michael@0: Name: iptables michael@0: Summary: Tools for managing Linux kernel packet filtering capabilities michael@0: Version: 1.4.1.1 michael@0: Release: 5.6 michael@0: Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 michael@0: Source1: iptables.init michael@0: Source2: iptables-config michael@0: Patch4: iptables-1.3.8-typo_latter.patch michael@0: Patch5: iptables-1.4.1.1-cloexec.patch michael@0: Patch8: iptables-1.4.1-nf_ext_init.patch michael@0: Patch9: iptables-1.4.1.1-tos_value_mask.patch michael@0: Group: System/Base michael@0: URL: http://www.netfilter.org/ michael@0: BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) michael@0: License: GPLv2 michael@0: BuildRequires: kernel-headers michael@0: Conflicts: kernel < 2.4.20 michael@0: Requires(post): chkconfig michael@0: Requires(preun): chkconfig michael@0: michael@0: %description michael@0: The iptables utility controls the network packet filtering code in the michael@0: Linux kernel. If you need to set up firewalls and/or IP masquerading, michael@0: you should install this package. michael@0: michael@0: %package ipv6 michael@0: Summary: IPv6 support for iptables michael@0: Group: System/Base michael@0: Requires: %{name} = %{version}-%{release} michael@0: Requires(post): chkconfig michael@0: Requires(preun): chkconfig michael@0: michael@0: %description ipv6 michael@0: The iptables package contains IPv6 (the next version of the IP michael@0: protocol) support for iptables. Iptables controls the Linux kernel michael@0: network packet filtering code, allowing you to set up firewalls and IP michael@0: masquerading. michael@0: michael@0: Install iptables-ipv6 if you need to set up firewalling for your michael@0: network and you are using ipv6. michael@0: michael@0: %package devel michael@0: Summary: Development package for iptables michael@0: Group: System/Base michael@0: Requires: %{name} = %{version}-%{release} michael@0: michael@0: %description devel michael@0: iptables development headers and libraries. michael@0: michael@0: The iptc interface is upstream marked as not public. The interface is not michael@0: stable and may change with every new version. It is therefore unsupported. michael@0: michael@0: %prep michael@0: %setup -q michael@0: %patch4 -p1 -b .typo_latter michael@0: %patch5 -p1 -b .cloexec michael@0: %patch8 -p1 -b .nf_ext_init michael@0: %patch9 -p1 -b .tos_value_mask michael@0: michael@0: # fix constructor names, see also nf_ext_init patch michael@0: perl -pi -e "s/void _init\(/void __attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c michael@0: perl -pi -e "s/^_init\(/__attribute\(\(constructor\)\) nf_ext_init\(/g" extensions/*.c michael@0: michael@0: %build michael@0: ./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_libdir} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr michael@0: make michael@0: michael@0: %install michael@0: rm -rf %{buildroot} michael@0: michael@0: make install DESTDIR=%{buildroot} michael@0: michael@0: # install iptc devel library michael@0: install -m 644 libiptc/libiptc.a %{buildroot}/%{_libdir} michael@0: michael@0: # install init scripts and configuration files michael@0: install -d -m 755 $RPM_BUILD_ROOT/etc/rc.d/init.d michael@0: install -c -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables michael@0: sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init michael@0: install -c -m 755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables michael@0: install -d -m 755 $RPM_BUILD_ROOT/etc/sysconfig michael@0: install -c -m 755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config michael@0: sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config michael@0: install -c -m 755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config michael@0: michael@0: %clean michael@0: rm -rf $RPM_BUILD_ROOT michael@0: michael@0: %files michael@0: %defattr(-,root,root) michael@0: %doc COPYING INSTALL INCOMPATIBILITIES michael@0: %attr(0755,root,root) /etc/rc.d/init.d/iptables michael@0: %config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config michael@0: /sbin/iptables* michael@0: %{_mandir}/man8/iptables* michael@0: %dir /%{_lib}/xtables michael@0: /%{_lib}/xtables/libipt* michael@0: /%{_lib}/xtables/libxt* michael@0: michael@0: %files ipv6 michael@0: %defattr(-,root,root) michael@0: %attr(0755,root,root) /etc/rc.d/init.d/ip6tables michael@0: %config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config michael@0: /sbin/ip6tables* michael@0: /bin/iptables-xml michael@0: %{_mandir}/man8/ip6tables* michael@0: /%{_lib}/xtables/libip6t* michael@0: michael@0: %files devel michael@0: %defattr(-,root,root) michael@0: %{_includedir}/*.h michael@0: %dir %{_includedir}/libiptc michael@0: %{_includedir}/libiptc/*.h michael@0: %{_libdir}/libipq.a michael@0: %{_libdir}/libiptc.a michael@0: %{_mandir}/man3/* michael@0: michael@0: %changelog michael@0: * Tue Jan 19 2010 Auke Kok - 1.4.1.1 michael@0: - remove startup symlinks, do not start iptables{,6} up by default michael@0: * Tue Jan 27 2009 Anas Nashif 1.4.1.1 michael@0: - Initial import into Moblin michael@0: * Tue Jul 22 2008 Thomas Woerner 1.4.1.1-2 michael@0: - fixed TOS value mask problem (rhbz#456244) (upstream patch) michael@0: - two more cloexec fixes michael@0: * Tue Jul 1 2008 Thomas Woerner 1.4.1.1-1 michael@0: - upstream bug fix release 1.4.1.1 michael@0: - dropped extra patch for 1.4.1 - not needed anymore michael@0: * Tue Jun 10 2008 Thomas Woerner 1.4.1-1 michael@0: - new version 1.4.1 with new build environment michael@0: - additional ipv6 network mask patch from Jan Engelhardt michael@0: - spec file cleanup michael@0: - removed old patches michael@0: * Fri Jun 6 2008 Tom "spot" Callaway 1.4.0-5 michael@0: - use normal kernel headers, not linux/compiler.h michael@0: - change BuildRequires: kernel-devel to kernel-headers michael@0: - We need to do this to be able to build for both sparcv9 and sparc64 michael@0: (there is no kernel-devel.sparcv9) michael@0: * Thu Mar 20 2008 Thomas Woerner 1.4.0-4 michael@0: - use O_CLOEXEC for all opened files in all applications (rhbz#438189) michael@0: * Mon Mar 3 2008 Thomas Woerner 1.4.0-3 michael@0: - use the kernel headers from the build tree for iptables for now to be able to michael@0: compile this package, but this makes the package more kernel dependant michael@0: - use s6_addr32 instead of in6_u.u6_addr32 michael@0: * Wed Feb 20 2008 Fedora Release Engineering - 1.4.0-2 michael@0: - Autorebuild for GCC 4.3 michael@0: * Mon Feb 11 2008 Thomas Woerner 1.4.0-1 michael@0: - new version 1.4.0 michael@0: - fixed condrestart (rhbz#428148) michael@0: - report the module in rmmod_r if there is an error michael@0: - use nf_ext_init instead of my_init for extension constructors michael@0: * Mon Nov 5 2007 Thomas Woerner 1.3.8-6 michael@0: - fixed leaked file descriptor before fork/exec (rhbz#312191) michael@0: - blacklisting is not working, use "install X /bin/(true|false)" test instead michael@0: - return private exit code 150 for disabled ipv6 support michael@0: - use script name for output messages michael@0: * Tue Oct 16 2007 Thomas Woerner 1.3.8-5 michael@0: - fixed error code for stopping a already stopped firewall (rhbz#321751) michael@0: - moved blacklist test into start michael@0: * Wed Sep 26 2007 Thomas Woerner 1.3.8-4.1 michael@0: - do not start ip6tables if ipv6 is blacklisted (rhbz#236888) michael@0: - use simpler fix for (rhbz#295611) michael@0: Thanks to Linus Torvalds for the patch. michael@0: * Mon Sep 24 2007 Thomas Woerner 1.3.8-4 michael@0: - fixed IPv6 reject type (rhbz#295181) michael@0: - fixed init script: start, stop and status michael@0: - support netfilter compiled into kernel in init script (rhbz#295611) michael@0: - dropped inversion for limit modules from man pages (rhbz#220780) michael@0: - fixed typo in ip6tables man page (rhbz#236185) michael@0: * Wed Sep 19 2007 Thomas Woerner 1.3.8-3 michael@0: - do not depend on local_fs in lsb header - this delayes start after network michael@0: - fixed exit code for initscript usage michael@0: * Mon Sep 17 2007 Thomas Woerner 1.3.8-2.1 michael@0: - do not use lock file for condrestart test michael@0: * Thu Aug 23 2007 Thomas Woerner 1.3.8-2 michael@0: - fixed initscript for LSB conformance (rhbz#246953, rhbz#242459) michael@0: - provide iptc interface again, but unsupported (rhbz#216733) michael@0: - compile all extension, which are supported by the kernel-headers package michael@0: - review fixes (rhbz#225906) michael@0: * Tue Jul 31 2007 Thomas Woerner michael@0: - reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888) michael@0: * Fri Jul 13 2007 Steve Conklin - 1.3.8-1 michael@0: - New version 1.3.8 michael@0: * Mon Apr 23 2007 Jeremy Katz - 1.3.7-2 michael@0: - fix error when ipv6 support isn't loaded in the kernel (#236888) michael@0: * Wed Jan 10 2007 Thomas Woerner 1.3.7-1.1 michael@0: - fixed installation of secmark modules michael@0: * Tue Jan 9 2007 Thomas Woerner 1.3.7-1 michael@0: - new verison 1.3.7 michael@0: - iptc is not a public interface and therefore not installed anymore michael@0: - dropped upstream secmark patch michael@0: * Tue Sep 19 2006 Thomas Woerner 1.3.5-2 michael@0: - added secmark iptables patches (#201573) michael@0: * Wed Jul 12 2006 Jesse Keating - 1.3.5-1.2.1 michael@0: - rebuild michael@0: * Fri Feb 10 2006 Jesse Keating - 1.3.5-1.2 michael@0: - bump again for double-long bug on ppc(64) michael@0: * Tue Feb 7 2006 Jesse Keating - 1.3.5-1.1 michael@0: - rebuilt for new gcc4.1 snapshot and glibc changes michael@0: * Thu Feb 2 2006 Thomas Woerner 1.3.5-1 michael@0: - new version 1.3.5 michael@0: - fixed init script to set policy for raw tables, too (#179094) michael@0: * Tue Jan 24 2006 Thomas Woerner 1.3.4-3 michael@0: - added important iptables header files to devel package michael@0: * Fri Dec 9 2005 Jesse Keating michael@0: - rebuilt michael@0: * Fri Nov 25 2005 Thomas Woerner 1.3.4-2 michael@0: - fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and michael@0: replace "_init" with "__attribute((constructor)) my_init" michael@0: * Fri Nov 25 2005 Thomas Woerner 1.3.4-1.1 michael@0: - rebuild due to unresolved symbols in shared libraries michael@0: * Fri Nov 18 2005 Thomas Woerner 1.3.4-1 michael@0: - new version 1.3.4 michael@0: - dropped free_opts patch (upstream fixed) michael@0: - made libipq PIC (#158623) michael@0: - additional configuration options for iptables startup script (#172929) michael@0: Thanks to Jan Gruenwald for the patch michael@0: - spec file cleanup (dropped linux_header define and usage) michael@0: * Mon Jul 18 2005 Thomas Woerner 1.3.2-1 michael@0: - new version 1.3.2 with additional patch for the misplaced free_opts call michael@0: from Marcus Sundberg michael@0: * Wed May 11 2005 Thomas Woerner 1.3.1-1 michael@0: - new version 1.3.1 michael@0: * Fri Mar 18 2005 Thomas Woerner 1.3.0-2 michael@0: - Remove unnecessary explicit kernel dep (#146142) michael@0: - Fixed out of bounds accesses (#131848): Thanks to Steve Grubb michael@0: for the patch michael@0: - Adapted iptables-config to reference to modprobe.conf (#150143) michael@0: - Remove misleading message (#140154): Thanks to Ulrich Drepper michael@0: for the patch michael@0: * Mon Feb 21 2005 Thomas Woerner 1.3.0-1 michael@0: - new version 1.3.0 michael@0: * Thu Nov 11 2004 Thomas Woerner 1.2.11-3.2 michael@0: - fixed autoload problem in iptables and ip6tables (CAN-2004-0986) michael@0: * Fri Sep 17 2004 Thomas Woerner 1.2.11-3.1 michael@0: - changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731) michael@0: - modified config file to match this change and un-commented variables with michael@0: default values michael@0: * Thu Sep 16 2004 Thomas Woerner 1.2.11-3 michael@0: - applied second part of cleanup patch from (#131848): thanks to Steve Grubb michael@0: for the patch michael@0: * Wed Aug 25 2004 Thomas Woerner 1.2.11-2 michael@0: - fixed free bug in iptables (#128322) michael@0: * Tue Jun 22 2004 Thomas Woerner 1.2.11-1 michael@0: - new version 1.2.11 michael@0: * Thu Jun 17 2004 Thomas Woerner 1.2.10-1 michael@0: - new version 1.2.10 michael@0: * Tue Jun 15 2004 Elliot Lee michael@0: - rebuilt michael@0: * Tue Mar 2 2004 Elliot Lee michael@0: - rebuilt michael@0: * Thu Feb 26 2004 Thomas Woerner 1.2.9-2.3 michael@0: - fixed iptables-restore -c fault if there are no counters (#116421) michael@0: * Fri Feb 13 2004 Elliot Lee michael@0: - rebuilt michael@0: * Sun Jan 25 2004 Dan Walsh 1.2.9-1.2 michael@0: - Close File descriptors to prevent SELinux error message michael@0: * Wed Jan 7 2004 Thomas Woerner 1.2.9-1.1 michael@0: - rebuild michael@0: * Wed Dec 17 2003 Thomas Woerner 1.2.9-1 michael@0: - vew version 1.2.9 michael@0: - new config options in ipXtables-config: michael@0: IPTABLES_MODULES_UNLOAD michael@0: - more documentation in ipXtables-config michael@0: - fix for netlink security issue in libipq (devel package) michael@0: - print fix for libipt_icmp (#109546) michael@0: * Thu Oct 23 2003 Thomas Woerner 1.2.8-13 michael@0: - marked all messages in iptables init script for translation (#107462) michael@0: - enabled devel package (#105884, #106101) michael@0: - bumped build for fedora for libipt_recent.so (#106002) michael@0: * Tue Sep 23 2003 Thomas Woerner 1.2.8-12.1 michael@0: - fixed lost udp port range in ip6tables-save (#104484) michael@0: - fixed non numeric multiport port output in ipXtables-savs michael@0: * Mon Sep 22 2003 Florian La Roche 1.2.8-11 michael@0: - do not link against -lnsl michael@0: * Wed Sep 17 2003 Thomas Woerner 1.2.8-10 michael@0: - made variables in rmmod_r local michael@0: * Tue Jul 22 2003 Thomas Woerner 1.2.8-9 michael@0: - fixed permission for init script michael@0: * Sat Jul 19 2003 Thomas Woerner 1.2.8-8 michael@0: - fixed save when iptables file is missing and iptables-config permissions michael@0: * Tue Jul 8 2003 Thomas Woerner 1.2.8-7 michael@0: - fixes for ip6tables: module unloading, setting policy only for existing michael@0: tables michael@0: * Thu Jul 3 2003 Thomas Woerner 1.2.8-6 michael@0: - IPTABLES_SAVE_COUNTER defaults to no, now michael@0: - install config file in /etc/sysconfig michael@0: - exchange unload of ip_tables and ip_conntrack michael@0: - fixed start function michael@0: * Wed Jul 2 2003 Thomas Woerner 1.2.8-5 michael@0: - new config option IPTABLES_SAVE_ON_RESTART michael@0: - init script: new status, save and restart michael@0: - fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374 michael@0: * Mon Jun 30 2003 Thomas Woerner 1.2.8-4 michael@0: - new config option IPTABLES_STATUS_NUMERIC michael@0: - cleared IPTABLES_MODULES in iptables-config michael@0: * Mon Jun 30 2003 Thomas Woerner 1.2.8-3 michael@0: - new init scripts michael@0: * Sat Jun 28 2003 Florian La Roche michael@0: - remove check for very old kernel versions in init scripts michael@0: - sync up both init scripts and remove some further ugly things michael@0: - add some docu into rpm michael@0: * Thu Jun 26 2003 Thomas Woerner 1.2.8-2 michael@0: - rebuild michael@0: * Mon Jun 16 2003 Thomas Woerner 1.2.8-1 michael@0: - update to 1.2.8 michael@0: * Wed Jan 22 2003 Tim Powers michael@0: - rebuilt michael@0: * Mon Jan 13 2003 Bill Nottingham 1.2.7a-1 michael@0: - update to 1.2.7a michael@0: - add a plethora of bugfixes courtesy Michael Schwendt michael@0: * Fri Dec 13 2002 Elliot Lee 1.2.6a-3 michael@0: - Fix multilib michael@0: * Wed Aug 7 2002 Karsten Hopp michael@0: - fixed iptables and ip6tables initscript output, based on #70511 michael@0: - check return status of all iptables calls, not just the last one michael@0: in a 'for' loop. michael@0: * Mon Jul 29 2002 Bernhard Rosenkraenzer 1.2.6a-1 michael@0: - 1.2.6a (bugfix release, #69747) michael@0: * Fri Jun 21 2002 Tim Powers michael@0: - automated rebuild michael@0: * Thu May 23 2002 Tim Powers michael@0: - automated rebuild michael@0: * Mon Mar 4 2002 Bernhard Rosenkraenzer 1.2.5-3 michael@0: - Add some fixes from CVS, fixing bug #60465 michael@0: * Tue Feb 12 2002 Bernhard Rosenkraenzer 1.2.5-2 michael@0: - Merge ip6tables improvements from Ian Prowell michael@0: [#59402] michael@0: - Update URL (#59354) michael@0: - Use /sbin/chkconfig rather than chkconfig in %%%%postun script michael@0: * Fri Jan 11 2002 Bernhard Rosenkraenzer 1.2.5-1 michael@0: - 1.2.5 michael@0: * Wed Jan 9 2002 Tim Powers michael@0: - automated rebuild michael@0: * Mon Nov 5 2001 Bernhard Rosenkraenzer 1.2.4-2 michael@0: - Fix %%%%preun script michael@0: * Tue Oct 30 2001 Bernhard Rosenkraenzer 1.2.4-1 michael@0: - Update to 1.2.4 (various fixes, including security fixes; among others: michael@0: [#42990], #50500, #53325, #54280) michael@0: - Fix init script (#31133) michael@0: * Mon Sep 3 2001 Bernhard Rosenkraenzer 1.2.3-1 michael@0: - 1.2.3 (5 security fixes, some other fixes) michael@0: - Fix updating (#53032) michael@0: * Mon Aug 27 2001 Bernhard Rosenkraenzer 1.2.2-4 michael@0: - Fix #50990 michael@0: - Add some fixes from current CVS; should fix #52620 michael@0: * Mon Jul 16 2001 Bernhard Rosenkraenzer 1.2.2-3 michael@0: - Add some fixes from the current CVS tree; fixes #49154 and some IPv6 michael@0: issues michael@0: * Tue Jun 26 2001 Bernhard Rosenkraenzer 1.2.2-2 michael@0: - Fix iptables-save reject-with (#45632), Patch from Michael Schwendt michael@0: michael@0: * Tue May 8 2001 Bernhard Rosenkraenzer 1.2.2-1 michael@0: - 1.2.2 michael@0: * Wed Mar 21 2001 Bernhard Rosenkraenzer michael@0: - 1.2.1a, fixes #28412, #31136, #31460, #31133 michael@0: * Thu Mar 1 2001 Bernhard Rosenkraenzer michael@0: - Yet another initscript fix (#30173) michael@0: - Fix the fixes; they fixed some issues but broke more important michael@0: stuff :/ (#30176) michael@0: * Tue Feb 27 2001 Bernhard Rosenkraenzer michael@0: - Fix up initscript (#27962) michael@0: - Add fixes from CVS to iptables-{restore,save}, fixing #28412 michael@0: * Fri Feb 9 2001 Karsten Hopp michael@0: - create /etc/sysconfig/iptables mode 600 (same problem as #24245) michael@0: * Mon Feb 5 2001 Karsten Hopp michael@0: - fix bugzilla #25986 (initscript not marked as config file) michael@0: - fix bugzilla #25962 (iptables-restore) michael@0: - mv chkconfig --del from postun to preun michael@0: * Thu Feb 1 2001 Trond Eivind Glomsrød michael@0: - Fix check for ipchains michael@0: * Mon Jan 29 2001 Bernhard Rosenkraenzer michael@0: - Some fixes to init scripts michael@0: * Wed Jan 24 2001 Bernhard Rosenkraenzer michael@0: - Add some fixes from CVS, fixes among other things Bug #24732 michael@0: * Wed Jan 17 2001 Bernhard Rosenkraenzer michael@0: - Add missing man pages, fix up init script (Bug #17676) michael@0: * Mon Jan 15 2001 Bill Nottingham michael@0: - add init script michael@0: * Mon Jan 15 2001 Bernhard Rosenkraenzer michael@0: - 1.2 michael@0: - fix up ipv6 split michael@0: - add init script michael@0: - Move the plugins from /usr/lib/iptables to /lib/iptables. michael@0: This needs to work before /usr is mounted... michael@0: - Use -O1 on alpha (compiler bug) michael@0: * Sat Jan 6 2001 Bernhard Rosenkraenzer michael@0: - 1.1.2 michael@0: - Add IPv6 support (in separate package) michael@0: * Thu Aug 17 2000 Bill Nottingham michael@0: - build everywhere michael@0: * Tue Jul 25 2000 Bernhard Rosenkraenzer michael@0: - 1.1.1 michael@0: * Thu Jul 13 2000 Prospector michael@0: - automatic rebuild michael@0: * Tue Jun 27 2000 Preston Brown michael@0: - move iptables to /sbin. michael@0: - excludearch alpha for now, not building there because of compiler bug(?) michael@0: * Fri Jun 9 2000 Bill Nottingham michael@0: - don't obsolete ipchains either michael@0: - update to 1.1.0 michael@0: * Sun Jun 4 2000 Bill Nottingham michael@0: - remove explicit kernel requirement michael@0: * Tue May 2 2000 Bernhard Rosenkränzer michael@0: - initial package