summaryrefslogtreecommitdiffstats
path: root/main/shorewall-shell
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2011-12-08 14:49:58 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2011-12-08 15:40:10 +0000
commit438e9609e25928bc0033ad9a29f628ee9b294af7 (patch)
tree6b9d867db4636b54408bbbc2d9adf223d7502a15 /main/shorewall-shell
parent4537a84f977343600a95b268579a092f74c67d22 (diff)
downloadaports-438e9609e25928bc0033ad9a29f628ee9b294af7.tar.bz2
aports-438e9609e25928bc0033ad9a29f628ee9b294af7.tar.xz
main/shorewall-shell: set all/rp_filter based on ROUTE_FILTER
The kernel changed behavior around 2.6.31. We need a way to turn off rp_filter. details: http://article.gmane.org/gmane.comp.security.shorewall/23329/match=rp_filter This will disable routefilter if ROUTE_FILTER=no in /etc/shorewall/shorewall.conf default. To enable you will need set the routefilter option in /etc/shorewall/interfaces
Diffstat (limited to 'main/shorewall-shell')
-rw-r--r--main/shorewall-shell/APKBUILD6
-rw-r--r--main/shorewall-shell/shorewall-shell-rp_filter.patch17
2 files changed, 21 insertions, 2 deletions
diff --git a/main/shorewall-shell/APKBUILD b/main/shorewall-shell/APKBUILD
index c04a3c15a..c2e1eefa1 100644
--- a/main/shorewall-shell/APKBUILD
+++ b/main/shorewall-shell/APKBUILD
@@ -2,7 +2,7 @@
pkgname=shorewall-shell
_v=4.2.11
pkgver=4.2.11
-pkgrel=2
+pkgrel=3
pkgdesc="Shoreline Firewall shell-based compiler."
url="http://www.shorewall.net/"
arch="noarch"
@@ -13,6 +13,7 @@ source="http://www.shorewall.net/pub/shorewall/${_v%.*}/shorewall-$_v/$pkgname-$
shorewall-policyrouting.patch
shorewall-shell-ipset.patch
shorewall-shell-providers-gateway-none.patch
+ shorewall-shell-rp_filter.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -33,4 +34,5 @@ build() {
md5sums="518a7f389a6f606c109acb7dfbe18372 shorewall-shell-4.2.11.tar.bz2
64c01bc4f57203fb877bb334994eac38 shorewall-policyrouting.patch
79745ea284a08cb167b9a356ee0bff3b shorewall-shell-ipset.patch
-66b7249c5c56d104f62676c175e222d3 shorewall-shell-providers-gateway-none.patch"
+66b7249c5c56d104f62676c175e222d3 shorewall-shell-providers-gateway-none.patch
+d5eadb6be45aa41f80669452baa853a6 shorewall-shell-rp_filter.patch"
diff --git a/main/shorewall-shell/shorewall-shell-rp_filter.patch b/main/shorewall-shell/shorewall-shell-rp_filter.patch
new file mode 100644
index 000000000..0e3174c92
--- /dev/null
+++ b/main/shorewall-shell/shorewall-shell-rp_filter.patch
@@ -0,0 +1,17 @@
+--- ./compiler.orig
++++ ./compiler
+@@ -3991,12 +3991,12 @@
+ __EOF__
+ done
+
+- save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
+-
+ if [ "$ROUTE_FILTER" = yes ]; then
+ save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter"
++ save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
+ elif [ "$ROUTE_FILTER" = no ]; then
+ save_command "echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter"
++ save_command "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter"
+ fi
+
+ save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"