA512 fc62916bd90863c0868f70d711fd6716cbcb54402c32bdeebfd0cee05137fa3ff1a137f0a4b5b31ee0bb6492e23e60e7025d51914b26c0e0b233181cbb1cb1b5 WHIRLPOOL 5d89e0f8d2dfad0f25a369f936f86386c799b2c475cef9fb13fb3c8cb9fcb201361c7d134a24f68099b2b5468c97476e1982bc116fa6448a07d776c724fddbd3
+DIST iptables-1.4.19.1.tar.bz2 543785 SHA256 dd51d3b942758a462afc7c8495930d25c93058e5319303247375183ad50164d2 SHA512 a3232ae92b997f67b5895c110f2cb8ec3aecbc383e804a870351c61e49cd83c1d7bf750818768f5560d615090157a17cc5c4ef101bc104905915de67fa022088 WHIRLPOOL 99ec72c45eb5a5721e4228b3ae79ffa2d1a67db362a9c67a09190c8bed54f023e6550b300b41d0d119c518d234559d7bc1182313b26460a2d224768d1f7955b3
+DIST iptables-1.4.20.tar.bz2 546864 SHA256 109b8c7ca90b4536bc5de869ae705f6d5efcc0c08ef3003755aad3ed6d2d49ad SHA512 6c8e1d89db66c0cfd76afd7fa7de8a7d451337f6f15f01d811585714f6d488275621ca9a1f4967a2ae99e90f3890cf0e3c7f7a9a3a98fda902b0a56717d7ffe0 WHIRLPOOL 8146d632ec00c663988d4e82e3adfa8b9fa2df269df2e6cc359dae65727e59f4ef614540eb4f970d020eac558d7423731a88246f9df1265718346ca62e59a8e7
+DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200
+DIST iptables-1.4.6.tar.bz2 463758 SHA256 6e732798cad62163d6e033aa52e22b771246556a230c0f66cd33fe69e96d72a4 SHA512 0ec1314462a154b5892093b17b997f130760b2ada4fb2b7cdc0f6cb7bb9da9ddaf77400c3fcbe57c4db1400adaec37d38f9debe37f7ed33dabbbe3b58c13e942 WHIRLPOOL 39e1f0f3f46350c81d2fe219b5d40174f4a390180f71ac8c896a634aa29abe98da665c8e93d373465dad351a9604d6c5e36c0f99f7256b85ffbc3615cefa28ae
diff --git a/net-firewall/iptables/files/ip6tables-1.3.2.confd b/net-firewall/iptables/files/ip6tables-1.3.2.confd
new file mode 100644
index 000000000000..93c0bc89b38a
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables-1.3.2.confd
@@ -0,0 +1,11 @@
+# /etc/conf.d/ip6tables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd
new file mode 100644
index 000000000000..3bb36989d37e
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/ip6tables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.3.2.confd b/net-firewall/iptables/files/iptables-1.3.2.confd
new file mode 100644
index 000000000000..91287debdbcf
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.3.2.confd
@@ -0,0 +1,11 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
diff --git a/net-firewall/iptables/files/iptables-1.3.2.init b/net-firewall/iptables/files/iptables-1.3.2.init
new file mode 100755
index 000000000000..907a39e7479a
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.3.2.init
@@ -0,0 +1,115 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
+	iptables_name="iptables"
+fi
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	before net
+	use logger
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	touch "${iptables_save}"
+	chmod 0600 "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	service_started ${iptables_name} && svc_stop
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch b/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch
new file mode 100644
index 000000000000..d83a7059f37b
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch
@@ -0,0 +1,17 @@
+diff --git a/iptables/Makefile.am b/iptables/Makefile.am
+index 13cca9c..a068278 100644
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -51,10 +51,10 @@ v6_sbin_links  = ip6tables ip6tables-restore ip6tables-save
+ endif
+ 
+ iptables.8: ${srcdir}/iptables.8.in ../extensions/matches4.man ../extensions/targets4.man
+-	${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@;
++	${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches4.man' -e '/@TARGET@/ r ../extensions/targets4.man' $< >$@;
+ 
+ ip6tables.8: ${srcdir}/ip6tables.8.in ../extensions/matches6.man ../extensions/targets6.man
+-	${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@;
++	${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches6.man' -e '/@TARGET@/ r ../extensions/targets6.man' $< >$@;
+ 
+ pkgconfig_DATA = xtables.pc
+ 
diff --git a/net-firewall/iptables/files/iptables-1.4.11.init b/net-firewall/iptables/files/iptables-1.4.11.init
new file mode 100644
index 000000000000..6b2b88c5dbed
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.11.init
@@ -0,0 +1,117 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
+	iptables_name="iptables"
+fi
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	before net
+	use logger
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	touch "${iptables_save}"
+	chmod 0600 "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	if service_started ${iptables_name}; then
+		rc-service ${iptables_name} stop
+	fi
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch
new file mode 100644
index 000000000000..9bbcc67cb6a5
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch
@@ -0,0 +1,48 @@
+commit 3412bd0bfb8b8bac9834cbfd3392b3d5487133bf
+Author: Tom Eastep <teastep@shorewall.net>
+Date:   Thu Aug 18 15:11:16 2011 -0700
+
+    libxt_conntrack: improve error message on parsing violation
+    
+    Tom Eastep noted:
+    
+    $ iptables -A foo -m conntrack --ctorigdstport 22
+    iptables v1.4.12: conntrack rev 2 does not support port ranges
+    Try `iptables -h' or 'iptables --help' for more information.
+    
+    Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug,
+    but let's include Tom's patch nevertheless for the better error
+    message in case one actually does specify a range with rev 2.
+    
+    References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2
+    Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
+
+diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
+index 060b947..fff69f8 100644
+--- a/extensions/libxt_conntrack.c
++++ b/extensions/libxt_conntrack.c
+@@ -129,13 +129,20 @@ static const struct xt_option_entry conntrack2_mt_opts[] = {
+ 	 .flags = XTOPT_INVERT},
+ 	{.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC,
+ 	 .flags = XTOPT_INVERT},
+-	{.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORT,
++	/*
++	 * Rev 1 and 2 only store one port, and we would normally use
++	 * %XTTYPE_PORT (rather than %XTTYPE_PORTRC) for that. The resulting
++	 * error message - in case a user passed a range nevertheless -
++	 * "port 22:23 resolved to nothing" is not quite as useful as using
++	 * %XTTYPE_PORTC and libxt_conntrack's own range test.
++	 */
++	{.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC,
+ 	 .flags = XTOPT_INVERT | XTOPT_NBO},
+-	{.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORT,
++	{.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC,
+ 	 .flags = XTOPT_INVERT | XTOPT_NBO},
+-	{.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORT,
++	{.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC,
+ 	 .flags = XTOPT_INVERT | XTOPT_NBO},
+-	{.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORT,
++	{.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC,
+ 	 .flags = XTOPT_INVERT | XTOPT_NBO},
+ 	{.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING},
+ 	XTOPT_TABLEEND,
diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch b/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch
new file mode 100644
index 000000000000..4d9e1d8ed4dd
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch
@@ -0,0 +1,61 @@
+parent 2ca6273c73b42e8c74afd5f8b1fe10c5c93ce363 (v1.4.12-43-g2ca6273)
+commit d4e72dc1c684c2f8361d87e6bde2902cd2ee8efb
+Author: Jan Engelhardt <jengelh@medozas.de>
+Date:   Sat Sep 3 13:34:40 2011 +0200
+
+libxt_statistic: link with -lm
+
+$ ldd -r libxt_statistic.so
+undefined symbol: lround        (./libxt_statistic.so)
+
+References: https://bugs.archlinux.org/task/25358
+Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
+---
+ extensions/GNUmakefile.in |    5 ++++-
+ iptables/Makefile.am      |    9 +++++++--
+ 2 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index 2b48d84..dbf210c 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -90,11 +90,14 @@ init%.o: init%.c
+ #	Shared libraries
+ #
+ lib%.so: lib%.oo
+-	${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<;
++	${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< ${$*_LIBADD};
+ 
+ lib%.oo: ${srcdir}/lib%.c
+ 	${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
+ 
++# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
++xt_statistic_LIBADD = -lm
++
+ 
+ #
+ #	Static bits
+diff --git a/iptables/Makefile.am b/iptables/Makefile.am
+index addb159..f6db32d 100644
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -6,12 +6,17 @@ AM_CPPFLAGS      = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}
+ lib_LTLIBRARIES       = libxtables.la
+ libxtables_la_SOURCES = xtables.c xtoptions.c
+ libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage}
++libxtables_la_LIBADD  =
++if ENABLE_STATIC
++# With --enable-static, shipped extensions are linked into the main executable,
++# so we need all the LIBADDs here too
++libxtables_la_LIBADD += -lm
++endif
+ if ENABLE_SHARED
+ libxtables_la_CFLAGS  = ${AM_CFLAGS}
+-libxtables_la_LIBADD  = -ldl
++libxtables_la_LIBADD += -ldl
+ else
+ libxtables_la_CFLAGS  = ${AM_CFLAGS} -DNO_SHARED_LIBS=1
+-libxtables_la_LIBADD  =
+ endif
+ 
+ xtables_multi_SOURCES  = xtables-multi.c iptables-xml.c
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init
new file mode 100644
index 000000000000..440e840c41a8
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init
@@ -0,0 +1,130 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+iptables|ip6tables) ;;
+*) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	need localmount #434774
+	before net
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	checkrules || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+checkrules() {
+	ebegin "Checking rules"
+	${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+check() {
+	# Short name for users of init.d script.
+	checkrules
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	checkpath -q -d "$(dirname "${iptables_save}")"
+	checkpath -q -m 0600 -f "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	if service_started ${iptables_name}; then
+		rc-service ${iptables_name} stop
+	fi
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd
new file mode 100644
index 000000000000..7225374c3a8a
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.4.13.init b/net-firewall/iptables/files/iptables-1.4.13.init
new file mode 100644
index 000000000000..a45c6d1a9918
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13.init
@@ -0,0 +1,116 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
+	iptables_name="iptables"
+fi
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	before net
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	touch "${iptables_save}"
+	chmod 0600 "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	if service_started ${iptables_name}; then
+		rc-service ${iptables_name} stop
+	fi
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/net-firewall/iptables/files/iptables-1.4.16.2-static.patch b/net-firewall/iptables/files/iptables-1.4.16.2-static.patch
new file mode 100644
index 000000000000..a5d6fe71f670
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.16.2-static.patch
@@ -0,0 +1,55 @@
+https://bugs.gentoo.org/437712
+
+From 269655d54e22f3a36250bb2c4639dddd102258c6 Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Mon, 8 Oct 2012 12:04:56 +0000
+Subject: [PATCH] build: remove symlink-only extensions from static object
+ list
+
+$ ./configure --enable-static --disable-shared --enable-ipv4
+  --enable-ipv6 && make
+[...]
+make[3]: *** No rule to make target "libxt_NOTRACK.o", needed by
+"libext.a". Stop.
+
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ extensions/GNUmakefile.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index 8b38df9..1cef239 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -39,7 +39,7 @@ endif
+ #	Wildcard module list
+ #
+ pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c)))
+-pfx_build_mod += NOTRACK state
++pfx_symlinks  := NOTRACK state
+ @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c)))
+ @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c)))
+ pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
+@@ -48,7 +48,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
+ pfx_objs      := $(patsubst %,libxt_%.o,${pfx_build_mod})
+ pf4_objs      := $(patsubst %,libipt_%.o,${pf4_build_mod})
+ pf6_objs      := $(patsubst %,libip6t_%.o,${pf6_build_mod})
+-pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod})
++pfx_solibs    := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
+ pf4_solibs    := $(patsubst %,libipt_%.so,${pf4_build_mod})
+ pf6_solibs    := $(patsubst %,libip6t_%.so,${pf6_build_mod})
+ 
+@@ -220,7 +220,7 @@ man_run    = \
+ 	done >$@;
+ 
+ matches.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
+-	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod}))
++	$(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
+ 
+ targets.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man)
+-	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod}))
++	$(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks}))
+-- 
+1.7.12
+
diff --git a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
new file mode 100644
index 000000000000..5212dd253aa8
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch
@@ -0,0 +1,32 @@
+From d42bc7c100de69396a527e90736198f8e4e3000b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 30 Dec 2012 18:06:15 -0500
+Subject: [PATCH] extensions: fix linking against -lip6tc
+
+The current build forgets to specify a path to find libip6tc which means
+it either fails (if there is no libip6tc in the system), or links against
+an old version (if there is one in the system).
+
+References: https://bugs.gentoo.org/449262
+Reported-by: Mike Gilbert <floppym@gentoo.org>
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ extensions/GNUmakefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index e71e3ff..a605474 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -101,7 +101,7 @@ libxt_state.so: libxt_conntrack.so
+ 	ln -fs $< $@
+ 
+ # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+-ip6t_NETMAP_LIBADD  = -lip6tc
++ip6t_NETMAP_LIBADD  = -L../libiptc/.libs -lip6tc
+ xt_RATEEST_LIBADD   = -lm
+ xt_statistic_LIBADD = -lm
+ 
+-- 
+1.8.0
+
diff --git a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch
new file mode 100644
index 000000000000..33d048163a18
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch
@@ -0,0 +1,74 @@
+From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sat, 16 Mar 2013 12:15:30 +0100
+Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP"
+
+This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6.
+
+The use of libtool was introduced to resolve linking problems
+in NETMAP (IPv6 version), but that resulted in RPATH problems
+reported from distributors and warnings spotted by libtool at
+linking stage.
+
+Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and
+get rid of libip6tc dependency) fixed the NETMAP issue, let's
+roll back to our previous stage.
+
+A small conflicts in extensions/GNUmakefile.in has been resolved
+in this revert.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ extensions/GNUmakefile.in | 18 +++++++-----------
+ 1 file changed, 7 insertions(+), 11 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index 3db6985..1ae7f74 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -33,7 +33,6 @@ AM_VERBOSE_CXX    = @echo "  CXX     " $@;
+ AM_VERBOSE_CXXLD  = @echo "  CXXLD   " $@;
+ AM_VERBOSE_AR     = @echo "  AR      " $@;
+ AM_VERBOSE_GEN    = @echo "  GEN     " $@;
+-AM_VERBOSE_NULL   = @
+ endif
+ 
+ #
+@@ -76,7 +75,7 @@ install: ${targets_install}
+ 	if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi;
+ 
+ clean:
+-	rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
++	rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c;
+ 	rm -f .*.d .*.dd;
+ 
+ distclean: clean
+@@ -90,19 +89,16 @@ init%.o: init%.c
+ #
+ #	Shared libraries
+ #
+-lib%.so: lib%.la
+-	${AM_VERBOSE_NULL} ln -fs .libs/$@ $@
++lib%.so: lib%.oo
++	${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD};
+ 
+-lib%.la: lib%.lo
+-	${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir}
+-
+-lib%.lo: ${srcdir}/lib%.c
+-	${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $<
++lib%.oo: ${srcdir}/lib%.c
++	${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<;
+ 
+ libxt_NOTRACK.so: libxt_CT.so
+-	${AM_VERBOSE_GEN} ln -fs $< $@
++	ln -fs $< $@
+ libxt_state.so: libxt_conntrack.so
+-	${AM_VERBOSE_GEN} ln -fs $< $@
++	ln -fs $< $@
+ 
+ # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+ xt_RATEEST_LIBADD   = -lm
+-- 
+1.8.2.1
+
diff --git a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch
new file mode 100644
index 000000000000..52829de24a5f
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch
@@ -0,0 +1,88 @@
+From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sat, 16 Mar 2013 12:11:07 +0100
+Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of
+ libip6tc dependency
+
+This patch changes the NETMAP target extension (IPv6 side) to use
+the xtables_ip6mask_to_cidr available in libxtables.
+
+As a side effect, we get rid of the libip6tc dependency.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ extensions/GNUmakefile.in   | 1 -
+ extensions/libip6t_NETMAP.c | 2 +-
+ include/libiptc/libip6tc.h  | 3 ---
+ iptables/ip6tables.c        | 2 +-
+ libiptc/libip6tc.c          | 2 +-
+ 5 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in
+index adad4d6..3db6985 100644
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so
+ 	${AM_VERBOSE_GEN} ln -fs $< $@
+ 
+ # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD
+-ip6t_NETMAP_LIBADD  = ../libiptc/libip6tc.la
+ xt_RATEEST_LIBADD   = -lm
+ xt_statistic_LIBADD = -lm
+ 
+diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c
+index d14dece..a4df70e 100644
+--- a/extensions/libip6t_NETMAP.c
++++ b/extensions/libip6t_NETMAP.c
+@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
+ 	printf("%s", xtables_ip6addr_to_numeric(&a));
+ 	for (i = 0; i < 4; i++)
+ 		a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]);
+-	bits = ipv6_prefix_length(&a);
++	bits = xtables_ip6mask_to_cidr(&a);
+ 	if (bits < 0)
+ 		printf("/%s", xtables_ip6addr_to_numeric(&a));
+ 	else
+diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h
+index c656bc4..9aed80a 100644
+--- a/include/libiptc/libip6tc.h
++++ b/include/libiptc/libip6tc.h
+@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void);
+ /* Translates errno numbers into more human-readable form than strerror. */
+ const char *ip6tc_strerror(int err);
+ 
+-/* Return prefix length, or -1 if not contiguous */
+-int ipv6_prefix_length(const struct in6_addr *a);
+-
+ extern void dump_entries6(struct xtc_handle *const);
+ 
+ extern const struct xtc_ops ip6tc_ops;
+diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
+index 4cfbea3..7d02cc1 100644
+--- a/iptables/ip6tables.c
++++ b/iptables/ip6tables.c
+@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip,
+ 		     const struct in6_addr *mask, int invert)
+ {
+ 	char buf[51];
+-	int l = ipv6_prefix_length(mask);
++	int l = xtables_ip6mask_to_cidr(mask);
+ 
+ 	if (l == 0 && !invert)
+ 		return;
+diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c
+index 7128e1c..ca01bcb 100644
+--- a/libiptc/libip6tc.c
++++ b/libiptc/libip6tc.c
+@@ -113,7 +113,7 @@ typedef unsigned int socklen_t;
+ #define BIT6(a, l) \
+  ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1)
+ 
+-int
++static int
+ ipv6_prefix_length(const struct in6_addr *a)
+ {
+ 	int l, i;
+-- 
+1.8.2.1
+
diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service
new file mode 100644
index 000000000000..88415fa37a64
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore ip6tables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=ip6tables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network.target
+Conflicts=shutdown.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables/files/systemd/ip6tables-store.service b/net-firewall/iptables/files/systemd/ip6tables-store.service
new file mode 100644
index 000000000000..9975378353d3
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store ip6tables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables/files/systemd/ip6tables.service b/net-firewall/iptables/files/systemd/ip6tables.service
new file mode 100644
index 000000000000..0a6d7fa1c8ab
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/ip6tables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore ip6tables firewall rules
+
+[Install]
+Also=ip6tables-store.service
+Also=ip6tables-restore.service
diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service
new file mode 100644
index 000000000000..9d568d78b309
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables-restore.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Restore iptables firewall rules
+# if both are queued for some reason, don't store before restoring :)
+Before=iptables-store.service
+# sounds reasonable to have firewall up before any of the services go up
+Before=network.target
+Conflicts=shutdown.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save
+
+[Install]
+WantedBy=basic.target
diff --git a/net-firewall/iptables/files/systemd/iptables-store.service b/net-firewall/iptables/files/systemd/iptables-store.service
new file mode 100644
index 000000000000..aa16e75e9ccf
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables-store.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Store iptables firewall rules
+Before=shutdown.target
+DefaultDependencies=No
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save"
+
+[Install]
+WantedBy=shutdown.target
diff --git a/net-firewall/iptables/files/systemd/iptables.service b/net-firewall/iptables/files/systemd/iptables.service
new file mode 100644
index 000000000000..3643a3e31034
--- /dev/null
+++ b/net-firewall/iptables/files/systemd/iptables.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Store and restore iptables firewall rules
+
+[Install]
+Also=iptables-store.service
+Also=iptables-restore.service
diff --git a/net-firewall/iptables/iptables-1.4.10-r1.ebuild b/net-firewall/iptables/iptables-1.4.10-r1.ebuild
new file mode 100644
index 000000000000..ff152ec86761
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.10-r1.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="2"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink"
+
+COMMON_DEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="
+	${COMMON_DEPEND}
+	virtual/os-headers
+"
+RDEPEND="
+	${COMMON_DEPEND}
+"
+
+src_prepare() {
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
+		configure
+	econf \
+		--sbindir=/sbin \
+		--libexecdir=/$(get_libdir) \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		--enable-static \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1 || die
+}
+
+src_install() {
+	emake install DESTDIR="${D}" || die
+	doman iptables-apply.8 || die
+	dodoc INCOMPATIBILITIES iptables.xslt || die
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables-apply || die
+	dosym iptables-apply /sbin/ip6tables-apply || die
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h || die
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${D}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.10.ebuild b/net-firewall/iptables/iptables-1.4.10.ebuild
new file mode 100644
index 000000000000..82e42fdf7ee5
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.10.ebuild
@@ -0,0 +1,67 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="2"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6"
+
+DEPEND="virtual/os-headers"
+RDEPEND=""
+
+src_prepare() {
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	econf \
+		--sbindir=/sbin \
+		--libexecdir=/$(get_libdir) \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		--enable-static \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1 || die
+}
+
+src_install() {
+	emake install DESTDIR="${D}" || die
+	dosbin iptables-apply || die
+	doman iptables-apply.8 || die
+	dodoc INCOMPATIBILITIES iptables.xslt || die
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h || die
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${D}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild b/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild
new file mode 100644
index 000000000000..77310ab04511
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6 netlink"
+
+COMMON_DEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="
+	${COMMON_DEPEND}
+	virtual/os-headers
+	sys-devel/automake
+"
+RDEPEND="
+	${COMMON_DEPEND}
+"
+
+src_prepare() {
+	# Only run autotools if user patched something
+	epatch "${FILESDIR}/${P}-man-fixes.patch"
+	eautomake
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
+		configure
+	econf \
+		--sbindir=/sbin \
+		--libexecdir=/$(get_libdir) \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		--enable-static \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	emake install DESTDIR="${D}"
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild b/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild
new file mode 100644
index 000000000000..2055cf251814
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	sys-devel/automake
+"
+
+src_prepare() {
+	epatch \
+		"${FILESDIR}/iptables-1.4.12.1-lm.patch" \
+		"${FILESDIR}/iptables-1.4.12.1-conntrack-v2-ranges.patch"
+	eautomake
+
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+	econf \
+		--sbindir=/sbin \
+		--libexecdir=/$(get_libdir) \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.12.1.ebuild b/net-firewall/iptables/iptables-1.4.12.1.ebuild
new file mode 100644
index 000000000000..2639b2e56363
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.12.1.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6 netlink"
+
+COMMON_DEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="
+	${COMMON_DEPEND}
+	virtual/os-headers
+	sys-devel/automake
+"
+RDEPEND="
+	${COMMON_DEPEND}
+"
+
+src_prepare() {
+	epatch "${FILESDIR}/iptables-1.4.12.1-lm.patch"
+	eautomake
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
+		configure || die
+	econf \
+		--sbindir=/sbin \
+		--libexecdir=/$(get_libdir) \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		--enable-static \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	emake install DESTDIR="${D}"
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.12.ebuild b/net-firewall/iptables/iptables-1.4.12.ebuild
new file mode 100644
index 000000000000..80e13cc88046
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.12.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink"
+
+COMMON_DEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="
+	${COMMON_DEPEND}
+	virtual/os-headers
+	sys-devel/automake
+"
+RDEPEND="
+	${COMMON_DEPEND}
+"
+
+src_prepare() {
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \
+		configure || die
+	econf \
+		--sbindir=/sbin \
+		--libexecdir=/$(get_libdir) \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		--enable-static \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	emake install DESTDIR="${D}"
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.13-r2.ebuild b/net-firewall/iptables/iptables-1.4.13-r2.ebuild
new file mode 100644
index 000000000000..e10df947ab5c
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.13-r2.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	!>=sys-kernel/linux-headers-3.5
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.13.ebuild b/net-firewall/iptables/iptables-1.4.13.ebuild
new file mode 100644
index 000000000000..efa45e2e066b
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.13.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	!>=sys-kernel/linux-headers-3.5
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.14-r1.ebuild b/net-firewall/iptables/iptables-1.4.14-r1.ebuild
new file mode 100644
index 000000000000..829beb00e618
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.14-r1.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	!>=sys-kernel/linux-headers-3.5
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.15-r1.ebuild b/net-firewall/iptables/iptables-1.4.15-r1.ebuild
new file mode 100644
index 000000000000..829beb00e618
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.15-r1.ebuild
@@ -0,0 +1,82 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	!>=sys-kernel/linux-headers-3.5
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.16.2.ebuild b/net-firewall/iptables/iptables-1.4.16.2.ebuild
new file mode 100644
index 000000000000..4dc89f6921c8
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.16.2.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	epatch "${FILESDIR}"/${P}-static.patch #437712
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.16.3.ebuild b/net-firewall/iptables/iptables-1.4.16.3.ebuild
new file mode 100644
index 000000000000..a5c40e6fda90
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.16.3.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.17.ebuild b/net-firewall/iptables/iptables-1.4.17.ebuild
new file mode 100644
index 000000000000..0bbfa2b99cba
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.17.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+	epatch "${FILESDIR}"/${P}-libip6tc.patch #449262
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.18.ebuild b/net-firewall/iptables/iptables-1.4.18.ebuild
new file mode 100644
index 000000000000..6976767da282
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.18.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+	epatch "${FILESDIR}"/${P}-extensions-link.patch
+	epatch "${FILESDIR}"/${P}-ipv6-linkage.patch
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed"
+}
diff --git a/net-firewall/iptables/iptables-1.4.19.1.ebuild b/net-firewall/iptables/iptables-1.4.19.1.ebuild
new file mode 100644
index 000000000000..052c7e70e34e
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.19.1.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+	prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.4.20.ebuild b/net-firewall/iptables/iptables-1.4.20.ebuild
new file mode 100644
index 000000000000..43dc46ce3714
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.20.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+	prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
new file mode 100644
index 000000000000..95ceda5539c2
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21-r1.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib systemd toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service
+	if use ipv6 ; then
+		systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+	prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.4.21.ebuild b/net-firewall/iptables/iptables-1.4.21.ebuild
new file mode 100644
index 000000000000..56a8118d78b0
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.21.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+	netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	virtual/pkgconfig
+"
+
+src_prepare() {
+	# use the saner headers from the kernel
+	rm -f include/linux/{kernel,types}.h
+
+	# Only run autotools if user patched something
+	epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build #444282
+	tc-export AR
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		configure || die
+
+	econf \
+		--sbindir="${EPREFIX}/sbin" \
+		--libexecdir="${EPREFIX}/$(get_libdir)" \
+		--enable-devel \
+		--enable-shared \
+		$(use_enable static-libs static) \
+		$(use_enable ipv6)
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# all the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+	newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+		newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+	fi
+
+	# Move important libs to /lib
+	gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+	prune_libtool_files
+}
diff --git a/net-firewall/iptables/iptables-1.4.6.ebuild b/net-firewall/iptables/iptables-1.4.6.ebuild
new file mode 100644
index 000000000000..c8e790cd6996
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.6.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit eutils multilib toolchain-funcs
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.iptables.org/"
+SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6"
+
+DEPEND="virtual/os-headers
+	!>=sys-kernel/linux-headers-2.6.33"
+RDEPEND=""
+
+src_unpack() {
+	unpack ${P}.tar.bz2
+	cd "${S}"
+	epatch_user
+}
+
+src_compile() {
+	econf \
+		--sbindir=/sbin \
+		--libexecdir=/$(get_libdir) \
+		--enable-devel \
+		--enable-libipq \
+		--enable-shared \
+		--enable-static \
+		$(use_enable ipv6)
+	emake V=1 || die
+}
+
+src_install() {
+	emake install DESTDIR="${D}" || die
+
+	insinto /usr/include
+	doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h || die
+
+	keepdir /var/lib/iptables
+	newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die
+	newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die
+	if use ipv6 ; then
+		keepdir /var/lib/ip6tables
+		newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die
+		newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die
+	fi
+}
diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml
new file mode 100644
index 000000000000..ed96e3dd4e4e
--- /dev/null
+++ b/net-firewall/iptables/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>base-system</herd>
+<use>
+ <flag name='netlink'>Build against libnfnetlink which enables the nfnl_osf util</flag>
+</use>
+<longdescription>
+  iptables is the userspace command line program used to set up, maintain, and
+  inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a
+  part of packet filtering framework which allows the stateless and stateful
+  packet filtering, all kinds of network address and port translation, and is a
+  flexible and extensible infrastructure with multiple layers of API's for 3rd
+  party extensions. The iptables package also includes ip6tables. ip6tables is
+  used for configuring the IPv6 packet filter.
+
+  Note that some extensions (e.g. imq and l7filter) are not included into
+  official kernel sources so you have to patch the sources before installation.
+</longdescription>
+<upstream>
+ <remote-id type="cpe">cpe:/a:netfilter_core_team:iptables</remote-id>
+</upstream>
+</pkgmetadata>