代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/iptables 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
%global script_path %{_libexecdir}/iptables
%global legacy_actions %{_libexecdir}/initscripts/legacy-actions
Name: iptables
Version: 1.8.5
Release: 1
Summary: IP packet filter administration utilities
License: GPLv2 and Artistic Licence 2.0 and ISC
URL: https://www.netfilter.org/
Source0: https://www.netfilter.org/projects/iptables/files/iptables-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
Source3: iptables.service
Source4: sysconfig_iptables
Source5: sysconfig_ip6tables
BuildRequires: bison flex gcc kernel-headers libpcap-devel libselinux-devel systemd git
BuildRequires: libmnl-devel libnetfilter_conntrack-devel libnfnetlink-devel libnftnl-devel
BuildRequires: autogen autoconf automake libtool iptables
Requires: %{name}-libs = %{version}-%{release}
Requires(post): %{_sbindir}/update-alternatives
Requires(postun): %{_sbindir}/update-alternatives
%systemd_requires
Provides: iptables-utils iptables-services
Obsoletes: iptables-utils iptables-services
%description
Netfilter is a set of hooks inside the Linux kernel that allows kernel
modules to register callback functions with the network stack. A
registered callback function is then called back for every packet that
traverses the respective hook within the network stack.
Iptables is a generic table structure for the definition of rulesets.
Each rule within an IP table consists of a number of classifiers
(iptables matches) and one connected action (iptables target).
Netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack)
and the NAT subsystem together build the major parts of the framework.
%package libs
Summary: iptables libraries
%description libs
iptables libraries.
%package devel
Summary: header files for iproute
Requires: %{name} = %{version}-%{release} pkgconfig
%description devel
Header files for iproute.
%package nft
Summary: nft package for iproute
Requires: %{name} = %{version}-%{release}
Obsoletes: iptables-compat < 1.6.2-4
%description nft
Nft package for iproute.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1 -S git
%build
./autogen.sh
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
%disable_rpath
rm -f include/linux/types.h
%make_build
%install
%make_install
%delete_la
install -m 0755 -d %{buildroot}%{_includedir}/iptables
install -m 0644 include/ip*tables.h %{buildroot}%{_includedir}
install -m 0644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables
install -m 0755 -d %{buildroot}%{_includedir}/libipulog/
install -m 0644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog
install -m 0755 -d %{buildroot}/%{script_path}
install -m 0755 -c %{SOURCE1} %{buildroot}/%{script_path}/iptables.init
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
install -m 0755 ip6tables.init %{buildroot}/%{script_path}/ip6tables.init
install -m 0755 -d %{buildroot}%{_sysconfdir}/sysconfig
install -m 0600 -c %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
install -m 0600 -c ip6tables-config %{buildroot}%{_sysconfdir}/sysconfig/ip6tables-config
install -m 0600 -c %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/iptables
install -m 0600 -c %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
install -m 0755 -d %{buildroot}%{_unitdir}
install -m 0644 -c %{SOURCE3} %{buildroot}%{_unitdir}
sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
install -m 0644 -c ip6tables.service %{buildroot}%{_unitdir}
install -m 0755 -d %{buildroot}/%{legacy_actions}/iptables
install -m 0755 -d %{buildroot}/%{legacy_actions}/ip6tables
pushd %{buildroot}/%{legacy_actions}/iptables
cat << EOF > save
#!/bin/bash
exec %{script_path}/iptables.init save
EOF
chmod 0755 save
popd
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy
install -m 0755 -c ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save
pushd %{buildroot}/%{legacy_actions}/iptables
cat << EOF > panic
#!/bin/bash
exec %{script_path}/iptables.init panic
EOF
chmod 0755 panic
popd
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/panic > ip6tabes.panic-legacy
install -m 0755 -c ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic
install -m 0755 iptables/iptables-apply %{buildroot}%{_sbindir}
install -m 0755 iptables/iptables-apply.8 %{buildroot}%{_mandir}/man8
touch %{buildroot}%{_libexecdir}/arptables-helper
touch %{buildroot}%{_mandir}/man8/arptables.8
touch %{buildroot}%{_mandir}/man8/arptables-save.8
touch %{buildroot}%{_mandir}/man8/arptables-restore.8
touch %{buildroot}%{_mandir}/man8/ebtables.8
cp -a %{_libdir}/libip*tc.so.0.* %{buildroot}%{_libdir}
%ldconfig_scriptlets
%post
pfx=%{_sbindir}/iptables
pfx6=%{_sbindir}/ip6tables
%{_sbindir}/update-alternatives --install \
$pfx iptables $pfx-legacy 10 \
--slave $pfx6 ip6tables $pfx6-legacy \
--slave $pfx-restore iptables-restore $pfx-legacy-restore \
--slave $pfx-save iptables-save $pfx-legacy-save \
--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
--slave $pfx6-save ip6tables-save $pfx6-legacy-save
%systemd_post iptables.service ip6tables.service
%preun
%systemd_preun iptables.service ip6tables.service
%postun
if [ $1 -eq 0 ]; then
%{_sbindir}/update-alternatives --remove \
iptables %{_sbindir}/iptables-legacy
fi
%?ldconfig
%systemd_postun iptables.service ip6tables.service
%post nft
pfx=%{_sbindir}/iptables
pfx6=%{_sbindir}/ip6tables
%{_sbindir}/update-alternatives --install \
$pfx iptables $pfx-nft 10 \
--slave $pfx6 ip6tables $pfx6-nft \
--slave $pfx-restore iptables-restore $pfx-nft-restore \
--slave $pfx-save iptables-save $pfx-nft-save \
--slave $pfx6-restore ip6tables-restore $pfx6-nft-restore \
--slave $pfx6-save ip6tables-save $pfx6-nft-save
pfx=%{_sbindir}/ebtables
manpfx=%{_mandir}/man8/ebtables
for sfx in "" "-restore" "-save"; do
if [ "$(readlink -e $pfx$sfx)" == $pfx$sfx ]; then
rm -f $pfx$sfx
fi
done
if [ "$(readlink -e $manpfx.8.gz)" == $manpfx.8.gz ]; then
rm -f $manpfx.8.gz
fi
%{_sbindir}/update-alternatives --install \
$pfx ebtables $pfx-nft 10 \
--slave $pfx-save ebtables-save $pfx-nft-save \
--slave $pfx-restore ebtables-restore $pfx-nft-restore \
--slave $manpfx.8.gz ebtables-man $manpfx-nft.8.gz
pfx=%{_sbindir}/arptables
manpfx=%{_mandir}/man8/arptables
lepfx=%{_libexecdir}/arptables
for sfx in "" "-restore" "-save"; do
if [ "$(readlink -e $pfx$sfx)" == $pfx$sfx ]; then
rm -f $pfx$sfx
fi
if [ "$(readlink -e $manpfx$sfx.8.gz)" == $manpfx$sfx.8.gz ]; then
rm -f $manpfx$sfx.8.gz
fi
done
if [ "$(readlink -e $lepfx-helper)" == $lepfx-helper ]; then
rm -f $lepfx-helper
fi
%{_sbindir}/update-alternatives --install \
$pfx arptables $pfx-nft 10 \
--slave $pfx-save arptables-save $pfx-nft-save \
--slave $pfx-restore arptables-restore $pfx-nft-restore \
--slave $manpfx.8.gz arptables-man $manpfx-nft.8.gz \
--slave $manpfx-save.8.gz arptables-save-man $manpfx-nft-save.8.gz \
--slave $manpfx-restore.8.gz arptables-restore-man $manpfx-nft-restore.8.gz \
--slave $lepfx-helper arptables-helper $lepfx-nft-helper
if [ x`rpm -qa firewalld` != x ]; then
firews=`systemctl status firewalld | grep Active | awk '{print $3}'`
if [ "$firews" == "(running)" ]; then
%systemd_postun_with_restart firewalld.service
fi
fi
%postun nft
if [ $1 -eq 0 ]; then
for cmd in iptables ebtables arptables; do
%{_sbindir}/update-alternatives --remove \
$cmd %{_sbindir}/$cmd-nft
done
fi
%files
%defattr(-,root,root)
%license COPYING
%{script_path}/ip*tables.init
%{_sysconfdir}/ethertypes
%config(noreplace) %{_sysconfdir}/sysconfig/*
%{_sbindir}/nfnl_osf
%{_sbindir}/nfbpf_*
%{_sbindir}/iptables-apply
%{_sbindir}/ip6tables-apply
%{_sbindir}/ip*tables-legacy*
%{_sbindir}/xtables-legacy-multi
%exclude %{_sbindir}/*-nft*
%exclude %{_sbindir}/*-translate
%exclude %{_sbindir}/xtables-monitor
%{_bindir}/iptables-xml
%{_unitdir}/*.service
%dir %{legacy_actions}
%{legacy_actions}/ip*
%{_datadir}/xtables/pf.os
%ghost %{_sbindir}/ip*tables
%ghost %{_sbindir}/ip*tables-restore
%ghost %{_sbindir}/ip*tables-save
%files libs
%defattr(-,root,root)
%{_libdir}/libip*tc.so.*
%{_libdir}/libxtables.so.*
%{_libdir}/libxtables.so.12*
%dir %{_libdir}/xtables
%{_libdir}/xtables/libipt*
%{_libdir}/xtables/libip6t*
%{_libdir}/xtables/libxt*
%files devel
%defattr(-,root,root)
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files nft
%defattr(-,root,root)
%{_sbindir}/iptables-nft*
%{_sbindir}/iptables-restore-translate
%{_sbindir}/iptables-translate
%{_sbindir}/ip6tables-nft*
%{_sbindir}/ip6tables-restore-translate
%{_sbindir}/ip6tables-translate
%{_sbindir}/ebtables-nft*
%{_sbindir}/arptables-nft*
%{_sbindir}/xtables-nft-multi
%{_sbindir}/xtables-monitor
%dir %{_libdir}/xtables
%{_libdir}/xtables/libarpt*
%{_libdir}/xtables/libebt*
%ghost %{_sbindir}/iptables
%ghost %{_sbindir}/iptables-restore
%ghost %{_sbindir}/iptables-save
%ghost %{_sbindir}/ip6tables
%ghost %{_sbindir}/ip6tables-restore
%ghost %{_sbindir}/ip6tables-save
%ghost %{_sbindir}/ebtables
%ghost %{_sbindir}/ebtables-save
%ghost %{_sbindir}/ebtables-restore
%ghost %{_sbindir}/arptables
%ghost %{_sbindir}/arptables-save
%ghost %{_sbindir}/arptables-restore
%ghost %{_libexecdir}/arptables-helper
%files help
%defattr(-,root,root)
%doc INCOMPATIBILITIES
%ghost %{_mandir}/man8/arptables.8.gz
%ghost %{_mandir}/man8/arptables-save.8.gz
%ghost %{_mandir}/man8/arptables-restore.8.gz
%ghost %{_mandir}/man8/ebtables.8.gz
%{_mandir}/man8/xtables-monitor*
%{_mandir}/man8/xtables-translate*
%{_mandir}/man8/*-nft*
%{_mandir}/man8/nfnl_osf*
%{_mandir}/man8/nfbpf_compile*
%{_mandir}/man1/iptables-xml*
%{_mandir}/man8/iptables*
%{_mandir}/man8/ip6tables*
%{_mandir}/man8/xtables-legacy*
%changelog
* Sat Jul 25 hanzhijun <hanzhijun1@huawei.com> - 1.8.5-1
- update to 1.8.5
* Thu Apr 16 2020 chenzhen <chenzhen44@huawei.com> - 1.8.1-5
- Type:cves
- ID:CVE-2019-11360
- SUG:restart
- DESC:fix CVE-2019-11360
* Sat Jan 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.1-4
- add executable permissions to iptables.init
* Wed Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.1-3
- optimization the patch
* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.1-2
- optimization the patch
* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.1-1
- Package update
* Thu Nov 7 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.8.0-6
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:add iptables-libs package
* Fri Sep 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.8.0-5
- Package init
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。