summaryrefslogtreecommitdiffstats
path: root/abs/core-testing/iptables
diff options
context:
space:
mode:
Diffstat (limited to 'abs/core-testing/iptables')
-rw-r--r--abs/core-testing/iptables/PKGBUILD30
-rw-r--r--abs/core-testing/iptables/PKGBUILD.orig36
-rw-r--r--abs/core-testing/iptables/empty.rules6
-rwxr-xr-xabs/core-testing/iptables/ip6tables97
-rwxr-xr-xabs/core-testing/iptables/iptables95
-rw-r--r--abs/core-testing/iptables/iptables.conf.d8
-rw-r--r--abs/core-testing/iptables/simple_firewall.rules11
7 files changed, 0 insertions, 283 deletions
diff --git a/abs/core-testing/iptables/PKGBUILD b/abs/core-testing/iptables/PKGBUILD
deleted file mode 100644
index c796285..0000000
--- a/abs/core-testing/iptables/PKGBUILD
+++ /dev/null
@@ -1,30 +0,0 @@
-# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
-# Maintainer: Thomas Baechler <thomas@archlinux.org>
-pkgname=iptables
-pkgver=1.4.1
-pkgrel=1
-pkgdesc="A Linux kernel packet control tool"
-arch=('i686' 'x86_64')
-license=('GPL')
-url="http://www.netfilter.org/"
-depends=('glibc')
-source=(http://www.iptables.org/projects/iptables/files/iptables-$pkgver.tar.bz2 \
- iptables ip6tables empty.rules simple_firewall.rules iptables.conf.d)
-md5sums=('e628f033b95741266a315d54fe73db9c'
- '89401d6f0cf1de46a455b7be6720a58b'
- '6e0e88c2ed0c3715d1409ee3258a0046'
- '14186bbafe21bb0638c0cb8e0903c829'
- 'e53a83bb4d8ac8b7eadd7bd58294751d'
- 'c7cf6e4455c228e50d20ce3edd75ee59')
-
-build() {
- cd $startdir/src/$pkgname-$pkgver
- ./configure --prefix=/usr
- make || return 1
- make DESTDIR=${startdir}/pkg install
- install -D -m755 ../iptables $startdir/pkg/etc/rc.d/iptables
- install -D -m755 ../ip6tables $startdir/pkg/etc/rc.d/ip6tables
- install -D -m644 ../empty.rules $startdir/pkg/etc/iptables/empty.rules
- install -D -m644 ../simple_firewall.rules $startdir/pkg/etc/iptables/simple_firewall.rules
- install -D -m644 ../iptables.conf.d $startdir/pkg/etc/conf.d/iptables
-}
diff --git a/abs/core-testing/iptables/PKGBUILD.orig b/abs/core-testing/iptables/PKGBUILD.orig
deleted file mode 100644
index b0182d8..0000000
--- a/abs/core-testing/iptables/PKGBUILD.orig
+++ /dev/null
@@ -1,36 +0,0 @@
-# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
-# Maintainer: Thomas Baechler <thomas@archlinux.org>
-pkgname=iptables
-pkgver=1.4.1
-pkgrel=1
-pkgdesc="A Linux kernel packet control tool"
-arch=('i686' 'x86_64')
-license=('GPL')
-url="http://www.netfilter.org/"
-depends=('glibc')
-source=(http://www.iptables.org/projects/iptables/files/iptables-$pkgver.tar.bz2 \
- iptables ip6tables empty.rules simple_firewall.rules iptables.conf.d)
-md5sums=('e628f033b95741266a315d54fe73db9c'
- '89401d6f0cf1de46a455b7be6720a58b'
- '6e0e88c2ed0c3715d1409ee3258a0046'
- '14186bbafe21bb0638c0cb8e0903c829'
- 'e53a83bb4d8ac8b7eadd7bd58294751d'
- 'c7cf6e4455c228e50d20ce3edd75ee59')
-
-build() {
- cd $startdir/src/$pkgname-$pkgver
- sed -i 's|/usr/local|/usr|' Makefile
- sed -i 's|MANDIR:=$(PREFIX)/man|MANDIR:=$(PREFIX)/share/man|' Makefile
- # this seems to cause more problems than help
- # sed -i "s:/usr/src/linux:/usr/src/linux\*:" Makefile
- make KERNEL_DIR=/usr/src/linux-$(uname -r) || return 1
- make KERNEL_DIR=/usr/src/linux-$(uname -r) experimental || return 1
- make PREFIX=$startdir/pkg/usr KERNEL_DIR=/usr/src/linux-$(uname -r) install || return 1
- make PREFIX=$startdir/pkg/usr KERNEL_DIR=/usr/src/linux-$(uname -r) install-devel || return 1
- make PREFIX=$startdir/pkg/usr KERNEL_DIR=/usr/src/linux-$(uname -r) install-experimental || return 1
- install -D -m755 ../iptables $startdir/pkg/etc/rc.d/iptables
- install -D -m755 ../ip6tables $startdir/pkg/etc/rc.d/ip6tables
- install -D -m644 ../empty.rules $startdir/pkg/etc/iptables/empty.rules
- install -D -m644 ../simple_firewall.rules $startdir/pkg/etc/iptables/simple_firewall.rules
- install -D -m644 ../iptables.conf.d $startdir/pkg/etc/conf.d/iptables
-}
diff --git a/abs/core-testing/iptables/empty.rules b/abs/core-testing/iptables/empty.rules
deleted file mode 100644
index e24e1aa..0000000
--- a/abs/core-testing/iptables/empty.rules
+++ /dev/null
@@ -1,6 +0,0 @@
-# Empty iptables rule file
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
diff --git a/abs/core-testing/iptables/ip6tables b/abs/core-testing/iptables/ip6tables
deleted file mode 100755
index 1733db2..0000000
--- a/abs/core-testing/iptables/ip6tables
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/bin/bash
-
-# source application-specific settings
-[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
-
-# Set defaults if settings are missing
-[ -z "$IP6TABLES" ] && IP6TABLES=/usr/sbin/ip6tables
-[ -z "$IP6TABLES_CONF" ] && IP6TABLES_CONF=/etc/iptables/ip6tables.rules
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-case "$1" in
- start)
- if [ ! -f $IP6TABLES_CONF ]; then
- echo "Cannot load iptables rules: $IP6TABLES_CONF is missing!" >&2
- exit 1
- fi
- stat_busy "Starting IP6 Tables"
- if [ "$IPTABLES_FORWARD" = "1" ]; then
- echo 1 >/proc/sys/net/ipv6/conf/default/forwarding
- echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
- fi
- if ck_daemon ip6tables; then
- /usr/sbin/ip6tables-restore < $IP6TABLES_CONF
- if [ $? -gt 0 ]; then
- stat_fail
- else
- add_daemon ip6tables
- stat_done
- fi
- else
- stat_fail
- fi
- ;;
- stop)
- stat_busy "Stopping IP6 Tables"
- echo 0 >/proc/sys/net/ipv6/conf/all/forwarding
- echo 0 >/proc/sys/net/ipv6/conf/default/forwarding
- if ! ck_daemon ip6tables; then
- fail=0
- for table in $(cat /proc/net/ip6_tables_names); do
- $IP6TABLES -t $table -F &>/dev/null && \
- $IP6TABLES -t $table -X &>/dev/null && \
- $IP6TABLES -t $table -Z &>/dev/null
- [ $? -gt 0 ] && fail=1
- done
- if [ $fail -gt 0 ]; then
- stat_fail
- else
- rm_daemon ip6tables
- # reset policies
- for table in filter mangle raw; do
- if grep -qw $table /proc/net/ip6_tables_names; then
- $IP6TABLES -t $table -P OUTPUT ACCEPT
- fi
- done
- for table in filter mangle; do
- if grep -qw $table /proc/net/ip6_tables_names; then
- $IP6TABLES -t $table -P INPUT ACCEPT
- $IP6TABLES -t $table -P FORWARD ACCEPT
- fi
- done
- for table in mangle raw; do
- if grep -qw $table /proc/net/ip6_tables_names; then
- $IP6TABLES -t $table -P PREROUTING ACCEPT
- fi
- done
- for table in mangle; do
- if grep -qw $table /proc/net/ip6_tables_names; then
- $IP6TABLES -t $table -P POSTROUTING ACCEPT
- fi
- done
- stat_done
- fi
- else
- stat_fail
- fi
- ;;
- restart)
- $0 stop
- sleep 2
- $0 start
- ;;
- save)
- stat_busy "Saving IP6 Tables"
- /usr/sbin/ip6tables-save >$IP6TABLES_CONF
- if [ $? -gt 0 ]; then
- stat_fail
- else
- stat_done
- fi
- ;;
- *)
- echo "usage: $0 {start|stop|restart|save}"
-esac
-exit 0
diff --git a/abs/core-testing/iptables/iptables b/abs/core-testing/iptables/iptables
deleted file mode 100755
index 50c13d5..0000000
--- a/abs/core-testing/iptables/iptables
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/bin/bash
-
-# source application-specific settings
-[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables
-
-# Set defaults if settings are missing
-[ -z "$IPTABLES" ] && IPTABLES=/usr/sbin/iptables
-[ -z "$IPTABLES_CONF" ] && IPTABLES_CONF=/etc/iptables/iptables.rules
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-case "$1" in
- start)
- if [ ! -f $IPTABLES_CONF ]; then
- echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2
- exit 1
- fi
- stat_busy "Starting IP Tables"
- if [ "$IPTABLES_FORWARD" = "1" ]; then
- echo 1 >/proc/sys/net/ipv4/ip_forward
- fi
- if ck_daemon iptables; then
- /usr/sbin/iptables-restore < $IPTABLES_CONF
- if [ $? -gt 0 ]; then
- stat_fail
- else
- add_daemon iptables
- stat_done
- fi
- else
- stat_fail
- fi
- ;;
- stop)
- stat_busy "Stopping IP Tables"
- echo 0 >/proc/sys/net/ipv4/ip_forward
- if ! ck_daemon iptables; then
- fail=0
- for table in $(cat /proc/net/ip_tables_names); do
- $IPTABLES -t $table -F &>/dev/null && \
- $IPTABLES -t $table -X &>/dev/null && \
- $IPTABLES -t $table -Z &>/dev/null
- [ $? -gt 0 ] && fail=1
- done
- if [ $fail -gt 0 ]; then
- stat_fail
- else
- rm_daemon iptables
- # reset policies
- for table in filter nat mangle raw; do
- if grep -qw $table /proc/net/ip_tables_names; then
- $IPTABLES -t $table -P OUTPUT ACCEPT
- fi
- done
- for table in filter mangle; do
- if grep -qw $table /proc/net/ip_tables_names; then
- $IPTABLES -t $table -P INPUT ACCEPT
- $IPTABLES -t $table -P FORWARD ACCEPT
- fi
- done
- for table in nat mangle raw; do
- if grep -qw $table /proc/net/ip_tables_names; then
- $IPTABLES -t $table -P PREROUTING ACCEPT
- fi
- done
- for table in nat mangle; do
- if grep -qw $table /proc/net/ip_tables_names; then
- $IPTABLES -t $table -P POSTROUTING ACCEPT
- fi
- done
- stat_done
- fi
- else
- stat_fail
- fi
- ;;
- restart)
- $0 stop
- sleep 2
- $0 start
- ;;
- save)
- stat_busy "Saving IP Tables"
- /usr/sbin/iptables-save >$IPTABLES_CONF
- if [ $? -gt 0 ]; then
- stat_fail
- else
- stat_done
- fi
- ;;
- *)
- echo "usage: $0 {start|stop|restart|save}"
-esac
-exit 0
diff --git a/abs/core-testing/iptables/iptables.conf.d b/abs/core-testing/iptables/iptables.conf.d
deleted file mode 100644
index e9afea2..0000000
--- a/abs/core-testing/iptables/iptables.conf.d
+++ /dev/null
@@ -1,8 +0,0 @@
-# Configuration for iptables rules
-
-IPTABLES=/usr/sbin/iptables
-IP6TABLES=/usr/sbin/ip6tables
-
-IPTABLES_CONF=/etc/iptables/iptables.rules
-IP6TABLES_CONF=/etc/iptables/ip6tables.rules
-IPTABLES_FORWARD=1 # enable IP forwarding?
diff --git a/abs/core-testing/iptables/simple_firewall.rules b/abs/core-testing/iptables/simple_firewall.rules
deleted file mode 100644
index e1604cc..0000000
--- a/abs/core-testing/iptables/simple_firewall.rules
+++ /dev/null
@@ -1,11 +0,0 @@
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -p icmp -j ACCEPT
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -p tcp -j REJECT --reject-with tcp-reset
--A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
--A INPUT -j REJECT --reject-with icmp-proto-unreachable
-COMMIT