Sync from SUSE:SLFO:Main ebtables revision 10266afa0f0d0a217806fa0d1afac843

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

ebtables.changes

@@ -0,0 +1,304 @@
+-------------------------------------------------------------------
+Thu Nov 11 08:36:14 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Add build dependency on libalternatives
+- Run spec-cleaner
+
+-------------------------------------------------------------------
+Fri Oct 15 07:30:28 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * ebtables.service
+
+-------------------------------------------------------------------
+Fri Aug 20 18:06:09 UTC 2021 - Stefan Schubert <schubi@suse.de>
+
+- Use libalternatives instead of update-alternatives. 
+
+-------------------------------------------------------------------
+Wed Sep  2 14:23:48 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Have the source .service file hold a placeholder for LIBEXECDIR,
+  which we replace during build/install phase, allowing the package
+  to be used no matter what value %{_libexecdir} has.
+
+-------------------------------------------------------------------
+Tue Sep  1 12:11:49 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
+
+- replace /usr/lib with /usr/libexec in .service files to follow
+  %_libexecdir macro changes
+
+-------------------------------------------------------------------
+Tue May  5 10:15:21 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Revert last /bin/bash -> /bin/sh change
+
+-------------------------------------------------------------------
+Wed Apr 29 14:05:24 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Use /bin/sh for ebtables.systemd
+- Don't hard require systemd, we don't need that in a container
+
+-------------------------------------------------------------------
+Fri Jan 10 14:26:56 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
+
+- rename /usr/lib/ebtables helper file to /usr/lib/ebtables-helper
+  otherwise it conflicts with /usr/lib/ebtables library directory
+  on 32-bit systems [bsc#1159769]
+
+-------------------------------------------------------------------
+Tue Dec 10 14:12:00 UTC 2019 - Kristyna Streitova <kstreitova@suse.com>
+
+- add ebtables.keyring as a Source
+
+-------------------------------------------------------------------
+Mon Dec  2 19:26:41 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 2.0.11
+  * Add --noflush command line support for ebtables-restore
+  * Do not print IPv6 mask if it is all ones
+  * Allow RETURN target rules in user defined chains
+  * ebt_ip: add support for matching ICMP type and code
+  * ebt_ip: add support for matching IGMP type
+  * extensions: Add string filter to ebtables
+  * Print IPv6 prefixes in CIDR notation
+  * extensions: Add AUDIT target
+  * Fix incorrect IPv6 prefix formatting
+- Drop ebtables-v2.0.8-makefile.diff (no longer needed)
+- Drop ebtables-v2.0.8-initscript.diff, include-linux-if.patch
+  (not applicable)
+- Drop ebtables-v2.0.10-4-audit.patch,
+  0001-fix-compilation-warning.patch,
+  0001-Use-flock-for-concurrent-option.patch,
+  0002-Fix-locking-if-LOCKDIR-does-not-exist.patch (merged)
+
+-------------------------------------------------------------------
+Wed Jul 10 11:30:50 UTC 2019 - Kristyna Streitova <kstreitova@suse.com>
+
+- fix path (/sbin -> /usr/sbin) in ebtables.systemd [bsc#1140898]
+
+-------------------------------------------------------------------
+Fri Feb 22 14:04:30 UTC 2019 - Michał Rostecki <mrostecki@opensuse.org>
+
+- Add upstream patches which improve handling stale locks.
+  (boo#1126094)
+  * 0001-Use-flock-for-concurrent-option.patch
+  * 0002-Fix-locking-if-LOCKDIR-does-not-exist.patch
+
+-------------------------------------------------------------------
+Fri Aug 24 10:20:05 UTC 2018 - jengelh@inai.de
+
+- Move ebtables to ebtables-legacy and use update-alternatives to
+  offer a selection mechanism.
+
+-------------------------------------------------------------------
+Thu Mar 15 13:30:35 UTC 2018 - kstreitova@suse.com
+
+- fix ExecStart/ExecStop path in ebtables.service [bnc#1085228]
+
+-------------------------------------------------------------------
+Mon Mar 12 10:08:51 UTC 2018 - matthias.gerstner@suse.com
+
+- Fix ethertypes ownership, should be %exclude, not %ghost.
+
+-------------------------------------------------------------------
+Thu Feb 22 16:22:33 UTC 2018 - matthias.gerstner@suse.com
+
+- Resolve conflict with iptables-nft and obtain ethertypes from new netcfg
+  minor version. FATE#320520
+
+-------------------------------------------------------------------
+Thu Nov 23 13:37:47 UTC 2017 - rbrown@suse.com
+
+- Replace references to /var/adm/fillup-templates with new 
+  %_fillupdir macro (boo#1069468)
+
+-------------------------------------------------------------------
+Thu Mar 23 15:14:46 UTC 2017 - kstreitova@suse.com
+
+- cleanup with spec-cleaner
+- get rid of %{name} macros in the patch names
+- remove sysvinit support
+
+-------------------------------------------------------------------
+Fri May  6 10:43:55 UTC 2016 - p.drouand@gmail.com
+
+- Add systemd support for openSUSE > 12.10
+- Do not depend on fillup when building with sysvinit support; the 
+  package doesn't provide any sysconfig file
+- Change Requires(post) tag for Requires(pre); sysvinit must be
+  available before the package installation, according to the policy
+
+-------------------------------------------------------------------
+Tue Apr 26 12:13:47 UTC 2016 - kstreitova@suse.com
+
+- add "Requires(post): %insserv_prereq %fillup_prereq" to fix
+  problem with missing sed during the installation [bnc#976919]
+- remove non-break space from specfile
+- use spec-cleaner to clean the specfile
+
+-------------------------------------------------------------------
+Sat Aug 29 15:07:16 UTC 2015 - bwiedemann@suse.com
+
+- fix compilation
+  add include-linux-if.patch 0001-fix-compilation-warning.patch
+
+-------------------------------------------------------------------
+Tue Jun 16 11:19:33 UTC 2015 - kstreitova@suse.com
+
+- add ebtables-v2.0.10-4-audit.patch needed for CC certification
+  [bnc#934680]
+
+-------------------------------------------------------------------
+Thu Nov 13 18:52:25 UTC 2014 - dimstar@opensuse.org
+
+- Also save include/linux/netfilter_bridge/ebt_ulog.h, as it no
+  longer exists in the mainline kernel.
+
+-------------------------------------------------------------------
+Tue Sep 23 15:28:21 UTC 2014 - jengelh@inai.de
+
+- Remove support for old distros from specfile
+  (prjconf can do substitutions instead)
+
+-------------------------------------------------------------------
+Fri Feb 28 08:42:42 UTC 2014 - vcizek@suse.com
+
+- add missing BuildRequires: sed (bnc#865848)
+
+-------------------------------------------------------------------
+Wed Dec 19 10:08:54 UTC 2012 - jengelh@inai.de
+
+- Have build succeed on non-SUSE
+
+-------------------------------------------------------------------
+Thu Dec 15 21:44:32 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 2.0.10.4
+* previous counter bug was still present and has been addressed now
+
+-------------------------------------------------------------------
+Sun Dec  4 16:27:22 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 2.0.10.3
+* fix a counter setting bug
+
+-------------------------------------------------------------------
+Thu Aug 11 23:23:35 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 2.0.10.2
+* minor compilation fixes: respect LDFLAGS in Makefiles
+- Remove obsolete ebtables-typepuns.diff patch (fixed upstream)
+
+-------------------------------------------------------------------
+Sun Jul 10 23:03:57 UTC 2011 - jengelh@medozas.de
+
+- update to 2.0.10.1
+* fix --among-dst-file, which translated to --among-src
+* Makefile: respect LDFLAGS during ebtables build
+* Makefile: create directories to avoid build failure when DESTDIR
+  is supplied
+* incorporate fixes for possible issues found by Coverity analysis
+* extend ebt_ip6 to allow matching on ipv6-icmp types/codes
+* add --concurrent option, which enables using a file lock to
+  support concurrent scripts updating the ebtables kernel tables
+- run spec-beautifier over specfile
+
+-------------------------------------------------------------------
+Mon Jun  6 11:18:31 UTC 2011 - puzel@novell.com
+
+- update to 2.0.9-2 
+  * fix unwanted zeroing of counters in the last user-defined chain
+  * fix hidden symbol compilation error when using ld directly
+  * fix return value checking of creat to give a correct error
+    message if the atomic file couldn't be created
+  * correct info in INSTALL about compilation of ulog
+- use spec-cleaner
+- update ebtables-v2.0.8-makefile.diff
+- license is GPLv2, not GPLv2+
+- package COPYING and ChangeLog files
+
+-------------------------------------------------------------------
+Tue May 31 12:34:34 UTC 2011 - lnussel@suse.de
+
+- cleanup up initscript
+  * don't use /var/lock/subsys
+  * read /etc/sysconfig/ebtables for setting and restore state from
+    /etc/ebtables where the script actually saved the state to.
+
+-------------------------------------------------------------------
+Thu Mar 18 07:09:55 UTC 2010 - coolo@novell.com
+
+- use rc_status (uncredited change)
+
+-------------------------------------------------------------------
+Mon Jan 25 23:19:23 CET 2010 - jengelh@medozas.de
+
+- Switch to SUSE_ASNEEDED=0 to fix segmentation fault/NULL dereference
+  (caused by plugins not being loaded, due to them not being linked in)
+  [bnc#567267]
+
+-------------------------------------------------------------------
+Wed Jan  6 13:52:39 CET 2010 - prusnak@suse.cz
+
+- update to 2.0.9-1
+  * added ip6 module for filtering IPv6 traffic
+  * added --log-ip6 option for logging IPv6 traffic
+  * added nflog watcher for logging packets to userspace
+  * bugfix in ebtables.sysv
+  * bugfix for among match on x86-64
+- fix scriptlets in spec
+- fix init script
+
+-------------------------------------------------------------------
+Sat Aug 30 21:21:06 CEST 2008 - cthiel@suse.de
+
+- fix init script
+
+-------------------------------------------------------------------
+Wed Oct 24 18:55:52 CEST 2007 - ro@suse.de
+
+- fix build (use gcc not ld directly)
+
+-------------------------------------------------------------------
+Wed Oct 17 16:17:18 CEST 2007 - prusnak@suse.cz
+
+- fixed specfile not to include debug files in normal package
+
+-------------------------------------------------------------------
+Fri Oct 12 16:13:57 CEST 2007 - prusnak@suse.cz
+
+- update to 2.0.8-2
+  * add sysconfig support (ebtables-save, ebtables-restore, etc)
+  * add ulog watcher
+  * use shared libraries (making the code easily usable by third parties)
+  * improve speed
+  * bugfixes, dccp and sctp support
+- dropped obsolete patches:
+  * gcc.diff (included in update)
+
+-------------------------------------------------------------------
+Thu Aug  9 16:27:37 CEST 2007 - olh@suse.de
+
+- remove private include/linux/ files
+
+-------------------------------------------------------------------
+Wed Jan 25 21:35:40 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Wed Jun 29 18:12:37 CEST 2005 - meissner@suse.de
+
+- use RPM_OPT_FLAGS.
+
+-------------------------------------------------------------------
+Thu Apr 21 16:05:31 CEST 2005 - postadal@suse.cz
+
+- fixed for gcc 4.0
+
+-------------------------------------------------------------------
+Fri Jun 18 16:52:46 CEST 2004 - postadal@suse.cz
+
+- new package v2.0.6
+

ebtables.keyring

@@ -0,0 +1,107 @@
+pub   4096R/0xA4111F89BB5F58CC 2010-10-21 [expires: 2015-10-20]
+      Key fingerprint = 57FF 5E9C 9AA6 7A86 0B55  7AF7 A411 1F89 BB5F 58CC
+uid                 [ expired] Netfilter Core Team <coreteam@netfilter.org>
+sub   4096R/0x0FD3A13A04B92F5C 2010-10-21 [expires: 2015-10-20]
+
+pub   4096R/0xAB4655A126D292E4 2015-10-19 [expires: 2020-10-17]
+      Key fingerprint = C09D B206 3F1D 7034 BA61  52AD AB46 55A1 26D2 92E4
+uid                 [ unknown] Netfilter Core Team <coreteam@netfilter.org>
+sub   4096R/0xE3B0B6BAE3AAA39E 2015-10-19 [expires: 2020-10-17]
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBEzAS5EBEADVlGm+KwODJcVmP33HTCbn/eP8obZbgu+3Z1CYRklF8V43vC6D
+8Jfk7fjD4/gWbAKZxriOESXVAN7mp0Fho4+Ga+pxWeLIET9tVM5xbNFK1p9R3XCK
+p5SrugG+tGhizTR9b/1YCMVRz/yX3aDtC7lwObas4hkr5BqhphjvlkjFE7us32by
+43LPpFj2yUpp1VdOf6gxl03kAgJg08h9J7a+n9KHQeAhIpXSRFq3tXiTdXQlovsv
+ckwBjO0m8P2d1Z8/UYwXQgXzuO8W8EqaUSR95nDwl7UnilnKJm2fGvNg3A6PfCSk
+3KdeEBZ45SRfMTPsuC5C4T0Az75h3HFR6YSae46ymg7d4ZA/Bd5K4hvp4PdYrfCi
+GXen7iK9q5XDpopWb0yCrEVJzKjBjDurvpLtAD0IFWcpB6zwM38AnxVH05J8QOx/
+VCZ4vZJxTKWbpHbdcISSMmVt00VfKorF9DsjiAcBRMBcIvDpJTP4yjvr32W09wLc
+d5CIYGrLKhLNysUIJ44AQoTL9yV5aQvCb2EFnoPqCEKQm8onTAGX19PpTDjDPJFt
+WyMMUDtiMp2yODuFo1qHjxvqzSVX+Ti2sGpiT1hEz97GAIlbAvmXs/bTb+U+rBnd
+6027ooes3cWmBSV5kpz/sMp+nFynrLZ5NDnehPScz3W31oGgSdrGsnnhaQARAQAB
+tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
+PgQTAQIAKAUCTMBLkQIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
+CgkQpBEfibtfWMzULxAAtGgYeuEqk0F9y4sz6hFJf+fXKSPPrwWTIUXs/sCxlBtS
+lgf9oTvk3aT48zsMIfsDsS8yfIUjaK+eedIZW3oJ0lBtwRncZKjks8Od5J7DvEhR
+Kpo3cajT1KXJh584IvXN0/BbCdPUI6EQE8n0fEUrSWANfzhuD3qYtX9UUGBq/7i8
+Cf3pGFDeYRjcwWeNZ1T+xbaCKPS5BGlOVhMtauaTBZvTJniB828bOZXd3KrXUeul
+AicbzZzqU7XcNX2YKw19MTQzuGNZQ3npJUPQiHgyELTh3+YUmRkPaZaZiDNZeQvu
+/j8cgSoa26Q48apjghREo0Ues4MwQwEGBbdVkEQQMuC9ASti3OyZBTOqyApc2rpE
+VsW2CkqvoQ8jaP51Ua4mjerYkqEqXaVtbPelNFMJXGNXrKdf0xg5Nl/onWnT9S/s
+jtR3LtjOQ0apbBiGPROtYKWSQtA55TgYNLLS1+947TvU134Px1FA8Dqi72SBl7Xc
+ET4nwISO222wMJBxbY4MYB2TppMysIKXUazIyekbRkpK1woH4AR6NsuJOiVdhjEi
+46MkN7tmHI9S9blA98Ih6C9hMz2YgmQEwOQ0qYgVruPdYZSP+M5o+pra9ch+STBk
+FbB03L9kqcAAE8wpGSBRYU+KuyVRipnPeqoeR8niO71AiKbsfbL1skTGRafC2Q+5
+Ag0ETMBLkQEQANNv2Ymm/BVxwqb1vrLq1scoWK5kmeaRD3ndMBv9F3xwqGnE/JTn
+HnVoZIzGb8MD+MCe9jfm8Y+NLU0D71NpDDqRzFZCCjcTmRMYV6QXlsg/ndnSaU1b
+hG0gSq4N+qZFZ+35yiY5pYv1qZkIqWr4/vg9mk53CU620bNgNJ1+F19s/eTw1231
+pJ6K6BsDi7pj4LXGD5wHZPKAmLabFweCkGbGQo6VwWw1ieNJ0igvzkZtVXuvoeHU
+mAitCaZT9AIYDl4PHryckIzjgTdhK0PP92fyHV64Yr3B7G6hWlEwq4wKk9irdgqD
+20Fuqw8Cvv6k1YucWfdpNbZkUI3siQE+1HUUuRTcT8yrPcEA5ZM1/U+e8jBT3EAr
+hk69G6LCfwyX2Xd/JGlBmc0Qv0t2YKqj9Io1G5lBN1q57+vK7ttiIUomwvfD2ltY
+0bdcEr5LjXOk3Sb+OPIVm7+vr6hDMKdUpdm5ABZRSUb0RJ37hBT+DKYbnp0t/e3a
+MXxV9m3jUq8hNdwc8vU1khr9kf+MWPonE0Vw2kqHIIb4I5W9HkMJf4Vzj9/hVPMI
+ucV+2de/7zqxwa0Jh5VSD7SeKj7LznsAy9gi/AioYq4AKVTsigfyJlWpjOLeOvv7
+z4uUfLRQ5OWWfX8BBw8SoPwnWQD4cXHkrHXVwYR2yy7pEc1CstUN+uqXABEBAAGJ
+AiUEGAECAA8FAkzAS5ECGwwFCQlmAYAACgkQpBEfibtfWMyLqw/6A12S4bnLYaik
+ToKc13ywTUsHplbmlLOy2E/5ZMksdfuWjh9XTMR0nbXWnFULxGKTP00kA0yVpv/j
+beDY/qLzY2Yb0rROCQJjuWSLYuNW40+Hmh9TGsDWt7iK3XsONVpV0sRsMOBCwV3k
+2EsFXu73Fj+1JvQ+WSGluj+N7HFAqPi5OFk3IFFnIGhScUz22V6meSaOEqiXLySg
+qh3lv7+XuGzoBjdy7dDm+SnbmK9lO1IqPsIm4iDwmTNJBiu1Wrz319kLYA0/Vx+o
+fmxyViOX1GZShb1mGH0Aeo4jeYmDNLXapkoymC3HCIMctYDmuIw6QlgG8i1LRcFh
+VKMngLjZ17dl/w8gYOdkCsGIUBzvbFBhxuJnXMnFVyDxft/lorMAimH2kbjDn6qa
+H0uV8ILfFVe6gnKzanugmaSQjWzby/ARPhs6OYAXoIUv5MUVDgvTzVmTckWjVa1R
+kMm3eGmDSqoMxsPmarb80nkoFQMOPhJWlyaUCt6HHRYuSkIcxY4H4Ni3Oq1s1R9/
+EqUuIfxNv7Kp0mcsE2KvANc3JfB9wXwLWqDYRCifLkCD6pbpt9L/+xQ49VzcFxNO
+9DqTyk4N7cz7OZrAi+ouVrdFuiwnZyn5YSQoof6Pos58b3bkFn14m9gofwTqGzPh
+R4Vot9rRu5zrWdoCM4cRThpJyrjqBMuZAg0EViV2IwEQALrfnP0L2QbpXPN1Yg7w
+ESbOMnp3B7nIyeVmo3mvYI/mH0GtEHcFbigsUt4nIXCxI/ppB5NQH/GR8EbTUbq2
+OycNaIRWSDYHX+LDijyZ9NO6m8wbQODdhjroK7q8rHzO8Vp+reNzPM2nY7Uh3w3s
+dPrOERGYeZld1nDyN20ko2Zg4fIJIwVJaHwv4L1j9GYAKp6ACnyG81+VA9adPNCi
+9YyIbET/3/bWkl86AS78rLY7fFo5s2BZn0gvFzCB/q9v/dKYs6e5aX7DUeF2q4OW
+/J7vJjITXGum7ydRC3Neov8PdeNAbBfciznWvnTyArExjgTiHwqQOIDnW4dEJtJw
+iNP50rVKb5DZI3/YokZ5AAQV70ZZemL/5vfGl6a77wvuUFcKFtiQq3JYvt3oWcBO
+zyWbd7L1McwAbOOeSXS9hGWuWHjzFuQl7igdJAXs4GRCgUbM83yTCtmDD11337De
+diSfrcgtmNpkvfRBkjUKYten6N1jsNBqCevLxw0uFYBeSVl96KJyybMd2Rd7P+tC
+jtfpPuEvw9AlPqHZKnKQ4c8vp07MCI9JavJ/nola7rCMk0LULC9tttyaOGNSD3vb
+/t26lXr6qOV60+0lw7xEbdAu8zdEqR/ixKbvn1jbSajTcH3geGL7YakliuctRWTB
+XYyd8abaKDUzrTES1JJ53xRNABEBAAG0LE5ldGZpbHRlciBDb3JlIFRlYW0gPGNv
+cmV0ZWFtQG5ldGZpbHRlci5vcmc+iQI+BBMBAgAoBQJWJXYjAhsDBQkJZgGABgsJ
+CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCrRlWhJtKS5NoHEAC6mgfbDygR+Mrb
+Hg3qbGkgonPjUnYBqkBDz8jgdvFXS3Qm/ANI92qqeLkG+eFusuioIpXg4SHNmyUB
+oR+B60tApBtzO88iAbCHkjvfz4fqAZpYJ3VzYXIa/ScSoQHj77quNkO9aauikTj4
+ro6gnMUI2ilN1dv9Fb9/3XYxfyvP7QhWyGRuu9MekaPNjATtw7tDnDBe0C5eHrwX
+l2ojGxldj2eecoLLYcGw8x4rVDAxlNldh6tNgwc3IQ+4FkIri5sudK4vxDkPbouf
+srT6xoUe+qAj+9mScUeRFSrrdCCRd2EsBq+jhWS/kOWa0OAi6TKSOXMIdJze84Og
+R+67m+PNivmZ5+XgSmM/AzN36Lynx8nx7WNThVCd9HViq9kyXI1tQazGU30++Wec
+ct+7VE2f4aP5ITjd7WlHlEULVjRMBg+mFdz+jfmEncmC41TjWykqvrZWsT98FhNR
+YiRVsniiNvc7BS8X1qBODovvKg44yF3xEy3uFScHMqwMjiEqtVfQpfZh9PjzX1eA
+uj9sMF16NnzVeT/n4gKbO8E4vebtIJgzMd19Y0KCxfMxu4rjSHw1T0bYzwOoa9y/
+ejKM/G/NEnFKzwjySEbG9zlciJXrhb7a2y+YzNvSjEuP8Hs2BLPgJkZtVoiE4UVE
+9Wb7jNhyUz4RC0FdjRyGItGglyc9IbkCDQRWJXYjARAArK1scDuvvWTEJv+y0Sr3
+hnM8mnHIK2XNcn4p/d5nO1myCtZWPRVDIQyyXJMntEqrLBMnjxBdQcQkt7o2mJFL
+yJYO+Xb/9JyH161MPybM60dDXOTTxnAp3dDH4tdL/5snVAyrC93W2PMahK4bdwpM
+10Cz/FxtcB2xJ7Zoqq3bveN4KSUabsRYJN29BwjKtg392MtJ68SAAWN21feQ/Js9
+KjDpNoX2Sl9ZoIR2bbIsaGNeti/ciTy43MS/V6KXNTcoYrgySyW/HCNw9KjtvH+g
+/W/ze0sCXJKLby6oRQfsR2zPBTs9YB92GepG+3j1v+tw4jtbvmLKSse+S5BG8Ue2
+j3Bxbz4/RECdrlxDe4gX1hi5K/W0159pB65fha+DM3YvKrNouKsqLsxm5DMjDjdE
+qVQWtPd4tYy4uL2RWcGvvede+tN5rYsBatfelMfTSFN+jxFntwok6YmulnzIDP4O
+tUjLOpH1ZyNTcXEyAQz51aXcjVuk/6MV64hSEnH1FB7v79Zo9afdmNSKdpXf8nvZ
+3IO7HnXhpwh3pjWplyalZR7nb7PlIDxHCK6S3EN3lutBX4w9oh03KfrWlfZb2TD/
+s85uNzbU7TSb8KFC90i9H/qsd1w3kzy4evRJlyFvIqwksYY76huTfpDdx8yabfFY
+IG2TXc2iMkA7R+oMo+B46kkAEQEAAYkCJQQYAQIADwUCViV2IwIbDAUJCWYBgAAK
+CRCrRlWhJtKS5IB2D/9eL6TJ82wCrh3Hx+R3YeWVObukEBq4Ho8KRFngvIi+2D14
+PljWtITPeplDtpXu3E1i7I74F1925xFs7pT6BD65e13/18y4RX5pwGfu0HTJpi3U
+B47WXlSnyRBLD+/qiKcSCkR1mcKJgyIY9KbA0rr1Drv/3DJR+wBt9Fuww/gxgv7v
+yIxxrDa2+GESxJc1iLyuKFiDtnUkmJpqtJV0szi38W1NQUwWWF3CWUpqfvn316CJ
+4cTyuurLn994ceJDherS9tFcYASdmbl6g6PwWgdFrpmb44J7gdBCsB9q2cpjhDbu
+bgTq7V32CVMBGKOThihJZHIz/LZyuHv9WNYXUNfpEOOUN97C+j6091TSh+5P6oJO
+E61VMBBL51nw3T0FFKtA9kubKLk08GH75vPLaBqLa5B88Z3nJWdlaJOdgGEz65PU
+Uh78iWJ3AFAOwhsDEfxFYC+gZWqt9qw3Wyp2eY2q+5ep4KRxuqq3M0V3zXE6z5ff
+F8CCqRe/yzGAh8RxEmT/Nl+yHEIVv7qpJk6GSvkXr5dN/jyZCiN2fHEhZOBtLvln
+E5UjMbYOGqk3F8OARHarJ/qARATzqNYdDRe9SKxlbog+k6WWxJ4ivSVmYY28vEWf
+79IZ79ZHJ0woRi+vr3Cwpc488Sjwi7a/O0HW6zXSaxXNeYR0VnwvcrZrtlCqIQ==
+=zI6p
+-----END PGP PUBLIC KEY BLOCK-----

ebtables.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Ethernet Bridge Filtering tables
+
+[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@LIBEXECDIR@/ebtables-helper start
+ExecStop=@LIBEXECDIR@/ebtables-helper stop
+
+[Install]
+WantedBy=multi-user.target

ebtables.spec

@@ -0,0 +1,201 @@
+#
+# spec file for package ebtables
+#
+# Copyright (c) 2021 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+  %define _fillupdir %{_localstatedir}/adm/fillup-templates
+%endif
+Name:           ebtables
+Version:        2.0.11
+Release:        0
+Summary:        Ethernet Bridge Tables
+License:        GPL-2.0-or-later
+Group:          Productivity/Networking/Security
+URL:            http://ebtables.sf.net/
+#Git-Clone:	git://git.netfilter.org/ebtables
+Source0:        http://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.gz
+Source1:        http://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.gz.sig
+Source2:        ebtables.keyring
+Source3:        ebtables.service
+Source4:        ebtables.systemd
+BuildRequires:  linux-glibc-devel >= 2.6.20
+BuildRequires:  sed
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  xz
+Requires:       netcfg >= 11.6
+Requires(pre):  %fillup_prereq
+%{?systemd_ordering}
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
+Requires(post): update-alternatives
+Requires(postun):update-alternatives
+%endif
+
+%description
+A firewalling tool to transparently filter network traffic passing a
+bridge. The filtering possibilities are limited to link layer filtering
+and some basic filtering on higher network layers. The ebtables tool
+can be used together with the other Linux filtering tools, like
+iptables. There are no incompatibility issues.
+
+%package -n libebtc0
+Summary:        Library for the ebtables low-level ruleset generation and parsing
+Group:          System/Libraries
+
+%description -n libebtc0
+libebtc ("ebtables cache") is used to retrieve from the kernel, parse,
+construct, and load rulesets into the kernel.
+
+%prep
+%autosetup -p1
+
+# delete all kernel headers, but keep ebt_ip6.h and ebt_nflog.h
+mv include/linux/netfilter_bridge/ebt_ip6.{h,h.save}
+mv include/linux/netfilter_bridge/ebt_nflog.{h,h.save}
+mv include/linux/netfilter_bridge/ebt_ulog.{h,h.save}
+rm -f include/linux/*.h
+rm -f include/linux/netfilter_bridge/*.h
+mv include/linux/netfilter_bridge/ebt_ip6.{h.save,h}
+mv include/linux/netfilter_bridge/ebt_nflog.{h.save,h}
+mv include/linux/netfilter_bridge/ebt_ulog.{h.save,h}
+
+%build
+# The way ebtables is built requires ASNEEDED=0 forever [bnc#567267]
+export SUSE_ASNEEDED=0
+%configure
+%make_build
+
+%install
+# The way ebtables is built requires ASNEEDED=0 forever [bnc#567267]
+export SUSE_ASNEEDED=0
+mkdir -p "%{buildroot}/%{_sysconfdir}/init.d"
+%make_install
+mkdir -p %{buildroot}%{_fillupdir}
+mkdir -p %{buildroot}%{_unitdir}
+install -p %{_sourcedir}/ebtables.service %{buildroot}%{_unitdir}/
+sed -i "s|@LIBEXECDIR@|%{_libexecdir}|g" %{buildroot}%{_unitdir}/*.service
+chmod -x %{buildroot}%{_unitdir}/*.service
+mkdir -p %{buildroot}%{_libexecdir}
+install -m0755 %{_sourcedir}/ebtables.systemd %{buildroot}%{_libexecdir}/%{name}-helper
+ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.filter
+touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.nat
+touch %{buildroot}%{_fillupdir}/sysconfig.%{name}.broute
+rm -rfv %{buildroot}%{_initddir}
+# not used
+rm -f "%{buildroot}/%{_sysconfdir}/ebtables-config"
+for i in ebtables ebtables-restore ebtables-save; do
+%if ! %{with libalternatives}
+        ln -fsv "%{_sysconfdir}/alternatives/$i" "%{buildroot}/%{_sbindir}/$i"
+%else
+        ln -fsv  %{_bindir}/alts "%{buildroot}/%{_sbindir}/$i"
+%endif
+done
+echo ".so ebtables-legacy.8" >"%{buildroot}/%{_mandir}/man8/ebtables.8"
+# no headers to make use of it
+rm -f "%{buildroot}/%{_libdir}/libebtc.la" "%{buildroot}/%{_libdir}/libebtc.so"
+
+%if %{with libalternatives}
+mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables
+cat > %{buildroot}%{_datadir}/libalternatives/ebtables/1.conf <<EOF
+binary=%{_sbindir}/ebtables-legacy
+group=ebtables, ebtables-restore, ebtables-save
+EOF
+mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables-restore
+cat > %{buildroot}%{_datadir}/libalternatives/ebtables-restore/1.conf <<EOF
+binary=%{_sbindir}/ebtables-legacy-restore
+group=ebtables, ebtables-restore, ebtables-save
+EOF
+mkdir -p %{buildroot}%{_datadir}/libalternatives/ebtables-save
+cat > %{buildroot}%{_datadir}/libalternatives/ebtables-save/1.conf <<EOF
+binary=%{_sbindir}/ebtables-legacy-save
+group=ebtables, ebtables-restore, ebtables-save
+EOF
+%endif
+
+%pre
+%if %{with libalternatives}
+# removing old update-alternatives entries
+if [ "$1" -gt 0 ] && [ -f %{_sbindir}/update-alternatives ] ; then
+         update-alternatives --remove ebtables "%{_sbindir}/ebtables-legacy"
+fi
+%endif
+%service_add_pre %{name}.service
+
+%post
+%if ! %{with libalternatives}
+update-alternatives --force \
+	--install "%{_sbindir}/ebtables" ebtables "%{_sbindir}/ebtables-legacy" 1 \
+	--slave "%{_sbindir}/ebtables-restore" ebtables-restore "%{_sbindir}/ebtables-legacy-restore" \
+	--slave "%{_sbindir}/ebtables-save" ebtables-save "%{_sbindir}/ebtables-legacy-save"
+%endif
+%service_add_post %{name}.service
+%fillup_only
+
+%preun
+%service_del_preun %{name}.service
+
+%postun
+%if ! %{with libalternatives}
+if test "$1" = 0; then
+	update-alternatives --remove ebtables "%{_sbindir}/ebtables-legacy"
+fi
+%endif
+%service_del_postun %{name}.service
+
+%post   -n libebtc0 -p /sbin/ldconfig
+%postun -n libebtc0 -p /sbin/ldconfig
+
+%files
+%license COPYING
+%doc ChangeLog
+%{_mandir}/man8/ebtables*.8%{?ext_man}
+%{_libexecdir}/%{name}-helper
+%{_unitdir}/%{name}.service
+%if ! %{with libalternatives}
+%ghost %{_sysconfdir}/alternatives/ebtables
+%ghost %{_sysconfdir}/alternatives/ebtables-restore
+%ghost %{_sysconfdir}/alternatives/ebtables-save
+%else
+%dir %{_datadir}/libalternatives
+%dir %{_datadir}/libalternatives/ebtables
+%dir %{_datadir}/libalternatives/ebtables-restore
+%dir %{_datadir}/libalternatives/ebtables-save
+%{_datadir}/libalternatives/ebtables/1.conf
+%{_datadir}/libalternatives/ebtables-restore/1.conf
+%{_datadir}/libalternatives/ebtables-save/1.conf
+%endif
+%ghost %{_fillupdir}/sysconfig.%{name}.filter
+%ghost %{_fillupdir}/sysconfig.%{name}.nat
+%ghost %{_fillupdir}/sysconfig.%{name}.broute
+# is provided by the netcfg package
+%exclude %{_sysconfdir}/ethertypes
+%{_sbindir}/ebtables*
+%{_sbindir}/rcebtables
+
+%files -n libebtc0
+%{_libdir}/libebtc.so.0*
+
+%changelog

ebtables.systemd

@@ -0,0 +1,74 @@
+#!/bin/bash
+
+RETVAL=0
+
+initialize() {
+  # Initialize $TYPE tables
+  echo -n $"  $TYPE tables: "
+  if [ -r /etc/sysconfig/ebtables.$TYPE ]; then
+    /usr/sbin/ebtables -t $TYPE --atomic-file /etc/sysconfig/ebtables.$TYPE --atomic-commit > /dev/null || RETVAL=1
+  else
+    echo -n "not configured"
+  fi
+  if [ $RETVAL -eq 0 ]; then
+    echo -n $"[  OK  ]"
+    echo -ne "\r"
+  else
+    echo -n $"[FAILED]"
+    echo -ne "\r"
+  fi
+}
+
+case $1 in
+  start)
+   # Initialize	filter tables
+   TYPE=filter
+   initialize
+ 
+   # Initialize NAT tables
+   echo
+   TYPE=nat
+   initialize
+
+   # Initialize broute tables
+   echo
+   TYPE=broute
+   initialize
+  ;;
+  stop)
+    /usr/sbin/ebtables -t filter --init-table || RETVAL=1
+    /usr/sbin/ebtables -t nat --init-table || RETVAL=1
+    /usr/sbin/ebtables -t broute --init-table || RETVAL=1
+
+    for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do
+       /usr/sbin/rmmod $mod || RETVAL=1
+    done
+
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  save)
+    echo -n $"Saving Ethernet bridge filtering (ebtables): "
+    /usr/sbin/ebtables -t filter --atomic-file /etc/sysconfig/ebtables.filter --atomic-save || RETVAL=1
+    /usr/sbin/ebtables -t nat --atomic-file /etc/sysconfig/ebtables.nat --atomic-save || RETVAL=1
+    /usr/sbin/ebtables -t broute --atomic-file /etc/sysconfig/ebtables.broute --atomic-save || RETVAL=1
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  *)
+    echo "usage: ${0##*/} {start|stop|save}" >&2
+    exit 1
+  ;;
+esac
+
+# vim:set ts=2 sw=2 ft=sh et: