diff options
Diffstat (limited to 'abs/core-testing/iptables')
| -rw-r--r-- | abs/core-testing/iptables/PKGBUILD | 30 | ||||
| -rw-r--r-- | abs/core-testing/iptables/PKGBUILD.orig | 36 | ||||
| -rw-r--r-- | abs/core-testing/iptables/empty.rules | 6 | ||||
| -rwxr-xr-x | abs/core-testing/iptables/ip6tables | 97 | ||||
| -rwxr-xr-x | abs/core-testing/iptables/iptables | 95 | ||||
| -rw-r--r-- | abs/core-testing/iptables/iptables.conf.d | 8 | ||||
| -rw-r--r-- | abs/core-testing/iptables/simple_firewall.rules | 11 |
7 files changed, 0 insertions, 283 deletions
diff --git a/abs/core-testing/iptables/PKGBUILD b/abs/core-testing/iptables/PKGBUILD deleted file mode 100644 index c796285..0000000 --- a/abs/core-testing/iptables/PKGBUILD +++ /dev/null @@ -1,30 +0,0 @@ -# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $ -# Maintainer: Thomas Baechler <thomas@archlinux.org> -pkgname=iptables -pkgver=1.4.1 -pkgrel=1 -pkgdesc="A Linux kernel packet control tool" -arch=('i686' 'x86_64') -license=('GPL') -url="http://www.netfilter.org/" -depends=('glibc') -source=(http://www.iptables.org/projects/iptables/files/iptables-$pkgver.tar.bz2 \ - iptables ip6tables empty.rules simple_firewall.rules iptables.conf.d) -md5sums=('e628f033b95741266a315d54fe73db9c' - '89401d6f0cf1de46a455b7be6720a58b' - '6e0e88c2ed0c3715d1409ee3258a0046' - '14186bbafe21bb0638c0cb8e0903c829' - 'e53a83bb4d8ac8b7eadd7bd58294751d' - 'c7cf6e4455c228e50d20ce3edd75ee59') - -build() { - cd $startdir/src/$pkgname-$pkgver - ./configure --prefix=/usr - make || return 1 - make DESTDIR=${startdir}/pkg install - install -D -m755 ../iptables $startdir/pkg/etc/rc.d/iptables - install -D -m755 ../ip6tables $startdir/pkg/etc/rc.d/ip6tables - install -D -m644 ../empty.rules $startdir/pkg/etc/iptables/empty.rules - install -D -m644 ../simple_firewall.rules $startdir/pkg/etc/iptables/simple_firewall.rules - install -D -m644 ../iptables.conf.d $startdir/pkg/etc/conf.d/iptables -} diff --git a/abs/core-testing/iptables/PKGBUILD.orig b/abs/core-testing/iptables/PKGBUILD.orig deleted file mode 100644 index b0182d8..0000000 --- a/abs/core-testing/iptables/PKGBUILD.orig +++ /dev/null @@ -1,36 +0,0 @@ -# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $ -# Maintainer: Thomas Baechler <thomas@archlinux.org> -pkgname=iptables -pkgver=1.4.1 -pkgrel=1 -pkgdesc="A Linux kernel packet control tool" -arch=('i686' 'x86_64') -license=('GPL') -url="http://www.netfilter.org/" -depends=('glibc') -source=(http://www.iptables.org/projects/iptables/files/iptables-$pkgver.tar.bz2 \ - iptables ip6tables empty.rules simple_firewall.rules iptables.conf.d) -md5sums=('e628f033b95741266a315d54fe73db9c' - '89401d6f0cf1de46a455b7be6720a58b' - '6e0e88c2ed0c3715d1409ee3258a0046' - '14186bbafe21bb0638c0cb8e0903c829' - 'e53a83bb4d8ac8b7eadd7bd58294751d' - 'c7cf6e4455c228e50d20ce3edd75ee59') - -build() { - cd $startdir/src/$pkgname-$pkgver - sed -i 's|/usr/local|/usr|' Makefile - sed -i 's|MANDIR:=$(PREFIX)/man|MANDIR:=$(PREFIX)/share/man|' Makefile - # this seems to cause more problems than help - # sed -i "s:/usr/src/linux:/usr/src/linux\*:" Makefile - make KERNEL_DIR=/usr/src/linux-$(uname -r) || return 1 - make KERNEL_DIR=/usr/src/linux-$(uname -r) experimental || return 1 - make PREFIX=$startdir/pkg/usr KERNEL_DIR=/usr/src/linux-$(uname -r) install || return 1 - make PREFIX=$startdir/pkg/usr KERNEL_DIR=/usr/src/linux-$(uname -r) install-devel || return 1 - make PREFIX=$startdir/pkg/usr KERNEL_DIR=/usr/src/linux-$(uname -r) install-experimental || return 1 - install -D -m755 ../iptables $startdir/pkg/etc/rc.d/iptables - install -D -m755 ../ip6tables $startdir/pkg/etc/rc.d/ip6tables - install -D -m644 ../empty.rules $startdir/pkg/etc/iptables/empty.rules - install -D -m644 ../simple_firewall.rules $startdir/pkg/etc/iptables/simple_firewall.rules - install -D -m644 ../iptables.conf.d $startdir/pkg/etc/conf.d/iptables -} diff --git a/abs/core-testing/iptables/empty.rules b/abs/core-testing/iptables/empty.rules deleted file mode 100644 index e24e1aa..0000000 --- a/abs/core-testing/iptables/empty.rules +++ /dev/null @@ -1,6 +0,0 @@ -# Empty iptables rule file -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -COMMIT diff --git a/abs/core-testing/iptables/ip6tables b/abs/core-testing/iptables/ip6tables deleted file mode 100755 index 1733db2..0000000 --- a/abs/core-testing/iptables/ip6tables +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash - -# source application-specific settings -[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables - -# Set defaults if settings are missing -[ -z "$IP6TABLES" ] && IP6TABLES=/usr/sbin/ip6tables -[ -z "$IP6TABLES_CONF" ] && IP6TABLES_CONF=/etc/iptables/ip6tables.rules - -. /etc/rc.conf -. /etc/rc.d/functions - -case "$1" in - start) - if [ ! -f $IP6TABLES_CONF ]; then - echo "Cannot load iptables rules: $IP6TABLES_CONF is missing!" >&2 - exit 1 - fi - stat_busy "Starting IP6 Tables" - if [ "$IPTABLES_FORWARD" = "1" ]; then - echo 1 >/proc/sys/net/ipv6/conf/default/forwarding - echo 1 >/proc/sys/net/ipv6/conf/all/forwarding - fi - if ck_daemon ip6tables; then - /usr/sbin/ip6tables-restore < $IP6TABLES_CONF - if [ $? -gt 0 ]; then - stat_fail - else - add_daemon ip6tables - stat_done - fi - else - stat_fail - fi - ;; - stop) - stat_busy "Stopping IP6 Tables" - echo 0 >/proc/sys/net/ipv6/conf/all/forwarding - echo 0 >/proc/sys/net/ipv6/conf/default/forwarding - if ! ck_daemon ip6tables; then - fail=0 - for table in $(cat /proc/net/ip6_tables_names); do - $IP6TABLES -t $table -F &>/dev/null && \ - $IP6TABLES -t $table -X &>/dev/null && \ - $IP6TABLES -t $table -Z &>/dev/null - [ $? -gt 0 ] && fail=1 - done - if [ $fail -gt 0 ]; then - stat_fail - else - rm_daemon ip6tables - # reset policies - for table in filter mangle raw; do - if grep -qw $table /proc/net/ip6_tables_names; then - $IP6TABLES -t $table -P OUTPUT ACCEPT - fi - done - for table in filter mangle; do - if grep -qw $table /proc/net/ip6_tables_names; then - $IP6TABLES -t $table -P INPUT ACCEPT - $IP6TABLES -t $table -P FORWARD ACCEPT - fi - done - for table in mangle raw; do - if grep -qw $table /proc/net/ip6_tables_names; then - $IP6TABLES -t $table -P PREROUTING ACCEPT - fi - done - for table in mangle; do - if grep -qw $table /proc/net/ip6_tables_names; then - $IP6TABLES -t $table -P POSTROUTING ACCEPT - fi - done - stat_done - fi - else - stat_fail - fi - ;; - restart) - $0 stop - sleep 2 - $0 start - ;; - save) - stat_busy "Saving IP6 Tables" - /usr/sbin/ip6tables-save >$IP6TABLES_CONF - if [ $? -gt 0 ]; then - stat_fail - else - stat_done - fi - ;; - *) - echo "usage: $0 {start|stop|restart|save}" -esac -exit 0 diff --git a/abs/core-testing/iptables/iptables b/abs/core-testing/iptables/iptables deleted file mode 100755 index 50c13d5..0000000 --- a/abs/core-testing/iptables/iptables +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash - -# source application-specific settings -[ -f /etc/conf.d/iptables ] && . /etc/conf.d/iptables - -# Set defaults if settings are missing -[ -z "$IPTABLES" ] && IPTABLES=/usr/sbin/iptables -[ -z "$IPTABLES_CONF" ] && IPTABLES_CONF=/etc/iptables/iptables.rules - -. /etc/rc.conf -. /etc/rc.d/functions - -case "$1" in - start) - if [ ! -f $IPTABLES_CONF ]; then - echo "Cannot load iptables rules: $IPTABLES_CONF is missing!" >&2 - exit 1 - fi - stat_busy "Starting IP Tables" - if [ "$IPTABLES_FORWARD" = "1" ]; then - echo 1 >/proc/sys/net/ipv4/ip_forward - fi - if ck_daemon iptables; then - /usr/sbin/iptables-restore < $IPTABLES_CONF - if [ $? -gt 0 ]; then - stat_fail - else - add_daemon iptables - stat_done - fi - else - stat_fail - fi - ;; - stop) - stat_busy "Stopping IP Tables" - echo 0 >/proc/sys/net/ipv4/ip_forward - if ! ck_daemon iptables; then - fail=0 - for table in $(cat /proc/net/ip_tables_names); do - $IPTABLES -t $table -F &>/dev/null && \ - $IPTABLES -t $table -X &>/dev/null && \ - $IPTABLES -t $table -Z &>/dev/null - [ $? -gt 0 ] && fail=1 - done - if [ $fail -gt 0 ]; then - stat_fail - else - rm_daemon iptables - # reset policies - for table in filter nat mangle raw; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P OUTPUT ACCEPT - fi - done - for table in filter mangle; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P INPUT ACCEPT - $IPTABLES -t $table -P FORWARD ACCEPT - fi - done - for table in nat mangle raw; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P PREROUTING ACCEPT - fi - done - for table in nat mangle; do - if grep -qw $table /proc/net/ip_tables_names; then - $IPTABLES -t $table -P POSTROUTING ACCEPT - fi - done - stat_done - fi - else - stat_fail - fi - ;; - restart) - $0 stop - sleep 2 - $0 start - ;; - save) - stat_busy "Saving IP Tables" - /usr/sbin/iptables-save >$IPTABLES_CONF - if [ $? -gt 0 ]; then - stat_fail - else - stat_done - fi - ;; - *) - echo "usage: $0 {start|stop|restart|save}" -esac -exit 0 diff --git a/abs/core-testing/iptables/iptables.conf.d b/abs/core-testing/iptables/iptables.conf.d deleted file mode 100644 index e9afea2..0000000 --- a/abs/core-testing/iptables/iptables.conf.d +++ /dev/null @@ -1,8 +0,0 @@ -# Configuration for iptables rules - -IPTABLES=/usr/sbin/iptables -IP6TABLES=/usr/sbin/ip6tables - -IPTABLES_CONF=/etc/iptables/iptables.rules -IP6TABLES_CONF=/etc/iptables/ip6tables.rules -IPTABLES_FORWARD=1 # enable IP forwarding? diff --git a/abs/core-testing/iptables/simple_firewall.rules b/abs/core-testing/iptables/simple_firewall.rules deleted file mode 100644 index e1604cc..0000000 --- a/abs/core-testing/iptables/simple_firewall.rules +++ /dev/null @@ -1,11 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -p icmp -j ACCEPT --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -i lo -j ACCEPT --A INPUT -p tcp -j REJECT --reject-with tcp-reset --A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable --A INPUT -j REJECT --reject-with icmp-proto-unreachable -COMMIT |