ateixeira/iptables
SHA256
1
0
Fork 0
forked from jengelh/iptables
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iptables?expand=0&rev=1

Browse Source
This commit is contained in:
OBS User unknown 2007-01-04 00:56:28 +00:00 committed by Git OBS Bridge
commit 657e514e99
11 changed files with 2468 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

472
iptables-1.3.7-batch.diff Normal file
View File

@ -0,0 +1,472 @@
--- /dev/null
+++ iptables-batch.c
@@ -0,0 +1,454 @@
+/*
+ * Author: Ludwig Nussel <ludwig.nussel@suse.de>
+ *
+ * Based on the ipchains code by Paul Russell and Michael Neuling
+ *
+ * (C) 2000-2002 by the netfilter coreteam <coreteam@netfilter.org>:
+ * Paul 'Rusty' Russell <rusty@rustcorp.com.au>
+ * Marc Boucher <marc+nf@mbsi.ca>
+ * James Morris <jmorris@intercode.com.au>
+ * Harald Welte <laforge@gnumonks.org>
+ * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
+ * iptables-batch -- iptables batch processor
+ *
+ * See the accompanying manual page iptables(8) for information
+ * about proper usage of this program.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+
+#ifdef IP6T_LIB_DIR
+#include <ip6tables.h>
+#else
+#include <iptables.h>
+#endif
+
+static char* errstr = NULL;
+
+static unsigned current_line = 0;
+
+static char*
+skipspace(char* ptr)
+{
+ while(*ptr && isspace(*ptr))
+ ++ptr;
+ return ptr;
+}
+
+static char*
+getliteral(char** ptr)
+{
+ char* start = *ptr;
+ char* p = start;
+
+ while(*p && !isspace(*p))
+ ++p;
+
+ if(*p)
+ {
+ *p = '\0';
+ ++p;
+ }
+
+ *ptr = p;
+ return start;
+}
+
+static char*
+getstring(char** ptr)
+{
+ char* start = *ptr+1; // skip leading "
+ char* p = start;
+ char* o = start;
+ int backslash = 0;
+ int done = 0;
+
+ while(*p && !done)
+ {
+ if(backslash)
+ {
+ backslash = 0;
+ // no escapes supported, just eat the backslash
+ *o++ = *p++;
+ }
+ else if(*p == '\\')
+ {
+ backslash = 1;
+ p++;
+ }
+ else if(*p == '"')
+ {
+ done = 1;
+ }
+ else
+ {
+ *o++ = *p++;
+ }
+ }
+
+ if(done)
+ {
+ *o = '\0';
+ *p = '\0';
+ ++p;
+ *ptr = p;
+ }
+ else
+ {
+ errstr = "missing \" at end of string";
+ start = NULL;
+ }
+ return start;
+}
+
+// this is just a very basic method, not 100% shell compatible
+static char*
+getword(char** ptr)
+{
+ *ptr = skipspace(*ptr);
+ if(**ptr == '"')
+ return getstring(ptr);
+ return getliteral(ptr);
+}
+
+// destructive
+static int
+tokenize(int* argc, char* argv[], size_t nargvsize, char* line)
+{
+ char* ptr = skipspace(line);
+ int ret = 0;
+ char* word;
+
+ while(ptr && *ptr)
+ {
+ if(*ptr == '#')
+ break;
+ if(*argc >= nargvsize)
+ {
+ errstr = "too many arguments";
+ ret = -1;
+ break;
+ }
+ word = getword(&ptr);
+ if(!word)
+ {
+ ret = -1;
+ break;
+ }
+ argv[(*argc)++] = word;
+ ++ret;
+ }
+ return ret;
+}
+
+#ifdef DEBUG
+static void
+dumpargv(int argc, char* argv[])
+{
+ int i;
+ for(i=0; i < argc; ++i)
+ {
+ printf("%s\"%s\"",i?" ":"", argv[i]);
+ }
+ puts("");
+}
+#endif
+
+struct table_handle
+{
+ char* name;
+#ifdef IP6T_LIB_DIR
+ ip6tc_handle_t handle;
+#else
+ iptc_handle_t handle;
+#endif
+};
+
+static struct table_handle* tables = NULL;
+static unsigned num_tables;
+struct table_handle* current_table;
+
+static void
+alloc_tables()
+{
+ tables = realloc(tables, sizeof(struct table_handle) * num_tables);
+}
+
+static void
+set_current_table(const char* name)
+{
+ unsigned i;
+
+ if(!strcmp(name, current_table->name)) // same as last time?
+ return;
+
+ for(i = 0; i < num_tables; ++i) // find already known table
+ {
+ if(!strcmp(name, tables[i].name))
+ {
+ current_table = &tables[i];
+ return;
+ }
+ }
+
+ // table name not known, create new
+ i = num_tables++;
+ alloc_tables();
+ current_table = &tables[i];
+ current_table->name = strdup(name);
+ current_table->handle = NULL;
+}
+
+static int
+find_table(int argc, char* argv[])
+{
+ int i;
+ for(i = 0; i < argc; ++i)
+ {
+ if(!strcmp(argv[i], "-t") || !strcmp(argv[i], "--table"))
+ {
+ ++i;
+ if(i >= argc)
+ {
+ fprintf(stderr, "line %d: missing table name after %s\n",
+ current_line, argv[i]);
+ return 0;
+ }
+ set_current_table(argv[i]);
+ return 1;
+ }
+ }
+
+ // no -t specified
+ set_current_table("filter");
+
+ return 1;
+}
+
+static int
+do_iptables(int argc, char* argv[])
+{
+ char *table = "filter";
+ int ret = 0;
+
+ if(!find_table(argc, argv))
+ return 0;
+
+#ifdef IP6T_LIB_DIR
+ ret = do_command6(argc, argv, &table, &current_table->handle);
+
+ if (!ret)
+ {
+ fprintf(stderr, "line %d: %s\n", current_line, ip6tc_strerror(errno));
+ }
+ else
+ {
+ if(!table || strcmp(table, current_table->name))
+ {
+ fprintf(stderr, "line %d: expected table %s, got %s\n",
+ current_line, current_table->name, table);
+ exit(1);
+ }
+ }
+#else
+ ret = do_command(argc, argv, &table, &current_table->handle);
+
+ if (!ret)
+ {
+ fprintf(stderr, "line %d: %s\n", current_line, iptc_strerror(errno));
+ }
+ else
+ {
+ if(!table || strcmp(table, current_table->name))
+ {
+ fprintf(stderr, "line %d: expected table %s, got %s\n",
+ current_line, current_table->name, table);
+ exit(1);
+ }
+ }
+#endif
+
+ return ret;
+}
+
+static int
+do_commit()
+{
+ unsigned i;
+ int ret = 1;
+
+ for(i = 0; i < num_tables; ++i)
+ {
+ if(tables[i].handle)
+ {
+#ifdef IP6T_LIB_DIR
+ if(!ip6tc_commit(&tables[i].handle))
+ {
+ fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, ip6tc_strerror(errno));
+ ret = 0;
+ }
+#else
+ if(!iptc_commit(&tables[i].handle))
+ {
+ fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, iptc_strerror(errno));
+ ret = 0;
+ }
+#endif
+ }
+ }
+
+ return ret;
+}
+
+static void
+help()
+{
+ fprintf(stderr, "Usage: %s [FILE]\n\n", program_name);
+ puts("Read iptables commands from FILE, commit them at EOF\n");
+ puts("In addition to normal iptables calls the commands");
+ puts("'commit' and 'exit' are understood.");
+ exit(0);
+}
+
+int
+main(int argc, char *argv[])
+{
+ int ret = 1;
+ int numtok;
+ size_t llen = 0;
+ char* line = NULL;
+ ssize_t r = -1;
+ int nargc = 0;
+ char* nargv[256];
+ FILE* fp = stdin;
+
+#ifdef IP6T_LIB_DIR
+ program_name = "ip6tables-batch";
+
+ lib_dir = getenv("IP6TABLES_LIB_DIR");
+ if (!lib_dir)
+ lib_dir = IP6T_LIB_DIR;
+#else
+ program_name = "iptables-batch";
+
+ lib_dir = getenv("IPTABLES_LIB_DIR");
+ if (!lib_dir)
+ lib_dir = IPT_LIB_DIR;
+#endif
+ program_version = IPTABLES_VERSION;
+
+#ifdef NO_SHARED_LIBS
+ init_extensions();
+#endif
+ if(argc > 1)
+ {
+ if(!strcmp(argv[1], "--help") || !strcmp(argv[1], "-h"))
+ {
+ help();
+ }
+ else if(strcmp(argv[1], "-"))
+ {
+ fp = fopen(argv[1], "r");
+ if(!fp)
+ {
+ perror("fopen");
+ exit(1);
+ }
+ }
+ }
+
+ num_tables = 4;
+ alloc_tables();
+ tables[0].name = "filter";
+ tables[0].handle = NULL;
+ tables[1].name = "mangle";
+ tables[1].handle = NULL;
+ tables[2].name = "nat";
+ tables[2].handle = NULL;
+ tables[3].name = "raw";
+ tables[3].handle = NULL;
+ current_table = &tables[0];
+
+ while((r = getline(&line, &llen, fp)) != -1)
+ {
+ if(llen < 1 || !*line)
+ continue;
+ if(line[strlen(line)-1] == '\n')
+ line[strlen(line) -1 ] = '\0';
+
+ ++current_line;
+ nargc = 0;
+ errstr = NULL;
+ numtok = tokenize(&nargc, nargv, (sizeof(nargv)/sizeof(nargv[0])), line);
+ if(numtok == -1)
+ {
+ }
+ else if (numtok == 0)
+ {
+ continue;
+ }
+ else if(nargc < 1)
+ {
+ errstr = "insufficient number of arguments";
+ }
+
+ if(errstr)
+ {
+ fprintf(stderr, "parse error in line %d: %s\n", current_line, errstr);
+ ret = 0;
+ break;
+ }
+
+#ifdef DEBUG
+ dumpargv(nargc, nargv);
+#endif
+
+#ifdef IP6T_LIB_DIR
+ if(!strcmp(nargv[0], "ip6tables"))
+#else
+ if(!strcmp(nargv[0], "iptables"))
+#endif
+ {
+ ret = do_iptables(nargc, nargv);
+ if(!ret) break;
+ }
+ else if(!strcmp(nargv[0], "exit"))
+ {
+ break;
+ }
+ else if(!strcmp(nargv[0], "commit"))
+ {
+ ret = do_commit();
+ if(!ret) break;
+ }
+ else
+ {
+ fprintf(stderr, "line %d: invalid command '%s'\n", current_line, nargv[0]);
+ }
+ }
+
+ if(ret)
+ ret = do_commit();
+
+ exit(!ret);
+}
--- Makefile
+++ Makefile
@@ -136,6 +136,12 @@ iptables: iptables-standalone.c iptables
$(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
endif
+iptables-batch: iptables-batch.c iptables.o $(STATIC_LIBS) libiptc/libiptc.a
+ $(CC) $(CFLAGS) -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+ip6tables-batch: iptables-batch.c ip6tables.o $(STATIC6_LIBS) libiptc/libiptc.a
+ $(CC) $(CFLAGS) -DIP6T_LIB_DIR=\"$(IPT_LIBDIR)\" $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
$(DESTDIR)$(BINDIR)/iptables: iptables
@[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
cp $< $@

3
iptables-1.3.7-debian-docs.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:af04502f869b92350aebd5ecbb2d27a59eea3c45233da2951e0852f9a2ce278d
size 24322

11
iptables-1.3.7-makefile.diff Normal file
View File

@ -0,0 +1,11 @@
--- Makefile
+++ Makefile
@@ -37,7 +37,7 @@
endif
COPT_FLAGS:=-O2
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
+CFLAGS += $(COPT_FLAGS) -Wall -Wunused -idirafter $(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
ifdef NO_SHARED_LIBS
CFLAGS += -DNO_SHARED_LIBS=1

1428
iptables-1.3.7-shlibs.diff Normal file
View File

File diff suppressed because it is too large Load Diff

81
iptables-1.3.7-strict-aliasing-fix.diff Normal file
View File

@ -0,0 +1,81 @@
--- ip6tables-restore.c
+++ ip6tables-restore.c
@@ -76,7 +76,9 @@
int parse_counters(char *string, struct ip6t_counters *ctr)
{
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
+ u_int64_t *p_pcnt = &ctr->pcnt;
+ u_int64_t *p_bcnt = &ctr->bcnt;
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
}
/* global new argv and argc */
--- ip6tables.c
+++ ip6tables.c
@@ -1874,5 +1874,6 @@
char *protocol = NULL;
int proto_used = 0;
+ u_int64_t *p_cnt;
memset(&fw, 0, sizeof(fw));
@@ -2185,13 +2186,15 @@
exit_error(PARAMETER_PROBLEM,
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
-
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
+
+ p_cnt = &fw.counters.pcnt;
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
+ p_cnt = &fw.counters.bcnt;
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));
--- iptables-restore.c
+++ iptables-restore.c
@@ -73,7 +73,9 @@
int parse_counters(char *string, struct ipt_counters *ctr)
{
- return (sscanf(string, "[%llu:%llu]", (unsigned long long *)&ctr->pcnt, (unsigned long long *)&ctr->bcnt) == 2);
+ u_int64_t *p_pcnt = &ctr->pcnt;
+ u_int64_t *p_bcnt = &ctr->bcnt;
+ return (sscanf(string, "[%llu:%llu]", (unsigned long long *)p_pcnt, (unsigned long long *)p_bcnt) == 2);
}
/* global new argv and argc */
--- iptables.c
+++ iptables.c
@@ -1956,6 +1956,7 @@
char *protocol = NULL;
int proto_used = 0;
+ u_int64_t *p_cnt;
memset(&fw, 0, sizeof(fw));
/* re-set optind to 0 in case do_command gets called
@@ -2279,12 +2279,14 @@
"-%c requires packet and byte counter",
opt2char(OPT_COUNTERS));
- if (sscanf(pcnt, "%llu", (unsigned long long *)&fw.counters.pcnt) != 1)
+ p_cnt = &fw.counters.pcnt;
+ if (sscanf(pcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c packet counter not numeric",
opt2char(OPT_COUNTERS));
- if (sscanf(bcnt, "%llu", (unsigned long long *)&fw.counters.bcnt) != 1)
+ p_cnt = &fw.counters.bcnt;
+ if (sscanf(bcnt, "%llu", (unsigned long long *)p_cnt) != 1)
exit_error(PARAMETER_PROBLEM,
"-%c byte counter not numeric",
opt2char(OPT_COUNTERS));

3
iptables-1.3.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0e00cea0029eaf7923a4a901265d5aa8159804b520fda9c12df54d350073ce02
size 196205

234
iptables.changes Normal file
View File

@ -0,0 +1,234 @@
-------------------------------------------------------------------
Wed Jan 3 17:58:09 CET 2007 - prusnak@suse.cz
- updated to 1.3.7
* Add revision support for ip6tables
* Add port range support for ip6tables multiport match
* Add sctp match extension for ip6tables
* Add iptables-xml tool
* Add hashlimit support for ip6tables (needs kernel > 2.6.19)
* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
* Bugfixes
- updated debian-docs and moved into tar.bz2
-------------------------------------------------------------------
Thu Nov 16 11:06:55 CET 2006 - mjancar@suse.cz
- allow setting KERNEL_DIR on commandline for build (#220851)
-------------------------------------------------------------------
Tue Oct 17 17:47:47 CEST 2006 - anosek@suse.cz
- updated to version 1.3.6
* Support multiple matches of the same type within a single rule
* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
* SELinux SECMARK target (needs kernel >= 2.6.18)
* SELinux CONNSECMARK target (needs kernel >= 2.6.18)
* Add support for statistic match (needs kernel >= 2.6.18)
* Optionally read realm values from /etc/iproute2/rt_realms
* Bugfixes
-------------------------------------------------------------------
Wed Feb 1 15:26:39 CET 2006 - lnussel@suse.de
- updated to version 1.3.5
* supports ip6tables state and conntrack \o/ (#145758)
-------------------------------------------------------------------
Fri Jan 27 01:50:25 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Jan 24 15:00:31 CET 2006 - schwab@suse.de
- Fix building of shared libraries.
-------------------------------------------------------------------
Tue Jan 17 15:11:43 CET 2006 - postadal@suse.cz
- updated policy extension from upstream (policy-1.3.4.patch)
* ported for changes in kernel
-------------------------------------------------------------------
Tue Nov 15 17:09:38 CET 2005 - postadal@suse.cz
- updated to version 1.3.4
- added RPM_OPT_FLAGS to CFLAGS
- fixed strict aliasing (strict-aliasing-fix.patch)
-------------------------------------------------------------------
Mon Aug 1 16:36:26 CEST 2005 - lnussel@suse.de
- add iptables-batch and ip6tables-batch
-------------------------------------------------------------------
Mon Aug 1 10:14:00 CEST 2005 - postadal@suse.cz
- updated to version 1.3.3
-------------------------------------------------------------------
Wed Jul 27 15:38:26 CEST 2005 - postadal@suse.cz
- updated to version 1.3.2
-------------------------------------------------------------------
Wed Mar 9 11:28:10 CET 2005 - postadal@suse.cz
- updated to version 1.3.1 (bug fixes)
-------------------------------------------------------------------
Thu Feb 17 10:02:14 CET 2005 - postadal@suse.cz
- updated to version 1.3.0
- removed obsoleted patch modules-secfix
-------------------------------------------------------------------
Tue Nov 02 17:00:05 CET 2004 - postadal@suse.cz
- fixed uninitialised variable [#47850] - CAN-2004-0986
-------------------------------------------------------------------
Tue Aug 17 15:15:44 CEST 2004 - mludvig@suse.cz
- Fixed mode for extensions/.policy-test6
-------------------------------------------------------------------
Thu Aug 05 14:15:52 CEST 2004 - mludvig@suse.cz
- Added IPv6 support to the 'policy' match.
-------------------------------------------------------------------
Wed Aug 04 15:44:06 CEST 2004 - postadal@suse.cz
- updated to version 1.2.11
- removed obsoleted patch clusterip
-------------------------------------------------------------------
Sat Apr 24 08:45:00 CEST 2004 - lmb@suse.de
- Add support for Cluster IP functionality.
-------------------------------------------------------------------
Wed Apr 21 16:51:03 CEST 2004 - mludvig@suse.cz
- Added module for IPv6 conntrack from USAGI.
-------------------------------------------------------------------
Wed Mar 24 15:47:24 CET 2004 - mludvig@suse.cz
- Added policy module from patch-o-matic
-------------------------------------------------------------------
Fri Feb 06 18:09:42 CET 2004 - postadal@suse.cz
- updated to version 1.2.9.
-------------------------------------------------------------------
Sat Jan 10 20:33:48 CET 2004 - adrian@suse.de
- add %defattr
-------------------------------------------------------------------
Wed Jul 23 15:08:45 CEST 2003 - postadal@suse.cz
- updated to 1.2.8
-------------------------------------------------------------------
Tue Apr 8 21:33:42 CEST 2003 - schwab@suse.de
- Prefer sanitized kernel headers.
-------------------------------------------------------------------
Thu Sep 05 11:13:51 CEST 2002 - postadal@suse.cz
- updated to bugfixed 1.2.7a version
-------------------------------------------------------------------
Wed Aug 28 18:20:07 CEST 2002 - postadal@suse.cz
- added Requires %{name} = %{version} to devel package
-------------------------------------------------------------------
Thu Aug 08 13:03:46 CEST 2002 - nadvornik@suse.cz
- updated to 1.2.7
-------------------------------------------------------------------
Wed Mar 27 11:10:32 CET 2002 - postadal@suse.cz
- revert to compile it with kernel headers (#15448)
-------------------------------------------------------------------
Fri Feb 1 14:14:49 CET 2002 - nadvornik@suse.cz
- compiled with kernel headers from glibc
-------------------------------------------------------------------
Tue Jan 15 15:30:31 CET 2002 - nadvornik@suse.cz
- update to 1.2.5
-------------------------------------------------------------------
Wed Nov 14 13:51:38 CET 2001 - nadvornik@suse.cz
- updated to 1.2.4 [bug #12104]
- fixed problems with iptables-save/restore
- iptables-1.2.4.debian.diff.bz2 contains documentation only,
Makefile changes moved to separate patch
-------------------------------------------------------------------
Sat Sep 22 02:04:31 MEST 2001 - garloff@suse.de
- Fix ipt_string support (compile fix).
-------------------------------------------------------------------
Tue Jul 17 10:55:30 MEST 2001 - garloff@suse.de
- Update to iptables-1.2.2
- Appply debian patch: mostly docu stuff
- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM
.spec file to compile and install ip(6)tables-save/restore apps.
-------------------------------------------------------------------
Fri Apr 6 15:28:00 CEST 2001 - kukuk@suse.de
- changed neededforbuild from lx_suse to kernel-source
-------------------------------------------------------------------
Tue Mar 27 23:24:15 CEST 2001 - lmuelle@suse.de
- update to 1.2.1a
- add devel package with libipq stuff
- minor spec file cleanup
-------------------------------------------------------------------
Sun Jan 28 16:40:08 CET 2001 - olh@suse.de
- update to 1.2, needed for ppc and sparc
-------------------------------------------------------------------
Tue Dec 19 09:33:37 CET 2000 - nadvornik@suse.cz
- compiled with lx_suse
-------------------------------------------------------------------
Tue Oct 17 16:15:51 CEST 2000 - nadvornik@suse.cz
- update to 1.1.2
-------------------------------------------------------------------
Fri Sep 22 02:34:07 CEST 2000 - ro@suse.de
- up to 1.1.1
-------------------------------------------------------------------
Fri Jun 9 08:58:25 CEST 2000 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Wed Jun 7 08:33:45 CEST 2000 - nadvornik@suse.cz
- new package 1.1.0

212
iptables.spec Normal file
View File

@ -0,0 +1,212 @@
#
# spec file for package iptables (Version 1.3.7)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: iptables
BuildRequires: kernel-source
License: GNU General Public License (GPL)
Group: Productivity/Networking/Security
Autoreqprov: on
Version: 1.3.7
Release: 1
Summary: IP Packet Filter Administration
Source0: %{name}-%{version}.tar.bz2
Source1: %{name}-%{version}-debian-docs.tar.bz2
Patch2: %{name}-%{version}-makefile.diff
Patch20: %{name}-%{version}-batch.diff
Patch21: %{name}-%{version}-strict-aliasing-fix.diff
Patch22: %{name}-%{version}-shlibs.diff
URL: http://www.iptables.org
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Iptables is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel. This version requires kernel
2.4.0 or newer.
Authors:
--------
Netfilter Core Team <netfilter-core@linuxcare.com.au>
%package devel
Summary: Libraries, Headers and Development Man Pages for libipq
Group: Development/Libraries/C and C++
Autoreqprov: on
Requires: %{name} = %{version}
%description devel
These libraries are needed to compile programs against libipq.
Authors:
--------
Netfilter Core Team <netfilter-core@linuxcare.com.au>
%prep
%setup -q -a 1
%patch2
%patch20
%patch21
%patch22
chmod +x extensions/.CLUSTERIP-test
%build
[ -z "$KERNEL_DIR" ] && KERNEL_DIR="/usr/src/linux";
CFLAGS="$RPM_OPT_FLAGS" \
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR"
#
# iptables-batch
CFLAGS="$RPM_OPT_FLAGS" \
make LD=gcc BINDIR=%{_prefix}/sbin LIBDIR=%{_libdir} MANDIR=%{_mandir} KERNEL_DIR="$KERNEL_DIR" \
iptables-batch ip6tables-batch
%install
CFLAGS="$RPM_OPT_FLAGS" \
make IPT_LIBDIR=%{_libdir}/iptables \
BINDIR=$RPM_BUILD_ROOT%{_prefix}/sbin \
LIBDIR=$RPM_BUILD_ROOT%{_libdir} \
INCDIR=$RPM_BUILD_ROOT%{_prefix}/include \
MANDIR=$RPM_BUILD_ROOT%{_mandir} install install-devel KERNEL_DIR="$KERNEL_DIR"
install -m755 iptables-batch ip6tables-batch %{buildroot}%{_sbindir}
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc COPYING
%{_prefix}/sbin/iptables*
%{_prefix}/sbin/ip6tables*
%{_libdir}/iptables
%doc %{_mandir}/man8/*
%doc doc/*.html
%files devel
%defattr(-,root,root)
%doc %{_mandir}/man3/*
%{_libdir}/*.a
%{_prefix}/include/*
%changelog -n iptables
* Wed Jan 03 2007 - prusnak@suse.cz
- updated to 1.3.7
* Add revision support for ip6tables
* Add port range support for ip6tables multiport match
* Add sctp match extension for ip6tables
* Add iptables-xml tool
* Add hashlimit support for ip6tables (needs kernel > 2.6.19)
* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
* Bugfixes
- updated debian-docs and moved into tar.bz2
* Thu Nov 16 2006 - mjancar@suse.cz
- allow setting KERNEL_DIR on commandline for build (#220851)
* Tue Oct 17 2006 - anosek@suse.cz
- updated to version 1.3.6
* Support multiple matches of the same type within a single rule
* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
* SELinux SECMARK target (needs kernel >= 2.6.18)
* SELinux CONNSECMARK target (needs kernel >= 2.6.18)
* Add support for statistic match (needs kernel >= 2.6.18)
* Optionally read realm values from /etc/iproute2/rt_realms
* Bugfixes
* Wed Feb 01 2006 - lnussel@suse.de
- updated to version 1.3.5
* supports ip6tables state and conntrack \o/ (#145758)
* Fri Jan 27 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 - schwab@suse.de
- Fix building of shared libraries.
* Tue Jan 17 2006 - postadal@suse.cz
- updated policy extension from upstream (policy-1.3.4.patch)
* ported for changes in kernel
* Tue Nov 15 2005 - postadal@suse.cz
- updated to version 1.3.4
- added RPM_OPT_FLAGS to CFLAGS
- fixed strict aliasing (strict-aliasing-fix.patch)
* Mon Aug 01 2005 - lnussel@suse.de
- add iptables-batch and ip6tables-batch
* Mon Aug 01 2005 - postadal@suse.cz
- updated to version 1.3.3
* Wed Jul 27 2005 - postadal@suse.cz
- updated to version 1.3.2
* Wed Mar 09 2005 - postadal@suse.cz
- updated to version 1.3.1 (bug fixes)
* Thu Feb 17 2005 - postadal@suse.cz
- updated to version 1.3.0
- removed obsoleted patch modules-secfix
* Tue Nov 02 2004 - postadal@suse.cz
- fixed uninitialised variable [#47850] - CAN-2004-0986
* Tue Aug 17 2004 - mludvig@suse.cz
- Fixed mode for extensions/.policy-test6
* Thu Aug 05 2004 - mludvig@suse.cz
- Added IPv6 support to the 'policy' match.
* Wed Aug 04 2004 - postadal@suse.cz
- updated to version 1.2.11
- removed obsoleted patch clusterip
* Sat Apr 24 2004 - lmb@suse.de
- Add support for Cluster IP functionality.
* Wed Apr 21 2004 - mludvig@suse.cz
- Added module for IPv6 conntrack from USAGI.
* Wed Mar 24 2004 - mludvig@suse.cz
- Added policy module from patch-o-matic
* Fri Feb 06 2004 - postadal@suse.cz
- updated to version 1.2.9.
* Sat Jan 10 2004 - adrian@suse.de
- add %%defattr
* Wed Jul 23 2003 - postadal@suse.cz
- updated to 1.2.8
* Tue Apr 08 2003 - schwab@suse.de
- Prefer sanitized kernel headers.
* Thu Sep 05 2002 - postadal@suse.cz
- updated to bugfixed 1.2.7a version
* Wed Aug 28 2002 - postadal@suse.cz
- added Requires %%{name} = %%{version} to devel package
* Thu Aug 08 2002 - nadvornik@suse.cz
- updated to 1.2.7
* Wed Mar 27 2002 - postadal@suse.cz
- revert to compile it with kernel headers (#15448)
* Fri Feb 01 2002 - nadvornik@suse.cz
- compiled with kernel headers from glibc
* Tue Jan 15 2002 - nadvornik@suse.cz
- update to 1.2.5
* Wed Nov 14 2001 - nadvornik@suse.cz
- updated to 1.2.4 [bug #12104]
- fixed problems with iptables-save/restore
- iptables-1.2.4.debian.diff.bz2 contains documentation only,
Makefile changes moved to separate patch
* Sat Sep 22 2001 - garloff@suse.de
- Fix ipt_string support (compile fix).
* Tue Jul 17 2001 - garloff@suse.de
- Update to iptables-1.2.2
- Appply debian patch: mostly docu stuff
- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM
.spec file to compile and install ip(6)tables-save/restore apps.
* Fri Apr 06 2001 - kukuk@suse.de
- changed neededforbuild from lx_suse to kernel-source
* Tue Mar 27 2001 - lmuelle@suse.de
- update to 1.2.1a
- add devel package with libipq stuff
- minor spec file cleanup
* Sun Jan 28 2001 - olh@suse.de
- update to 1.2, needed for ppc and sparc
* Tue Dec 19 2000 - nadvornik@suse.cz
- compiled with lx_suse
* Tue Oct 17 2000 - nadvornik@suse.cz
- update to 1.1.2
* Fri Sep 22 2000 - ro@suse.de
- up to 1.1.1
* Fri Jun 09 2000 - ro@suse.de
- fixed neededforbuild
* Wed Jun 07 2000 - nadvornik@suse.cz
- new package 1.1.0

0
ready Normal file
View File