commit f36659b0574ebf7666b3c8a3860c4b704bf32e90 Author: Adrian Schröter Date: Mon Oct 14 14:10:48 2024 +0200 Sync from SUSE:ALP:Source:Standard:1.0 ebtables revision 10266afa0f0d0a217806fa0d1afac843 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/ebtables-2.0.11.tar.gz b/ebtables-2.0.11.tar.gz new file mode 100644 index 0000000..38f8950 --- /dev/null +++ b/ebtables-2.0.11.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b71f654784a726329f88b412ef7b96b4e5d786ed2bd28193ed7b4c0d677dfd2a +size 428411 diff --git a/ebtables-2.0.11.tar.gz.sig b/ebtables-2.0.11.tar.gz.sig new file mode 100644 index 0000000..8874bca Binary files /dev/null and b/ebtables-2.0.11.tar.gz.sig differ diff --git a/ebtables.changes b/ebtables.changes new file mode 100644 index 0000000..7b5221f --- /dev/null +++ b/ebtables.changes @@ -0,0 +1,304 @@ +------------------------------------------------------------------- +Thu Nov 11 08:36:14 UTC 2021 - Danilo Spinella + +- Add build dependency on libalternatives +- Run spec-cleaner + +------------------------------------------------------------------- +Fri Oct 15 07:30:28 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * ebtables.service + +------------------------------------------------------------------- +Fri Aug 20 18:06:09 UTC 2021 - Stefan Schubert + +- Use libalternatives instead of update-alternatives. + +------------------------------------------------------------------- +Wed Sep 2 14:23:48 UTC 2020 - Dominique Leuenberger + +- Have the source .service file hold a placeholder for LIBEXECDIR, + which we replace during build/install phase, allowing the package + to be used no matter what value %{_libexecdir} has. + +------------------------------------------------------------------- +Tue Sep 1 12:11:49 UTC 2020 - Kristyna Streitova + +- replace /usr/lib with /usr/libexec in .service files to follow + %_libexecdir macro changes + +------------------------------------------------------------------- +Tue May 5 10:15:21 UTC 2020 - Thorsten Kukuk + +- Revert last /bin/bash -> /bin/sh change + +------------------------------------------------------------------- +Wed Apr 29 14:05:24 UTC 2020 - Thorsten Kukuk + +- Use /bin/sh for ebtables.systemd +- Don't hard require systemd, we don't need that in a container + +------------------------------------------------------------------- +Fri Jan 10 14:26:56 UTC 2020 - Kristyna Streitova + +- rename /usr/lib/ebtables helper file to /usr/lib/ebtables-helper + otherwise it conflicts with /usr/lib/ebtables library directory + on 32-bit systems [bsc#1159769] + +------------------------------------------------------------------- +Tue Dec 10 14:12:00 UTC 2019 - Kristyna Streitova + +- add ebtables.keyring as a Source + +------------------------------------------------------------------- +Mon Dec 2 19:26:41 UTC 2019 - Jan Engelhardt + +- Update to release 2.0.11 + * Add --noflush command line support for ebtables-restore + * Do not print IPv6 mask if it is all ones + * Allow RETURN target rules in user defined chains + * ebt_ip: add support for matching ICMP type and code + * ebt_ip: add support for matching IGMP type + * extensions: Add string filter to ebtables + * Print IPv6 prefixes in CIDR notation + * extensions: Add AUDIT target + * Fix incorrect IPv6 prefix formatting +- Drop ebtables-v2.0.8-makefile.diff (no longer needed) +- Drop ebtables-v2.0.8-initscript.diff, include-linux-if.patch + (not applicable) +- Drop ebtables-v2.0.10-4-audit.patch, + 0001-fix-compilation-warning.patch, + 0001-Use-flock-for-concurrent-option.patch, + 0002-Fix-locking-if-LOCKDIR-does-not-exist.patch (merged) + +------------------------------------------------------------------- +Wed Jul 10 11:30:50 UTC 2019 - Kristyna Streitova + +- fix path (/sbin -> /usr/sbin) in ebtables.systemd [bsc#1140898] + +------------------------------------------------------------------- +Fri Feb 22 14:04:30 UTC 2019 - Michał Rostecki + +- Add upstream patches which improve handling stale locks. + (boo#1126094) + * 0001-Use-flock-for-concurrent-option.patch + * 0002-Fix-locking-if-LOCKDIR-does-not-exist.patch + +------------------------------------------------------------------- +Fri Aug 24 10:20:05 UTC 2018 - jengelh@inai.de + +- Move ebtables to ebtables-legacy and use update-alternatives to + offer a selection mechanism. + +------------------------------------------------------------------- +Thu Mar 15 13:30:35 UTC 2018 - kstreitova@suse.com + +- fix ExecStart/ExecStop path in ebtables.service [bnc#1085228] + +------------------------------------------------------------------- +Mon Mar 12 10:08:51 UTC 2018 - matthias.gerstner@suse.com + +- Fix ethertypes ownership, should be %exclude, not %ghost. + +------------------------------------------------------------------- +Thu Feb 22 16:22:33 UTC 2018 - matthias.gerstner@suse.com + +- Resolve conflict with iptables-nft and obtain ethertypes from new netcfg + minor version. FATE#320520 + +------------------------------------------------------------------- +Thu Nov 23 13:37:47 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Thu Mar 23 15:14:46 UTC 2017 - kstreitova@suse.com + +- cleanup with spec-cleaner +- get rid of %{name} macros in the patch names +- remove sysvinit support + +------------------------------------------------------------------- +Fri May 6 10:43:55 UTC 2016 - p.drouand@gmail.com + +- Add systemd support for openSUSE > 12.10 +- Do not depend on fillup when building with sysvinit support; the + package doesn't provide any sysconfig file +- Change Requires(post) tag for Requires(pre); sysvinit must be + available before the package installation, according to the policy + +------------------------------------------------------------------- +Tue Apr 26 12:13:47 UTC 2016 - kstreitova@suse.com + +- add "Requires(post): %insserv_prereq %fillup_prereq" to fix + problem with missing sed during the installation [bnc#976919] +- remove non-break space from specfile +- use spec-cleaner to clean the specfile + +------------------------------------------------------------------- +Sat Aug 29 15:07:16 UTC 2015 - bwiedemann@suse.com + +- fix compilation + add include-linux-if.patch 0001-fix-compilation-warning.patch + +------------------------------------------------------------------- +Tue Jun 16 11:19:33 UTC 2015 - kstreitova@suse.com + +- add ebtables-v2.0.10-4-audit.patch needed for CC certification + [bnc#934680] + +------------------------------------------------------------------- +Thu Nov 13 18:52:25 UTC 2014 - dimstar@opensuse.org + +- Also save include/linux/netfilter_bridge/ebt_ulog.h, as it no + longer exists in the mainline kernel. + +------------------------------------------------------------------- +Tue Sep 23 15:28:21 UTC 2014 - jengelh@inai.de + +- Remove support for old distros from specfile + (prjconf can do substitutions instead) + +------------------------------------------------------------------- +Fri Feb 28 08:42:42 UTC 2014 - vcizek@suse.com + +- add missing BuildRequires: sed (bnc#865848) + +------------------------------------------------------------------- +Wed Dec 19 10:08:54 UTC 2012 - jengelh@inai.de + +- Have build succeed on non-SUSE + +------------------------------------------------------------------- +Thu Dec 15 21:44:32 UTC 2011 - jengelh@medozas.de + +- Update to new upstream release 2.0.10.4 +* previous counter bug was still present and has been addressed now + +------------------------------------------------------------------- +Sun Dec 4 16:27:22 UTC 2011 - jengelh@medozas.de + +- Update to new upstream release 2.0.10.3 +* fix a counter setting bug + +------------------------------------------------------------------- +Thu Aug 11 23:23:35 UTC 2011 - jengelh@medozas.de + +- Update to new upstream release 2.0.10.2 +* minor compilation fixes: respect LDFLAGS in Makefiles +- Remove obsolete ebtables-typepuns.diff patch (fixed upstream) + +------------------------------------------------------------------- +Sun Jul 10 23:03:57 UTC 2011 - jengelh@medozas.de + +- update to 2.0.10.1 +* fix --among-dst-file, which translated to --among-src +* Makefile: respect LDFLAGS during ebtables build +* Makefile: create directories to avoid build failure when DESTDIR + is supplied +* incorporate fixes for possible issues found by Coverity analysis +* extend ebt_ip6 to allow matching on ipv6-icmp types/codes +* add --concurrent option, which enables using a file lock to + support concurrent scripts updating the ebtables kernel tables +- run spec-beautifier over specfile + +------------------------------------------------------------------- +Mon Jun 6 11:18:31 UTC 2011 - puzel@novell.com + +- update to 2.0.9-2 + * fix unwanted zeroing of counters in the last user-defined chain + * fix hidden symbol compilation error when using ld directly + * fix return value checking of creat to give a correct error + message if the atomic file couldn't be created + * correct info in INSTALL about compilation of ulog +- use spec-cleaner +- update ebtables-v2.0.8-makefile.diff +- license is GPLv2, not GPLv2+ +- package COPYING and ChangeLog files + +------------------------------------------------------------------- +Tue May 31 12:34:34 UTC 2011 - lnussel@suse.de + +- cleanup up initscript + * don't use /var/lock/subsys + * read /etc/sysconfig/ebtables for setting and restore state from + /etc/ebtables where the script actually saved the state to. + +------------------------------------------------------------------- +Thu Mar 18 07:09:55 UTC 2010 - coolo@novell.com + +- use rc_status (uncredited change) + +------------------------------------------------------------------- +Mon Jan 25 23:19:23 CET 2010 - jengelh@medozas.de + +- Switch to SUSE_ASNEEDED=0 to fix segmentation fault/NULL dereference + (caused by plugins not being loaded, due to them not being linked in) + [bnc#567267] + +------------------------------------------------------------------- +Wed Jan 6 13:52:39 CET 2010 - prusnak@suse.cz + +- update to 2.0.9-1 + * added ip6 module for filtering IPv6 traffic + * added --log-ip6 option for logging IPv6 traffic + * added nflog watcher for logging packets to userspace + * bugfix in ebtables.sysv + * bugfix for among match on x86-64 +- fix scriptlets in spec +- fix init script + +------------------------------------------------------------------- +Sat Aug 30 21:21:06 CEST 2008 - cthiel@suse.de + +- fix init script + +------------------------------------------------------------------- +Wed Oct 24 18:55:52 CEST 2007 - ro@suse.de + +- fix build (use gcc not ld directly) + +------------------------------------------------------------------- +Wed Oct 17 16:17:18 CEST 2007 - prusnak@suse.cz + +- fixed specfile not to include debug files in normal package + +------------------------------------------------------------------- +Fri Oct 12 16:13:57 CEST 2007 - prusnak@suse.cz + +- update to 2.0.8-2 + * add sysconfig support (ebtables-save, ebtables-restore, etc) + * add ulog watcher + * use shared libraries (making the code easily usable by third parties) + * improve speed + * bugfixes, dccp and sctp support +- dropped obsolete patches: + * gcc.diff (included in update) + +------------------------------------------------------------------- +Thu Aug 9 16:27:37 CEST 2007 - olh@suse.de + +- remove private include/linux/ files + +------------------------------------------------------------------- +Wed Jan 25 21:35:40 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jun 29 18:12:37 CEST 2005 - meissner@suse.de + +- use RPM_OPT_FLAGS. + +------------------------------------------------------------------- +Thu Apr 21 16:05:31 CEST 2005 - postadal@suse.cz + +- fixed for gcc 4.0 + +------------------------------------------------------------------- +Fri Jun 18 16:52:46 CEST 2004 - postadal@suse.cz + +- new package v2.0.6 + diff --git a/ebtables.keyring b/ebtables.keyring new file mode 100644 index 0000000..111475c --- /dev/null +++ b/ebtables.keyring @@ -0,0 +1,107 @@ +pub 4096R/0xA4111F89BB5F58CC 2010-10-21 [expires: 2015-10-20] + Key fingerprint = 57FF 5E9C 9AA6 7A86 0B55 7AF7 A411 1F89 BB5F 58CC +uid [ expired] Netfilter Core Team +sub 4096R/0x0FD3A13A04B92F5C 2010-10-21 [expires: 2015-10-20] + +pub 4096R/0xAB4655A126D292E4 2015-10-19 [expires: 2020-10-17] + Key fingerprint = C09D B206 3F1D 7034 BA61 52AD AB46 55A1 26D2 92E4 +uid [ unknown] Netfilter Core Team +sub 4096R/0xE3B0B6BAE3AAA39E 2015-10-19 [expires: 2020-10-17] + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBEzAS5EBEADVlGm+KwODJcVmP33HTCbn/eP8obZbgu+3Z1CYRklF8V43vC6D +8Jfk7fjD4/gWbAKZxriOESXVAN7mp0Fho4+Ga+pxWeLIET9tVM5xbNFK1p9R3XCK +p5SrugG+tGhizTR9b/1YCMVRz/yX3aDtC7lwObas4hkr5BqhphjvlkjFE7us32by +43LPpFj2yUpp1VdOf6gxl03kAgJg08h9J7a+n9KHQeAhIpXSRFq3tXiTdXQlovsv +ckwBjO0m8P2d1Z8/UYwXQgXzuO8W8EqaUSR95nDwl7UnilnKJm2fGvNg3A6PfCSk +3KdeEBZ45SRfMTPsuC5C4T0Az75h3HFR6YSae46ymg7d4ZA/Bd5K4hvp4PdYrfCi +GXen7iK9q5XDpopWb0yCrEVJzKjBjDurvpLtAD0IFWcpB6zwM38AnxVH05J8QOx/ +VCZ4vZJxTKWbpHbdcISSMmVt00VfKorF9DsjiAcBRMBcIvDpJTP4yjvr32W09wLc +d5CIYGrLKhLNysUIJ44AQoTL9yV5aQvCb2EFnoPqCEKQm8onTAGX19PpTDjDPJFt +WyMMUDtiMp2yODuFo1qHjxvqzSVX+Ti2sGpiT1hEz97GAIlbAvmXs/bTb+U+rBnd +6027ooes3cWmBSV5kpz/sMp+nFynrLZ5NDnehPScz3W31oGgSdrGsnnhaQARAQAB +tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC +PgQTAQIAKAUCTMBLkQIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA +CgkQpBEfibtfWMzULxAAtGgYeuEqk0F9y4sz6hFJf+fXKSPPrwWTIUXs/sCxlBtS +lgf9oTvk3aT48zsMIfsDsS8yfIUjaK+eedIZW3oJ0lBtwRncZKjks8Od5J7DvEhR +Kpo3cajT1KXJh584IvXN0/BbCdPUI6EQE8n0fEUrSWANfzhuD3qYtX9UUGBq/7i8 +Cf3pGFDeYRjcwWeNZ1T+xbaCKPS5BGlOVhMtauaTBZvTJniB828bOZXd3KrXUeul +AicbzZzqU7XcNX2YKw19MTQzuGNZQ3npJUPQiHgyELTh3+YUmRkPaZaZiDNZeQvu +/j8cgSoa26Q48apjghREo0Ues4MwQwEGBbdVkEQQMuC9ASti3OyZBTOqyApc2rpE +VsW2CkqvoQ8jaP51Ua4mjerYkqEqXaVtbPelNFMJXGNXrKdf0xg5Nl/onWnT9S/s +jtR3LtjOQ0apbBiGPROtYKWSQtA55TgYNLLS1+947TvU134Px1FA8Dqi72SBl7Xc +ET4nwISO222wMJBxbY4MYB2TppMysIKXUazIyekbRkpK1woH4AR6NsuJOiVdhjEi +46MkN7tmHI9S9blA98Ih6C9hMz2YgmQEwOQ0qYgVruPdYZSP+M5o+pra9ch+STBk +FbB03L9kqcAAE8wpGSBRYU+KuyVRipnPeqoeR8niO71AiKbsfbL1skTGRafC2Q+5 +Ag0ETMBLkQEQANNv2Ymm/BVxwqb1vrLq1scoWK5kmeaRD3ndMBv9F3xwqGnE/JTn +HnVoZIzGb8MD+MCe9jfm8Y+NLU0D71NpDDqRzFZCCjcTmRMYV6QXlsg/ndnSaU1b +hG0gSq4N+qZFZ+35yiY5pYv1qZkIqWr4/vg9mk53CU620bNgNJ1+F19s/eTw1231 +pJ6K6BsDi7pj4LXGD5wHZPKAmLabFweCkGbGQo6VwWw1ieNJ0igvzkZtVXuvoeHU +mAitCaZT9AIYDl4PHryckIzjgTdhK0PP92fyHV64Yr3B7G6hWlEwq4wKk9irdgqD +20Fuqw8Cvv6k1YucWfdpNbZkUI3siQE+1HUUuRTcT8yrPcEA5ZM1/U+e8jBT3EAr +hk69G6LCfwyX2Xd/JGlBmc0Qv0t2YKqj9Io1G5lBN1q57+vK7ttiIUomwvfD2ltY +0bdcEr5LjXOk3Sb+OPIVm7+vr6hDMKdUpdm5ABZRSUb0RJ37hBT+DKYbnp0t/e3a +MXxV9m3jUq8hNdwc8vU1khr9kf+MWPonE0Vw2kqHIIb4I5W9HkMJf4Vzj9/hVPMI +ucV+2de/7zqxwa0Jh5VSD7SeKj7LznsAy9gi/AioYq4AKVTsigfyJlWpjOLeOvv7 +z4uUfLRQ5OWWfX8BBw8SoPwnWQD4cXHkrHXVwYR2yy7pEc1CstUN+uqXABEBAAGJ +AiUEGAECAA8FAkzAS5ECGwwFCQlmAYAACgkQpBEfibtfWMyLqw/6A12S4bnLYaik +ToKc13ywTUsHplbmlLOy2E/5ZMksdfuWjh9XTMR0nbXWnFULxGKTP00kA0yVpv/j +beDY/qLzY2Yb0rROCQJjuWSLYuNW40+Hmh9TGsDWt7iK3XsONVpV0sRsMOBCwV3k +2EsFXu73Fj+1JvQ+WSGluj+N7HFAqPi5OFk3IFFnIGhScUz22V6meSaOEqiXLySg +qh3lv7+XuGzoBjdy7dDm+SnbmK9lO1IqPsIm4iDwmTNJBiu1Wrz319kLYA0/Vx+o +fmxyViOX1GZShb1mGH0Aeo4jeYmDNLXapkoymC3HCIMctYDmuIw6QlgG8i1LRcFh +VKMngLjZ17dl/w8gYOdkCsGIUBzvbFBhxuJnXMnFVyDxft/lorMAimH2kbjDn6qa +H0uV8ILfFVe6gnKzanugmaSQjWzby/ARPhs6OYAXoIUv5MUVDgvTzVmTckWjVa1R +kMm3eGmDSqoMxsPmarb80nkoFQMOPhJWlyaUCt6HHRYuSkIcxY4H4Ni3Oq1s1R9/ +EqUuIfxNv7Kp0mcsE2KvANc3JfB9wXwLWqDYRCifLkCD6pbpt9L/+xQ49VzcFxNO +9DqTyk4N7cz7OZrAi+ouVrdFuiwnZyn5YSQoof6Pos58b3bkFn14m9gofwTqGzPh +R4Vot9rRu5zrWdoCM4cRThpJyrjqBMuZAg0EViV2IwEQALrfnP0L2QbpXPN1Yg7w +ESbOMnp3B7nIyeVmo3mvYI/mH0GtEHcFbigsUt4nIXCxI/ppB5NQH/GR8EbTUbq2 +OycNaIRWSDYHX+LDijyZ9NO6m8wbQODdhjroK7q8rHzO8Vp+reNzPM2nY7Uh3w3s +dPrOERGYeZld1nDyN20ko2Zg4fIJIwVJaHwv4L1j9GYAKp6ACnyG81+VA9adPNCi +9YyIbET/3/bWkl86AS78rLY7fFo5s2BZn0gvFzCB/q9v/dKYs6e5aX7DUeF2q4OW +/J7vJjITXGum7ydRC3Neov8PdeNAbBfciznWvnTyArExjgTiHwqQOIDnW4dEJtJw +iNP50rVKb5DZI3/YokZ5AAQV70ZZemL/5vfGl6a77wvuUFcKFtiQq3JYvt3oWcBO +zyWbd7L1McwAbOOeSXS9hGWuWHjzFuQl7igdJAXs4GRCgUbM83yTCtmDD11337De +diSfrcgtmNpkvfRBkjUKYten6N1jsNBqCevLxw0uFYBeSVl96KJyybMd2Rd7P+tC +jtfpPuEvw9AlPqHZKnKQ4c8vp07MCI9JavJ/nola7rCMk0LULC9tttyaOGNSD3vb +/t26lXr6qOV60+0lw7xEbdAu8zdEqR/ixKbvn1jbSajTcH3geGL7YakliuctRWTB +XYyd8abaKDUzrTES1JJ53xRNABEBAAG0LE5ldGZpbHRlciBDb3JlIFRlYW0gPGNv +cmV0ZWFtQG5ldGZpbHRlci5vcmc+iQI+BBMBAgAoBQJWJXYjAhsDBQkJZgGABgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCrRlWhJtKS5NoHEAC6mgfbDygR+Mrb +Hg3qbGkgonPjUnYBqkBDz8jgdvFXS3Qm/ANI92qqeLkG+eFusuioIpXg4SHNmyUB +oR+B60tApBtzO88iAbCHkjvfz4fqAZpYJ3VzYXIa/ScSoQHj77quNkO9aauikTj4 +ro6gnMUI2ilN1dv9Fb9/3XYxfyvP7QhWyGRuu9MekaPNjATtw7tDnDBe0C5eHrwX +l2ojGxldj2eecoLLYcGw8x4rVDAxlNldh6tNgwc3IQ+4FkIri5sudK4vxDkPbouf +srT6xoUe+qAj+9mScUeRFSrrdCCRd2EsBq+jhWS/kOWa0OAi6TKSOXMIdJze84Og +R+67m+PNivmZ5+XgSmM/AzN36Lynx8nx7WNThVCd9HViq9kyXI1tQazGU30++Wec +ct+7VE2f4aP5ITjd7WlHlEULVjRMBg+mFdz+jfmEncmC41TjWykqvrZWsT98FhNR +YiRVsniiNvc7BS8X1qBODovvKg44yF3xEy3uFScHMqwMjiEqtVfQpfZh9PjzX1eA +uj9sMF16NnzVeT/n4gKbO8E4vebtIJgzMd19Y0KCxfMxu4rjSHw1T0bYzwOoa9y/ +ejKM/G/NEnFKzwjySEbG9zlciJXrhb7a2y+YzNvSjEuP8Hs2BLPgJkZtVoiE4UVE +9Wb7jNhyUz4RC0FdjRyGItGglyc9IbkCDQRWJXYjARAArK1scDuvvWTEJv+y0Sr3 +hnM8mnHIK2XNcn4p/d5nO1myCtZWPRVDIQyyXJMntEqrLBMnjxBdQcQkt7o2mJFL +yJYO+Xb/9JyH161MPybM60dDXOTTxnAp3dDH4tdL/5snVAyrC93W2PMahK4bdwpM +10Cz/FxtcB2xJ7Zoqq3bveN4KSUabsRYJN29BwjKtg392MtJ68SAAWN21feQ/Js9 +KjDpNoX2Sl9ZoIR2bbIsaGNeti/ciTy43MS/V6KXNTcoYrgySyW/HCNw9KjtvH+g +/W/ze0sCXJKLby6oRQfsR2zPBTs9YB92GepG+3j1v+tw4jtbvmLKSse+S5BG8Ue2 +j3Bxbz4/RECdrlxDe4gX1hi5K/W0159pB65fha+DM3YvKrNouKsqLsxm5DMjDjdE +qVQWtPd4tYy4uL2RWcGvvede+tN5rYsBatfelMfTSFN+jxFntwok6YmulnzIDP4O +tUjLOpH1ZyNTcXEyAQz51aXcjVuk/6MV64hSEnH1FB7v79Zo9afdmNSKdpXf8nvZ +3IO7HnXhpwh3pjWplyalZR7nb7PlIDxHCK6S3EN3lutBX4w9oh03KfrWlfZb2TD/ +s85uNzbU7TSb8KFC90i9H/qsd1w3kzy4evRJlyFvIqwksYY76huTfpDdx8yabfFY +IG2TXc2iMkA7R+oMo+B46kkAEQEAAYkCJQQYAQIADwUCViV2IwIbDAUJCWYBgAAK +CRCrRlWhJtKS5IB2D/9eL6TJ82wCrh3Hx+R3YeWVObukEBq4Ho8KRFngvIi+2D14 +PljWtITPeplDtpXu3E1i7I74F1925xFs7pT6BD65e13/18y4RX5pwGfu0HTJpi3U +B47WXlSnyRBLD+/qiKcSCkR1mcKJgyIY9KbA0rr1Drv/3DJR+wBt9Fuww/gxgv7v +yIxxrDa2+GESxJc1iLyuKFiDtnUkmJpqtJV0szi38W1NQUwWWF3CWUpqfvn316CJ +4cTyuurLn994ceJDherS9tFcYASdmbl6g6PwWgdFrpmb44J7gdBCsB9q2cpjhDbu +bgTq7V32CVMBGKOThihJZHIz/LZyuHv9WNYXUNfpEOOUN97C+j6091TSh+5P6oJO +E61VMBBL51nw3T0FFKtA9kubKLk08GH75vPLaBqLa5B88Z3nJWdlaJOdgGEz65PU +Uh78iWJ3AFAOwhsDEfxFYC+gZWqt9qw3Wyp2eY2q+5ep4KRxuqq3M0V3zXE6z5ff +F8CCqRe/yzGAh8RxEmT/Nl+yHEIVv7qpJk6GSvkXr5dN/jyZCiN2fHEhZOBtLvln +E5UjMbYOGqk3F8OARHarJ/qARATzqNYdDRe9SKxlbog+k6WWxJ4ivSVmYY28vEWf +79IZ79ZHJ0woRi+vr3Cwpc488Sjwi7a/O0HW6zXSaxXNeYR0VnwvcrZrtlCqIQ== +=zI6p +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ebtables.service b/ebtables.service new file mode 100644 index 0000000..aa59503 --- /dev/null +++ b/ebtables.service @@ -0,0 +1,19 @@ +[Unit] +Description=Ethernet Bridge Filtering tables + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=oneshot +RemainAfterExit=yes +ExecStart=@LIBEXECDIR@/ebtables-helper start +ExecStop=@LIBEXECDIR@/ebtables-helper stop + +[Install] +WantedBy=multi-user.target diff --git a/ebtables.spec b/ebtables.spec new file mode 100644 index 0000000..6df5f0f --- /dev/null +++ b/ebtables.spec @@ -0,0 +1,201 @@ +# +# spec file for package ebtables +# +# Copyright (c) 2021 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} > 1500 +%bcond_without libalternatives +%else +%bcond_with libalternatives +%endif +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +Name: ebtables +Version: 2.0.11 +Release: 0 +Summary: Ethernet Bridge Tables +License: GPL-2.0-or-later +Group: Productivity/Networking/Security +URL: http://ebtables.sf.net/ +#Git-Clone: git://git.netfilter.org/ebtables +Source0: http://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.gz +Source1: http://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.gz.sig +Source2: ebtables.keyring +Source3: ebtables.service +Source4: ebtables.systemd +BuildRequires: linux-glibc-devel >= 2.6.20 +BuildRequires: sed +BuildRequires: systemd-rpm-macros +BuildRequires: xz +Requires: netcfg >= 11.6 +Requires(pre): %fillup_prereq +%{?systemd_ordering} +%if %{with libalternatives} +BuildRequires: alts +Requires: alts +%else +Requires(post): update-alternatives +Requires(postun):update-alternatives +%endif + +%description +A firewalling tool to transparently filter network traffic passing a +bridge. The filtering possibilities are limited to link layer filtering +and some basic filtering on higher network layers. The ebtables tool +can be used together with the other Linux filtering tools, like +iptables. There are no incompatibility issues. + +%package -n libebtc0 +Summary: Library for the ebtables low-level ruleset generation and parsing +Group: System/Libraries + +%description -n libebtc0 +libebtc ("ebtables cache") is used to retrieve from the kernel, parse, +construct, and load rulesets into the kernel. + +%prep +%autosetup -p1 + +# delete all kernel headers, but keep ebt_ip6.h and ebt_nflog.h +mv include/linux/netfilter_bridge/ebt_ip6.{h,h.save} +mv include/linux/netfilter_bridge/ebt_nflog.{h,h.save} +mv include/linux/netfilter_bridge/ebt_ulog.{h,h.save} +rm -f include/linux/*.h +rm -f include/linux/netfilter_bridge/*.h +mv include/linux/netfilter_bridge/ebt_ip6.{h.save,h} +mv include/linux/netfilter_bridge/ebt_nflog.{h.save,h} +mv include/linux/netfilter_bridge/ebt_ulog.{h.save,h} + +%build +# The way ebtables is built requires ASNEEDED=0 forever [bnc#567267] +export SUSE_ASNEEDED=0 +%configure +%make_build + +%install +# The way ebtables is built requires ASNEEDED=0 forever [bnc#567267] +export SUSE_ASNEEDED=0 +mkdir -p "%{buildroot}/%{_sysconfdir}/init.d" +%make_install +mkdir -p %{buildroot}%{_fillupdir} +mkdir -p %{buildroot}%{_unitdir} +install -p %{_sourcedir}/ebtables.service %{buildroot}%{_unitdir}/ +sed -i "s|@LIBEXECDIR@|%{_libexecdir}|g" %{buildroot}%{_unitdir}/*.service +chmod -x %{buildroot}%{_unitdir}/*.service +mkdir -p %{buildroot}%{_libexecdir} +install -m0755 %{_sourcedir}/ebtables.systemd %{buildroot}%{_libexecdir}/%{name}-helper +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.filter +touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.nat +touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.broute +rm -rfv %{buildroot}%{_initddir} +# not used +rm -f "%{buildroot}/%{_sysconfdir}/ebtables-config" +for i in ebtables ebtables-restore ebtables-save; do +%if ! %{with libalternatives} + ln -fsv "%{_sysconfdir}/alternatives/$i" "%{buildroot}/%{_sbindir}/$i" +%else + ln -fsv %{_bindir}/alts "%{buildroot}/%{_sbindir}/$i" +%endif +done +echo ".so ebtables-legacy.8" >"%{buildroot}/%{_mandir}/man8/ebtables.8" +# no headers to make use of it +rm -f "%{buildroot}/%{_libdir}/libebtc.la" "%{buildroot}/%{_libdir}/libebtc.so" + +%if %{with libalternatives} +mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables +cat > %{buildroot}%{_datadir}/libalternatives/ebtables/1.conf < %{buildroot}%{_datadir}/libalternatives/ebtables-restore/1.conf < %{buildroot}%{_datadir}/libalternatives/ebtables-save/1.conf < /dev/null || RETVAL=1 + else + echo -n "not configured" + fi + if [ $RETVAL -eq 0 ]; then + echo -n $"[ OK ]" + echo -ne "\r" + else + echo -n $"[FAILED]" + echo -ne "\r" + fi +} + +case $1 in + start) + # Initialize filter tables + TYPE=filter + initialize + + # Initialize NAT tables + echo + TYPE=nat + initialize + + # Initialize broute tables + echo + TYPE=broute + initialize + ;; + stop) + /usr/sbin/ebtables -t filter --init-table || RETVAL=1 + /usr/sbin/ebtables -t nat --init-table || RETVAL=1 + /usr/sbin/ebtables -t broute --init-table || RETVAL=1 + + for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do + /usr/sbin/rmmod $mod || RETVAL=1 + done + + if [ $RETVAL -eq 0 ]; then + echo -n $"[ OK ]" + echo -ne "\r" + else + echo -n $"[FAILED]" + echo -ne "\r" + fi + ;; + save) + echo -n $"Saving Ethernet bridge filtering (ebtables): " + /usr/sbin/ebtables -t filter --atomic-file /etc/sysconfig/ebtables.filter --atomic-save || RETVAL=1 + /usr/sbin/ebtables -t nat --atomic-file /etc/sysconfig/ebtables.nat --atomic-save || RETVAL=1 + /usr/sbin/ebtables -t broute --atomic-file /etc/sysconfig/ebtables.broute --atomic-save || RETVAL=1 + if [ $RETVAL -eq 0 ]; then + echo -n $"[ OK ]" + echo -ne "\r" + else + echo -n $"[FAILED]" + echo -ne "\r" + fi + ;; + *) + echo "usage: ${0##*/} {start|stop|save}" >&2 + exit 1 + ;; +esac + +# vim:set ts=2 sw=2 ft=sh et: