Commit aaba5711 authored by Manuel's avatar Manuel

Update iptables and iproute

parent d29d878b
...@@ -25,7 +25,7 @@ source=(http://www.kernel.org/pub/linux/utils/net/$pkgname/$pkgname-$pkgver.tar. ...@@ -25,7 +25,7 @@ source=(http://www.kernel.org/pub/linux/utils/net/$pkgname/$pkgname-$pkgver.tar.
sha1sums=('3f48a6d3019f1766f26cda6c4de5d3858837d92b' sha1sums=('3f48a6d3019f1766f26cda6c4de5d3858837d92b'
'35b8cf2dc94b73eccad427235c07596146cd6f6c') '35b8cf2dc94b73eccad427235c07596146cd6f6c')
prepare() { build() {
cd $srcdir/$pkgname-$pkgver cd $srcdir/$pkgname-$pkgver
# set correct fhs structure # set correct fhs structure
...@@ -33,10 +33,6 @@ prepare() { ...@@ -33,10 +33,6 @@ prepare() {
# do not treat warnings as errors # do not treat warnings as errors
sed -i 's/-Werror//' Makefile sed -i 's/-Werror//' Makefile
}
build() {
cd $srcdir/$pkgname-$pkgver
./configure ./configure
make make
......
diff -Naur iproute2.old/Makefile iproute2-2.6.29/Makefile diff -Naur iproute2-3.4.0/Makefile iproute2-3.4.0.new/Makefile
--- iproute2.old/Makefile 2009-11-11 22:05:21.251407668 +0100 --- iproute2-3.4.0/Makefile 2012-05-21 23:12:19.000000000 +0200
+++ iproute2-2.6.29/Makefile 2009-11-11 22:07:09.891833516 +0100 +++ iproute2-3.4.0.new/Makefile 2012-06-18 10:23:53.896760158 +0200
@@ -1,11 +1,12 @@ @@ -1,7 +1,8 @@
DESTDIR=/usr/
ROOTDIR=$(DESTDIR) ROOTDIR=$(DESTDIR)
LIBDIR=/usr/lib/ PREFIX=/usr
LIBDIR=$(PREFIX)/lib
-SBINDIR=/sbin -SBINDIR=/sbin
+SBINDIR=/usr/sbin +SBINDIR=/usr/sbin
CONFDIR=/etc/iproute2
-DOCDIR=/share/doc/iproute2
-MANDIR=/share/man
+DOCDIR=/usr/share/doc/iproute2
+MANDIR=/usr/share/man
ARPDDIR=/var/lib/arpd
+SHAREDIR=/usr/share +SHAREDIR=/usr/share
CONFDIR=/etc/iproute2
# Path to db_185.h include DATADIR=$(PREFIX)/share
DBM_INCLUDE:=$(ROOTDIR)/usr/include DOCDIR=$(DATADIR)/doc/iproute2
diff -Naur iproute2.old/tc/tc_util.c iproute2-2.6.29/tc/tc_util.c diff -Naur iproute2-3.4.0/netem/Makefile iproute2-3.4.0.new/netem/Makefile
--- iproute2.old/tc/tc_util.c 2009-11-11 22:05:21.298076943 +0100 --- iproute2-3.4.0/netem/Makefile 2012-05-21 23:12:19.000000000 +0200
+++ iproute2-2.6.29/tc/tc_util.c 2009-11-11 22:09:32.865152646 +0100 +++ iproute2-3.4.0.new/netem/Makefile 2012-06-18 10:23:53.896760158 +0200
@@ -24,8 +24,8 @@
#include "utils.h"
#include "tc_util.h"
-#ifndef LIBDIR
-#define LIBDIR "/usr/lib/"
+#ifndef SHAREDIR
+#define SHAREDIR "/usr/share"
#endif
const char *get_tc_lib(void)
@@ -34,7 +34,7 @@
lib_dir = getenv("TC_LIB_DIR");
if (!lib_dir)
- lib_dir = LIBDIR "/tc/";
+ lib_dir = SHAREDIR "/tc/";
return lib_dir;
}
diff -Naur iproute2.old/netem/Makefile iproute2-2.6.35/netem/Makefile
--- iproute2.old/netem/Makefile 2010-08-06 11:30:48.640940183 +0200
+++ iproute2-2.6.35/netem/Makefile 2010-08-06 11:32:34.210908892 +0200
@@ -20,9 +20,9 @@ @@ -20,9 +20,9 @@
$(HOSTCC) $(CCOPTS) -I../include -o $@ $@.c -lm $(HOSTCC) $(CCOPTS) -I../include -o $@ $@.c -lm
...@@ -55,18 +26,20 @@ diff -Naur iproute2.old/netem/Makefile iproute2-2.6.35/netem/Makefile ...@@ -55,18 +26,20 @@ diff -Naur iproute2.old/netem/Makefile iproute2-2.6.35/netem/Makefile
done done
clean: clean:
diff -Naur iproute2.old/tc/Makefile iproute2-2.6.35/tc/Makefile diff -Naur iproute2-3.4.0/tc/Makefile iproute2-3.4.0.new/tc/Makefile
--- iproute2.old/tc/Makefile 2010-08-06 11:48:35.607472252 +0200 --- iproute2-3.4.0/tc/Makefile 2012-05-21 23:12:19.000000000 +0200
+++ iproute2-2.6.35/tc/Makefile 2010-08-06 11:49:36.977473380 +0200 +++ iproute2-3.4.0.new/tc/Makefile 2012-06-18 10:23:53.893426840 +0200
@@ -99,18 +99,11 @@ @@ -105,18 +105,11 @@
$(AR) rcs $@ $(TCLIB) $(AR) rcs $@ $(TCLIB)
install: all install: all
- mkdir -p $(MODDESTDIR) - mkdir -p $(MODDESTDIR)
- install -m 0755 tc $(DESTDIR)$(SBINDIR) + mkdir -p $(DESTDIR)$(LIBDIR)/tc
- for i in $(TCSO); \ install -m 0755 tc $(DESTDIR)$(SBINDIR)
for i in $(TCSO); \
- do install -m 755 $$i $(MODDESTDIR); \ - do install -m 755 $$i $(MODDESTDIR); \
- done + do install -m 755 $$i $(DESTDIR)$(LIBDIR)/tc; \
done
- if [ ! -f $(MODDESTDIR)/m_ipt.so ]; then \ - if [ ! -f $(MODDESTDIR)/m_ipt.so ]; then \
- if [ -f $(MODDESTDIR)/m_xt.so ]; \ - if [ -f $(MODDESTDIR)/m_xt.so ]; \
- then ln -s m_xt.so $(MODDESTDIR)/m_ipt.so ; \ - then ln -s m_xt.so $(MODDESTDIR)/m_ipt.so ; \
...@@ -74,11 +47,29 @@ diff -Naur iproute2.old/tc/Makefile iproute2-2.6.35/tc/Makefile ...@@ -74,11 +47,29 @@ diff -Naur iproute2.old/tc/Makefile iproute2-2.6.35/tc/Makefile
- then ln -s m_xt_old.so $(MODDESTDIR)/m_ipt.so ; \ - then ln -s m_xt_old.so $(MODDESTDIR)/m_ipt.so ; \
- fi; \ - fi; \
- fi - fi
+ mkdir -p $(DESTDIR)$(LIBDIR)/tc
+ install -m 0755 tc $(DESTDIR)$(SBINDIR)
+ for i in $(TCSO); \
+ do install -m 755 $$i $(DESTDIR)$(LIBDIR)/tc; \
+ done
clean: clean:
rm -f $(TCOBJ) $(TCLIB) libtc.a tc *.so emp_ematch.yacc.h; \ rm -f $(TCOBJ) $(TCLIB) libtc.a tc *.so emp_ematch.yacc.h; \
diff -Naur iproute2-3.4.0/tc/tc_util.c iproute2-3.4.0.new/tc/tc_util.c
--- iproute2-3.4.0/tc/tc_util.c 2012-05-21 23:12:19.000000000 +0200
+++ iproute2-3.4.0.new/tc/tc_util.c 2012-06-18 10:23:53.893426840 +0200
@@ -24,8 +24,8 @@
#include "utils.h"
#include "tc_util.h"
-#ifndef LIBDIR
-#define LIBDIR "/usr/lib"
+#ifndef SHAREDIR
+#define SHAREDIR "/usr/share"
#endif
const char *get_tc_lib(void)
@@ -34,7 +34,7 @@
lib_dir = getenv("TC_LIB_DIR");
if (!lib_dir)
- lib_dir = LIBDIR "/tc/";
+ lib_dir = SHAREDIR "/tc/";
return lib_dir;
}
--- ip/iproute.c.orig 2010-08-12 13:50:37.510000024 +0200
+++ ip/iproute.c 2010-08-12 13:51:05.100000024 +0200
@@ -1286,6 +1286,7 @@
memset(&req, 0, sizeof(req));
iproute_reset_filter();
+ filter.cloned = 2;
req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
req.n.nlmsg_flags = NLM_F_REQUEST;
Index: b/extensions/GNUmakefile.in
===================================================================
--- a/extensions/GNUmakefile.in 2012-03-27 12:14:05.000000000 -0400
+++ b/extensions/GNUmakefile.in 2012-03-27 16:03:48.378790221 -0400
@@ -21,7 +21,7 @@
kinclude_CPPFLAGS = @kinclude_CPPFLAGS@
AM_CFLAGS = ${regular_CFLAGS}
-AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS}
+AM_CPPFLAGS = ${CPPFLAGS} ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS}
AM_DEPFLAGS = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@
AM_LDFLAGS = @noundef_LDFLAGS@
...@@ -33,7 +33,7 @@ sha1sums=('34bf627c8755a61caf3635a998d2a5279f664f9e' ...@@ -33,7 +33,7 @@ sha1sums=('34bf627c8755a61caf3635a998d2a5279f664f9e'
'1694d79b3e6e9d9d543f6a6e75fed06066c9a6c6' '1694d79b3e6e9d9d543f6a6e75fed06066c9a6c6'
'7db53bb882f62f6c677cc8559cff83d8bae2ef73' '7db53bb882f62f6c677cc8559cff83d8bae2ef73'
'ebbd1424a1564fd45f455a81c61ce348f0a14c2e' 'ebbd1424a1564fd45f455a81c61ce348f0a14c2e'
'44626980a52e49f345a0b1e1ca03060f3a35763c' '9434783cdb968f205b272fbe531b36204a322b65'
'9306cba67dbeaa004af084a816f66920a6a10faf' '9306cba67dbeaa004af084a816f66920a6a10faf'
'38fa2ffe7965e63b494d333f69193029c1258c28' '38fa2ffe7965e63b494d333f69193029c1258c28'
'e7abda09c61142121b6695928d3b71ccd8fdf73a') 'e7abda09c61142121b6695928d3b71ccd8fdf73a')
......
# Empty iptables filter table rule file
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Empty iptables mangle table rules file
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Empty iptables nat table rules file
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Empty iptables raw table rules file
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Empty iptables security table rules file
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
[Unit]
Description=IPv6 Packet Filtering Framework
[Service]
Type=oneshot
ExecStart=/usr/bin/ip6tables-restore /etc/iptables/ip6tables.rules
ExecReload=/usr/bin/ip6tables-restore /etc/iptables/ip6tables.rules
ExecStop=/usr/lib/systemd/scripts/iptables-flush 6
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
#!/bin/bash
#
# Usage: iptables-flush [6]
#
iptables=ip$1tables
if ! type -p "$iptables"; then
echo "error: invalid argument"
exit 1
fi
while read -r table; do
tables+=("/var/lib/$iptables/empty-$table.rules")
done <"/proc/net/ip$1_tables_names"
if (( ${#tables[*]} )); then
cat "${tables[@]}" | "$iptables-restore"
fi
[Unit]
Description=Packet Filtering Framework
[Service]
Type=oneshot
ExecStart=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecReload=/usr/bin/iptables-restore /etc/iptables/iptables.rules
ExecStop=/usr/lib/systemd/scripts/iptables-flush
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
:FORWARD DROP [0:0] :FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT -A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -j REJECT --reject-with tcp-reset -A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment