* [gentoo-commits] proj/hardened-dev:musl commit in: net-firewall/iptables/files/, net-firewall/iptables/
@ 2014-02-17 11:53 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2014-02-17 11:53 UTC (permalink / raw
To: gentoo-commits
commit: 261813f2c25976c4a52741449fe1cce34ffa73f6
Author: Felix Janda <felix.janda <AT> posteo <DOT> de>
AuthorDate: Sun Feb 16 18:41:48 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Feb 17 11:53:45 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=261813f2
net-firewall/iptables: move to tree
Disable some extensions to make it build
---
net-firewall/iptables/files/ip6tables-1.4.13.confd | 19 ++
.../iptables/files/iptables-1.4.13-r1.init | 130 +++++++++
net-firewall/iptables/files/iptables-1.4.13.confd | 19 ++
.../iptables/files/iptables-1.4.20-musl.patch | 304 +++++++++++++++++++++
net-firewall/iptables/iptables-1.4.20-r99.ebuild | 93 +++++++
net-firewall/iptables/metadata.xml | 23 ++
6 files changed, 588 insertions(+)
diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd
new file mode 100644
index 0000000..3bb3698
--- /dev/null
+++ b/net-firewall/iptables/files/ip6tables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/ip6tables
+
+# Location in which iptables initscript will save set rules on
+# service shutdown
+IP6TABLES_SAVE="/var/lib/ip6tables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init
new file mode 100644
index 0000000..a63d076
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init
@@ -0,0 +1,130 @@
+#!/sbin/runscript
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.4.13-r1.init,v 1.3 2013/04/27 17:29:09 vapier Exp $
+
+extra_commands="check save panic"
+extra_started_commands="reload"
+
+iptables_name=${SVCNAME}
+case ${iptables_name} in
+iptables|ip6tables) ;;
+*) iptables_name="iptables" ;;
+esac
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+ iptables) iptables_proc="/proc/net/ip_tables_names"
+ iptables_save=${IPTABLES_SAVE};;
+ ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+ iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+ need localmount #434774
+ before net
+}
+
+set_table_policy() {
+ local chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+ local chain
+ for chain in ${chains} ; do
+ ${iptables_bin} -t ${table} -P ${chain} ${policy}
+ done
+}
+
+checkkernel() {
+ if [ ! -e ${iptables_proc} ] ; then
+ eerror "Your kernel lacks ${iptables_name} support, please load"
+ eerror "appropriate modules and try again."
+ return 1
+ fi
+ return 0
+}
+checkconfig() {
+ if [ ! -f ${iptables_save} ] ; then
+ eerror "Not starting ${iptables_name}. First create some rules then run:"
+ eerror "/etc/init.d/${iptables_name} save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ${iptables_name} state and starting firewall"
+ ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+ checkkernel || return 1
+ ebegin "Stopping firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ set_table_policy $a ACCEPT
+
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+ done
+ eend $?
+}
+
+reload() {
+ checkkernel || return 1
+ checkrules || return 1
+ ebegin "Flushing firewall"
+ local a
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+ done
+ eend $?
+
+ start
+}
+
+checkrules() {
+ ebegin "Checking rules"
+ ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+ eend $?
+}
+
+check() {
+ # Short name for users of init.d script.
+ checkrules
+}
+
+save() {
+ ebegin "Saving ${iptables_name} state"
+ checkpath -q -d "$(dirname "${iptables_save}")"
+ checkpath -q -m 0600 -f "${iptables_save}"
+ ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+ eend $?
+}
+
+panic() {
+ checkkernel || return 1
+ if service_started ${iptables_name}; then
+ rc-service ${iptables_name} stop
+ fi
+
+ local a
+ ebegin "Dropping all packets"
+ for a in $(cat ${iptables_proc}) ; do
+ ${iptables_bin} -F -t $a
+ ${iptables_bin} -X -t $a
+
+ set_table_policy $a DROP
+ done
+ eend $?
+}
diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd
new file mode 100644
index 0000000..7225374
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.13.confd
@@ -0,0 +1,19 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
+
+# If you need to log iptables messages as soon as iptables starts,
+# AND your logger does NOT depend on the network, then you may wish
+# to uncomment the next line.
+# If your logger depends on the network, and you uncomment this line
+# you will create an unresolvable circular dependency during startup.
+# After commenting or uncommenting this line, you must run 'rc-update -u'.
+#rc_use="logger"
diff --git a/net-firewall/iptables/files/iptables-1.4.20-musl.patch b/net-firewall/iptables/files/iptables-1.4.20-musl.patch
new file mode 100644
index 0000000..cd5b1a7
--- /dev/null
+++ b/net-firewall/iptables/files/iptables-1.4.20-musl.patch
@@ -0,0 +1,304 @@
+diff -ur a/iptables-1.4.20/extensions/libxt_conntrack.c b/iptables-1.4.20/extensions/libxt_conntrack.c
+--- a/iptables-1.4.20/extensions/libxt_conntrack.c
++++ b/iptables-1.4.20/extensions/libxt_conntrack.c
+@@ -786,7 +786,7 @@
+
+ static void
+ conntrack_dump_ports(const char *prefix, const char *opt,
+- u_int16_t port_low, u_int16_t port_high)
++ uint16_t port_low, uint16_t port_high)
+ {
+ if (port_high == 0 || port_low == port_high)
+ printf(" %s%s %u", prefix, opt, port_low);
+diff -ur a/iptables-1.4.20/include/libipq/libipq.h b/iptables-1.4.20/include/libipq/libipq.h
+--- a/iptables-1.4.20/include/libipq/libipq.h
++++ b/iptables-1.4.20/include/libipq/libipq.h
+@@ -48,19 +48,19 @@
+ struct ipq_handle
+ {
+ int fd;
+- u_int8_t blocking;
++ uint8_t blocking;
+ struct sockaddr_nl local;
+ struct sockaddr_nl peer;
+ };
+
+-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
++struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
+
+ int ipq_destroy_handle(struct ipq_handle *h);
+
+ ssize_t ipq_read(const struct ipq_handle *h,
+ unsigned char *buf, size_t len, int timeout);
+
+-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
++int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
+
+ ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
+
+diff -ur a/iptables-1.4.20/include/libiptc/ipt_kernel_headers.h b/iptables-1.4.20/include/libiptc/ipt_kernel_headers.h
+--- a/iptables-1.4.20/include/libiptc/ipt_kernel_headers.h
++++ b/iptables-1.4.20/include/libiptc/ipt_kernel_headers.h
+@@ -15,13 +15,12 @@
+ #include <sys/types.h>
+ #else /* libc5 */
+ #include <sys/socket.h>
+-#include <linux/ip.h>
+-#include <linux/in.h>
+-#include <linux/if.h>
++#include <netinet/ip.h>
++#include <netinet/in.h>
++#include <net/if.h>
+ #include <linux/icmp.h>
+ #include <linux/tcp.h>
+ #include <linux/udp.h>
+ #include <linux/types.h>
+-#include <linux/in6.h>
+ #endif
+ #endif
+diff -ur a/iptables-1.4.20/include/libiptc/libxtc.h b/iptables-1.4.20/include/libiptc/libxtc.h
+--- a/iptables-1.4.20/include/libiptc/libxtc.h
++++ b/iptables-1.4.20/include/libiptc/libxtc.h
+@@ -10,7 +10,7 @@
+ #endif
+
+ #ifndef XT_MIN_ALIGN
+-/* xt_entry has pointers and u_int64_t's in it, so if you align to
++/* xt_entry has pointers and uint64_t's in it, so if you align to
+ it, you'll also align to any crazy matches and targets someone
+ might write */
+ #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
+diff -ur a/iptables-1.4.20/include/libipulog/libipulog.h b/iptables-1.4.20/include/libipulog/libipulog.h
+--- a/iptables-1.4.20/include/libipulog/libipulog.h 2013-08-06 15:48:43.000000000 +0000
++++ b/iptables-1.4.20/include/libipulog/libipulog.h 2014-02-09 09:32:45.058650377 +0000
+@@ -21,9 +21,9 @@
+
+ struct ipulog_handle;
+
+-u_int32_t ipulog_group2gmask(u_int32_t group);
++uint32_t ipulog_group2gmask(uint32_t group);
+
+-struct ipulog_handle *ipulog_create_handle(u_int32_t gmask);
++struct ipulog_handle *ipulog_create_handle(uint32_t gmask);
+
+ void ipulog_destroy_handle(struct ipulog_handle *h);
+
+diff -ur a/iptables-1.4.20/include/linux/netfilter_ipv4/ip_tables.h b/iptables-1.4.20/include/linux/netfilter_ipv4/ip_tables.h
+--- a/iptables-1.4.20/include/linux/netfilter_ipv4/ip_tables.h
++++ b/iptables-1.4.20/include/linux/netfilter_ipv4/ip_tables.h
+@@ -15,6 +15,7 @@
+ #ifndef _IPTABLES_H
+ #define _IPTABLES_H
+
++#include <stdint.h>
+ #include <linux/types.h>
+
+ #include <linux/netfilter_ipv4.h>
+@@ -73,12 +74,12 @@
+ unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
+
+ /* Protocol, 0 = ANY */
+- u_int16_t proto;
++ uint16_t proto;
+
+ /* Flags word */
+- u_int8_t flags;
++ uint8_t flags;
+ /* Inverse flags */
+- u_int8_t invflags;
++ uint8_t invflags;
+ };
+
+ /* Values for "flag" field in struct ipt_ip (general ip structure). */
+@@ -106,9 +107,9 @@
+ unsigned int nfcache;
+
+ /* Size of ipt_entry + matches */
+- u_int16_t target_offset;
++ uint16_t target_offset;
+ /* Size of ipt_entry + matches + target */
+- u_int16_t next_offset;
++ uint16_t next_offset;
+
+ /* Back pointer */
+ unsigned int comefrom;
+@@ -125,7 +126,7 @@
+ * Unlike BSD Linux inherits IP options so you don't have to use a raw
+ * socket for this. Instead we check rights in the calls.
+ *
+- * ATTENTION: check linux/in.h before adding new number here.
++ * ATTENTION: check netinet/in.h before adding new number here.
+ */
+ #define IPT_BASE_CTL 64
+
+@@ -141,9 +142,9 @@
+
+ /* ICMP matching stuff */
+ struct ipt_icmp {
+- u_int8_t type; /* type to match */
+- u_int8_t code[2]; /* range of code */
+- u_int8_t invflags; /* Inverse flags */
++ uint8_t type; /* type to match */
++ uint8_t code[2]; /* range of code */
++ uint8_t invflags; /* Inverse flags */
+ };
+
+ /* Values for "inv" field for struct ipt_icmp. */
+diff -ur a/iptables-1.4.20/include/linux/netfilter_ipv6/ip6_tables.h b/iptables-1.4.20/include/linux/netfilter_ipv6/ip6_tables.h
+--- a/iptables-1.4.20/include/linux/netfilter_ipv6/ip6_tables.h
++++ b/iptables-1.4.20/include/linux/netfilter_ipv6/ip6_tables.h
+@@ -73,14 +73,14 @@
+ * MH do not match any packets.
+ * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol.
+ */
+- u_int16_t proto;
++ uint16_t proto;
+ /* TOS to match iff flags & IP6T_F_TOS */
+- u_int8_t tos;
++ uint8_t tos;
+
+ /* Flags word */
+- u_int8_t flags;
++ uint8_t flags;
+ /* Inverse flags */
+- u_int8_t invflags;
++ uint8_t invflags;
+ };
+
+ /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
+@@ -110,9 +110,9 @@
+ unsigned int nfcache;
+
+ /* Size of ipt_entry + matches */
+- u_int16_t target_offset;
++ uint16_t target_offset;
+ /* Size of ipt_entry + matches + target */
+- u_int16_t next_offset;
++ uint16_t next_offset;
+
+ /* Back pointer */
+ unsigned int comefrom;
+@@ -162,7 +162,6 @@
+ * Unlike BSD Linux inherits IP options so you don't have to use
+ * a raw socket for this. Instead we check rights in the calls.
+ *
+- * ATTENTION: check linux/in6.h before adding new number here.
+ */
+ #define IP6T_BASE_CTL 64
+
+@@ -178,9 +177,9 @@
+
+ /* ICMP matching stuff */
+ struct ip6t_icmp {
+- u_int8_t type; /* type to match */
+- u_int8_t code[2]; /* range of code */
+- u_int8_t invflags; /* Inverse flags */
++ uint8_t type; /* type to match */
++ uint8_t code[2]; /* range of code */
++ uint8_t invflags; /* Inverse flags */
+ };
+
+ /* Values for "inv" field for struct ipt_icmp. */
+diff -ur a/iptables-1.4.20/include/linux/netfilter_ipv6/ip6t_rt.h b/iptables-1.4.20/include/linux/netfilter_ipv6/ip6t_rt.h
+--- a/iptables-1.4.20/include/linux/netfilter_ipv6/ip6t_rt.h
++++ b/iptables-1.4.20/include/linux/netfilter_ipv6/ip6t_rt.h
+@@ -2,7 +2,6 @@
+ #define _IP6T_RT_H
+
+ #include <linux/types.h>
+-/*#include <linux/in6.h>*/
+
+ #define IP6T_RT_HOPS 16
+
+diff -ur a/iptables-1.4.20/include/xtables.h b/iptables-1.4.20/include/xtables.h
+--- a/iptables-1.4.20/include/xtables.h
++++ b/iptables-1.4.20/include/xtables.h
+@@ -220,12 +220,12 @@
+ const char *real_name;
+
+ /* Revision of match (0 by default). */
+- u_int8_t revision;
++ uint8_t revision;
+
+ /* Extension flags */
+- u_int8_t ext_flags;
++ uint8_t ext_flags;
+
+- u_int16_t family;
++ uint16_t family;
+
+ /* Size of match data. */
+ size_t size;
+@@ -297,12 +297,12 @@
+ const char *real_name;
+
+ /* Revision of target (0 by default). */
+- u_int8_t revision;
++ uint8_t revision;
+
+ /* Extension flags */
+- u_int8_t ext_flags;
++ uint8_t ext_flags;
+
+- u_int16_t family;
++ uint16_t family;
+
+
+ /* Size of target data. */
+@@ -373,7 +373,7 @@
+ */
+ struct xtables_pprot {
+ const char *name;
+- u_int8_t num;
++ uint8_t num;
+ };
+
+ enum xtables_tryload {
+@@ -446,12 +446,12 @@
+ extern bool xtables_strtoui(const char *, char **, unsigned int *,
+ unsigned int, unsigned int);
+ extern int xtables_service_to_port(const char *name, const char *proto);
+-extern u_int16_t xtables_parse_port(const char *port, const char *proto);
++extern uint16_t xtables_parse_port(const char *port, const char *proto);
+ extern void
+ xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
+
+ /* this is a special 64bit data type that is 8-byte aligned */
+-#define aligned_u64 u_int64_t __attribute__((aligned(8)))
++#define aligned_u64 uint64_t __attribute__((aligned(8)))
+
+ extern struct xtables_globals *xt_params;
+ #define xtables_error (xt_params->exit_err)
+@@ -514,7 +514,7 @@
+ #endif
+
+ extern const struct xtables_pprot xtables_chain_protos[];
+-extern u_int16_t xtables_parse_protocol(const char *s);
++extern uint16_t xtables_parse_protocol(const char *s);
+
+ /* kernel revision handling */
+ extern int kernel_version;
+diff -ur a/iptables-1.4.20/libipq/ipq_create_handle.3 b/iptables-1.4.20/libipq/ipq_create_handle.3
+--- a/iptables-1.4.20/libipq/ipq_create_handle.3
++++ b/iptables-1.4.20/libipq/ipq_create_handle.3
+@@ -24,7 +24,7 @@
+ .br
+ .B #include <libipq.h>
+ .sp
+-.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");"
++.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");"
+ .br
+ .BI "int ipq_destroy_handle(struct ipq_handle *" h );
+ .SH DESCRIPTION
+diff -ur a/iptables-1.4.20/libipq/ipq_set_mode.3 b/iptables-1.4.20/libipq/ipq_set_mode.3
+--- a/iptables-1.4.20/libipq/ipq_set_mode.3
++++ b/iptables-1.4.20/libipq/ipq_set_mode.3
+@@ -24,7 +24,7 @@
+ .br
+ .B #include <libipq.h>
+ .sp
+-.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range );
++.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range );
+ .SH DESCRIPTION
+ The
+ .B ipq_set_mode
diff --git a/net-firewall/iptables/iptables-1.4.20-r99.ebuild b/net-firewall/iptables/iptables-1.4.20-r99.ebuild
new file mode 100644
index 0000000..7c0b4d1
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.4.20-r99.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/iptables-1.4.20.ebuild,v 1.12 2014/01/18 19:48:53 ago Exp $
+
+EAPI="4"
+
+# Force users doing their own patches to install their own tools
+AUTOTOOLS_AUTO_DEPEND=no
+
+inherit eutils multilib toolchain-funcs autotools
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="http://www.netfilter.org/projects/iptables/"
+SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE="ipv6 netlink static-libs"
+
+RDEPEND="
+ netlink? ( net-libs/libnfnetlink )
+"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ virtual/pkgconfig
+"
+
+src_prepare() {
+ # use the saner headers from the kernel
+ rm -f include/linux/{kernel,types}.h
+
+ epatch ${FILESDIR}/${P}-musl.patch
+
+ # Remove problematic extensions
+ rm -f extensions/libxt_TCPOPTSTRIP.*
+ rm -f extensions/libxt_osf.*
+
+ # Only run autotools if user patched something
+ epatch_user && eautoreconf || elibtoolize
+}
+
+src_configure() {
+ # Some libs use $(AR) rather than libtool to build #444282
+ tc-export AR
+
+ sed -i \
+ -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+ configure || die
+
+ econf \
+ --sbindir="${EPREFIX}/sbin" \
+ --libexecdir="${EPREFIX}/$(get_libdir)" \
+ --enable-devel \
+ --enable-shared \
+ $(use_enable static-libs static) \
+ $(use_enable ipv6)
+}
+
+src_compile() {
+ emake V=1
+}
+
+src_install() {
+ default
+ dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+ # all the iptables binaries are in /sbin, so might as well
+ # put these small files in with them
+ into /
+ dosbin iptables/iptables-apply
+ dosym iptables-apply /sbin/ip6tables-apply
+ doman iptables/iptables-apply.8
+
+ insinto /usr/include
+ doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
+ insinto /usr/include/iptables
+ doins include/iptables/internal.h
+
+ keepdir /var/lib/iptables
+ newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables
+ newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables
+ if use ipv6 ; then
+ keepdir /var/lib/ip6tables
+ newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables
+ newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables
+ fi
+
+ # Move important libs to /lib
+ gen_usr_ldscript -a ip{4,6}tc iptc xtables
+
+ prune_libtool_files
+}
diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml
new file mode 100644
index 0000000..ed96e3d
--- /dev/null
+++ b/net-firewall/iptables/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>base-system</herd>
+<use>
+ <flag name='netlink'>Build against libnfnetlink which enables the nfnl_osf util</flag>
+</use>
+<longdescription>
+ iptables is the userspace command line program used to set up, maintain, and
+ inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a
+ part of packet filtering framework which allows the stateless and stateful
+ packet filtering, all kinds of network address and port translation, and is a
+ flexible and extensible infrastructure with multiple layers of API's for 3rd
+ party extensions. The iptables package also includes ip6tables. ip6tables is
+ used for configuring the IPv6 packet filter.
+
+ Note that some extensions (e.g. imq and l7filter) are not included into
+ official kernel sources so you have to patch the sources before installation.
+</longdescription>
+<upstream>
+ <remote-id type="cpe">cpe:/a:netfilter_core_team:iptables</remote-id>
+</upstream>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-02-17 11:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-17 11:53 [gentoo-commits] proj/hardened-dev:musl commit in: net-firewall/iptables/files/, net-firewall/iptables/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox