summaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2011-12-08 14:49:58 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2011-12-08 16:03:56 +0000
commitb9ee7399b85055d504ffce2302cd4d785e55acf3 (patch)
treeb10ad618721dc75f4eb593ab69aa406211a6f737 /main
parentce098569bd1f484f3519a528289c1f86f646a7d1 (diff)
downloadaports-b9ee7399b85055d504ffce2302cd4d785e55acf3.tar.bz2
aports-b9ee7399b85055d504ffce2302cd4d785e55acf3.tar.xz
main/shorewall-shell: set all/rp_filter based on ROUTE_FILTER
The kernel changed behavior around 2.6.31. We need a way to turn off rp_filter. details: http://article.gmane.org/gmane.comp.security.shorewall/23329/match=rp_filter This will disable routefilter if ROUTE_FILTER=no in /etc/shorewall/shorewall.conf default. To enable you will need set the routefilter option in /etc/shorewall/interfaces (cherry picked from commit 438e9609e25928bc0033ad9a29f628ee9b294af7)
Diffstat (limited to 'main')
-rw-r--r--main/shorewall-shell/APKBUILD6
-rw-r--r--main/shorewall-shell/shorewall-shell-rp_filter.patch17
2 files changed, 21 insertions, 2 deletions
diff --git a/main/shorewall-shell/APKBUILD b/main/shorewall-shell/APKBUILD
index c04a3c15a..c2e1eefa1 100644
--- a/main/shorewall-shell/APKBUILD
+++ b/main/shorewall-shell/APKBUILD
@@ -2,7 +2,7 @@
pkgname=shorewall-shell
_v=4.2.11
pkgver=4.2.11
-pkgrel=2
+pkgrel=3
pkgdesc="Shoreline Firewall shell-based compiler."
url="http://www.shorewall.net/"
arch="noarch"
@@ -13,6 +13,7 @@ source="http://www.shorewall.net/pub/shorewall/${_v%.*}/shorewall-$_v/$pkgname-$
shorewall-policyrouting.patch
shorewall-shell-ipset.patch
shorewall-shell-providers-gateway-none.patch
+ shorewall-shell-rp_filter.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -33,4 +34,5 @@ build() {
md5sums="518a7f389a6f606c109acb7dfbe18372 shorewall-shell-4.2.11.tar.bz2
64c01bc4f57203fb877bb334994eac38 shorewall-policyrouting.patch
79745ea284a08cb167b9a356ee0bff3b shorewall-shell-ipset.patch
-66b7249c5c56d104f62676c175e222d3 shorewall-shell-providers-gateway-none.patch"
+66b7249c5c56d104f62676c175e222d3 shorewall-shell-providers-gateway-none.patch
+d5eadb6be45aa41f80669452baa853a6 shorewall-shell-rp_filter.patch"
diff --git a/main/shorewall-shell/shorewall-shell-rp_filter.patch b/main/shorewall-shell/shorewall-shell-rp_filter.patch
new file mode 100644
index 000000000..0e3174c92
--- /dev/null
+++ b/main/shorewall-shell/shorewall-shell-rp_filter.patch
@@ -0,0 +1,17 @@
+--- ./compiler.orig
++++ ./compiler
+@@ -3991,12 +3991,12 @@
+ __EOF__
+ done
+
+- save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
+-
+ if [ "$ROUTE_FILTER" = yes ]; then
+ save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter"
++ save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
+ elif [ "$ROUTE_FILTER" = no ]; then
+ save_command "echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter"
++ save_command "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter"
+ fi
+
+ save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 17:40:06 +0000