summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.3.ebuild2
-rw-r--r--net-firewall/dshieldpy/Manifest1
-rw-r--r--net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild36
-rw-r--r--net-firewall/dshieldpy/metadata.xml8
-rw-r--r--net-firewall/ebtables/Manifest1
-rw-r--r--net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild72
-rw-r--r--net-firewall/ebtables/ebtables-2.0.10.4-r2.ebuild72
-rw-r--r--net-firewall/ebtables/ebtables-2.0.10.4.ebuild68
-rw-r--r--net-firewall/ebtables/ebtables-2.0.11-r2.ebuild (renamed from net-firewall/ebtables/ebtables-2.0.11-r1.ebuild)3
-rw-r--r--net-firewall/ebtables/ebtables-2.0.11.ebuild92
-rw-r--r--net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff31
-rw-r--r--net-firewall/ebtables/files/ebtables.initd-r14
-rw-r--r--net-firewall/firehol/firehol-3.1.6-r2.ebuild (renamed from net-firewall/firehol/firehol-3.1.6.ebuild)4
-rw-r--r--net-firewall/firewalld/firewalld-0.7.1-r3.ebuild2
-rw-r--r--net-firewall/firewalld/firewalld-0.7.3-r1.ebuild2
-rw-r--r--net-firewall/fwknop/Manifest1
-rw-r--r--net-firewall/fwknop/fwknop-2.6.10-r2.ebuild (renamed from net-firewall/fwknop/fwknop-2.6.10-r1.ebuild)26
-rw-r--r--net-firewall/fwknop/fwknop-2.6.9-r1.ebuild144
-rw-r--r--net-firewall/ipset/ipset-6.29-r1.ebuild (renamed from net-firewall/ipset/ipset-6.29.ebuild)0
-rw-r--r--net-firewall/ipset/ipset-6.38-r1.ebuild (renamed from net-firewall/ipset/ipset-6.38.ebuild)0
-rw-r--r--net-firewall/ipset/ipset-7.5-r1.ebuild (renamed from net-firewall/ipset/ipset-7.5.ebuild)0
-rw-r--r--net-firewall/ipset/ipset-7.6-r1.ebuild (renamed from net-firewall/ipset/ipset-7.6.ebuild)0
-rw-r--r--net-firewall/ipt_netflow/Manifest1
-rw-r--r--net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild (renamed from net-firewall/ipt_netflow/ipt_netflow-2.4.ebuild)0
-rw-r--r--net-firewall/ipt_netflow/ipt_netflow-2.5-r1.ebuild (renamed from net-firewall/ipt_netflow/ipt_netflow-2.5.ebuild)0
-rw-r--r--net-firewall/ipt_netflow/ipt_netflow-2.5.1.ebuild104
-rw-r--r--net-firewall/iptables/Manifest2
-rw-r--r--net-firewall/iptables/iptables-1.8.3-r1.ebuild132
-rw-r--r--net-firewall/iptables/iptables-1.8.5.ebuild (renamed from net-firewall/iptables/iptables-1.8.4.ebuild)70
-rw-r--r--net-firewall/nftables/Manifest1
-rw-r--r--net-firewall/nftables/nftables-0.9.6.ebuild162
-rw-r--r--net-firewall/nftables/nftables-9999.ebuild173
-rw-r--r--net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch21
-rw-r--r--net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild5
-rw-r--r--net-firewall/rtsp-conntrack/rtsp-conntrack-3.7-r2.ebuild (renamed from net-firewall/rtsp-conntrack/rtsp-conntrack-3.7-r1.ebuild)2
-rw-r--r--net-firewall/rtsp-conntrack/rtsp-conntrack-4.18-r1.ebuild (renamed from net-firewall/rtsp-conntrack/rtsp-conntrack-4.18.ebuild)2
-rw-r--r--net-firewall/sanewall/sanewall-1.1.6-r3.ebuild (renamed from net-firewall/sanewall/sanewall-1.1.6-r2.ebuild)2
-rw-r--r--net-firewall/shorewall/Manifest28
-rw-r--r--net-firewall/shorewall/shorewall-5.2.6.1.ebuild (renamed from net-firewall/shorewall/shorewall-5.2.4.4.ebuild)0
-rw-r--r--net-firewall/shorewall/shorewall-5.2.7.ebuild (renamed from net-firewall/shorewall/shorewall-5.2.4.5.ebuild)0
-rw-r--r--net-firewall/ufw/Manifest1
-rw-r--r--net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch46
-rw-r--r--net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch15
-rw-r--r--net-firewall/ufw/files/ufw-0.35-bash-completion.patch17
-rw-r--r--net-firewall/ufw/files/ufw-0.35-move-path.patch179
-rw-r--r--net-firewall/ufw/ufw-0.35-r1.ebuild195
-rw-r--r--net-firewall/ufw/ufw-0.36.ebuild3
-rw-r--r--net-firewall/xtables-addons/xtables-addons-2.13-r1.ebuild (renamed from net-firewall/xtables-addons/xtables-addons-2.13.ebuild)0
-rw-r--r--net-firewall/xtables-addons/xtables-addons-3.7-r1.ebuild (renamed from net-firewall/xtables-addons/xtables-addons-3.7.ebuild)0
-rw-r--r--net-firewall/xtables-addons/xtables-addons-3.8-r1.ebuild (renamed from net-firewall/xtables-addons/xtables-addons-3.8.ebuild)0
50 files changed, 563 insertions, 1167 deletions
diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.3.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.3.ebuild
index 04c15e52a6d..5bcbe33d851 100644
--- a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.3.ebuild
+++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.3.ebuild
@@ -5,7 +5,7 @@ EAPI=6
inherit readme.gentoo-r1 systemd eapi7-ver
DESCRIPTION="Arno's iptables firewall script"
-HOMEPAGE="http://rocky.eld.leidenuniv.nl"
+HOMEPAGE="https://rocky.eld.leidenuniv.nl"
MY_PV=$(ver_rs 3 -)
MY_PV=${MY_PV/rc/RC}
diff --git a/net-firewall/dshieldpy/Manifest b/net-firewall/dshieldpy/Manifest
deleted file mode 100644
index b6511fc4e24..00000000000
--- a/net-firewall/dshieldpy/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST dshieldpy-3.2.tar.gz 28754 BLAKE2B 87f2ba856a01b6b6da352c8f97439e85da9f5ba94d243c1183727117e00b706d738379cc51a0c47f889dbe88a198a7f5a77043532916bbffecccb2560b7d55f5 SHA512 2608fd2ed3ed7b346e2cf063c27ed1cfb012545a1e8315019377642ac504ec0296dfbe5aabef995a2125dd85f28b7f7649b32688227b5a5d62a1ef20aa4c8e70
diff --git a/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild b/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild
deleted file mode 100644
index 99d3957c303..00000000000
--- a/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python2_7 )
-
-inherit python-single-r1
-
-DESCRIPTION="Python script to submit firewall logs to dshield.org"
-HOMEPAGE="http://dshieldpy.sourceforge.net/"
-SRC_URI="mirror://sourceforge/dshieldpy/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~ppc x86"
-IUSE=""
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
-
-DEPEND="${PYTHON_DEPS}"
-RDEPEND="${DEPEND}"
-
-S="${WORKDIR}/DShield.py"
-
-src_prepare() {
- default
- python_fix_shebang dshield.py
-}
-
-src_install() {
- default
- dobin dshield.py
-
- insinto /etc
- doins dshieldpy.conf
-}
diff --git a/net-firewall/dshieldpy/metadata.xml b/net-firewall/dshieldpy/metadata.xml
deleted file mode 100644
index 3e7ed59000d..00000000000
--- a/net-firewall/dshieldpy/metadata.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <!-- maintainer-needed -->
- <upstream>
- <remote-id type="sourceforge">dshieldpy</remote-id>
- </upstream>
-</pkgmetadata>
diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest
index e88c251f736..61a62a595d8 100644
--- a/net-firewall/ebtables/Manifest
+++ b/net-firewall/ebtables/Manifest
@@ -1,2 +1 @@
DIST ebtables-2.0.11.tar.gz 428411 BLAKE2B 62af4c38ad21498e43f41ef96c8abb5704e8d8a48f1327c587b664f36fdfa9849a9a37e59958db56d38019465d8bf1775914f7387fde99a441615913702cf504 SHA512 43a04c6174c8028c501591ef260526297e0f018016f226e2a3bcf80766fddf53d4605c347554d6da7c4ab5e2131584a18da20916ffddcbf2d26ac93b00c5777f
-DIST ebtables-v2.0.10-4.tar.gz 103764 BLAKE2B 01995c701c6dbc7495bdf1f0fce61dce51a379dd1a304d2a5174e0190c040ee958833c65be9fd9d6a7601a2f81461ce1f2e9db989081b4fe7dabc5bfcecd57d6 SHA512 a6832453812eaede3fcbb5b4cab5902ea1ea752a80a259eed276a01b61e2afaa6cf07d3d023d86a883f9a02505aecc44a1c6e0d27b3a61f341002e4c051cd60a
diff --git a/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild
deleted file mode 100644
index c506fa3d0bf..00000000000
--- a/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="4"
-
-inherit versionator eutils toolchain-funcs multilib flag-o-matic
-
-MY_PV=$(replace_version_separator 3 '-' )
-MY_P=${PN}-v${MY_PV}
-
-DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
-HOMEPAGE="http://ebtables.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86"
-IUSE="+perl static"
-
-# The ebtables-save script is written in perl.
-RDEPEND="perl? ( dev-lang/perl )
- !<net-firewall/iptables-1.6.2-r2[nftables(-)]
- !net-misc/ethertypes
-"
-
-S=${WORKDIR}/${MY_P}
-
-pkg_setup() {
- if use static; then
- ewarn "You've chosen static build which is useful for embedded devices."
- ewarn "It has no init script. Make sure that's really what you want."
- fi
-}
-
-src_prepare() {
- # Enhance ebtables-save to take table names as parameters bug #189315
- epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff"
-
- sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \
- -e "s,^BINDIR:=.*,BINDIR:=/sbin," \
- -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \
- -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \
- -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile
-}
-
-src_compile() {
- # This package uses _init functions to initialise extensions. With
- # --as-needed this will not work.
- append-ldflags $(no-as-needed)
- emake \
- CC="$(tc-getCC)" \
- CFLAGS="${CFLAGS}" \
- $(use static && echo static)
-}
-
-src_install() {
- if ! use static; then
- emake DESTDIR="${D}" install
- keepdir /var/lib/ebtables/
- newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
- newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
- if ! use perl; then
- rm "${ED}"/sbin/ebtables-save || die
- fi
- else
- into /
- newsbin static ebtables
- insinto /etc
- doins ethertypes
- fi
- dodoc ChangeLog THANKS
-}
diff --git a/net-firewall/ebtables/ebtables-2.0.10.4-r2.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4-r2.ebuild
deleted file mode 100644
index 4fe72ef2909..00000000000
--- a/net-firewall/ebtables/ebtables-2.0.10.4-r2.ebuild
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit versionator toolchain-funcs flag-o-matic
-
-MY_PV=$(replace_version_separator 3 '-' )
-MY_P=${PN}-v${MY_PV}
-
-DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
-HOMEPAGE="http://ebtables.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86"
-IUSE="+perl static"
-
-# The ebtables-save script is written in perl.
-RDEPEND="perl? ( dev-lang/perl )
- net-misc/ethertypes"
-
-S=${WORKDIR}/${MY_P}
-
-pkg_setup() {
- if use static; then
- ewarn "You've chosen static build which is useful for embedded devices."
- ewarn "It has no init script. Make sure that's really what you want."
- fi
-}
-
-src_prepare() {
- # Enhance ebtables-save to take table names as parameters bug #189315
- local PATCHES=( "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff" )
-
- default
-
- sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \
- -e "s,^BINDIR:=.*,BINDIR:=/sbin," \
- -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \
- -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \
- -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile
-}
-
-src_compile() {
- # This package uses _init functions to initialise extensions. With
- # --as-needed this will not work.
- append-ldflags $(no-as-needed)
- emake \
- CC="$(tc-getCC)" \
- CFLAGS="${CFLAGS}" \
- $(use static && echo static)
-}
-
-src_install() {
- if ! use static; then
- emake DESTDIR="${D}" install
- keepdir /var/lib/ebtables/
- newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
- newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
- if ! use perl; then
- rm "${ED}"/sbin/ebtables-save || die
- fi
- # Bug 647458
- rm "${ED%/}"/etc/ethertypes || die
- else
- into /
- newsbin static ebtables
- fi
- dodoc ChangeLog THANKS
-}
diff --git a/net-firewall/ebtables/ebtables-2.0.10.4.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4.ebuild
deleted file mode 100644
index 10bbd3d6985..00000000000
--- a/net-firewall/ebtables/ebtables-2.0.10.4.ebuild
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="4"
-
-inherit versionator eutils toolchain-funcs multilib flag-o-matic
-
-MY_PV=$(replace_version_separator 3 '-' )
-MY_P=${PN}-v${MY_PV}
-
-DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
-HOMEPAGE="http://ebtables.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
-
-KEYWORDS="amd64 ppc x86"
-IUSE="static"
-LICENSE="GPL-2"
-SLOT="0"
-
-RDEPEND="
- !<net-firewall/iptables-1.6.2-r2[nftables(-)]
- !net-misc/ethertypes
-"
-
-S=${WORKDIR}/${MY_P}
-
-pkg_setup() {
- if use static; then
- ewarn "You've chosen static build which is useful for embedded devices."
- ewarn "It has no init script. Make sure that's really what you want."
- fi
-}
-
-src_prepare() {
- # Enhance ebtables-save to take table names as parameters bug #189315
- epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff"
-
- sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \
- -e "s,^BINDIR:=.*,BINDIR:=/sbin," \
- -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \
- -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \
- -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile
-}
-
-src_compile() {
- # This package uses _init functions to initialise extensions. With
- # --as-needed this will not work.
- append-ldflags $(no-as-needed)
- emake \
- CC="$(tc-getCC)" \
- CFLAGS="${CFLAGS}" \
- $(use static && echo static)
-}
-
-src_install() {
- if ! use static; then
- make DESTDIR="${D}" install
- keepdir /var/lib/ebtables/
- newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
- newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
- else
- into /
- newsbin static ebtables
- insinto /etc
- doins ethertypes
- fi
- dodoc ChangeLog THANKS
-}
diff --git a/net-firewall/ebtables/ebtables-2.0.11-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.11-r2.ebuild
index 038a8e1204c..01a0294781f 100644
--- a/net-firewall/ebtables/ebtables-2.0.11-r1.ebuild
+++ b/net-firewall/ebtables/ebtables-2.0.11-r2.ebuild
@@ -15,7 +15,7 @@ S="${WORKDIR}/${MY_P}"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+KEYWORDS="amd64 ~arm ~arm64 ppc ~ppc64 x86"
IUSE="+perl static"
BDEPEND=">=app-eselect/eselect-iptables-20200508"
@@ -84,6 +84,7 @@ src_install() {
newman ebtables-legacy.8 ebtables.8
einstalldocs
+ docompress -x /usr/share/doc/${PF}/ethertypes #724138
}
pkg_postinst() {
diff --git a/net-firewall/ebtables/ebtables-2.0.11.ebuild b/net-firewall/ebtables/ebtables-2.0.11.ebuild
deleted file mode 100644
index c9be4be12cc..00000000000
--- a/net-firewall/ebtables/ebtables-2.0.11.ebuild
+++ /dev/null
@@ -1,92 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit toolchain-funcs autotools
-
-MY_PV="$(ver_rs 3 '-' )"
-MY_P="${PN}-${MY_PV}"
-
-DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
-HOMEPAGE="http://ebtables.sourceforge.net/"
-SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
-IUSE="+perl static"
-
-# The ebtables-save script is written in perl.
-RDEPEND="perl? ( dev-lang/perl )
- net-misc/ethertypes"
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.0.11-makefile.patch"
-
- # Enhance ebtables-save to take table names as parameters bug #189315
- "${FILESDIR}/${PN}-2.0.11-ebt-save.patch"
-
- # from upstream git
- "${FILESDIR}/ebtables-2.0.11-remove-stray-atsign.patch"
-)
-
-pkg_setup() {
- if use static; then
- ewarn "You've chosen static build which is useful for embedded devices."
- ewarn "It has no init script. Make sure that's really what you want."
- fi
-}
-
-src_prepare() {
- default
-
- # don't install perl scripts if USE=perl is disabled
- if ! use perl; then
- sed -e '/sbin_SCRIPTS/ d' -i Makefile.am || die
- fi
-
- eautoreconf
-}
-
-src_configure() {
- econf \
- --bindir="/bin" \
- --sbindir="/sbin" \
- --libdir=/$(get_libdir)/${PN} \
- --sysconfdir="/usr/share/doc/${PF}" \
- $(use_enable static)
-}
-
-src_compile() {
- emake $(usex static 'static ebtables-legacy.8' '')
-}
-
-src_install() {
- local -a DOCS=( ChangeLog THANKS )
-
- if ! use static; then
- emake DESTDIR="${D}" install
- keepdir /var/lib/ebtables/
- newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
- newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
-
- # symlink -legacy binaries to original names
- local ext
- for ext in '' -{save,restore}; do
- local prog="${PN}-legacy${ext}"
- [[ -f ${ED}/sbin/${prog} ]] && dosym ${prog} /sbin/${PN}${ext}
- done
-
- find "${D}" -name '*.la' -type f -delete || die
- else
- into /
- newsbin static ebtables
- insinto /etc
- doins ethertypes
- fi
-
- newman ebtables-legacy.8 ebtables.8
- einstalldocs
-}
diff --git a/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff
deleted file mode 100644
index cdfd823447e..00000000000
--- a/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff
+++ /dev/null
@@ -1,31 +0,0 @@
---- ./ebtables-save.orig 2007-09-28 22:50:35.000000000 +0400
-+++ ./ebtables-save 2007-09-28 22:51:22.000000000 +0400
-@@ -12,6 +12,7 @@
- my $cnt = "";
- my $version = "1.0";
- my $table_name;
-+my @table_names;
-
- # ========================================================
- # Process filter table
-@@ -49,12 +50,19 @@
- }
- # ========================================================
-
-+if ($#ARGV + 1 == 0) {
-+ @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`);
-+}
-+else {
-+ @table_names = @ARGV;
-+}
-+# ========================================================
- unless (-x $ebtables) { exit -1 };
- print "# Generated by ebtables-save v$version on " . `date`;
- if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") {
- $cnt = "--Lc";
- }
--foreach $table_name (split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`)) {
-+foreach $table_name (@table_names) {
- $table =`$ebtables -t $table_name -L $cnt`;
- unless ($? == 0) { print $table; exit -1 };
- &process_table($table);
diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1
index 9c78e9b78df..6608760110b 100644
--- a/net-firewall/ebtables/files/ebtables.initd-r1
+++ b/net-firewall/ebtables/files/ebtables.initd-r1
@@ -1,5 +1,5 @@
#!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
extra_commands="save panic"
@@ -16,7 +16,7 @@ depend() {
ebtables_tables() {
for table in filter nat broute; do
if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then
- echo -n "${table} "
+ printf '%s' "${table} "
fi
done
}
diff --git a/net-firewall/firehol/firehol-3.1.6.ebuild b/net-firewall/firehol/firehol-3.1.6-r2.ebuild
index c17a7cde2bf..99733663266 100644
--- a/net-firewall/firehol/firehol-3.1.6.ebuild
+++ b/net-firewall/firehol/firehol-3.1.6-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -16,10 +16,10 @@ KEYWORDS="amd64 arm ~ppc ~x86"
RDEPEND="net-firewall/iptables
sys-apps/iproute2[-minimal,ipv6?]
+ sys-apps/kmod[tools]
net-misc/iputils[ipv6?]
net-misc/iprange
net-analyzer/traceroute
- virtual/modutils
app-arch/gzip
ipset? (
net-firewall/ipset
diff --git a/net-firewall/firewalld/firewalld-0.7.1-r3.ebuild b/net-firewall/firewalld/firewalld-0.7.1-r3.ebuild
index 28feae85d15..f3dffe12669 100644
--- a/net-firewall/firewalld/firewalld-0.7.1-r3.ebuild
+++ b/net-firewall/firewalld/firewalld-0.7.1-r3.ebuild
@@ -2,8 +2,8 @@
# Distributed under the terms of the GNU General Public License v2
EAPI=7
-PYTHON_COMPAT=( python{2_7,3_6,3_7} )
+PYTHON_COMPAT=( python3_{6,7} )
inherit autotools bash-completion-r1 gnome2-utils l10n linux-info python-single-r1 systemd xdg-utils
DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall"
diff --git a/net-firewall/firewalld/firewalld-0.7.3-r1.ebuild b/net-firewall/firewalld/firewalld-0.7.3-r1.ebuild
index 8f68175271d..2b79e871a7b 100644
--- a/net-firewall/firewalld/firewalld-0.7.3-r1.ebuild
+++ b/net-firewall/firewalld/firewalld-0.7.3-r1.ebuild
@@ -2,8 +2,8 @@
# Distributed under the terms of the GNU General Public License v2
EAPI=7
-PYTHON_COMPAT=( python{2_7,3_6,3_7} )
+PYTHON_COMPAT=( python3_{6,7} )
inherit autotools bash-completion-r1 gnome2-utils l10n linux-info python-single-r1 systemd xdg-utils
DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall"
diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest
index d49b6b5fc1a..53b2c9de54b 100644
--- a/net-firewall/fwknop/Manifest
+++ b/net-firewall/fwknop/Manifest
@@ -1,2 +1 @@
DIST fwknop-2.6.10.tar.gz 1988197 BLAKE2B d4c2010c64ab160f0edc02e2b1530749ee47ff6ed16d6b556d366daef7ce5e22ef38fbbbf6e8cfaa14e0d9706ba2b65937b03c70b54b3429ff1732ae33c1852c SHA512 3b3e35eda574abd1759431c88677eea7078c54cb3252c0ee0e1019b5b8224ed8844d30760da70a952e1cd92b04715a547f6effabda54678f791fff9afa32cd80
-DIST fwknop-2.6.9.tar.gz 3043542 BLAKE2B 11440fa0fe5e990a269587fa9ee1da0242f3dc939d6dc185d6adff9e9c995a8ffe902a6351a057c619cb6ff056519caea38f7b865978fe5ac810a39281bb3fc3 SHA512 4706560d44c911c8604059d88dded9c1b8c333399d90ec7dc366c0fba96c79680bdbf1b8b5e76cc34aaf3a1e58fff80db8f5f20c96d57481bdb476a9b99f4d1b
diff --git a/net-firewall/fwknop/fwknop-2.6.10-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.10-r2.ebuild
index 786366d6895..64a0407290b 100644
--- a/net-firewall/fwknop/fwknop-2.6.10-r1.ebuild
+++ b/net-firewall/fwknop/fwknop-2.6.10-r2.ebuild
@@ -3,13 +3,7 @@
EAPI=7
-# Python extension supports only Python 2.
-# See https://github.com/mrash/fwknop/issues/167
-PYTHON_COMPAT=( python2_7 )
-DISTUTILS_SINGLE_IMPL=1
-DISTUTILS_OPTIONAL=1
-
-inherit autotools distutils-r1 eutils linux-info readme.gentoo-r1 systemd
+inherit autotools eutils linux-info readme.gentoo-r1 systemd
DESCRIPTION="Single Packet Authorization and Port Knocking application"
HOMEPAGE="https://www.cipherdyne.org/fwknop/"
@@ -18,11 +12,11 @@ SRC_URI="https://www.cipherdyne.org/fwknop/download/${P}.tar.gz"
LICENSE="GPL-2+"
SLOT="0"
KEYWORDS="~amd64 ~x86"
-IUSE="+client extras firewalld gdbm gpg +iptables nfqueue python +server udp-server"
+IUSE="+client extras firewalld gdbm gpg +iptables nfqueue +server static-libs udp-server"
DEPEND="
client? ( net-misc/wget[ssl] )
- firewalld? ( net-firewall/firewalld[${PYTHON_SINGLE_USEDEP}] )
+ firewalld? ( net-firewall/firewalld )
gdbm? ( sys-libs/gdbm )
gpg? (
app-crypt/gpgme
@@ -31,14 +25,12 @@ DEPEND="
)
iptables? ( net-firewall/iptables )
nfqueue? ( net-libs/libnetfilter_queue )
- python? ( ${PYTHON_DEPS} )
server? ( !nfqueue? ( !udp-server? ( net-libs/libpcap ) ) )
"
RDEPEND="${DEPEND}"
REQUIRED_USE="
nfqueue? ( server )
- python? ( ${PYTHON_REQUIRED_USE} )
server? ( ^^ ( firewalld iptables ) )
udp-server? ( server )
"
@@ -59,7 +51,6 @@ instead of the default one chosen at compile time.
pkg_setup() {
linux-info_pkg_setup
- python-single-r1_pkg_setup
}
src_prepare() {
@@ -106,14 +97,11 @@ src_install() {
readme.gentoo_create_doc
fi
- if use python; then
- # Redefine DOCS, otherwise distutils-r1 eclass interferes.
- local DOCS=()
- cd python || die
- distutils-r1_src_install
- fi
-
find "${ED}" -type f -name "*.la" -delete || die
+
+ if ! use static-libs ; then
+ find "${ED}" -type f -name libfko.a -delete || die
+ fi
}
pkg_postinst() {
diff --git a/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild
deleted file mode 100644
index ff9bea4cb40..00000000000
--- a/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild
+++ /dev/null
@@ -1,144 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-# Python extension supports only Python 2.
-# See https://github.com/mrash/fwknop/issues/167
-PYTHON_COMPAT=( python2_7 )
-DISTUTILS_OPTIONAL=1
-DISTUTILS_SINGLE_IMPL=1
-
-inherit autotools distutils-r1 eutils linux-info ltprune readme.gentoo-r1 systemd
-
-DESCRIPTION="Single Packet Authorization and Port Knocking application"
-HOMEPAGE="https://www.cipherdyne.org/fwknop/ https://github.com/mrash/fwknop"
-SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+client extras firewalld gdbm gpg +iptables nfqueue python +server udp-server"
-
-DEPEND="
- client? ( net-misc/wget[ssl] )
- firewalld? ( net-firewall/firewalld[${PYTHON_SINGLE_USEDEP}] )
- gdbm? ( sys-libs/gdbm )
- gpg? (
- app-crypt/gpgme
- dev-libs/libassuan
- dev-libs/libgpg-error
- )
- iptables? ( net-firewall/iptables )
- nfqueue? ( net-libs/libnetfilter_queue )
- python? ( ${PYTHON_DEPS} )
- server? ( !nfqueue? ( !udp-server? ( net-libs/libpcap ) ) )
-"
-RDEPEND="${DEPEND}"
-
-REQUIRED_USE="
- nfqueue? ( server )
- python? ( ${PYTHON_REQUIRED_USE} )
- server? ( ^^ ( firewalld iptables ) )
- udp-server? ( server )
-"
-
-DOCS=( AUTHORS ChangeLog README.md )
-
-DISABLE_AUTOFORMATTING=1
-DOC_CONTENTS="
-Example configuration files were installed to '${EPREFIX}/etc/fwknopd/'.
-Please edit them to suit your needs and then remove the .example suffix.
-
-fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf.
-You can set the desired backend via FIREWALL_EXE option in fwknopd.conf
-instead of the default one chosen at compile time.
-"
-
-pkg_setup() {
- linux-info_pkg_setup
- python-single-r1_pkg_setup
-}
-
-src_prepare() {
- default_src_prepare
-
- # Install example configs with .example suffix.
- if use server; then
- sed -i -e 's|conf;|conf.example;|g' Makefile.am || die
- fi
-
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- --localstatedir="${EPREFIX}/run"
- $(use_enable client)
- $(use_enable !gdbm file-cache)
- $(use_enable nfqueue nfq-capture)
- $(use_enable server)
- $(use_enable udp-server)
- $(use_with gpg gpgme)
- )
- use firewalld && myeconfargs+=(--with-firewalld="${EPREFIX}/usr/sbin/firewalld")
- use iptables && myeconfargs+=(--with-iptables="${EPREFIX}/sbin/iptables")
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- default_src_compile
-
- if use python; then
- cd python || die
- distutils-r1_src_compile
- fi
-}
-
-src_install() {
- default_src_install
- prune_libtool_files --modules
-
- if use extras; then
- dodoc extras/apparmor/usr.sbin.fwknopd
- dodoc extras/console-qr/console-qr.sh
- dodoc extras/fwknop-launcher/*
- fi
-
- if use server; then
- newinitd "${FILESDIR}/fwknopd.init" fwknopd
- newconfd "${FILESDIR}/fwknopd.confd" fwknopd
- systemd_dounit extras/systemd/fwknopd.service
- systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf
- readme.gentoo_create_doc
- fi
-
- if use python; then
- # Redefine DOCS, otherwise distutils-r1 eclass interferes.
- local DOCS=()
- cd python || die
- distutils-r1_src_install
- fi
-}
-
-pkg_postinst() {
- if use server; then
- readme.gentoo_print_elog
-
- if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then
- echo
- ewarn "fwknopd daemon relies on the 'comment' match in order to expire"
- ewarn "created firewall rules, which is an important security feature."
- ewarn "Please enable NETFILTER_XT_MATCH_COMMENT support in your kernel."
- echo
- fi
- if use nfqueue && \
- ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_TARGET_NFQUEUE; then
- echo
- ewarn "fwknopd daemon relies on the 'NFQUEUE' target for NFQUEUE mode."
- ewarn "Please enable NETFILTER_XT_TARGET_NFQUEUE support in your kernel."
- echo
- fi
- fi
-}
diff --git a/net-firewall/ipset/ipset-6.29.ebuild b/net-firewall/ipset/ipset-6.29-r1.ebuild
index 4a2d032bb94..4a2d032bb94 100644
--- a/net-firewall/ipset/ipset-6.29.ebuild
+++ b/net-firewall/ipset/ipset-6.29-r1.ebuild
diff --git a/net-firewall/ipset/ipset-6.38.ebuild b/net-firewall/ipset/ipset-6.38-r1.ebuild
index 37f222b9c79..37f222b9c79 100644
--- a/net-firewall/ipset/ipset-6.38.ebuild
+++ b/net-firewall/ipset/ipset-6.38-r1.ebuild
diff --git a/net-firewall/ipset/ipset-7.5.ebuild b/net-firewall/ipset/ipset-7.5-r1.ebuild
index b0de78dae51..b0de78dae51 100644
--- a/net-firewall/ipset/ipset-7.5.ebuild
+++ b/net-firewall/ipset/ipset-7.5-r1.ebuild
diff --git a/net-firewall/ipset/ipset-7.6.ebuild b/net-firewall/ipset/ipset-7.6-r1.ebuild
index b0de78dae51..b0de78dae51 100644
--- a/net-firewall/ipset/ipset-7.6.ebuild
+++ b/net-firewall/ipset/ipset-7.6-r1.ebuild
diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest
index 79bf94164a9..12f9308d049 100644
--- a/net-firewall/ipt_netflow/Manifest
+++ b/net-firewall/ipt_netflow/Manifest
@@ -1,2 +1,3 @@
DIST ipt_netflow-2.4.tar.gz 92580 BLAKE2B 0197e7e5cdd9c94c7b80b38cb4e2879343139592421922bf73aeaac70ac3af54ea25934bb1474ff455a9f58eab2368995591542f46be48b5c8491a3b6a192f56 SHA512 3c80d02cfda996fbde8d258875df8795000fd8390b5a6f8296771a992067e153eca48f7f4602421529948beaf3030e164adfc2ffe5b528042fbdc15ffb56aa74
+DIST ipt_netflow-2.5.1.tar.gz 94627 BLAKE2B 440daed1f0c02e4700c6d4a97da08abc7bf51c73cd824a67fd2b7b9394b47d493ca7acfea34467d93cdce6dded2c5b24b4a2600b9f717aa54561d1f88a123dbc SHA512 dd0bde358f788f2d62ace6a0b1529128f0a686f9b776deeae3502d45d06d13971e8ea249d2647d00b00e73625c515bc12a4b7bd8d34fafd5f3b32f290d48cdce
DIST ipt_netflow-2.5.tar.gz 94097 BLAKE2B 5ca8d686e08f6fb0cdb1d502572afc71f146e2633ccf5fc7cb9ad21420fb62e88a2cb393e83ee4f5646200fa964d46a16ef58831958799449a4a59e2da6c9337 SHA512 8cd1bc46ef6e975964e5ddc290ed999f7076b63a9363f1a1f31b5d8db875d4e564ed5f0d5185c29dcf8a86793fe4badf63325b79ba1abbc264088b1ca94a9dad
diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.4.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild
index c3bec366b46..c3bec366b46 100644
--- a/net-firewall/ipt_netflow/ipt_netflow-2.4.ebuild
+++ b/net-firewall/ipt_netflow/ipt_netflow-2.4-r1.ebuild
diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.5.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.5-r1.ebuild
index 2c7d537f291..2c7d537f291 100644
--- a/net-firewall/ipt_netflow/ipt_netflow-2.5.ebuild
+++ b/net-firewall/ipt_netflow/ipt_netflow-2.5-r1.ebuild
diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.5.1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.5.1.ebuild
new file mode 100644
index 00000000000..2c7d537f291
--- /dev/null
+++ b/net-firewall/ipt_netflow/ipt_netflow-2.5.1.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit linux-info linux-mod toolchain-funcs
+
+DESCRIPTION="Netflow iptables module"
+HOMEPAGE="
+ https://sourceforge.net/projects/ipt-netflow
+ https://github.com/aabc/ipt-netflow
+"
+SRC_URI="https://github.com/aabc/ipt-netflow/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="debug natevents snmp"
+
+RDEPEND="
+ net-firewall/iptables:0=
+ snmp? ( net-analyzer/net-snmp )
+"
+DEPEND="${RDEPEND}
+ virtual/linux-sources
+ virtual/pkgconfig
+"
+PATCHES=(
+ "${FILESDIR}/${PN}-2.0-configure.patch" # bug #455984
+ "${FILESDIR}/${PN}-2.5-gentoo.patch"
+)
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ local CONFIG_CHECK="BRIDGE_NETFILTER ~IP_NF_IPTABLES VLAN_8021Q"
+ use debug && CONFIG_CHECK+=" ~DEBUG_FS"
+ if use natevents; then
+ CONFIG_CHECK+=" NF_CONNTRACK_EVENTS"
+ if kernel_is lt 5 2; then
+ CONFIG_CHECK+=" NF_NAT_NEEDED"
+ else
+ CONFIG_CHECK+=" NF_NAT"
+ fi
+ fi
+
+ BUILD_TARGETS="all"
+ MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})"
+ IPT_LIB="/usr/$(get_libdir)/xtables"
+
+ linux-mod_pkg_setup
+}
+
+src_unpack() {
+ default
+
+ mv "${WORKDIR}"/${PN/_/-}-* "${WORKDIR}"/${P} || die
+}
+
+src_prepare() {
+ default
+
+ # Checking for directory is enough
+ sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die
+}
+
+do_conf() {
+ tc-export CC
+ echo ./configure $*
+ ./configure $* ${EXTRA_ECONF} || die 'configure failed'
+}
+
+src_configure() {
+ local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)"
+ # this configure script is not based on autotools
+ # ipt-src need to be defined, see bug #455984
+ do_conf \
+ --disable-dkms \
+ --enable-aggregation \
+ --enable-direction \
+ --enable-macaddress \
+ --enable-vlan \
+ --ipt-lib="${IPT_LIB}" \
+ --ipt-src="/usr/" \
+ --ipt-ver="${IPT_VERSION}" \
+ --kdir="${KV_DIR}" \
+ --kver="${KV_FULL}" \
+ $(use debug && echo '--enable-debugfs') \
+ $(use natevents && echo '--enable-natevents') \
+ $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent')
+}
+
+src_compile() {
+ emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all
+}
+
+src_install() {
+ linux-mod_src_install
+ exeinto "${IPT_LIB}"
+ doexe libipt_NETFLOW.so
+ use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall
+ doheader ipt_NETFLOW.h
+ dodoc README*
+}
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 3aeec907945..b69236c7abf 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,4 +1,4 @@
DIST iptables-1.6.1.tar.bz2 620890 BLAKE2B b45ac26e1fb7e8b17a6df0afab3b6c0e2f0a5df9191367548136b3ce9aadc1bcb875b8bc0403e6f12fcf487054e96418f4ef34da827af8989fd4dcf83cd3cd8d SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8
DIST iptables-1.6.2.tar.bz2 639785 BLAKE2B 3d129756fd33c8c73d56d57e3c5595896db86ded14834a45db21b964d82840b62216ce3cea4ae4960e8c5f0671df3cc6bfb222f68d29cf3a8c99e0eee14bf017 SHA512 04f22e969c794246b9aa28055b202638081cfb0bb4a5625c049a30c48ac84cdd41db12a53c5831398cfe47c8f5691aa02b30b0ae3b5afe0f20ec48cf86a799c0
-DIST iptables-1.8.3.tar.bz2 716257 BLAKE2B 58c606a5753ae2cb8ada9039e4653d2abe03c7c9b6aeef1e458baa3e10e818893f35e8f2aed5221e692415115e618aa673c8fcd33d172f85e9d1b609ed79c7b8 SHA512 84b10080646077cbea78b7f3fcc58c6c6e1898213341c69862e1b48179f37a6820c3d84437c896071f966b61aa6d16b132d91948a85fd8c05740f29be3a0986d
DIST iptables-1.8.4.tar.bz2 704312 BLAKE2B f677bb9ed2c86e6a39953c0565766991e9647224effdc7db2b563f3f491f6ace2f9073ecc8e865d489101a9f80cf964d9775ab81536412dbd4ca85937432de94 SHA512 a7faaab58608ffaa51e26e8056551c0e91a49187439d30fcf5cce2800274cc3c0515db6cfba0f4c85613fb80779cf96089b8915db0e89161e9980a6384faebdb
+DIST iptables-1.8.5.tar.bz2 713769 BLAKE2B 49659fc2f1f284f31637048fa1e6edb4853e9bf6ac0b6ada5599a7af34a4449205b5eb6b85b630ce4757b49cf3f8ac9ad6220e07c2c22abb688a3aeb5cf99cd2 SHA512 6a6baa541bb7aa331b176e0a91894e0766859814b59e77c71351ac34d6ebd337487981db48c70e476a48c67bcf891cfc663221a7582feb1496ad1df56eb28da8
diff --git a/net-firewall/iptables/iptables-1.8.3-r1.ebuild b/net-firewall/iptables/iptables-1.8.3-r1.ebuild
deleted file mode 100644
index a1da5ac8f6a..00000000000
--- a/net-firewall/iptables/iptables-1.8.3-r1.ebuild
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-# Force users doing their own patches to install their own tools
-AUTOTOOLS_AUTO_DEPEND=no
-
-inherit multilib systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="conntrack ipv6 netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
- conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
- netlink? ( net-libs/libnfnetlink )
- nftables? (
- >=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.1.3:0=
- )
- pcap? ( net-libs/libpcap )
-"
-DEPEND="${COMMON_DEPEND}
- virtual/os-headers
- >=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="
- virtual/pkgconfig
- nftables? (
- sys-devel/flex
- virtual/yacc
- )
-"
-RDEPEND="${COMMON_DEPEND}
- nftables? ( net-misc/ethertypes )
-"
-
-src_prepare() {
- # use the saner headers from the kernel
- rm include/linux/{kernel,types}.h || die
-
- eapply "${FILESDIR}"/${PN}-1.8.2-link.patch
- eapply_user
- eautoreconf
-}
-
-src_configure() {
- # Some libs use $(AR) rather than libtool to build #444282
- tc-export AR
-
- # Hack around struct mismatches between userland & kernel for some ABIs. #472388
- use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
- sed -i \
- -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
- -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
- configure || die
-
- local myeconfargs=(
- --sbindir="${EPREFIX}/sbin"
- --libexecdir="${EPREFIX}/$(get_libdir)"
- --enable-devel
- --enable-shared
- $(use_enable nftables)
- $(use_enable pcap bpf-compiler)
- $(use_enable pcap nfsynproxy)
- $(use_enable static-libs static)
- $(use_enable ipv6)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- # Deal with parallel build errors.
- use nftables && emake -C iptables xtables-config-parser.h
- emake V=1
-}
-
-src_install() {
- default
- dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
- # all the iptables binaries are in /sbin, so might as well
- # put these small files in with them
- into /
- dosbin iptables/iptables-apply
- dosym iptables-apply /sbin/ip6tables-apply
- doman iptables/iptables-apply.8
-
- insinto /usr/include
- doins include/iptables.h $(use ipv6 && echo include/ip6tables.h)
- insinto /usr/include/iptables
- doins include/iptables/internal.h
-
- keepdir /var/lib/iptables
- newinitd "${FILESDIR}"/${PN}-r2.init iptables
- newconfd "${FILESDIR}"/${PN}-r1.confd iptables
- if use ipv6 ; then
- keepdir /var/lib/ip6tables
- dosym iptables /etc/init.d/ip6tables
- newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
- fi
-
- if use nftables; then
- # Bug 647458
- rm "${ED}"/etc/ethertypes || die
-
- # Bug 660886
- rm "${ED}"/sbin/{arptables,ebtables} || die
-
- # Bug 669894
- rm "${ED}"/sbin/ebtables-{save,restore} || die
- fi
-
- systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
- if use ipv6 ; then
- systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service
- fi
-
- # Move important libs to /lib #332175
- gen_usr_ldscript -a ip{4,6}tc iptc xtables
-
- find "${ED}" -type f -name "*.la" -delete || die
-}
diff --git a/net-firewall/iptables/iptables-1.8.4.ebuild b/net-firewall/iptables/iptables-1.8.5.ebuild
index ba0c606aedf..5f23120ecb9 100644
--- a/net-firewall/iptables/iptables-1.8.4.ebuild
+++ b/net-firewall/iptables/iptables-1.8.5.ebuild
@@ -19,12 +19,15 @@ SLOT="0/1.8.3"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
IUSE="conntrack ipv6 netlink nftables pcap static-libs"
+BUILD_DEPEND="
+ >=app-eselect/eselect-iptables-20200508
+"
COMMON_DEPEND="
conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
netlink? ( net-libs/libnfnetlink )
nftables? (
>=net-libs/libmnl-1.0:0=
- >=net-libs/libnftnl-1.1.5:0=
+ >=net-libs/libnftnl-1.1.6:0=
)
pcap? ( net-libs/libpcap )
"
@@ -32,7 +35,8 @@ DEPEND="${COMMON_DEPEND}
virtual/os-headers
>=sys-kernel/linux-headers-4.4:0
"
-BDEPEND="
+BDEPEND="${BUILD_DEPEND}
+ app-eselect/eselect-iptables
virtual/pkgconfig
nftables? (
sys-devel/flex
@@ -40,15 +44,22 @@ BDEPEND="
)
"
RDEPEND="${COMMON_DEPEND}
+ ${BUILD_DEPEND}
nftables? ( net-misc/ethertypes )
+ !<net-firewall/ebtables-2.0.11-r1
+ !<net-firewall/arptables-0.0.5-r1
"
+PATCHES=(
+ "${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
+ "${FILESDIR}/iptables-1.8.2-link.patch"
+)
+
src_prepare() {
# use the saner headers from the kernel
rm include/linux/{kernel,types}.h || die
- eapply "${FILESDIR}"/${PN}-1.8.2-link.patch
- eapply_user
+ default
eautoreconf
}
@@ -111,11 +122,8 @@ src_install() {
# Bug 647458
rm "${ED}"/etc/ethertypes || die
- # Bug 660886
- rm "${ED}"/sbin/{arptables,ebtables} || die
-
- # Bug 669894
- rm "${ED}"/sbin/ebtables-{save,restore} || die
+ # Bugs 660886 and 669894
+ rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
fi
systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service
@@ -128,3 +136,47 @@ src_install() {
find "${ED}" -type f -name "*.la" -delete || die
}
+
+pkg_postinst() {
+ local default_iptables="xtables-legacy-multi"
+ if ! eselect iptables show &>/dev/null; then
+ elog "Current iptables implementation is unset, setting to ${default_iptables}"
+ eselect iptables set "${default_iptables}"
+ fi
+
+ if use nftables; then
+ local tables
+ for tables in {arp,eb}tables; do
+ if ! eselect ${tables} show &>/dev/null; then
+ elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+ eselect ${tables} set xtables-nft-multi
+ fi
+ done
+ fi
+
+ eselect iptables show
+}
+
+pkg_prerm() {
+ elog "Unsetting iptables symlinks before removal"
+ eselect iptables unset
+
+ if ! has_version 'net-firewall/ebtables'; then
+ elog "Unsetting ebtables symlinks before removal"
+ eselect ebtables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting ebtables symlinks to ebtables-legacy"
+ eselect ebtables set ebtables-legacy
+ fi
+
+ if ! has_version 'net-firewall/arptables'; then
+ elog "Unsetting arptables symlinks before removal"
+ eselect arptables unset
+ elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+ elog "Resetting arptables symlinks to arptables-legacy"
+ eselect arptables set arptables-legacy
+ fi
+
+ # the eselect module failing should not be fatal
+ return 0
+}
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index e2877db7245..39e99bf8e47 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,3 +1,4 @@
DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43
DIST nftables-0.9.4-manpages.tar.xz 38580 BLAKE2B bb561c7824d032ecfff5c98af10c95af6f5188377f43de8398be7e503adff0441d49fa3e2cefcb646927cc1a4222957f0cc75d5ad4c770ef3a3f8cb8a677c5ce SHA512 1b94ff06ceccf75bbefbf64496d5fa0b492907d7ec5fe41f7808c6e239b2a0a42e88d61e35e22485abee7e4bd382178e962a7c5b113433247ca329cbfa408bca
DIST nftables-0.9.4.tar.bz2 792788 BLAKE2B 3f2d8ff3bcfe3ab815ee369c4937adef5e5730edee8ea59b32031732802e608bcb47ddd3e55303ad6c295158aff51b2f2c069d98600db83d732ff78836c7abb5 SHA512 cef5b5f26f3a2893a3eb1323f1f0ecfd6e2865e0eb040e9b7da5824e5be2274b888e661abe96e828add9e951f47303e30cb7c9238d267a031c0f99b5f3b6e2c0
+DIST nftables-0.9.6.tar.bz2 859481 BLAKE2B 0ede36370d9f8b75d0179f8f28077124d47132413417382b737508c7ef81c7d2891e1934e69c1ef5af5450ac13c9a914d37bb62ebf40fb91fa048b4ec3a24c90 SHA512 ca6524ff1cb1e79d636afeb96f54e4699773e1cbda8e9a3ec5728f4d5b764c0df16b195cdcc0e304ae5643c8761b6b5a6685c737965a7415aec07aeb9f3dc5df
diff --git a/net-firewall/nftables/nftables-0.9.6.ebuild b/net-firewall/nftables/nftables-0.9.6.ebuild
new file mode 100644
index 00000000000..44e1fc441fb
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.6.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8,9} )
+
+inherit autotools linux-info python-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
+IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.4:0=
+ gmp? ( dev-libs/gmp:0= )
+ json? ( dev-libs/jansson )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:0= )
+ >=net-libs/libnftnl-1.1.7:0=
+ xtables? ( >=net-firewall/iptables-1.6.1 )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ doc? (
+ app-text/asciidoc
+ >=app-text/docbook2X-0.8.8-r4
+ )
+ virtual/pkgconfig
+"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+python_make() {
+ emake \
+ -C py \
+ abs_builddir="${S}" \
+ DESTDIR="${D}" \
+ PYTHON_BIN="${PYTHON}" \
+ "${@}"
+}
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ if use modern-kernel && kernel_is lt 3 18; then
+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+ fi
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+
+ # fix installation path for doc stuff
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+ -i files/nftables/Makefile.am || die
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+ -i files/osf/Makefile.am || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ # We handle python separately
+ --disable-python
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable debug)
+ $(use_enable doc man-doc)
+ $(use_with !gmp mini_gmp)
+ $(use_with json)
+ $(use_with readline cli readline)
+ $(use_enable static-libs static)
+ $(use_with xtables)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ if use python; then
+ python_foreach_impl python_make
+ fi
+}
+
+src_install() {
+ default
+
+ if ! use doc; then
+ pushd doc >/dev/null || die
+ doman *.?
+ popd >/dev/null || die
+ fi
+
+ local mksuffix="$(usex modern-kernel '-mk' '')"
+
+ exeinto /usr/libexec/${PN}
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+ if use python ; then
+ python_foreach_impl python_make install
+ python_foreach_impl python_optimize
+ fi
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT}/var/lib/nftables/rules-save"
+
+ # In order for the nftables-restore systemd service to start
+ # the save_file must exist.
+ if [[ ! -f "${save_file}" ]]; then
+ ( umask 177; touch "${save_file}" )
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
+ fi
+
+ if has_version 'sys-apps/systemd'; then
+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
+ elog "will need to enable the nftables-restore service."
+ elog " 'systemctl enable ${PN}-restore.service'"
+ elog
+ elog "If you are creating firewall rules before the next system restart"
+ elog "the nftables-restore service must be manually started in order to"
+ elog "save those rules on shutdown."
+ fi
+ if has_version 'sys-apps/openrc'; then
+ elog "If you wish to enable the firewall rules on boot (on openrc) you"
+ elog "will need to enable the nftables service."
+ elog " 'rc-update add ${PN} default'"
+ elog
+ elog "If you are creating or updating the firewall rules and wish to save"
+ elog "them to be loaded on the next restart, use the \"save\" functionality"
+ elog "in the init script."
+ elog " 'rc-service ${PN} save'"
+ fi
+}
diff --git a/net-firewall/nftables/nftables-9999.ebuild b/net-firewall/nftables/nftables-9999.ebuild
new file mode 100644
index 00000000000..989c4f467e9
--- /dev/null
+++ b/net-firewall/nftables/nftables-9999.ebuild
@@ -0,0 +1,173 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8,9} )
+
+inherit autotools linux-info python-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+
+if [[ ${PV} =~ ^[9]{4,}$ ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://git.netfilter.org/${PN}"
+
+ BDEPEND="
+ sys-devel/bison
+ sys-devel/flex
+ "
+else
+ SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+ KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0/1"
+IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+ >=net-libs/libmnl-1.0.4:0=
+ gmp? ( dev-libs/gmp:0= )
+ json? ( dev-libs/jansson )
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:0= )
+ >=net-libs/libnftnl-1.1.8:0=
+ xtables? ( >=net-firewall/iptables-1.6.1 )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND+="
+ doc? (
+ app-text/asciidoc
+ >=app-text/docbook2X-0.8.8-r4
+ )
+ virtual/pkgconfig
+"
+
+REQUIRED_USE="
+ python? ( ${PYTHON_REQUIRED_USE} )
+"
+
+python_make() {
+ emake \
+ -C py \
+ abs_builddir="${S}" \
+ DESTDIR="${D}" \
+ PYTHON_BIN="${PYTHON}" \
+ "${@}"
+}
+
+pkg_setup() {
+ if kernel_is ge 3 13; then
+ if use modern-kernel && kernel_is lt 3 18; then
+ eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+ fi
+ CONFIG_CHECK="~NF_TABLES"
+ linux-info_pkg_setup
+ else
+ eerror "This package requires kernel version 3.13 or newer to work properly."
+ fi
+}
+
+src_prepare() {
+ default
+
+ # fix installation path for doc stuff
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+ -i files/nftables/Makefile.am || die
+ sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+ -i files/osf/Makefile.am || die
+
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ # We handle python separately
+ --disable-python
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable debug)
+ $(use_enable doc man-doc)
+ $(use_with !gmp mini_gmp)
+ $(use_with json)
+ $(use_with readline cli readline)
+ $(use_enable static-libs static)
+ $(use_with xtables)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ if use python; then
+ python_foreach_impl python_make
+ fi
+}
+
+src_install() {
+ default
+
+ if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
+ pushd doc >/dev/null || die
+ doman *.?
+ popd >/dev/null || die
+ fi
+
+ local mksuffix="$(usex modern-kernel '-mk' '')"
+
+ exeinto /usr/libexec/${PN}
+ newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+ newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+ newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+ keepdir /var/lib/nftables
+
+ systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+ if use python ; then
+ python_foreach_impl python_make install
+ python_foreach_impl python_optimize
+ fi
+
+ find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+ local save_file
+ save_file="${EROOT}/var/lib/nftables/rules-save"
+
+ # In order for the nftables-restore systemd service to start
+ # the save_file must exist.
+ if [[ ! -f "${save_file}" ]]; then
+ ( umask 177; touch "${save_file}" )
+ elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+ ewarn "Your system has dangerous permissions for ${save_file}"
+ ewarn "It is probably affected by bug #691326."
+ ewarn "You may need to fix the permissions of the file. To do so,"
+ ewarn "you can run the command in the line below as root."
+ ewarn " 'chmod 600 \"${save_file}\"'"
+ fi
+
+ if has_version 'sys-apps/systemd'; then
+ elog "If you wish to enable the firewall rules on boot (on systemd) you"
+ elog "will need to enable the nftables-restore service."
+ elog " 'systemctl enable ${PN}-restore.service'"
+ elog
+ elog "If you are creating firewall rules before the next system restart"
+ elog "the nftables-restore service must be manually started in order to"
+ elog "save those rules on shutdown."
+ fi
+ if has_version 'sys-apps/openrc'; then
+ elog "If you wish to enable the firewall rules on boot (on openrc) you"
+ elog "will need to enable the nftables service."
+ elog " 'rc-update add ${PN} default'"
+ elog
+ elog "If you are creating or updating the firewall rules and wish to save"
+ elog "them to be loaded on the next restart, use the \"save\" functionality"
+ elog "in the init script."
+ elog " 'rc-service ${PN} save'"
+ fi
+}
diff --git a/net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch b/net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch
new file mode 100644
index 00000000000..d6c80405e86
--- /dev/null
+++ b/net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch
@@ -0,0 +1,21 @@
+--- a/pgld/src/blocklist.h
++++ b/pgld/src/blocklist.h
+@@ -74,6 +74,6 @@
+ void blocklist_stats(int clearhits);
+ block_entry_t * blocklist_find(uint32_t ip);
+ void blocklist_dump();
+-blocklist_t blocklist;
++extern blocklist_t blocklist;
+
+ #endif /* INC_BLOCKLIST_H */
+--- a/pgld/src/blocklist.c
++++ b/pgld/src/blocklist.c
+@@ -22,6 +22,8 @@
+ #include "blocklist.h"
+ #include "pgld.h"
+
++blocklist_t blocklist;
++
+ void blocklist_init() {
+ blocklist.entries = NULL;
+ blocklist.count = 0;
diff --git a/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild b/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild
index 8f0826099c3..eafaafe2ee8 100644
--- a/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild
+++ b/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -58,6 +58,9 @@ CONFIG_CHECK="~NETFILTER_NETLINK
~IP_NF_IPTABLES
~IP_NF_TARGET_REJECT"
+PATCHES=(
+ "${FILESDIR}"/${P}-fno-common.patch
+)
S="${WORKDIR}/${MY_PN}-code-${COMMIT}"
src_prepare() {
diff --git a/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7-r1.ebuild b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7-r2.ebuild
index 14fb40edd82..e9dcb884c4a 100644
--- a/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7-r1.ebuild
+++ b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
diff --git a/net-firewall/rtsp-conntrack/rtsp-conntrack-4.18.ebuild b/net-firewall/rtsp-conntrack/rtsp-conntrack-4.18-r1.ebuild
index e163cee5f15..87432ce2dcc 100644
--- a/net-firewall/rtsp-conntrack/rtsp-conntrack-4.18.ebuild
+++ b/net-firewall/rtsp-conntrack/rtsp-conntrack-4.18-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
diff --git a/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild b/net-firewall/sanewall/sanewall-1.1.6-r3.ebuild
index 61fc3947d9d..0fe04aa2982 100644
--- a/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild
+++ b/net-firewall/sanewall/sanewall-1.1.6-r3.ebuild
@@ -16,8 +16,8 @@ KEYWORDS="~amd64 ~x86"
RDEPEND="
net-firewall/iptables[ipv6]
sys-apps/iproute2[-minimal]
+ sys-apps/kmod[tools]
sys-apps/net-tools
- virtual/modutils
|| (
net-misc/wget
net-misc/curl
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest
index c812b23e790..09f5087d579 100644
--- a/net-firewall/shorewall/Manifest
+++ b/net-firewall/shorewall/Manifest
@@ -1,14 +1,14 @@
-DIST shorewall-5.2.4.4.tar.bz2 581085 BLAKE2B 6830f1ce9350534a51b0d79efad07b338c511ab3cc1bf151ac958052c5feb1794d994a71e80ebf1546a76fae1718ebc74abab37fbb4d9362d8b3108133b30354 SHA512 c050af24969c2f18c4c020dfb611edaf9c6a5aa09d1dace502ae99b9aa82d7f217695e8099d6615a9a3c9f6de951f6d8b24621021c48ee2f2095edf9815a8d57
-DIST shorewall-5.2.4.5.tar.bz2 581558 BLAKE2B 9b089a9c5cab212ba130e3865c2ea5a8ad27c88979e6497a0fef823a12a6ac98ca12a150c3e9a5b6c76c90339aeb3c92a438dfc068811790aef13783e39e6204 SHA512 3914bac627cf8787372f21c4332fc13744a6190c7a128521103e3f47533ebbe2fe359a4c6bc95a0d7dfb03e2ce30f7b7cd8eaed9d8fa3169d4b0b5244aa6d8f8
-DIST shorewall-core-5.2.4.4.tar.bz2 73257 BLAKE2B 16b8d3a1d08c9db6a939f946324295063cee71b373bd67dd85d0acb4332502df4b5d9bb932695228ad6d33395c6596e86fd3e77ca59abc99d88bab7e883777c9 SHA512 1868dcd6bad6b0cb5be2c1b0724f076605e7990d0b9dfd19fee06c758b19f2ebcbe18bccaa7a4ea861ceb26038ed07837eecdacdd2a02d0c2a927c732d6bdc30
-DIST shorewall-core-5.2.4.5.tar.bz2 73333 BLAKE2B e4d71ddd92e83c31d90b766568d4d595d1035278832c9f92c103e7b95436adecf9e79612f0bf82e7eb3447d067c2d4e626bed14f1c9d74e5f11fa5d585830ba6 SHA512 74d413cbe95688d7604a01580eff32c92b1be754df2052fa4ed22dd549c18887b1462fc70c1a2913c2d77255fccb7badce33863686abffecadb6b316aa545827
-DIST shorewall-docs-html-5.2.4.4.tar.bz2 4294159 BLAKE2B 81bb4a9d086f48bf8551be3bc8aff0ed8a0a99d215338f12b711c96115507ea5a7eb567d084db0a93628c4036623a72231f33dd15671e84739d59608268b98c7 SHA512 086096604f5a580906f05b460e1e19df24620b610675a8ec6038c0061199fd6f09cd8aff08f1e8daa8d2898bfaec9db95cf7f4f1397ca9df784d420907b16fac
-DIST shorewall-docs-html-5.2.4.5.tar.bz2 4294320 BLAKE2B dd80e0ae8bc622aaa2e1278a20d2b0e2aaccd25debf22301b71dfce125f94be3e9c30dd411f3f7a84592ca126917447d1b61624079b6bf3686156578c54495cd SHA512 6453c0dbdd80c41b5ca706eae2cd05946a6442f939b398985bf2b6687b60c1f636cf387d1581694223b6d887f914764f9193070dfce745e6e32dd0edd582fe76
-DIST shorewall-init-5.2.4.4.tar.bz2 38048 BLAKE2B 01b4664396933ca303d4013d50f290be850dad51142257a7b1f3081cee3baac219feadc96636c732072c6918f83d847eca2107aa094804691500972a90f222fd SHA512 fdab4aa68429144cbffdf41aad78744feb3e9736df0e8d6ed87ed7ac80aebf7078c6ec28646069a71cacc8d9a6738605d59c6b6fb35d8c4d9a1ed8353a71775c
-DIST shorewall-init-5.2.4.5.tar.bz2 38113 BLAKE2B 4231e22c7dfd862fd6ee8b573ea3f137ea078e488d354ddf197a83c4d60827a462311f5f9cd7d1dd0df17b61713fa164e6c6594eb4b8c173bef59fee75f4c1bc SHA512 51ac7a4022caca14c25efe0e608bb3983f27c31326b1a933385891fbe01aa5137f3d8e50406fddec41024fe8aea6e55ad16c3a4cb2d1b211fd0d13d61ce61cb1
-DIST shorewall-lite-5.2.4.4.tar.bz2 42806 BLAKE2B d6dd5d9268d40fb88ee99be36b359423a6d7785417752f6e9d7245806bf9677963851327dcfd0d5fe81ea54ab11d59a5e64ee4115d41d3a6c8f4ced1e7cda732 SHA512 b81aa04f124435d3bf63d1796cca4db987f56c3e31953386ab7f3aae290058e5f3240b43864753121ed48b3744f8d6ee2dcd5210105dc1ccf5a4f790b3e22092
-DIST shorewall-lite-5.2.4.5.tar.bz2 42868 BLAKE2B 5ccab6fd410deb721671d16967fdf57be051c8403d7b2dc7273dea76f42584d01c593adee25d72730091d3f8cc7d85b985e58b5e243f5f5a11522935eae88087 SHA512 329535471f9a44f7cd3935e490d238768fe37bba397dbfd83b1f0960e16a1fdb6407ae6fd36f7054ec998f1ea8c2f91bb4cc1fa6d970675939856b2436cf7c45
-DIST shorewall6-5.2.4.4.tar.bz2 199722 BLAKE2B c5c741ea7108e6edbb35190bccea06d04c6a0d1cf5dbae23481e38d3c05155df6bcaf4deb6397d07a1f51ba0b13b18b4ed22349fbe1f6e605d0303486002d876 SHA512 cf212d1c7c8703319a5c6f34ba8629f115b2f03a0713c1b40cf370adad66b671bfd9536a28bc650aba04bf6a6fd7c396788d40c2eb650a006e8f2eb27baf76f8
-DIST shorewall6-5.2.4.5.tar.bz2 200261 BLAKE2B b21f8232a3497be70184c9053e17265d803a9561f5799921ee63ab67bd4b1b8fa8c1950de13a5f6d8f1662013641859844b5a2032e684151a3b85b0de8d8dfb9 SHA512 362802b8b9dc52da00a291f0fb0bb115387a409974e418bb3e00d8c9c900cd49f0b6d90a4c75db5028b5a2d1ad499d352d322e4f7132a9e8647b3502a263531b
-DIST shorewall6-lite-5.2.4.4.tar.bz2 42739 BLAKE2B 3f1caa78b12f779bd73716dad78a26544bf99204b96da2fa950c709bbb5d68ac1ee062714d5040d961a2df35b4d22e0b6c8747b36a84bb9a5b6805cb6d0158cd SHA512 4a0c6e939bd8ca239734de64ea0b2a94885f8f14d00e37dce291b2f5aa00384227c16cc0595ef1b038f05d3d42212ace3e9482937c8c072d7e194099ab867646
-DIST shorewall6-lite-5.2.4.5.tar.bz2 42843 BLAKE2B a02923bcd75bedbcb3d48f43c11de7956829528c7076f6cdd7353550e4703de3c19d01e16abbc6d2db74a748edaffec613060a7fb6179a1c89a75e0058d766ff SHA512 c93ebb94c9baa627cb9fd18af098ca484c5e6cf2d0405624a00d6cf9093e900e06b6da7f2f9acedf3fcd1c68d6221a50ae2826718313cc0482b74c34d6f2498a
+DIST shorewall-5.2.6.1.tar.bz2 552329 BLAKE2B c4bfd10dd3c4c236761acde39bf9108c8c4d02b1304fc10432600506fefb5aed16c61bd9abc04308f4b5af1db8fea60a9e7cf663b110541bf7040f48d2194ecf SHA512 a9df0d53899e3b5d4590b6690c298ff99be3d0dd8d7a1147b0ed15b45c81c6533087f2edb2b5c670e63f3a171081d9a404b55b08506e61386a77c290c7ff4303
+DIST shorewall-5.2.7.tar.bz2 585135 BLAKE2B 614a993d34927b6f976f8d783608832014e1e2c94d02f53904cc977d3a05cc7ef21bc3dd32545c11b705da7c84ca472f0dc2ec6438af6b60eb705f741d432269 SHA512 abe3f2bfa8944cdecf24e8a2b3bcc5a786bc6bafb1e85e10257f4ff3002689b1e0ed23ddf866f63ce301c6bec43959b6ce77bbbbe8ffeb0f48a18c858be226a2
+DIST shorewall-core-5.2.6.1.tar.bz2 76036 BLAKE2B ab223fa97b11f06c9ab112a828b7eda86e355b706cac7e50e6e403157c8a0eea4ded0e5a4dada431b5bb7b76a6cb1e13d438a8b90ab10fd4d525a389d030410c SHA512 4676ecd743f814dd87c097f2533c69fa333651cf6144a31ac8f7da360dee392c1ae8843b948868a63d58cc7b267e0ecb1fedf7b7ed88cdaa86b6066b73bedd8b
+DIST shorewall-core-5.2.7.tar.bz2 76504 BLAKE2B 5456b0f844c3f1c99cd8a89dff58ab5cf86d085a763a8de3918c2cf6fb5e59779912fae103f8b4284ba7a2c474beb786422a5de77eb3a67480d1d6ee0b316839 SHA512 0ed2f2e05abafa60e5d1560c5ee8419e7a3d0afe20192597a1efd263cfbe9331369682d6caa22ebdda128a410197010bb4429a3fa1500f9ac06ce8afcc1e6cc8
+DIST shorewall-docs-html-5.2.6.1.tar.bz2 4328494 BLAKE2B 9640a9ca63c9797f5318cf62ffd5c36c1e3c683c0b58ae99eb692a9eaaec4474a98d08c299a63fea09c779aaecbf189e9f93aa4a84c314bf62bae6830ee22dfa SHA512 374716993c25884a0aef2e1d6b261dab9dd64be5afb681489c3b40b4de05dd1dab93e0f34c1a74df7faffe27793d24d277865ad6a72b6c54f223ee1bce9b5a65
+DIST shorewall-docs-html-5.2.7.tar.bz2 4316006 BLAKE2B a981e050501d7fa9bdd2ecfc3fba279989089b1e6977abc881c2bc04df698e88cf7260acb28a06ce90d296e17944140ab24af98914839717811f2eb6af84da33 SHA512 4e381ad8fe8db5fe614c6dd6e4b595539519091c4aac2f7aa7ff8655e97fa8d07bec651c428492f334f632968ad94e1c863aeb1888964d696aca011e980fcbc6
+DIST shorewall-init-5.2.6.1.tar.bz2 41005 BLAKE2B e625569376c303fc5baab6e786ae5c13892c3b498421a369550de0e56a9207b5cf1d6838f7fdf9a0a344d6a1c62d102e4abc6414baec3bc96ad92f9399c74695 SHA512 9cf993217f40a3a948a58db1aca4dd76916e08e1dd0c4b2d23e1e416b24a7be53ef40e6358070b8c05a0b8bc44a0dacbf8b381c7fc2921ceed7df193c11e7578
+DIST shorewall-init-5.2.7.tar.bz2 41377 BLAKE2B d39cf687ed4a5592fb8ea7b2d0a4b1313cb80ba81000e3692700a5a95d8035260991626c3e7466d3b9d1a9e8b3e61c559286f08b20494b81b59e5edbc8383378 SHA512 2dd81a4ae87496079990864a7b7a42814855d13210b996e3881e34d7cfb692035a2394adc912337800c72bc8565ae90426a0f1ddbf3e0384048a7c2d3e18aa43
+DIST shorewall-lite-5.2.6.1.tar.bz2 45611 BLAKE2B f1da73d50b2ce4da8d3123f1cd2ebf4a76fc98613a8149aaf8a32ecca0358bd70d57438de30fda2559845975c9e95d35239f43341a45b210ae903ee176af700b SHA512 51f4354969e98dc3c6173d19d07d73b66d219a9e1cbbb5a2fcf5dcfbe0ecf421260b46c815cc7af6e3104b737082fdb0c48345af2228739c0bf880ad1179f5f6
+DIST shorewall-lite-5.2.7.tar.bz2 45949 BLAKE2B 9d56d57c8bbf0d6478aa2b834750c6545fb323bb8ac513eb8df4f377ec70faa1c71c2105ac40bb5c88272bf56e34f39d93d41215b96b889a4fa9bd80339993ac SHA512 9e48d6d48a0a12577518a3b729cb2ad63e5be9a748fd58ef4c450d9f31527773f2fa790f38e7b1547257b49786a56dc293a16fe97b9c6eddd007edcd35efaee8
+DIST shorewall6-5.2.6.1.tar.bz2 201076 BLAKE2B d41764a5a64bdc3cd86cdf80aaff89ad0bf9077267958d1c9de484f98a652ef42469964fb71b8841299b52e387605bfee1bca5df1ffc24ece9db5a999e09b09f SHA512 03444f976ba64c76eda866dbad6eaa61e766156fde6fcede31acc834ef9f6e45897538be54c99f62a0d6ae857f694921f7ee5d1f2f4209e37cff3f392554e8b0
+DIST shorewall6-5.2.7.tar.bz2 203996 BLAKE2B b8b721d54c5aafae773d0d80b38106a17000793ff16f217ac6ec21f8702afe7a3fd8e99941056e508a8d8c93819e0e5644f1f8ce83c61dc6e3be49fb8fcd70c9 SHA512 039e0092770262f22ba08c2cfd536eccb9530da48306791fa6683e34c34f862001ca827dcb79b535243e68a24bffe92dbd866cf9d7ea8754161b5a8326a86d8e
+DIST shorewall6-lite-5.2.6.1.tar.bz2 45613 BLAKE2B 0c54e6d86d0831ddf3f38d96f32f6a76d57a646dabb9ec7e3d7fa1811d28aaf8dad308e98dadabb5696b228ce393889ec78ec7422d1148e96e3b435fef05d362 SHA512 bf2f4d15c5faf52c9fb1ed918ce3afeab6c1cc01e67758ca93ede3a507fa798a3751155f9145e672d987f2ed8f53f29fcc1f9590f6808c63d1c748a898365472
+DIST shorewall6-lite-5.2.7.tar.bz2 45989 BLAKE2B ae698fb3b580bcc373958932d07b8e27bc805616dabe3b6cbf349fd29fa10299f91fffa6d1a74530b008d8806c62cdaf3868d1830cb3869bcfc6ca422cd9a2ef SHA512 c694c00c96e45d437e62ff600f85bb70b9431211ef9ff84753e880b165d694c5cd1a581a8163ed580cee78e790893b6239a8504b422554f14b4d4b7dd3c70601
diff --git a/net-firewall/shorewall/shorewall-5.2.4.4.ebuild b/net-firewall/shorewall/shorewall-5.2.6.1.ebuild
index c6f9c3e5bed..c6f9c3e5bed 100644
--- a/net-firewall/shorewall/shorewall-5.2.4.4.ebuild
+++ b/net-firewall/shorewall/shorewall-5.2.6.1.ebuild
diff --git a/net-firewall/shorewall/shorewall-5.2.4.5.ebuild b/net-firewall/shorewall/shorewall-5.2.7.ebuild
index 95a3c0906ea..95a3c0906ea 100644
--- a/net-firewall/shorewall/shorewall-5.2.4.5.ebuild
+++ b/net-firewall/shorewall/shorewall-5.2.7.ebuild
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 4a7bb64fd25..ab0de6087c3 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -1,2 +1 @@
-DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3
diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
deleted file mode 100644
index b7eae3595cb..00000000000
--- a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py
---- ufw-0.32/setup.py 2012-07-06 17:46:29.000000000 +0200
-+++ ufw-0.32.new/setup.py 2012-07-30 15:28:31.874547818 +0200
-@@ -225,41 +225,7 @@
- os.unlink(os.path.join('staging', 'ufw-init'))
- os.unlink(os.path.join('staging', 'ufw-init-functions'))
-
--iptables_exe = ''
--iptables_dir = ''
--
--for e in ['iptables']:
-- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
-- '/usr/local/bin']:
-- if e == "iptables":
-- if os.path.exists(os.path.join(dir, e)):
-- iptables_dir = dir
-- iptables_exe = os.path.join(iptables_dir, "iptables")
-- print("Found '%s'" % iptables_exe)
-- else:
-- continue
--
-- if iptables_exe != "":
-- break
--
--
--if iptables_exe == '':
-- print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
-- sys.exit(1)
--
--for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
-- if not os.path.exists(os.path.join(iptables_dir, e)):
-- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
-- sys.exit(1)
--
--(rc, out) = cmd([iptables_exe, '-V'])
--if rc != 0:
-- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
-- (iptables_exe))
--version = re.sub('^v', '', re.split('\s', str(out))[1])
--print("Found '%s' version '%s'" % (iptables_exe, version))
--if version < "1.4":
-- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
-+iptables_dir = '/sbin'
-
- setup (name='ufw',
- version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
deleted file mode 100644
index 991f4c826ec..00000000000
--- a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/setup.py
-+++ b/setup.py
-@@ -107,12 +107,6 @@ class Install(_install, object):
- for f in [ script, manpage, manpage_f ]:
- self.mkpath(os.path.dirname(f))
-
-- # update the interpreter to that of the one the user specified for setup
-- print("Updating staging/ufw to use %s" % (sys.executable))
-- subprocess.call(["sed",
-- "-i",
-- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
-- 'staging/ufw'])
- self.copy_file('staging/ufw', script)
- self.copy_file('doc/ufw.8', manpage)
- self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
deleted file mode 100644
index fde635ddc33..00000000000
--- a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
+++ /dev/null
@@ -1,17 +0,0 @@
---- a/shell-completion/bash
-+++ b/shell-completion/bash
-@@ -52,7 +52,6 @@
- echo "numbered verbose"
- }
-
--have ufw &&
- _ufw()
- {
- cur=${COMP_WORDS[COMP_CWORD]}
-@@ -83,5 +82,5 @@
- fi
- }
-
--[ "$have" ] && complete -F _ufw ufw
-+complete -F _ufw ufw
-
diff --git a/net-firewall/ufw/files/ufw-0.35-move-path.patch b/net-firewall/ufw/files/ufw-0.35-move-path.patch
deleted file mode 100644
index 58af7721508..00000000000
--- a/net-firewall/ufw/files/ufw-0.35-move-path.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8
---- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100
-@@ -18,7 +18,7 @@
- parameters and configuration of IPv6. The framework consists of the following
- files:
- .TP
--#STATE_PREFIX#/ufw\-init
-+#SHARE_DIR#/ufw\-init
- initialization script
- .TP
- #CONFIG_PREFIX#/ufw/before[6].rules
-@@ -41,7 +41,7 @@
-
- .SH "BOOT INITIALIZATION"
- .PP
--\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
-+\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
- standard SysV style initscript used by the \fBufw\fR command and should not be
- modified. It supports the following arguments:
- .TP
-diff -Naur ufw-0.31.orig/README ufw-0.31/README
---- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100
-@@ -58,7 +58,7 @@
- on your needs, this can be as simple as adding the following to a startup
- script (eg rc.local for systems that use it):
-
--# /lib/ufw/ufw-init start
-+# /usr/share/ufw/ufw-init start
-
- For systems that use SysV initscripts, an example script is provided in
- doc/initscript.example. See doc/upstart.example for an Upstart example. Consult
-@@ -72,9 +72,9 @@
- /etc/defaults/ufw high level configuration
- /etc/ufw/before[6].rules rules evaluated before UI added rules
- /etc/ufw/after[6].rules rules evaluated after UI added rules
--/lib/ufw/user[6].rules UI added rules (not to be modified)
-+/etc/ufw/user/user[6].rules UI added rules (not to be modified)
- /etc/ufw/sysctl.conf kernel network tunables
--/lib/ufw/ufw-init start script
-+/usr/share/ufw/ufw-init start script
-
-
- Usage
-@@ -149,7 +149,7 @@
- that the primary chains don't move around other non-ufw rules and chains. To
- completely flush the built-in chains with this configuration, you can use:
-
--# /lib/ufw/ufw-init flush-all
-+# /usr/share/ufw/ufw-init flush-all
-
- Alternately, ufw may also take full control of the firewall by setting
- MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
-@@ -247,7 +247,7 @@
-
- Remote Management
- -----------------
--On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
-+On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
- ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
- 'enabled' it will insert rules into the existing chains, and therefore not
- flush the chains (but will when modifying a rule or changing the default
-@@ -290,7 +290,7 @@
-
- Distributions
- -------------
--While it certainly ok to use /lib/ufw/ufw-init as the initscript for
-+While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
- ufw, this script is meant to be used by ufw itself, and therefore not
- particularly user friendly. See doc/initscript.example for a simple
- implementation that can be adapted to your distribution.
-diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py
---- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100
-@@ -54,7 +54,8 @@
- return
-
- real_confdir = os.path.join('/etc')
-- real_statedir = os.path.join('/lib', 'ufw')
-+ # real_statedir = os.path.join('/lib', 'ufw')
-+ real_statedir = os.path.join('/etc', 'ufw', 'user')
- real_prefix = self.prefix
- if self.home != None:
- real_confdir = self.home + real_confdir
-@@ -116,7 +117,7 @@
- self.copy_file('doc/ufw.8', manpage)
- self.copy_file('doc/ufw-framework.8', manpage_f)
-
-- # Install state files and helper scripts
-+ # Install state files
- statedir = real_statedir
- if self.root != None:
- statedir = self.root + real_statedir
-@@ -127,8 +128,14 @@
- self.copy_file('conf/user.rules', user_rules)
- self.copy_file('conf/user6.rules', user6_rules)
-
-- init_helper = os.path.join(statedir, 'ufw-init')
-- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
-+ # Install helper scripts
-+ sharedir = real_sharedir
-+ if self.root != None:
-+ sharedir = self.root + real_sharedir
-+ self.mkpath(sharedir)
-+
-+ init_helper = os.path.join(sharedir, 'ufw-init')
-+ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
- self.copy_file('src/ufw-init', init_helper)
- self.copy_file('src/ufw-init-functions', init_helper_functions)
-
-@@ -199,13 +206,18 @@
-
- subprocess.call(["sed",
- "-i",
-+ "s%#SHARE_DIR#%" + real_sharedir + "%g",
-+ f])
-+
-+ subprocess.call(["sed",
-+ "-i",
- "s%#VERSION#%" + ufw_version + "%g",
- f])
-
- # Install pristine copies of rules files
-- sharedir = real_sharedir
-- if self.root != None:
-- sharedir = self.root + real_sharedir
-+ #sharedir = real_sharedir
-+ #if self.root != None:
-+ # sharedir = self.root + real_sharedir
- rulesdir = os.path.join(sharedir, 'iptables')
- self.mkpath(rulesdir)
- for file in [ before_rules, after_rules, \
-diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py
---- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100
-@@ -38,6 +38,7 @@
- files = {}
- config_dir = _findpath(ufw.common.config_dir, datadir)
- state_dir = _findpath(ufw.common.state_dir, datadir)
-+ share_dir = _findpath(ufw.common.share_dir, datadir)
-
- files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
- files['before_rules'] = os.ppath.join(config_dir, 'ufw/before.rules')
-@@ -45,7 +46,7 @@
- files['rules6'] = os.path.join(state_dir, 'user6.rules')
- files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
- files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
-- files['init'] = os.path.join(_findpath(state_dir, rootdir), 'ufw-init')
-+ files['init'] = os.path.join(_findpath(share_dir, rootdir), 'ufw-init')
-
- ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
-
-diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init
---- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100
-@@ -18,10 +18,10 @@
- #
- set -e
-
--if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
-- . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
-+if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
-+ . "${rootdir}#SHARE_DIR#/ufw-init-functions"
- else
-- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
-+ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
- exit 1
- fi
-
-@@ -56,7 +56,7 @@
- flush_builtins || exit "$?"
- ;;
- *)
-- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
-+ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
- exit 1
- ;;
- esac
diff --git a/net-firewall/ufw/ufw-0.35-r1.ebuild b/net-firewall/ufw/ufw-0.35-r1.ebuild
deleted file mode 100644
index ff137b6b832..00000000000
--- a/net-firewall/ufw/ufw-0.35-r1.ebuild
+++ /dev/null
@@ -1,195 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python{2_7,3_6} )
-DISTUTILS_IN_SOURCE_BUILD=1
-
-inherit bash-completion-r1 eutils linux-info distutils-r1 systemd
-
-DESCRIPTION="A program used to manage a netfilter firewall"
-HOMEPAGE="https://launchpad.net/ufw"
-SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 ~ia64 ppc ppc64 sparc x86"
-IUSE="examples ipv6"
-
-DEPEND="sys-devel/gettext"
-RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
- !<kde-misc/kcm-ufw-0.4.2
- !<net-firewall/ufw-frontends-0.3.2
-"
-
-# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
-RESTRICT="test"
-
-PATCHES=(
- # Remove unnecessary build time dependency on net-firewall/iptables.
- "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
- # Move files away from /lib/ufw.
- "${FILESDIR}"/${PN}-0.35-move-path.patch
- # Remove shebang modification.
- "${FILESDIR}"/${PN}-0.34_pre805-shebang.patch
- # Fix bash completions, bug #526300
- "${FILESDIR}"/${P}-bash-completion.patch
-)
-
-pkg_pretend() {
- local CONFIG_CHECK="~PROC_FS
- ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
- ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
- ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
-
- if kernel_is -ge 2 6 39; then
- CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
- else
- CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
- fi
-
- # https://bugs.launchpad.net/ufw/+bug/1076050
- if kernel_is -ge 3 4; then
- CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
- else
- CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
- use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
- fi
-
- CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
- use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
-
- check_extra_config
-
- # Check for default, useful optional features.
- if ! linux_config_exists; then
- ewarn "Cannot determine configuration of your kernel."
- return
- fi
-
- local nf_nat_ftp_ok="yes"
- local nf_conntrack_ftp_ok="yes"
- local nf_conntrack_netbios_ns_ok="yes"
-
- linux_chkconfig_present \
- NF_NAT_FTP || nf_nat_ftp_ok="no"
- linux_chkconfig_present \
- NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
- linux_chkconfig_present \
- NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
-
- # This is better than an essay for each unset option...
- if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
- || [[ ${nf_conntrack_netbios_ns_ok} = no ]]
- then
- echo
- local mod_msg="Kernel options listed below are not set. They are not"
- mod_msg+=" mandatory, but they are often useful."
- mod_msg+=" If you don't need some of them, please remove relevant"
- mod_msg+=" module name(s) from IPT_MODULES in"
- mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
- mod_msg+=" Otherwise ufw may fail to start!"
- ewarn "${mod_msg}"
- if [[ ${nf_nat_ftp_ok} = no ]]; then
- ewarn "NF_NAT_FTP: for better support for active mode FTP."
- fi
- if [[ ${nf_conntrack_ftp_ok} = no ]]; then
- ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
- fi
- if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
- ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
- fi
- fi
-}
-
-python_prepare_all() {
- # Set as enabled by default. User can enable or disable
- # the service by adding or removing it to/from a runlevel.
- sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
- || die "sed failed (ufw.conf)"
-
- sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
-
- # If LINGUAS is set install selected translations only.
- if [[ -n ${LINGUAS+set} ]]; then
- _EMPTY_LOCALE_LIST="yes"
- pushd locales/po > /dev/null || die
-
- local lang
- for lang in *.po; do
- if ! has "${lang%.po}" ${LINGUAS}; then
- rm "${lang}" || die
- else
- _EMPTY_LOCALE_LIST="no"
- fi
- done
-
- popd > /dev/null || die
- else
- _EMPTY_LOCALE_LIST="no"
- fi
-
- distutils-r1_python_prepare_all
-}
-
-python_install_all() {
- newconfd "${FILESDIR}"/ufw.confd ufw
- newinitd "${FILESDIR}"/ufw-2.initd ufw
- systemd_dounit "${FILESDIR}/ufw.service"
-
- exeinto /usr/share/${PN}
- doexe tests/check-requirements
-
- # users normally would want it
- insinto /usr/share/doc/${PF}/logging/syslog-ng
- doins "${FILESDIR}"/syslog-ng/*
-
- insinto /usr/share/doc/${PF}/logging/rsyslog
- doins "${FILESDIR}"/rsyslog/*
- doins doc/rsyslog.example
-
- if use examples; then
- insinto /usr/share/doc/${PF}/examples
- doins examples/*
- fi
- newbashcomp shell-completion/bash ${PN}
-
- [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
-
- distutils-r1_python_install_all
- python_replicate_script "${D}usr/sbin/ufw"
-}
-
-pkg_postinst() {
- local print_check_req_warn
- print_check_req_warn=false
-
- if [[ -z ${REPLACING_VERSIONS} ]]; then
- echo
- elog "To enable ufw, add it to boot sequence and activate it:"
- elog "-- # rc-update add ufw boot"
- elog "-- # /etc/init.d/ufw start"
- echo
- elog "If you want to keep ufw logs in a separate file, take a look at"
- elog "/usr/share/doc/${PF}/logging."
- print_check_req_warn=true
- else
- for rv in ${REPLACING_VERSIONS}; do
- local major=${rv%%.*}
- local minor=${rv#${major}.}
- if [[ ${major} -eq 0 && ${minor} -lt 34 ]]; then
- print_check_req_warn=true
- fi
- done
- fi
- if $print_check_req_warn; then
- echo
- elog "/usr/share/ufw/check-requirements script is installed."
- elog "It is useful for debugging problems with ufw. However one"
- elog "should keep in mind that the script assumes IPv6 is enabled"
- elog "on kernel and net-firewall/iptables, and fails when it's not."
- fi
- echo
- ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
- ewarn "default. See README, Remote Management section for more information."
-}
diff --git a/net-firewall/ufw/ufw-0.36.ebuild b/net-firewall/ufw/ufw-0.36.ebuild
index 54c3c4bf91e..815e4edf373 100644
--- a/net-firewall/ufw/ufw-0.36.ebuild
+++ b/net-firewall/ufw/ufw-0.36.ebuild
@@ -3,8 +3,9 @@
EAPI=7
-PYTHON_COMPAT=( python{2_7,3_6} )
+PYTHON_COMPAT=( python3_{6,7,8} )
DISTUTILS_IN_SOURCE_BUILD=1
+DISTUTILS_USE_SETUPTOOLS=no
inherit bash-completion-r1 distutils-r1 eutils linux-info systemd
diff --git a/net-firewall/xtables-addons/xtables-addons-2.13.ebuild b/net-firewall/xtables-addons/xtables-addons-2.13-r1.ebuild
index 3d95b833551..3d95b833551 100644
--- a/net-firewall/xtables-addons/xtables-addons-2.13.ebuild
+++ b/net-firewall/xtables-addons/xtables-addons-2.13-r1.ebuild
diff --git a/net-firewall/xtables-addons/xtables-addons-3.7.ebuild b/net-firewall/xtables-addons/xtables-addons-3.7-r1.ebuild
index ef77b6f7711..ef77b6f7711 100644
--- a/net-firewall/xtables-addons/xtables-addons-3.7.ebuild
+++ b/net-firewall/xtables-addons/xtables-addons-3.7-r1.ebuild
diff --git a/net-firewall/xtables-addons/xtables-addons-3.8.ebuild b/net-firewall/xtables-addons/xtables-addons-3.8-r1.ebuild
index ef77b6f7711..ef77b6f7711 100644
--- a/net-firewall/xtables-addons/xtables-addons-3.8.ebuild
+++ b/net-firewall/xtables-addons/xtables-addons-3.8-r1.ebuild