Date: Monday, March 27, 2017 @ 11:13:18 Author: bpiotrowski Revision: 291727
archrelease: copy trunk to staging-i686, staging-x86_64 Added: iptables/repos/staging-i686/ iptables/repos/staging-i686/PKGBUILD (from rev 291726, iptables/trunk/PKGBUILD) iptables/repos/staging-i686/empty-filter.rules (from rev 291726, iptables/trunk/empty-filter.rules) iptables/repos/staging-i686/empty-mangle.rules (from rev 291726, iptables/trunk/empty-mangle.rules) iptables/repos/staging-i686/empty-nat.rules (from rev 291726, iptables/trunk/empty-nat.rules) iptables/repos/staging-i686/empty-raw.rules (from rev 291726, iptables/trunk/empty-raw.rules) iptables/repos/staging-i686/empty-security.rules (from rev 291726, iptables/trunk/empty-security.rules) iptables/repos/staging-i686/empty.rules (from rev 291726, iptables/trunk/empty.rules) iptables/repos/staging-i686/ip6tables.service (from rev 291726, iptables/trunk/ip6tables.service) iptables/repos/staging-i686/iptables-flush (from rev 291726, iptables/trunk/iptables-flush) iptables/repos/staging-i686/iptables.service (from rev 291726, iptables/trunk/iptables.service) iptables/repos/staging-i686/simple_firewall.rules (from rev 291726, iptables/trunk/simple_firewall.rules) iptables/repos/staging-x86_64/ iptables/repos/staging-x86_64/PKGBUILD (from rev 291726, iptables/trunk/PKGBUILD) iptables/repos/staging-x86_64/empty-filter.rules (from rev 291726, iptables/trunk/empty-filter.rules) iptables/repos/staging-x86_64/empty-mangle.rules (from rev 291726, iptables/trunk/empty-mangle.rules) iptables/repos/staging-x86_64/empty-nat.rules (from rev 291726, iptables/trunk/empty-nat.rules) iptables/repos/staging-x86_64/empty-raw.rules (from rev 291726, iptables/trunk/empty-raw.rules) iptables/repos/staging-x86_64/empty-security.rules (from rev 291726, iptables/trunk/empty-security.rules) iptables/repos/staging-x86_64/empty.rules (from rev 291726, iptables/trunk/empty.rules) iptables/repos/staging-x86_64/ip6tables.service (from rev 291726, iptables/trunk/ip6tables.service) iptables/repos/staging-x86_64/iptables-flush (from rev 291726, iptables/trunk/iptables-flush) iptables/repos/staging-x86_64/iptables.service (from rev 291726, iptables/trunk/iptables.service) iptables/repos/staging-x86_64/simple_firewall.rules (from rev 291726, iptables/trunk/simple_firewall.rules) --------------------------------------+ staging-i686/PKGBUILD | 81 +++++++++++++++++++++++++++++++++ staging-i686/empty-filter.rules | 6 ++ staging-i686/empty-mangle.rules | 8 +++ staging-i686/empty-nat.rules | 7 ++ staging-i686/empty-raw.rules | 5 ++ staging-i686/empty-security.rules | 6 ++ staging-i686/empty.rules | 6 ++ staging-i686/ip6tables.service | 14 +++++ staging-i686/iptables-flush | 18 +++++++ staging-i686/iptables.service | 14 +++++ staging-i686/simple_firewall.rules | 11 ++++ staging-x86_64/PKGBUILD | 81 +++++++++++++++++++++++++++++++++ staging-x86_64/empty-filter.rules | 6 ++ staging-x86_64/empty-mangle.rules | 8 +++ staging-x86_64/empty-nat.rules | 7 ++ staging-x86_64/empty-raw.rules | 5 ++ staging-x86_64/empty-security.rules | 6 ++ staging-x86_64/empty.rules | 6 ++ staging-x86_64/ip6tables.service | 14 +++++ staging-x86_64/iptables-flush | 18 +++++++ staging-x86_64/iptables.service | 14 +++++ staging-x86_64/simple_firewall.rules | 11 ++++ 22 files changed, 352 insertions(+) Copied: iptables/repos/staging-i686/PKGBUILD (from rev 291726, iptables/trunk/PKGBUILD) =================================================================== --- staging-i686/PKGBUILD (rev 0) +++ staging-i686/PKGBUILD 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,81 @@ +# $Id$ +# Maintainer: Ronald van Haren <ronald.archlinux.org> +# Contributor: Thomas Baechler <tho...@archlinux.org> + +pkgname=iptables +pkgver=1.6.1 +pkgrel=1 +pkgdesc='Linux kernel packet control tool' +arch=(i686 x86_64) +license=(GPL2) +url='http://www.netfilter.org/projects/iptables/index.html' +depends=(glibc bash libnftnl libpcap) +makedepends=(linux-api-headers) +source=(http://www.netfilter.org/projects/iptables/files/${pkgname}-${pkgver}.tar.bz2{,.sig} + empty.rules + simple_firewall.rules + empty-filter.rules + empty-mangle.rules + empty-nat.rules + empty-raw.rules + empty-security.rules + iptables.service + ip6tables.service + iptables-flush) +sha1sums=('b2592490ca7a6c2cd0f069e167a4337c86acdf91' + 'SKIP' + '83b3363878e3660ce23b2ad325b53cbd6c796ecf' + 'f085a71f467e4d7cb2cf094d9369b0bcc4bab6ec' + 'd9f9f06b46b4187648e860afa0552335aafe3ce4' + 'c45b738b5ec4cfb11611b984c21a83b91a2d58f3' + '1694d79b3e6e9d9d543f6a6e75fed06066c9a6c6' + '7db53bb882f62f6c677cc8559cff83d8bae2ef73' + 'ebbd1424a1564fd45f455a81c61ce348f0a14c2e' + '49be9443fc302dd0fda78b63d64e884cadb61603' + '635ba179aeed0c06af0c8b0dba3935f6267e608b' + 'e7abda09c61142121b6695928d3b71ccd8fdf73a') +validpgpkeys=('C09DB2063F1D7034BA6152ADAB4655A126D292E4') # Netfilter Core Team + +prepare() { + cd $pkgname-$pkgver + + # use system one + rm include/linux/types.h +} + +build() { + cd $pkgname-$pkgver + + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/iptables \ + --with-xtlibdir=/usr/lib/iptables \ + --enable-bpf-compiler \ + --enable-devel \ + --enable-shared + + make +} + +package() { + cd $pkgname-$pkgver + make DESTDIR="$pkgdir" install + + cd "$srcdir" + install -Dm644 empty.rules "${pkgdir}"/etc/iptables/empty.rules + install -Dm644 simple_firewall.rules "${pkgdir}"/etc/iptables/simple_firewall.rules + + install -d "$pkgdir"/var/lib/{iptables,ip6tables} + install -m644 empty-{filter,mangle,nat,raw,security}.rules "${pkgdir}"/var/lib/iptables + install -m644 empty-{filter,mangle,nat,raw,security}.rules "${pkgdir}"/var/lib/ip6tables + + # install systemd files + install -Dm644 iptables.service \ + "$pkgdir/usr/lib/systemd/system/iptables.service" + install -Dm644 ip6tables.service \ + "$pkgdir/usr/lib/systemd/system/ip6tables.service" + install -Dm755 iptables-flush \ + "$pkgdir/usr/lib/systemd/scripts/iptables-flush" +} + Copied: iptables/repos/staging-i686/empty-filter.rules (from rev 291726, iptables/trunk/empty-filter.rules) =================================================================== --- staging-i686/empty-filter.rules (rev 0) +++ staging-i686/empty-filter.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,6 @@ +# Empty iptables filter table rule file +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-i686/empty-mangle.rules (from rev 291726, iptables/trunk/empty-mangle.rules) =================================================================== --- staging-i686/empty-mangle.rules (rev 0) +++ staging-i686/empty-mangle.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,8 @@ +# Empty iptables mangle table rules file +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-i686/empty-nat.rules (from rev 291726, iptables/trunk/empty-nat.rules) =================================================================== --- staging-i686/empty-nat.rules (rev 0) +++ staging-i686/empty-nat.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,7 @@ +# Empty iptables nat table rules file +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-i686/empty-raw.rules (from rev 291726, iptables/trunk/empty-raw.rules) =================================================================== --- staging-i686/empty-raw.rules (rev 0) +++ staging-i686/empty-raw.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,5 @@ +# Empty iptables raw table rules file +*raw +:PREROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-i686/empty-security.rules (from rev 291726, iptables/trunk/empty-security.rules) =================================================================== --- staging-i686/empty-security.rules (rev 0) +++ staging-i686/empty-security.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,6 @@ +# Empty iptables security table rules file +*security +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-i686/empty.rules (from rev 291726, iptables/trunk/empty.rules) =================================================================== --- staging-i686/empty.rules (rev 0) +++ staging-i686/empty.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,6 @@ +# Empty iptables rule file +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-i686/ip6tables.service (from rev 291726, iptables/trunk/ip6tables.service) =================================================================== --- staging-i686/ip6tables.service (rev 0) +++ staging-i686/ip6tables.service 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,14 @@ +[Unit] +Description=IPv6 Packet Filtering Framework +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/ip6tables-restore /etc/iptables/ip6tables.rules +ExecReload=/usr/bin/ip6tables-restore /etc/iptables/ip6tables.rules +ExecStop=/usr/lib/systemd/scripts/iptables-flush 6 +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target Copied: iptables/repos/staging-i686/iptables-flush (from rev 291726, iptables/trunk/iptables-flush) =================================================================== --- staging-i686/iptables-flush (rev 0) +++ staging-i686/iptables-flush 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Usage: iptables-flush [6] +# + +iptables=ip$1tables +if ! type -p "$iptables"; then + echo "error: invalid argument" + exit 1 +fi + +while read -r table; do + tables+=("/var/lib/$iptables/empty-$table.rules") +done <"/proc/net/ip$1_tables_names" + +if (( ${#tables[*]} )); then + cat "${tables[@]}" | "$iptables-restore" +fi Copied: iptables/repos/staging-i686/iptables.service (from rev 291726, iptables/trunk/iptables.service) =================================================================== --- staging-i686/iptables.service (rev 0) +++ staging-i686/iptables.service 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,14 @@ +[Unit] +Description=Packet Filtering Framework +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/iptables-restore /etc/iptables/iptables.rules +ExecReload=/usr/bin/iptables-restore /etc/iptables/iptables.rules +ExecStop=/usr/lib/systemd/scripts/iptables-flush +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target Copied: iptables/repos/staging-i686/simple_firewall.rules (from rev 291726, iptables/trunk/simple_firewall.rules) =================================================================== --- staging-i686/simple_firewall.rules (rev 0) +++ staging-i686/simple_firewall.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,11 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -p icmp -j ACCEPT +-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p tcp -j REJECT --reject-with tcp-reset +-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable +-A INPUT -j REJECT --reject-with icmp-proto-unreachable +COMMIT Copied: iptables/repos/staging-x86_64/PKGBUILD (from rev 291726, iptables/trunk/PKGBUILD) =================================================================== --- staging-x86_64/PKGBUILD (rev 0) +++ staging-x86_64/PKGBUILD 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,81 @@ +# $Id$ +# Maintainer: Ronald van Haren <ronald.archlinux.org> +# Contributor: Thomas Baechler <tho...@archlinux.org> + +pkgname=iptables +pkgver=1.6.1 +pkgrel=1 +pkgdesc='Linux kernel packet control tool' +arch=(i686 x86_64) +license=(GPL2) +url='http://www.netfilter.org/projects/iptables/index.html' +depends=(glibc bash libnftnl libpcap) +makedepends=(linux-api-headers) +source=(http://www.netfilter.org/projects/iptables/files/${pkgname}-${pkgver}.tar.bz2{,.sig} + empty.rules + simple_firewall.rules + empty-filter.rules + empty-mangle.rules + empty-nat.rules + empty-raw.rules + empty-security.rules + iptables.service + ip6tables.service + iptables-flush) +sha1sums=('b2592490ca7a6c2cd0f069e167a4337c86acdf91' + 'SKIP' + '83b3363878e3660ce23b2ad325b53cbd6c796ecf' + 'f085a71f467e4d7cb2cf094d9369b0bcc4bab6ec' + 'd9f9f06b46b4187648e860afa0552335aafe3ce4' + 'c45b738b5ec4cfb11611b984c21a83b91a2d58f3' + '1694d79b3e6e9d9d543f6a6e75fed06066c9a6c6' + '7db53bb882f62f6c677cc8559cff83d8bae2ef73' + 'ebbd1424a1564fd45f455a81c61ce348f0a14c2e' + '49be9443fc302dd0fda78b63d64e884cadb61603' + '635ba179aeed0c06af0c8b0dba3935f6267e608b' + 'e7abda09c61142121b6695928d3b71ccd8fdf73a') +validpgpkeys=('C09DB2063F1D7034BA6152ADAB4655A126D292E4') # Netfilter Core Team + +prepare() { + cd $pkgname-$pkgver + + # use system one + rm include/linux/types.h +} + +build() { + cd $pkgname-$pkgver + + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/iptables \ + --with-xtlibdir=/usr/lib/iptables \ + --enable-bpf-compiler \ + --enable-devel \ + --enable-shared + + make +} + +package() { + cd $pkgname-$pkgver + make DESTDIR="$pkgdir" install + + cd "$srcdir" + install -Dm644 empty.rules "${pkgdir}"/etc/iptables/empty.rules + install -Dm644 simple_firewall.rules "${pkgdir}"/etc/iptables/simple_firewall.rules + + install -d "$pkgdir"/var/lib/{iptables,ip6tables} + install -m644 empty-{filter,mangle,nat,raw,security}.rules "${pkgdir}"/var/lib/iptables + install -m644 empty-{filter,mangle,nat,raw,security}.rules "${pkgdir}"/var/lib/ip6tables + + # install systemd files + install -Dm644 iptables.service \ + "$pkgdir/usr/lib/systemd/system/iptables.service" + install -Dm644 ip6tables.service \ + "$pkgdir/usr/lib/systemd/system/ip6tables.service" + install -Dm755 iptables-flush \ + "$pkgdir/usr/lib/systemd/scripts/iptables-flush" +} + Copied: iptables/repos/staging-x86_64/empty-filter.rules (from rev 291726, iptables/trunk/empty-filter.rules) =================================================================== --- staging-x86_64/empty-filter.rules (rev 0) +++ staging-x86_64/empty-filter.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,6 @@ +# Empty iptables filter table rule file +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-x86_64/empty-mangle.rules (from rev 291726, iptables/trunk/empty-mangle.rules) =================================================================== --- staging-x86_64/empty-mangle.rules (rev 0) +++ staging-x86_64/empty-mangle.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,8 @@ +# Empty iptables mangle table rules file +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-x86_64/empty-nat.rules (from rev 291726, iptables/trunk/empty-nat.rules) =================================================================== --- staging-x86_64/empty-nat.rules (rev 0) +++ staging-x86_64/empty-nat.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,7 @@ +# Empty iptables nat table rules file +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-x86_64/empty-raw.rules (from rev 291726, iptables/trunk/empty-raw.rules) =================================================================== --- staging-x86_64/empty-raw.rules (rev 0) +++ staging-x86_64/empty-raw.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,5 @@ +# Empty iptables raw table rules file +*raw +:PREROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-x86_64/empty-security.rules (from rev 291726, iptables/trunk/empty-security.rules) =================================================================== --- staging-x86_64/empty-security.rules (rev 0) +++ staging-x86_64/empty-security.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,6 @@ +# Empty iptables security table rules file +*security +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-x86_64/empty.rules (from rev 291726, iptables/trunk/empty.rules) =================================================================== --- staging-x86_64/empty.rules (rev 0) +++ staging-x86_64/empty.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,6 @@ +# Empty iptables rule file +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +COMMIT Copied: iptables/repos/staging-x86_64/ip6tables.service (from rev 291726, iptables/trunk/ip6tables.service) =================================================================== --- staging-x86_64/ip6tables.service (rev 0) +++ staging-x86_64/ip6tables.service 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,14 @@ +[Unit] +Description=IPv6 Packet Filtering Framework +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/ip6tables-restore /etc/iptables/ip6tables.rules +ExecReload=/usr/bin/ip6tables-restore /etc/iptables/ip6tables.rules +ExecStop=/usr/lib/systemd/scripts/iptables-flush 6 +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target Copied: iptables/repos/staging-x86_64/iptables-flush (from rev 291726, iptables/trunk/iptables-flush) =================================================================== --- staging-x86_64/iptables-flush (rev 0) +++ staging-x86_64/iptables-flush 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Usage: iptables-flush [6] +# + +iptables=ip$1tables +if ! type -p "$iptables"; then + echo "error: invalid argument" + exit 1 +fi + +while read -r table; do + tables+=("/var/lib/$iptables/empty-$table.rules") +done <"/proc/net/ip$1_tables_names" + +if (( ${#tables[*]} )); then + cat "${tables[@]}" | "$iptables-restore" +fi Copied: iptables/repos/staging-x86_64/iptables.service (from rev 291726, iptables/trunk/iptables.service) =================================================================== --- staging-x86_64/iptables.service (rev 0) +++ staging-x86_64/iptables.service 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,14 @@ +[Unit] +Description=Packet Filtering Framework +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/iptables-restore /etc/iptables/iptables.rules +ExecReload=/usr/bin/iptables-restore /etc/iptables/iptables.rules +ExecStop=/usr/lib/systemd/scripts/iptables-flush +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target Copied: iptables/repos/staging-x86_64/simple_firewall.rules (from rev 291726, iptables/trunk/simple_firewall.rules) =================================================================== --- staging-x86_64/simple_firewall.rules (rev 0) +++ staging-x86_64/simple_firewall.rules 2017-03-27 11:13:18 UTC (rev 291727) @@ -0,0 +1,11 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -p icmp -j ACCEPT +-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p tcp -j REJECT --reject-with tcp-reset +-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable +-A INPUT -j REJECT --reject-with icmp-proto-unreachable +COMMIT