diff options
-rw-r--r-- | .SRCINFO | 25 | ||||
-rw-r--r-- | PKGBUILD | 31 | ||||
-rw-r--r-- | iptables-apply-default-path.patch | 53 |
3 files changed, 88 insertions, 21 deletions
@@ -1,26 +1,26 @@ pkgbase = iptables-fullconenat pkgdesc = Linux kernel packet control tool with FULLCONENAT support. - pkgver = 1.8.3 - pkgrel = 2 + pkgver = 1.8.10 + pkgrel = 3 epoch = 1 url = https://www.netfilter.org/projects/iptables/index.html install = iptables-fullconenat.install arch = x86_64 - license = GPL2 + license = GPL-2.0-only makedepends = linux-api-headers depends = libnftnl depends = libpcap depends = libnfnetlink depends = libnetfilter_conntrack depends = bash - depends = netfilter-fullconenat-dkms-git + optdepends = netfilter-fullconenat: kernel module for fullconenat provides = iptables conflicts = iptables backup = etc/ethertypes backup = etc/iptables/iptables.rules backup = etc/iptables/ip6tables.rules - source = https://www.netfilter.org/projects/iptables/files/iptables-1.8.3.tar.bz2 - source = https://www.netfilter.org/projects/iptables/files/iptables-1.8.3.tar.bz2.sig + source = https://www.netfilter.org/projects/iptables/files/iptables-1.8.10.tar.xz + source = https://www.netfilter.org/projects/iptables/files/iptables-1.8.10.tar.xz.sig source = empty.rules source = simple_firewall.rules source = empty-filter.rules @@ -34,9 +34,12 @@ pkgbase = iptables-fullconenat source = ip6tables.service source = iptables-legacy-flush source = iptables-nft-flush - source = libipt_FULLCONENAT.c::https://raw.githubusercontent.com/Chion82/netfilter-full-cone-nat/master/libipt_FULLCONENAT.c + source = iptables-apply-default-path.patch + source = libipt_FULLCONENAT.c::https://raw.githubusercontent.com/llccd/netfilter-full-cone-nat/dev/libipt_FULLCONENAT.c + source = libip6t_FULLCONENAT.c::https://raw.githubusercontent.com/llccd/netfilter-full-cone-nat/dev/libip6t_FULLCONENAT.c validpgpkeys = C09DB2063F1D7034BA6152ADAB4655A126D292E4 - sha1sums = 6df99e90cb4d59032ab2050ebb426fe065249bd3 + validpgpkeys = 37D964ACC04981C75500FB9BD55D978A8A1420E4 + sha1sums = ddbebf81eacbf900dc6dd4ed409353930397e0c2 sha1sums = SKIP sha1sums = 83b3363878e3660ce23b2ad325b53cbd6c796ecf sha1sums = f085a71f467e4d7cb2cf094d9369b0bcc4bab6ec @@ -51,7 +54,9 @@ pkgbase = iptables-fullconenat sha1sums = 9cec592787e32451f58fa608ea057870e07aa704 sha1sums = d10af7780d1634778d898c709e2d950aa1561856 sha1sums = 15c1684f3e671f4d0ede639a7c9c08e1a841511c - sha1sums = b5dd6f51b9257150290a140453e09d38fb63c391 + sha1sums = 454d0a6d3bca14b8702e7c5e2672f5bc0c832b85 + sha1sums = 1d320a1193a754d5cb4afa7c4b8bb27316c7dd95 + sha1sums = abec6a9a953101c0345d60e5812393243cc7bb7b pkgname = iptables-fullconenat pkgdesc = Linux kernel packet control tool with FULLCONENAT support. (using legacy interface) @@ -63,7 +68,6 @@ pkgname = iptables-fullconenat-nft depends = libnfnetlink depends = libnetfilter_conntrack depends = bash - depends = netfilter-fullconenat-dkms-git depends = nftables provides = iptables provides = iptables-fullconenat @@ -78,4 +82,3 @@ pkgname = iptables-fullconenat-nft backup = etc/iptables/ip6tables.rules backup = etc/arptables.conf backup = etc/ebtables.conf - @@ -3,24 +3,27 @@ _pkgbase=iptables pkgbase=iptables-fullconenat pkgname=(iptables-fullconenat iptables-fullconenat-nft) -pkgver=1.8.3 -pkgrel=2 +pkgver=1.8.10 +pkgrel=3 epoch=1 pkgdesc='Linux kernel packet control tool with FULLCONENAT support.' arch=(x86_64) -license=(GPL2) +license=('GPL-2.0-only') url='https://www.netfilter.org/projects/iptables/index.html' -depends=(libnftnl libpcap libnfnetlink libnetfilter_conntrack bash netfilter-fullconenat-dkms-git) +depends=(libnftnl libpcap libnfnetlink libnetfilter_conntrack bash) makedepends=(linux-api-headers) +optdepends=("netfilter-fullconenat: kernel module for fullconenat") provides=('iptables') conflicts=(iptables) install=${pkgbase}.install backup=(etc/ethertypes etc/iptables/{ip,ip6}tables.rules) -source=(https://www.netfilter.org/projects/iptables/files/$_pkgbase-$pkgver.tar.bz2{,.sig} +source=(https://www.netfilter.org/projects/iptables/files/$_pkgbase-$pkgver.tar.xz{,.sig} empty.rules simple_firewall.rules empty-{filter,mangle,nat,raw,security}.rules {arp,eb,ip,ip6}tables.service iptables-{legacy,nft}-flush - "libipt_FULLCONENAT.c::https://raw.githubusercontent.com/Chion82/netfilter-full-cone-nat/master/libipt_FULLCONENAT.c") -sha1sums=('6df99e90cb4d59032ab2050ebb426fe065249bd3' + iptables-apply-default-path.patch + "libipt_FULLCONENAT.c::https://raw.githubusercontent.com/llccd/netfilter-full-cone-nat/dev/libipt_FULLCONENAT.c" + "libip6t_FULLCONENAT.c::https://raw.githubusercontent.com/llccd/netfilter-full-cone-nat/dev/libip6t_FULLCONENAT.c") +sha1sums=('ddbebf81eacbf900dc6dd4ed409353930397e0c2' 'SKIP' '83b3363878e3660ce23b2ad325b53cbd6c796ecf' 'f085a71f467e4d7cb2cf094d9369b0bcc4bab6ec' @@ -35,16 +38,24 @@ sha1sums=('6df99e90cb4d59032ab2050ebb426fe065249bd3' '9cec592787e32451f58fa608ea057870e07aa704' 'd10af7780d1634778d898c709e2d950aa1561856' '15c1684f3e671f4d0ede639a7c9c08e1a841511c' - 'b5dd6f51b9257150290a140453e09d38fb63c391') -validpgpkeys=('C09DB2063F1D7034BA6152ADAB4655A126D292E4') # Netfilter Core Team + '454d0a6d3bca14b8702e7c5e2672f5bc0c832b85' + '1d320a1193a754d5cb4afa7c4b8bb27316c7dd95' + 'abec6a9a953101c0345d60e5812393243cc7bb7b') +validpgpkeys=('C09DB2063F1D7034BA6152ADAB4655A126D292E4' + '37D964ACC04981C75500FB9BD55D978A8A1420E4') # Netfilter Core Team prepare() { mkdir build cd $_pkgbase-$pkgver - cp ../libipt_FULLCONENAT.c extensions/ + cp ../libip{,6}t_FULLCONENAT.c extensions/ # use system one rm include/linux/types.h + + ln -rs libiptc/linux_list.h include/libiptc + + # use Arch path + patch -p0 -i ../iptables-apply-default-path.patch } build() { diff --git a/iptables-apply-default-path.patch b/iptables-apply-default-path.patch new file mode 100644 index 000000000000..84089e0978d5 --- /dev/null +++ b/iptables-apply-default-path.patch @@ -0,0 +1,53 @@ +--- iptables/iptables-apply.8.in.orig 2022-07-25 17:12:06.833791345 +0300 ++++ iptables/iptables-apply.8.in 2022-07-25 17:13:35.780742653 +0300 +@@ -21,11 +21,11 @@ + Successfully applied rules can also be written to savefile and later used + to roll back to this state. This can be used to implement a store last good + configuration mechanism when experimenting with an iptables setup script: +-iptables-apply \-w /etc/network/iptables.up.rules \-c /etc/network/iptables.up.run ++iptables-apply \-w /etc/iptables/iptables.rules \-c /etc/iptables/iptables.run + .PP + When called as ip6tables\-apply, the script will use + ip6tables\-save/\-restore and IPv6 default values instead. Default +-value for rulesfile is '/etc/network/iptables.up.rules'. ++value for rulesfile is '/etc/iptables/iptables.rules'. + .SH OPTIONS + .TP + \fB\-t\fP \fIseconds\fR, \fB\-\-timeout\fP \fIseconds\fR +@@ -34,11 +34,11 @@ + .TP + \fB\-w\fP \fIsavefile\fR, \fB\-\-write\fP \fIsavefile\fR + Specify the savefile where successfully applied rules will be written to +-(default if empty string is given: /etc/network/iptables.up.rules). ++(default if empty string is given: /etc/iptables/iptables.rules). + .TP + \fB\-c\fP \fIruncmd\fR, \fB\-\-command\fP \fIruncmd\fR + Run command runcmd to configure iptables instead of applying a rulesfile +-(default: /etc/network/iptables.up.run). ++(default: /etc/iptables/iptables.run). + .TP + \fB\-h\fP, \fB\-\-help\fP + Display usage information. +--- iptables/iptables-apply.orig 2022-07-25 17:12:11.713806961 +0300 ++++ iptables/iptables-apply 2022-07-25 17:12:34.573880116 +0300 +@@ -31,16 +31,16 @@ + (*6*) + SAVE=ip6tables-save + RESTORE=ip6tables-restore +- DEF_RULESFILE="/etc/network/ip6tables.up.rules" ++ DEF_RULESFILE="/etc/iptables/ip6tables.rules" + DEF_SAVEFILE="$DEF_RULESFILE" +- DEF_RUNCMD="/etc/network/ip6tables.up.run" ++ DEF_RUNCMD="/etc/iptables/ip6tables.run" + ;; + (*) + SAVE=iptables-save + RESTORE=iptables-restore +- DEF_RULESFILE="/etc/network/iptables.up.rules" ++ DEF_RULESFILE="/etc/iptables/iptables.rules" + DEF_SAVEFILE="$DEF_RULESFILE" +- DEF_RUNCMD="/etc/network/iptables.up.run" ++ DEF_RUNCMD="/etc/iptables/iptables.run" + ;; + esac + |