commit: f473cb298779981b8ec6c522165f41562d67548a Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Fri May 8 04:28:39 2020 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Fri May 8 04:30:03 2020 +0000 URL: https://gitweb.gentoo.org/proj/eselect.git/commit/?id=f473cb29
iptables.eselect: new module Bug: https://bugs.gentoo.org/698746 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> AUTHORS | 3 + modules/iptables.eselect | 175 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 178 insertions(+) diff --git a/AUTHORS b/AUTHORS index 77f5bdb..ded9cae 100644 --- a/AUTHORS +++ b/AUTHORS @@ -36,3 +36,6 @@ Ben de Groot <yng...@gentoo.org> Alexandre Rostovtsev <tetrom...@gentoo.org> Modules: gnome-shell-extensions + +Chris Pritchard <ch...@christopherpritchard.co.uk> + Modules: iptables diff --git a/modules/iptables.eselect b/modules/iptables.eselect new file mode 100644 index 0000000..f94b25c --- /dev/null +++ b/modules/iptables.eselect @@ -0,0 +1,175 @@ +# -*-eselect-*- vim: ft=eselect +# Copyright 2005-2020 Gentoo Authors +# Distributed under the terms of the GNU GPL version 2 or later + +DESCRIPTION="Manage the iptables and ip6tables symlink" +AUTHOR="ch...@christopherpritchard.co.uk" +MAINTAINER="base-sys...@gentoo.org" +VERSION="20200319" + +IPTABLES_TARGETS=("iptables" "iptables-restore" "iptables-save") +IP6TABLES_TARGETS=("ip6tables" "ip6tables-restore" "ip6tables-save") + +# find a list of xtables symlink targets +find_targets() { + local f + for f in "${EROOT}"/sbin/xtables-*-multi; do + [[ -f ${f} ]] && basename "${f}" + done +} + +# remove the iptables symlink +remove_symlinks() { + local ipt + for ipt in "${IPTABLES_TARGETS[@]}"; do + rm -f "${EROOT}/sbin/${ipt}" &>/dev/null + done + if [[ -n ${ipv6} && -n ${ipv6_remove} ]]; then + local ip6t + for ip6t in "${IP6TABLES_TARGETS[@]}"; do + rm -f "${EROOT}/sbin/${ip6t}" &>/dev/null + done + fi +} + +# set the iptables symlink +set_symlinks() { + local target="${1}" + + if is_number "${target}" && [[ ${target} -ge 1 ]]; then + local -a targets + readarray -t targets <<< "$(find_targets)" + target=${targets[$((target-1))]} + fi + + if [[ -z ${target} || ! -f ${EROOT}/sbin/${target} ]]; then + die -q "Target \"${target}\" doesn't appear to be valid!" + fi + + local ipt + for ipt in "${IPTABLES_TARGETS[@]}"; do + ln -s "${target}" "${EROOT}/sbin/${ipt}" + done + + if [[ -n ${ipv6} ]]; then + local ip6t + for ip6t in "${IP6TABLES_TARGETS[@]}"; do + ln -s "${target}" "${EROOT}/sbin/${ip6t}" + done + fi +} + +### show action ### + +describe_show() { + echo "Show the current iptables symlink" +} + +do_show() { + local ipv6 + if [[ -d ${EROOT}/var/lib/ip6tables ]]; then + ipv6=1 + fi + write_list_start "Current iptables symlinks:" + local ipt all_unset=1 + for ipt in "${IPTABLES_TARGETS[@]}"; do + if [[ -L ${EROOT}/sbin/${ipt} ]]; then + local ipta + ipta=$(canonicalise "${EROOT}/sbin/${ipt}") + write_kv_list_entry "${ipt}" "${ipta%/}" + all_unset=0 + else + write_kv_list_entry "${ipt}" "(unset)" + fi + done + if [[ ${ipv6} -eq 1 ]]; then + write_list_start "Current ip6tables symlinks:" + local ip6t + for ip6t in "${IP6TABLES_TARGETS[@]}"; do + if [[ -L ${EROOT}/sbin/${ip6t} ]]; then + local ipta + ipta=$(canonicalise "${EROOT}/sbin/${ip6t}") + write_kv_list_entry "${ip6t}" "${ipta%/}" + all_unset=0 + else + write_kv_list_entry "${ip6t}" "(unset)" + fi + done + fi + return "${all_unset}" +} +### list action ### + +describe_list() { + echo "List available iptables symlink targets" +} + +do_list() { + local ipv6 + local -a targets + readarray -t targets <<< "$(find_targets)" + if [[ -L ${EROOT}/var/lib/ip6tables ]]; then + ipv6=1 + fi + write_list_start "Available iptables symlink targets:" + local i + for (( i = 0; i < ${#targets[@]}; i++ )); do + # highlight the target where the symlink is pointing to + [[ ${targets[i]} = \ + $(basename "$(canonicalise "${EROOT}/sbin/iptables")") ]] \ + && targets[i]=$(highlight_marker "${targets[i]}") + done + write_numbered_list -m "(none found)" "${targets[@]}" +} + +### set action ### + +describe_set() { + echo "Set a new iptables symlink target" +} + +describe_set_parameters() { + echo "[--ipv6] <target>" +} + +describe_set_options() { + echo "--ipv6: Forces creation of ip6tables symlinks" + echo "target : Target name or number (from 'list' action)" +} + +do_set() { + local ipv6 ipv6_remove + if [[ ${1} == "--ipv6" ]]; then + ipv6=1 + shift + fi + local target="${1}" + + [[ -z ${target} ]] && die -q "You didn't tell me what to set the symlink to" + [[ ${#} -gt 2 ]] && die -q "Too many parameters" + + if [[ -d ${EROOT}/var/lib/ip6tables ]]; then + ipv6=1 + [[ -L ${EROOT}/sbin/ip6tables ]] && ipv6_remove=1 + fi + if [[ -L ${EROOT}/sbin/iptables ]]; then + # existing symlink + remove_symlinks || die -q "Couldn't remove existing symlink" + set_symlinks "${target}" || die -q "Couldn't set a new symlink" + elif [[ -e ${EROOT}/sbin/iptables ]]; then + # we have something strange + die -q "${EROOT}/sbin/iptables exists but is not a symlink" + else + set_symlinks "${target}" || die -q "Couldn't set a new symlink" + fi +} + +### unset action ### + +describe_unset() { + echo "Unset iptables symlink targets" +} + +do_unset() { + remove_symlinks +}