summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall/ebtables/files')
-rw-r--r--net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff31
-rw-r--r--net-firewall/ebtables/files/ebtables.confd-r111
-rw-r--r--net-firewall/ebtables/files/ebtables.initd-r1102
3 files changed, 144 insertions, 0 deletions
diff --git a/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff
new file mode 100644
index 00000000000..cdfd823447e
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff
@@ -0,0 +1,31 @@
+--- ./ebtables-save.orig 2007-09-28 22:50:35.000000000 +0400
++++ ./ebtables-save 2007-09-28 22:51:22.000000000 +0400
+@@ -12,6 +12,7 @@
+ my $cnt = "";
+ my $version = "1.0";
+ my $table_name;
++my @table_names;
+
+ # ========================================================
+ # Process filter table
+@@ -49,12 +50,19 @@
+ }
+ # ========================================================
+
++if ($#ARGV + 1 == 0) {
++ @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`);
++}
++else {
++ @table_names = @ARGV;
++}
++# ========================================================
+ unless (-x $ebtables) { exit -1 };
+ print "# Generated by ebtables-save v$version on " . `date`;
+ if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") {
+ $cnt = "--Lc";
+ }
+-foreach $table_name (split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`)) {
++foreach $table_name (@table_names) {
+ $table =`$ebtables -t $table_name -L $cnt`;
+ unless ($? == 0) { print $table; exit -1 };
+ &process_table($table);
diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1
new file mode 100644
index 00000000000..645b26edae9
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables.confd-r1
@@ -0,0 +1,11 @@
+# /etc/conf.d/ebtables
+
+# Location in which ebtables initscript will save set rules on
+# service shutdown
+EBTABLES_SAVE="/var/lib/ebtables/rules-save"
+
+# Options to pass to ebtables-save and ebtables-restore
+SAVE_RESTORE_OPTIONS=""
+
+# Save state on stopping ebtables
+SAVE_ON_STOP="yes"
diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1
new file mode 100644
index 00000000000..770dd435d90
--- /dev/null
+++ b/net-firewall/ebtables/files/ebtables.initd-r1
@@ -0,0 +1,102 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="save panic"
+extra_started_commands="reload"
+
+ebtables_bin="/sbin/ebtables"
+ebtables_save=${EBTABLES_SAVE}
+
+depend() {
+ before net
+ use logger
+}
+
+ebtables_tables() {
+ for table in filter nat broute; do
+ if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then
+ echo -n "${table} "
+ fi
+ done
+}
+
+set_table_policy() {
+ local chains table=$1 policy=$2
+ case ${table} in
+ nat) chains="PREROUTING POSTROUTING OUTPUT";;
+ broute) chains="BROUTING";;
+ filter) chains="INPUT FORWARD OUTPUT";;
+ *) chains="";;
+ esac
+ local chain
+ for chain in ${chains} ; do
+ ${ebtables_bin} -t ${table} -P ${chain} ${policy}
+ done
+}
+
+checkconfig() {
+ if [ ! -f ${ebtables_save} ] ; then
+ eerror "Not starting ebtables. First create some rules then run:"
+ eerror "/etc/init.d/ebtables save"
+ return 1
+ fi
+ return 0
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Loading ebtables state and starting bridge firewall"
+ ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}"
+ eend $?
+}
+
+stop() {
+ if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+ save || return 1
+ fi
+ ebegin "Stopping bridge firewall"
+ local a
+ for a in $(ebtables_tables); do
+ set_table_policy $a ACCEPT
+
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing bridge firewall"
+ local a
+ for a in $(ebtables_tables); do
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+ done
+ eend $?
+
+ start
+}
+
+save() {
+ ebegin "Saving ebtables state"
+ touch "${ebtables_save}"
+ chmod 0600 "${ebtables_save}"
+ ${ebtables_bin}-save $(ebtables_tables) ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}"
+ eend $?
+}
+
+panic() {
+ service_started ebtables && svc_stop
+
+ local a
+ ebegin "Dropping all packets forwarded on bridges"
+ for a in $(ebtables_tables); do
+ ${ebtables_bin} -t $a -F
+ ${ebtables_bin} -t $a -X
+
+ set_table_policy $a DROP
+ done
+ eend $?
+}