diff options
| author |   Daniel Black <dragonheart@gentoo.org> | 2005-01-16 08:37:01 +0000 |
|---|---|---|
| committer | Daniel Black <dragonheart@gentoo.org> | 2005-01-16 08:37:01 +0000 |
| commit | 7eee04db15ed3b7cd14c86badbd03ee5f7d1ab47 (patch) | |
| tree | 8610f5ae2431727dec168f0c69d1cfe655e2cce3 /net-firewall | |
| parent | Added 'after logger' to init script as per bug #77609 (diff) | |
| download | gentoo-2-7eee04db15ed3b7cd14c86badbd03ee5f7d1ab47.tar.gz gentoo-2-7eee04db15ed3b7cd14c86badbd03ee5f7d1ab47.tar.bz2 gentoo-2-7eee04db15ed3b7cd14c86badbd03ee5f7d1ab47.zip | |
New revision with a few enhancements. Bug #77668
(Portage version: 2.0.51-r13)
Diffstat (limited to 'net-firewall')
| -rw-r--r-- | net-firewall/giptables/ChangeLog | 11 | ||||
| -rw-r--r-- | net-firewall/giptables/Manifest | 7 | ||||
| -rw-r--r-- | net-firewall/giptables/files/digest-giptables-1.1-r1 | 1 | ||||
| -rw-r--r-- | net-firewall/giptables/files/giptables-NTP | 230 | ||||
| -rw-r--r-- | net-firewall/giptables/giptables-1.1-r1.ebuild | 70 |
5 files changed, 315 insertions, 4 deletions
diff --git a/net-firewall/giptables/ChangeLog b/net-firewall/giptables/ChangeLog index 41e8b97846fb..199a9da264c6 100644 --- a/net-firewall/giptables/ChangeLog +++ b/net-firewall/giptables/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/giptables -# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/giptables/ChangeLog,v 1.3 2004/06/26 13:21:44 dholm Exp $ +# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/giptables/ChangeLog,v 1.4 2005/01/16 08:37:01 dragonheart Exp $ + +*giptables-1.1-r1 (16 Jan 2005) + + 16 Jan 2005; Daniel Black <dragonheart@gentoo.org> +files/giptables-NTP, + +giptables-1.1-r1.ebuild: + New revision with a few enhancements. Bug #77668 by Meder Bakirov + <bakirov@transfer.kg> 26 Jun 2004; David Holm <dholm@gentoo.org> giptables-1.1.ebuild: Added to ~ppc. diff --git a/net-firewall/giptables/Manifest b/net-firewall/giptables/Manifest index cfe4d2a96526..6545a9267757 100644 --- a/net-firewall/giptables/Manifest +++ b/net-firewall/giptables/Manifest @@ -1,5 +1,8 @@ +MD5 6ee27e2e18688ec16030809a162e82b6 ChangeLog 697 MD5 fcdf34c51b98a168f301c2b3108cb408 giptables-1.1.ebuild 2143 -MD5 d0fb86cf3f3d7c7c9a44883a94243985 ChangeLog 468 -MD5 4efafed5ad73abd96ff8d280621ee253 files/giptables.init 2008 +MD5 1c41228c76cceca4e37897f2cc5b8d81 giptables-1.1-r1.ebuild 2354 +MD5 9e1de9fc3e1f09653984fb9d7e69166c files/giptables-NTP 8378 MD5 4f4bc7762e6f3adc7df3e21dfc9e6837 files/digest-giptables-1.1 65 +MD5 4efafed5ad73abd96ff8d280621ee253 files/giptables.init 2008 MD5 419996627a148ab4daeecaa8beea5404 files/replace.sed 123 +MD5 4f4bc7762e6f3adc7df3e21dfc9e6837 files/digest-giptables-1.1-r1 65 diff --git a/net-firewall/giptables/files/digest-giptables-1.1-r1 b/net-firewall/giptables/files/digest-giptables-1.1-r1 new file mode 100644 index 000000000000..6c21c4e60d51 --- /dev/null +++ b/net-firewall/giptables/files/digest-giptables-1.1-r1 @@ -0,0 +1 @@ +MD5 be71da722789ca3e1f3b7adcdab4f16d giptables-1.1.tar.gz 105560 diff --git a/net-firewall/giptables/files/giptables-NTP b/net-firewall/giptables/files/giptables-NTP new file mode 100644 index 000000000000..c7026bd02cf5 --- /dev/null +++ b/net-firewall/giptables/files/giptables-NTP @@ -0,0 +1,230 @@ +# ---------------------------------------------------------------------------- +# GIPTables Firewall v1.1 http://www.giptables.org +# Copyright (C) 2002 Adrian Pascalau <apascalau@openna.com> +# NTP module +# +# ---------------------------------------------------------------------------- +# This file is part of GIPTables Firewall +# +# GIPTables Firewall is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# ---------------------------------------------------------------------------- +# About NTP + +# ntp 123/udp # Network Time Protocol + +NTP_PORT="123" + +# ---------------------------------------------------------------------------- +# accept_ntp_request +# Usage: accept_ntp_request chain ntp_client_ipaddr ntp_server_ipaddr +# + +accept_ntp_request () +{ + local chain=$1 + local ntp_client_ipaddr=$2 + local ntp_server_ipaddr=$3 + + $IPTABLES -A $chain -p udp \ + -s $ntp_client_ipaddr --sport $NTP_PORT \ + -d $ntp_server_ipaddr --dport $NTP_PORT \ + -m state --state NEW,ESTABLISHED \ + -j ACCEPT + + $IPTABLES -A $chain -p udp \ + -s $ntp_client_ipaddr --sport $UNPRIV_PORTS \ + -d $ntp_server_ipaddr --dport $NTP_PORT \ + -m state --state NEW,ESTABLISHED \ + -j ACCEPT + return 0 +} + +# ---------------------------------------------------------------------------- +# accept_ntp_reply +# Usage: accept_ntp_reply chain ntp_server_ipaddr ntp_client_ipaddr +# + +accept_ntp_reply () +{ + local chain=$1 + local ntp_server_ipaddr=$2 + local ntp_client_ipaddr=$3 + + $IPTABLES -A $chain -p udp \ + -s $ntp_server_ipaddr --sport $NTP_PORT \ + -d $ntp_client_ipaddr --dport $NTP_PORT \ + -m state --state ESTABLISHED \ + -j ACCEPT + + $IPTABLES -A $chain -p udp \ + -s $ntp_server_ipaddr --sport $NTP_PORT \ + -d $ntp_client_ipaddr --dport $UNPRIV_PORTS \ + -m state --state ESTABLISHED \ + -j ACCEPT + + return 0 +} + +# ---------------------------------------------------------------------------- +# snat_ntp_request +# Usage: snat_ntp_request interface if_ipaddr ntp_client_ipaddr ntp_server_ipaddr +# + +snat_ntp_request () +{ + local interface=$1 + local if_ipaddr=$2 + local ntp_client_ipaddr=$3 + local ntp_server_ipaddr=$4 + + $IPTABLES -t nat -A POSTROUTING -o $interface -p udp \ + -s $ntp_client_ipaddr --sport $NTP_PORT \ + -d $ntp_server_ipaddr --dport $NTP_PORT \ + -j SNAT --to $if_ipaddr + + $IPTABLES -t nat -A POSTROUTING -o $interface -p udp \ + -s $ntp_client_ipaddr --sport $UNPRIV_PORTS \ + -d $ntp_server_ipaddr --dport $NTP_PORT \ + -j SNAT --to $if_ipaddr + return 0 +} + +# ---------------------------------------------------------------------------- +# dnat_ntp_request +# Usage: dnat_ntp_request interface if_ipaddr ntp_client_ipaddr ntp_server_ipaddr +# + +dnat_ntp_request () +{ + local interface=$1 + local if_ipaddr=$2 + local ntp_client_ipaddr=$3 + local ntp_server_ipaddr=$4 + + $IPTABLES -t nat -A PREROUTING -i $interface -p udp \ + -s $ntp_client_ipaddr --sport $NTP_PORT \ + -d $if_ipaddr --dport $NTP_PORT \ + -j DNAT --to $ntp_server_ipaddr + + $IPTABLES -t nat -A PREROUTING -i $interface -p udp \ + -s $ntp_client_ipaddr --sport $UNPRIV_PORTS \ + -d $if_ipaddr --dport $NTP_PORT \ + -j DNAT --to $ntp_server_ipaddr + return 0 +} + +# ---------------------------------------------------------------------------- +# NTP outgoing client request +# + +[ "$DEBUG" = "on" ] && echo -e "# NTP outgoing client request" + +# Interface 0 NTP outgoing client request + +[ "$INTERFACE0_NTP_CLIENT" == "yes" ] && \ +[ "$DEBUG" = "on" ] && echo -e "# Interface 0 NTP outgoing client request" + +[ "$INTERFACE0_NTP_CLIENT" == "yes" ] && \ +for (( index = 0; index < "${#INTERFACE0_NTP_OUT_DST_IPADDR[@]}"; index++ )) +do + + accept_ntp_request interface0_out ${INTERFACE0_NTP_OUT_SRC_IPADDR[$index]} ${INTERFACE0_NTP_OUT_DST_IPADDR[$index]} + accept_ntp_reply interface0_in ${INTERFACE0_NTP_OUT_DST_IPADDR[$index]} ${INTERFACE0_NTP_OUT_SRC_IPADDR[$index]} + +done + +# Interface 1 NTP outgoing client request + +[ -n "$INTERFACE1" ] && [ "$INTERFACE1_NTP_CLIENT" == "yes" ] && \ +[ "$DEBUG" = "on" ] && echo -e "# Interface 1 NTP outgoing client request" + +[ -n "$INTERFACE1" ] && [ "$INTERFACE1_NTP_CLIENT" == "yes" ] && \ +for (( index = 0; index < "${#INTERFACE1_NTP_OUT_DST_IPADDR[@]}"; index++ )) +do + + accept_ntp_request interface1_out ${INTERFACE1_NTP_OUT_SRC_IPADDR[$index]} ${INTERFACE1_NTP_OUT_DST_IPADDR[$index]} + accept_ntp_reply interface1_in ${INTERFACE1_NTP_OUT_DST_IPADDR[$index]} ${INTERFACE1_NTP_OUT_SRC_IPADDR[$index]} + +done + +# Network 1 NTP forwarded outgoing client request + +[ -n "$INTERFACE1" ] && [ "$NETWORK1_NTP_CLIENT" == "yes" ] && \ +[ "$DEBUG" = "on" ] && echo -e "# Network 1 NTP forwarded outgoing client request" + +[ -n "$INTERFACE1" ] && [ "$NETWORK1_NTP_CLIENT" == "yes" ] && \ +for (( index = 0; index < "${#NETWORK1_NTP_OUT_DST_IPADDR[@]}"; index++ )) +do + + [ "$NETWORK1_NAT" == "yes" ] && \ + snat_ntp_request $INTERFACE0 $INTERFACE0_IPADDR ${NETWORK1_NTP_OUT_SRC_IPADDR[$index]} ${NETWORK1_NTP_OUT_DST_IPADDR[$index]} + accept_ntp_request network1_out ${NETWORK1_NTP_OUT_SRC_IPADDR[$index]} ${NETWORK1_NTP_OUT_DST_IPADDR[$index]} + accept_ntp_reply network1_in ${NETWORK1_NTP_OUT_DST_IPADDR[$index]} ${NETWORK1_NTP_OUT_SRC_IPADDR[$index]} + +done + +# ---------------------------------------------------------------------------- +# NTP incoming client request +# + +[ "$DEBUG" = "on" ] && echo -e "# NTP incoming client request" + +# Interface 0 NTP incoming client request + +[ "$INTERFACE0_NTP_SERVER" == "yes" ] && \ +[ "$DEBUG" = "on" ] && echo -e "# Interface 0 NTP incoming client request" + +[ "$INTERFACE0_NTP_SERVER" == "yes" ] && \ +for (( index = 0; index < "${#INTERFACE0_NTP_IN_SRC_IPADDR[@]}"; index++ )) +do + + accept_ntp_request interface0_in ${INTERFACE0_NTP_IN_SRC_IPADDR[$index]} ${INTERFACE0_NTP_IN_DST_IPADDR[$index]} + accept_ntp_reply interface0_out ${INTERFACE0_NTP_IN_DST_IPADDR[$index]} ${INTERFACE0_NTP_IN_SRC_IPADDR[$index]} + +done + +# Interface 1 NTP incoming client request + +[ -n "$INTERFACE1" ] && [ "$INTERFACE1_NTP_SERVER" == "yes" ] && \ +[ "$DEBUG" = "on" ] && echo -e "# Interface 1 NTP incoming client request" + +[ -n "$INTERFACE1" ] && [ "$INTERFACE1_NTP_SERVER" == "yes" ] && \ +for (( index = 0; index < "${#INTERFACE1_NTP_IN_SRC_IPADDR[@]}"; index++ )) +do + + accept_ntp_request interface1_in ${INTERFACE1_NTP_IN_SRC_IPADDR[$index]} ${INTERFACE1_NTP_IN_DST_IPADDR[$index]} + accept_ntp_reply interface1_out ${INTERFACE1_NTP_IN_DST_IPADDR[$index]} ${INTERFACE1_NTP_IN_SRC_IPADDR[$index]} + +done + +# Network 1 NTP forwarded incoming client request + +[ -n "$INTERFACE1" ] && [ "$NETWORK1_NTP_SERVER" == "yes" ] && \ +[ "$DEBUG" = "on" ] && echo -e "# Network 1 NTP forwarded incoming client request" + +[ -n "$INTERFACE1" ] && [ "$NETWORK1_NTP_SERVER" == "yes" ] && \ +for (( index = 0; index < "${#NETWORK1_NTP_IN_SRC_IPADDR[@]}"; index++ )) +do + + [ "$NETWORK1_NAT" == "yes" ] && \ + dnat_ntp_request $INTERFACE0 $INTERFACE0_IPADDR ${NETWORK1_NTP_IN_SRC_IPADDR[$index]} ${NETWORK1_NTP_IN_DST_IPADDR[$index]} + accept_ntp_request network1_in ${NETWORK1_NTP_IN_SRC_IPADDR[$index]} ${NETWORK1_NTP_IN_DST_IPADDR[$index]} + accept_ntp_reply network1_out ${NETWORK1_NTP_IN_DST_IPADDR[$index]} ${NETWORK1_NTP_IN_SRC_IPADDR[$index]} + +done + +# ---------------------------------------------------------------------------- +# End of file diff --git a/net-firewall/giptables/giptables-1.1-r1.ebuild b/net-firewall/giptables/giptables-1.1-r1.ebuild new file mode 100644 index 000000000000..1c8daf0d25af --- /dev/null +++ b/net-firewall/giptables/giptables-1.1-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/giptables/giptables-1.1-r1.ebuild,v 1.1 2005/01/16 08:37:01 dragonheart Exp $ + +DESCRIPTION="set of shell scripts that help generate iptables rules" +HOMEPAGE="http://www.giptables.org/" +SRC_URI="http://www.giptables.org/downloads/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86 ~ppc" +IUSE="" + +DEPEND="" +RDEPEND="net-firewall/iptables" + +src_install() { + dodir /etc/{conf.d,init.d} + + # Creating GIPTables home, modules and conf directories + dodir /lib/giptables /lib/giptables/modules /lib/giptables/conf + chmod -R 700 ${D}/lib/giptables + + # Copying GIPTables main library file /lib/giptables/giptables-main + cp -f ${S}/giptables-main ${D}/lib/giptables + + # Copying GIPTables module files /lib/giptables/modules/* + cp -f ${S}/modules/* ${D}/lib/giptables/modules + # Copying fixed GIPTables NTP module file to /lib/giptables/modules/ + cp -f ${FILESDIR}/giptables-NTP ${D}/lib/giptables/modules + chmod 600 ${D}/lib/giptables/modules/* + + # Copying GIPTables example configuration files /lib/giptables/conf/* + cp -f ${S}/conf/* ${D}/lib/giptables/conf + chmod 600 ${D}/lib/giptables/conf/* + + # Copying other GIPTables files + cp ${S}/if_ipaddr ${D}/lib/giptables + chmod 700 ${D}/lib/giptables/if_ipaddr + + cp ${S}/rc.giptables.blocked ${D}/etc/conf.d/giptables.blocked + cp ${S}/rc.giptables.custom ${D}/etc/conf.d/giptables.custom + chmod 600 ${D}/etc/conf.d/giptables.blocked ${D}/etc/conf.d/giptables.custom + + # Creating docs + dodoc AUTHORS COPYING ChangeLog* INSTALL README TODO + dodir /usr/share/doc/${PF}/html + mv ${S}/documentation/* ${D}/usr/share/doc/${PF}/html + + # Creating init script + exeinto /etc/init.d + newexe ${FILESDIR}/giptables.init giptables +} + +pkg_preinst() { + for conf_file in ${D}/lib/giptables/conf/* + do + sed -e 's/rc\.d\/rc\.giptables\.custom/conf\.d\/giptables\.custom/g' -e 's/rc\.d\/rc\.giptables\.blocked/conf\.d\/giptables\.blocked/g' $conf_file > $conf_file.orig + mv --force $conf_file.orig $conf_file + done +} + +pkg_postinst() { + einfo + einfo "Before running /etc/init.d/giptables or adding it to a runlevel with" + einfo "rc-update, be sure to create a config file /etc/giptables.conf" + einfo + einfo "For sample config files, please, look at /lib/giptables/conf" + einfo +} |