1
0
forked from jengelh/iptables
Jan Engelhardt 2018-08-27 11:34:40 +00:00 committed by Git OBS Bridge
parent 1a4392eb2e
commit 5230699ad3
4 changed files with 115 additions and 11 deletions

View File

@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
<param name="scm">git</param> <param name="scm">git</param>
<param name="url">git://netfilter.org/iptables</param> <param name="url">git://netfilter.org/iptables</param>
<param name="revision">5ee03e6df41727652e0dc6ffaef8411b8840d812</param> <param name="revision">0800d9b46b377bc24f15af2c6ae22550b954b6e2</param>
<param name="versionformat">1.8.0.g@TAG_OFFSET@</param> <param name="versionformat">1.8.0.g@TAG_OFFSET@</param>
</service> </service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:26f9008e04273175350eecdd8591321211e935bfc397fcb7eaed70f96b7fce88
size 364668

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0479c1b53a84f66eda0d9484d1a15c9a644049635bfe866af829df0976a1c737
size 364504

View File

@ -17,7 +17,7 @@
Name: iptables Name: iptables
Version: 1.8.0.g75 Version: 1.8.0.g85
Release: 0 Release: 0
Summary: IP packet filter administration utilities Summary: IP packet filter administration utilities
License: GPL-2.0-only AND Artistic-2.0 License: GPL-2.0-only AND Artistic-2.0
@ -52,6 +52,28 @@ Requires: xtables-plugins = %version-%release
iptables is used to set up, maintain, and inspect the rule tables of iptables is used to set up, maintain, and inspect the rule tables of
the various Netfilter packet filter engines inside the Linux kernel. the various Netfilter packet filter engines inside the Linux kernel.
%package backend-legacy
Summary: Metapackage to make x_tables the default backend for iptables
Group: Productivity/Networking/Security
Provides: iptables-default-backend
%description backend-legacy
Installation of this package adds alternatives symlinks (cf.
update-alternatives) that make the iptables and ip6tables commands
point to a program variant that uses the classic kernel interface
provided by ip_tables.ko and ip6_tables.ko.
%package backend-nft
Summary: Metapackage to make nft the default backend for iptables/arptables/ebtables
Group: Productivity/Networking/Security
Provides: iptables-default-backend
%description backend-nft
Installation of this package adds higher priority alternatives (cf.
update-alternatives) that makes the iptables, ip6tables, arptables
and ebtables commands point to a program variant that uses the
nftables kernel interface.
%package -n xtables-plugins %package -n xtables-plugins
Summary: Match and target extension plugins for iptables Summary: Match and target extension plugins for iptables
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
@ -88,12 +110,12 @@ be modified in userspace prior to reinjection back into the kernel.
ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
%package -n libiptc0 %package -n libiptc0
Summary: Library for low-level ruleset generation and parsing Summary: Library for the ip_tables low-level ruleset generation and parsing
Group: System/Libraries Group: System/Libraries
%description -n libiptc0 %description -n libiptc0
libiptc ("iptables cache") is used to retrieve from the kernel, parse, libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel. construct, and load rulesets into the kernel.
%package -n libiptc-devel %package -n libiptc-devel
Summary: Development files for libiptc, a packet filter ruleset library Summary: Development files for libiptc, a packet filter ruleset library
@ -102,10 +124,10 @@ Requires: libiptc0 = %version
%description -n libiptc-devel %description -n libiptc-devel
libiptc ("iptables cache") is used to retrieve from the kernel, parse, libiptc ("iptables cache") is used to retrieve from the kernel, parse,
construct, and load new rulesets into the kernel. construct, and load rulesets into the kernel.
%package -n libxtables12 %package -n libxtables12
Summary: iptables extension interface Summary: The iptables plugin interface
Group: System/Libraries Group: System/Libraries
%description -n libxtables12 %description -n libxtables12
@ -148,12 +170,45 @@ install -m0755 iptables/iptables-apply "$b/%_sbindir/"
install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/" install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
rm -f "$b/%_libdir"/*.la rm -f "$b/%_libdir"/*.la
rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
find "$b/%_sbindir/iptables" -type l -delete
mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft" mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft"
mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft" mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
mv "$b/%_sbindir/arptables-restore" "$b/%_sbindir/arptables-nft-restore"
mv "$b/%_sbindir/ebtables-restore" "$b/%_sbindir/ebtables-nft-restore"
mv "$b/%_sbindir/arptables-save" "$b/%_sbindir/arptables-nft-save"
mv "$b/%_sbindir/ebtables-save" "$b/%_sbindir/ebtables-nft-save"
%if 0%{?suse_version} %if 0%{?suse_version}
%fdupes %buildroot/%_prefix %fdupes %buildroot/%_prefix
%endif %endif
%post backend-legacy
update-alternatives \
--install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \
--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \
--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi"
%postun
update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
%post backend-nft
update-alternatives \
--install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \
--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-nft-multi" \
--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi"
update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2
update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2
%postun backend-nft
update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
%post -n libipq0 -p /sbin/ldconfig %post -n libipq0 -p /sbin/ldconfig
%postun -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig
%post -n libiptc0 -p /sbin/ldconfig %post -n libiptc0 -p /sbin/ldconfig
@ -163,11 +218,60 @@ mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
%files %files
%license COPYING %license COPYING
%_bindir/*tables* %_bindir/iptables-xml
%_sbindir/*tables* %_sbindir/iptables-apply
%_sbindir/iptables-legacy*
%_sbindir/iptables-nft*
%_sbindir/iptables-*translate*
%_sbindir/ip6tables-legacy*
%_sbindir/ip6tables-nft*
%_sbindir/ip6tables-*translate*
%_sbindir/arptables-nft*
%_sbindir/ebtables-nft*
%_sbindir/xtables*
%_mandir/man1/*tables* %_mandir/man1/*tables*
%_mandir/man8/*tables* %_mandir/man8/*tables*
%files backend-legacy
%ghost %_sysconfdir/alternatives/iptables
%ghost %_sysconfdir/alternatives/iptables-restore
%ghost %_sysconfdir/alternatives/iptables-save
%ghost %_sysconfdir/alternatives/ip6tables
%ghost %_sysconfdir/alternatives/ip6tables-restore
%ghost %_sysconfdir/alternatives/ip6tables-save
%ghost %_sbindir/iptables
%ghost %_sbindir/iptables-restore
%ghost %_sbindir/iptables-save
%ghost %_sbindir/ip6tables
%ghost %_sbindir/ip6tables-restore
%ghost %_sbindir/ip6tables-save
%files backend-nft
%ghost %_sysconfdir/alternatives/iptables
%ghost %_sysconfdir/alternatives/iptables-restore
%ghost %_sysconfdir/alternatives/iptables-save
%ghost %_sysconfdir/alternatives/ip6tables
%ghost %_sysconfdir/alternatives/ip6tables-restore
%ghost %_sysconfdir/alternatives/ip6tables-save
%ghost %_sysconfdir/alternatives/arptables
%ghost %_sysconfdir/alternatives/arptables-restore
%ghost %_sysconfdir/alternatives/arptables-save
%ghost %_sysconfdir/alternatives/ebtables
%ghost %_sysconfdir/alternatives/ebtables-restore
%ghost %_sysconfdir/alternatives/ebtables-save
%ghost %_sbindir/iptables
%ghost %_sbindir/iptables-restore
%ghost %_sbindir/iptables-save
%ghost %_sbindir/ip6tables
%ghost %_sbindir/ip6tables-restore
%ghost %_sbindir/ip6tables-save
%ghost %_sbindir/arptables
%ghost %_sbindir/arptables-restore
%ghost %_sbindir/arptables-save
%ghost %_sbindir/ebtables
%ghost %_sbindir/ebtables-restore
%ghost %_sbindir/ebtables-save
%files -n xtables-plugins %files -n xtables-plugins
%_libdir/xtables/ %_libdir/xtables/
%_sbindir/nfnl_osf %_sbindir/nfnl_osf