From 5230699ad37f04717381e4102f20fc26d0a1683b8328ab8da37608d230e192a2 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 27 Aug 2018 11:34:40 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=104 --- _service | 2 +- iptables-1.8.0.g75.tar.xz | 3 - iptables-1.8.0.g85.tar.xz | 3 + iptables.spec | 118 +++++++++++++++++++++++++++++++++++--- 4 files changed, 115 insertions(+), 11 deletions(-) delete mode 100644 iptables-1.8.0.g75.tar.xz create mode 100644 iptables-1.8.0.g85.tar.xz diff --git a/_service b/_service index eaeafea..7509fef 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ git git://netfilter.org/iptables - 5ee03e6df41727652e0dc6ffaef8411b8840d812 + 0800d9b46b377bc24f15af2c6ae22550b954b6e2 1.8.0.g@TAG_OFFSET@ diff --git a/iptables-1.8.0.g75.tar.xz b/iptables-1.8.0.g75.tar.xz deleted file mode 100644 index 4ae1195..0000000 --- a/iptables-1.8.0.g75.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:26f9008e04273175350eecdd8591321211e935bfc397fcb7eaed70f96b7fce88 -size 364668 diff --git a/iptables-1.8.0.g85.tar.xz b/iptables-1.8.0.g85.tar.xz new file mode 100644 index 0000000..c5d69c4 --- /dev/null +++ b/iptables-1.8.0.g85.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0479c1b53a84f66eda0d9484d1a15c9a644049635bfe866af829df0976a1c737 +size 364504 diff --git a/iptables.spec b/iptables.spec index 06929f0..e68661e 100644 --- a/iptables.spec +++ b/iptables.spec @@ -17,7 +17,7 @@ Name: iptables -Version: 1.8.0.g75 +Version: 1.8.0.g85 Release: 0 Summary: IP packet filter administration utilities License: GPL-2.0-only AND Artistic-2.0 @@ -52,6 +52,28 @@ Requires: xtables-plugins = %version-%release iptables is used to set up, maintain, and inspect the rule tables of the various Netfilter packet filter engines inside the Linux kernel. +%package backend-legacy +Summary: Metapackage to make x_tables the default backend for iptables +Group: Productivity/Networking/Security +Provides: iptables-default-backend + +%description backend-legacy +Installation of this package adds alternatives symlinks (cf. +update-alternatives) that make the iptables and ip6tables commands +point to a program variant that uses the classic kernel interface +provided by ip_tables.ko and ip6_tables.ko. + +%package backend-nft +Summary: Metapackage to make nft the default backend for iptables/arptables/ebtables +Group: Productivity/Networking/Security +Provides: iptables-default-backend + +%description backend-nft +Installation of this package adds higher priority alternatives (cf. +update-alternatives) that makes the iptables, ip6tables, arptables +and ebtables commands point to a program variant that uses the +nftables kernel interface. + %package -n xtables-plugins Summary: Match and target extension plugins for iptables Group: Productivity/Networking/Security @@ -88,12 +110,12 @@ be modified in userspace prior to reinjection back into the kernel. ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! %package -n libiptc0 -Summary: Library for low-level ruleset generation and parsing +Summary: Library for the ip_tables low-level ruleset generation and parsing Group: System/Libraries %description -n libiptc0 libiptc ("iptables cache") is used to retrieve from the kernel, parse, -construct, and load new rulesets into the kernel. +construct, and load rulesets into the kernel. %package -n libiptc-devel Summary: Development files for libiptc, a packet filter ruleset library @@ -102,10 +124,10 @@ Requires: libiptc0 = %version %description -n libiptc-devel libiptc ("iptables cache") is used to retrieve from the kernel, parse, -construct, and load new rulesets into the kernel. +construct, and load rulesets into the kernel. %package -n libxtables12 -Summary: iptables extension interface +Summary: The iptables plugin interface Group: System/Libraries %description -n libxtables12 @@ -148,12 +170,45 @@ install -m0755 iptables/iptables-apply "$b/%_sbindir/" install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/" rm -f "$b/%_libdir"/*.la rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg +find "$b/%_sbindir/iptables" -type l -delete mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft" mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft" +mv "$b/%_sbindir/arptables-restore" "$b/%_sbindir/arptables-nft-restore" +mv "$b/%_sbindir/ebtables-restore" "$b/%_sbindir/ebtables-nft-restore" +mv "$b/%_sbindir/arptables-save" "$b/%_sbindir/arptables-nft-save" +mv "$b/%_sbindir/ebtables-save" "$b/%_sbindir/ebtables-nft-save" %if 0%{?suse_version} %fdupes %buildroot/%_prefix %endif +%post backend-legacy +update-alternatives \ + --install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \ + --slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \ + --slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi" + +%postun +update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi" + +%post backend-nft +update-alternatives \ + --install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \ + --slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-nft-multi" \ + --slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi" +update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2 +update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2 + +%postun backend-nft +update-alternatives --remove iptables "%_sbindir/xtables-nft-multi" +update-alternatives --remove arptables "%_sbindir/xtables-nft-multi" +update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi" + %post -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig %post -n libiptc0 -p /sbin/ldconfig @@ -163,11 +218,60 @@ mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft" %files %license COPYING -%_bindir/*tables* -%_sbindir/*tables* +%_bindir/iptables-xml +%_sbindir/iptables-apply +%_sbindir/iptables-legacy* +%_sbindir/iptables-nft* +%_sbindir/iptables-*translate* +%_sbindir/ip6tables-legacy* +%_sbindir/ip6tables-nft* +%_sbindir/ip6tables-*translate* +%_sbindir/arptables-nft* +%_sbindir/ebtables-nft* +%_sbindir/xtables* %_mandir/man1/*tables* %_mandir/man8/*tables* +%files backend-legacy +%ghost %_sysconfdir/alternatives/iptables +%ghost %_sysconfdir/alternatives/iptables-restore +%ghost %_sysconfdir/alternatives/iptables-save +%ghost %_sysconfdir/alternatives/ip6tables +%ghost %_sysconfdir/alternatives/ip6tables-restore +%ghost %_sysconfdir/alternatives/ip6tables-save +%ghost %_sbindir/iptables +%ghost %_sbindir/iptables-restore +%ghost %_sbindir/iptables-save +%ghost %_sbindir/ip6tables +%ghost %_sbindir/ip6tables-restore +%ghost %_sbindir/ip6tables-save + +%files backend-nft +%ghost %_sysconfdir/alternatives/iptables +%ghost %_sysconfdir/alternatives/iptables-restore +%ghost %_sysconfdir/alternatives/iptables-save +%ghost %_sysconfdir/alternatives/ip6tables +%ghost %_sysconfdir/alternatives/ip6tables-restore +%ghost %_sysconfdir/alternatives/ip6tables-save +%ghost %_sysconfdir/alternatives/arptables +%ghost %_sysconfdir/alternatives/arptables-restore +%ghost %_sysconfdir/alternatives/arptables-save +%ghost %_sysconfdir/alternatives/ebtables +%ghost %_sysconfdir/alternatives/ebtables-restore +%ghost %_sysconfdir/alternatives/ebtables-save +%ghost %_sbindir/iptables +%ghost %_sbindir/iptables-restore +%ghost %_sbindir/iptables-save +%ghost %_sbindir/ip6tables +%ghost %_sbindir/ip6tables-restore +%ghost %_sbindir/ip6tables-save +%ghost %_sbindir/arptables +%ghost %_sbindir/arptables-restore +%ghost %_sbindir/arptables-save +%ghost %_sbindir/ebtables +%ghost %_sbindir/ebtables-restore +%ghost %_sbindir/ebtables-save + %files -n xtables-plugins %_libdir/xtables/ %_sbindir/nfnl_osf