diff options
-rw-r--r-- | testing/ebtables/APKBUILD | 54 | ||||
-rw-r--r-- | testing/ebtables/ebtables.confd | 15 | ||||
-rw-r--r-- | testing/ebtables/ebtables.initd | 97 |
3 files changed, 149 insertions, 17 deletions
diff --git a/testing/ebtables/APKBUILD b/testing/ebtables/APKBUILD index c538f76639..4bdc882e5e 100644 --- a/testing/ebtables/APKBUILD +++ b/testing/ebtables/APKBUILD @@ -1,5 +1,5 @@ -# Contributor: -# Maintainer: +# Contributor: Andrew Manison <amanison@anselsystems.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ebtables pkgver=2.0.9.1 _realver=v2.0.9-1 @@ -7,23 +7,19 @@ pkgrel=0 pkgdesc="Ethernet bridge tables - Linux Ethernet filter for the Linux bridge." url="http://ebtables.sourceforge.net/" license="GPL" -depends="" -makedepends="uclibc-dev" +depends= +makedepends= install= -#subpackages="$pkgname-dev $pkgname-doc" -source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_realver.tar.gz" +subpackages="$pkgname-doc" +source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_realver.tar.gz + 0001-link-with-gcc.patch + ebtables.initd + ebtables.confd" -# 0001-add-gcc-no-stack-protector-flag-to-makefile.patch" - -# append extra dependencies to -dev subpackage -# remove if not used. -# depends_dev="somepackage-dev" - -build() { +prepare() { cd "$srcdir"/$pkgname-$_realver - - patches - for i in ../../*.patch; do + # patches + for i in ../*.patch; do msg "Applying $i" if ! patch --verbose -p1 -i $i; then error "$i failed" @@ -31,8 +27,32 @@ build() { fi done + sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \ + -e "s,^BINDIR:=.*,BINDIR:=/sbin," \ + -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/ebtables," \ + -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/ebtables,"\ + -e "s,^LIBDIR:=.*,LIBDIR:=/usr/lib/\$(PROGNAME)," \ + -e "s/^CFLAGS:=/CFLAGS+=/" \ + -e "s,^CC:=,CC?=," Makefile +} + +build() { + cd "$srcdir"/$pkgname-$_realver + + # This package uses _init functions to initialise extensions. With + # --as-needed this will not work. + export LDFLAGS="$LDFLAGS -Wl,--no-as-needed" make || return 1 +} + +package() { + cd "$srcdir"/$pkgname-$_realver make DESTDIR="$pkgdir" install + install -D -m755 ../ebtables.initd "$pkgdir"/etc/init.d/ebtables + install -D -m644 ../ebtables.initd "$pkgdir"/etc/conf.d/ebtables } -md5sums="0e0c20adf2bba6d91dbd0b74a1a38c33 ebtables-v2.0.9-1.tar.gz" +md5sums="0e0c20adf2bba6d91dbd0b74a1a38c33 ebtables-v2.0.9-1.tar.gz +91a565a5906dc1fd4103f03c6a88e0e1 0001-link-with-gcc.patch +92e13b3bc1d47d7c00636ebb78c905d5 ebtables.initd +285089ba2d846e72e321a12e3da3cc96 ebtables.confd" diff --git a/testing/ebtables/ebtables.confd b/testing/ebtables/ebtables.confd new file mode 100644 index 0000000000..db46ffb587 --- /dev/null +++ b/testing/ebtables/ebtables.confd @@ -0,0 +1,15 @@ +# /etc/conf.d/ebtables + +# Location in which ebtables initscript will save set rules on +# service shutdown +EBTABLES_SAVE="/var/lib/ebtables/rules-save" + +# Options to pass to ebtables-save and ebtables-restore +SAVE_RESTORE_OPTIONS="" + +# Save state on stopping ebtables +SAVE_ON_STOP="yes" + +# Tables to be saved and restored. If you have built ebtables as modules, you +# may leave it blank. Otherwise, you MUST define which to control. +TABLE_NAMES="filter nat broute" diff --git a/testing/ebtables/ebtables.initd b/testing/ebtables/ebtables.initd new file mode 100644 index 0000000000..27c743c910 --- /dev/null +++ b/testing/ebtables/ebtables.initd @@ -0,0 +1,97 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ebtables/files/ebtables.initd,v 1.2 2007/09/28 19:22:14 pva Exp $ + +opts="save reload panic" + +ebtables_bin="/sbin/ebtables" +ebtables_save=${EBTABLES_SAVE} +ebtables_tables=$(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//) +if [ "$ebtables_tables" == "" ] ; then + ebtables_tables=${TABLE_NAMES} +fi + +depend() { + before net + use logger +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + broute) chains="BROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${ebtables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkconfig() { + if [ ! -f ${ebtables_save} ] ; then + eerror "Not starting ebtables. First create some rules then run:" + eerror "/etc/init.d/ebtables save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ebtables state and starting bridge firewall" + ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + ebegin "Stopping bridge firewall" + local a + for a in ${ebtables_tables}; do + set_table_policy $a ACCEPT + + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? +} + +reload() { + ebegin "Flushing bridge firewall" + local a + for a in ${ebtables_tables}; do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? + + start +} + +save() { + ebegin "Saving ebtables state" + touch "${ebtables_save}" + chmod 0600 "${ebtables_save}" + ${ebtables_bin}-save ${ebtables_tables} ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}" + eend $? +} + +panic() { + service_started ebtables && svc_stop + + local a + ebegin "Dropping all packets forwarded on bridges" + for a in ${ebtables_tables}; do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + + set_table_policy $a DROP + done + eend $? +} |