Compare commits
3 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f527942e58 | ||
|
911a7c9740 | ||
|
|
8f16582823 |
4 changed files with 27 additions and 180 deletions
|
|
@ -1,11 +0,0 @@
|
|||
# Save current firewall rules on stop.
|
||||
# Value: yes|no, default: no
|
||||
# Saves all firewall rules if firewall gets stopped
|
||||
# (e.g. on system shutdown).
|
||||
EBTABLES_SAVE_ON_STOP="no"
|
||||
|
||||
# Save (and restore) rule counters.
|
||||
# Value: yes|no, default: no
|
||||
# Save rule counters when saving a kernel table to a file. If the
|
||||
# rule counters were saved, they will be restored when restoring the table.
|
||||
EBTABLES_SAVE_COUNTER="no"
|
||||
105
ebtables-helper
105
ebtables-helper
|
|
@ -1,105 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# compat for removed initscripts dependency
|
||||
|
||||
success() {
|
||||
echo "[ OK ]"
|
||||
return 0
|
||||
}
|
||||
|
||||
failure() {
|
||||
echo "[FAILED]"
|
||||
return 1
|
||||
}
|
||||
|
||||
# internal variables
|
||||
EBTABLES_CONFIG=/etc/sysconfig/ebtables-config
|
||||
EBTABLES_DATA=/etc/sysconfig/ebtables
|
||||
EBTABLES_TABLES="filter nat"
|
||||
if ebtables --version | grep -q '(legacy)'; then
|
||||
EBTABLES_TABLES+=" broute"
|
||||
fi
|
||||
VAR_SUBSYS_EBTABLES=/var/lock/subsys/ebtables
|
||||
|
||||
# ebtables-config defaults
|
||||
EBTABLES_SAVE_ON_STOP="no"
|
||||
EBTABLES_SAVE_ON_RESTART="no"
|
||||
EBTABLES_SAVE_COUNTER="no"
|
||||
|
||||
# load config if existing
|
||||
[ -f "$EBTABLES_CONFIG" ] && . "$EBTABLES_CONFIG"
|
||||
|
||||
initialize() {
|
||||
local ret=0
|
||||
for table in $EBTABLES_TABLES; do
|
||||
ebtables -t $table --init-table || ret=1
|
||||
done
|
||||
return $ret
|
||||
}
|
||||
|
||||
sanitize_dump() {
|
||||
local drop=false
|
||||
|
||||
export EBTABLES_TABLES
|
||||
|
||||
cat $1 | while read line; do
|
||||
case $line in
|
||||
\**)
|
||||
drop=false
|
||||
local table="${line#\*}"
|
||||
local found=false
|
||||
for t in $EBTABLES_TABLES; do
|
||||
if [[ $t == $table ]]; then
|
||||
found=true
|
||||
break
|
||||
fi
|
||||
done
|
||||
$found || drop=true
|
||||
;;
|
||||
esac
|
||||
$drop || echo "$line"
|
||||
done
|
||||
}
|
||||
|
||||
start() {
|
||||
if [ -f $EBTABLES_DATA ]; then
|
||||
echo -n $"ebtables: loading ruleset from $EBTABLES_DATA: "
|
||||
sanitize_dump $EBTABLES_DATA | ebtables-restore
|
||||
else
|
||||
echo -n $"ebtables: no stored ruleset, initializing empty tables: "
|
||||
initialize
|
||||
fi
|
||||
local ret=$?
|
||||
touch $VAR_SUBSYS_EBTABLES
|
||||
return $ret
|
||||
}
|
||||
|
||||
save() {
|
||||
echo -n $"ebtables: saving active ruleset to $EBTABLES_DATA: "
|
||||
export EBTABLES_SAVE_COUNTER
|
||||
ebtables-save >$EBTABLES_DATA && success || failure
|
||||
}
|
||||
|
||||
case $1 in
|
||||
start)
|
||||
[ -f "$VAR_SUBSYS_EBTABLES" ] && exit 0
|
||||
start && success || failure
|
||||
RETVAL=$?
|
||||
;;
|
||||
stop)
|
||||
[ "x$EBTABLES_SAVE_ON_STOP" = "xyes" ] && save
|
||||
echo -n $"ebtables: stopping firewall: "
|
||||
initialize && success || failure
|
||||
RETVAL=$?
|
||||
rm -f $VAR_SUBSYS_EBTABLES
|
||||
;;
|
||||
save)
|
||||
save
|
||||
;;
|
||||
*)
|
||||
echo "usage: ${0##*/} {start|stop|save}" >&2
|
||||
RETVAL=2
|
||||
;;
|
||||
esac
|
||||
|
||||
exit $RETVAL
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
[Unit]
|
||||
Description=Ethernet Bridge Filtering tables
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/libexec/ebtables-helper start
|
||||
ExecStop=/usr/libexec/ebtables-helper stop
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Name: ebtables
|
||||
Version: 2.0.11
|
||||
Release: 18%{?dist}
|
||||
Release: 21%{?dist}
|
||||
Summary: Ethernet Bridge frame table administration tool
|
||||
# Automatically converted from old format: GPLv2+ - review is highly recommended.
|
||||
License: GPL-2.0-or-later
|
||||
|
|
@ -10,16 +10,12 @@ URL: http://ebtables.sourceforge.net/
|
|||
|
||||
Source0: ftp://ftp.netfilter.org/pub/ebtables/ebtables-%{version}.tar.bz2
|
||||
Source1: ebtables-legacy-save
|
||||
Source2: ebtables-helper
|
||||
Source3: ebtables.service
|
||||
Source4: ebtables-config
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
BuildRequires: gcc
|
||||
BuildRequires: systemd
|
||||
BuildRequires: make
|
||||
BuildRequires: make
|
||||
|
||||
%description
|
||||
Ethernet bridge tables is a firewalling tool to transparently filter network
|
||||
|
|
@ -34,9 +30,9 @@ like iptables. There are no known incompatibility issues.
|
|||
|
||||
%package legacy
|
||||
Summary: Legacy user space tool to configure bridge netfilter rules in kernel
|
||||
Requires(post): %{_sbindir}/update-alternatives
|
||||
Requires(post): /usr/sbin/update-alternatives
|
||||
Requires(post): %{_bindir}/readlink
|
||||
Requires(postun): %{_sbindir}/update-alternatives
|
||||
Requires(postun): /usr/sbin/update-alternatives
|
||||
Conflicts: setup < 2.10.4-1
|
||||
%if 0%{?rhel} >= 9
|
||||
# RHEL-9 provides ebtables via iptables-nft, but doesn't support ebtables
|
||||
|
|
@ -46,6 +42,8 @@ Conflicts: setup < 2.10.4-1
|
|||
Provides: ebtables
|
||||
%endif
|
||||
|
||||
%sbin_merge_compat %{_prefix}/sbin/ebtables
|
||||
|
||||
%description legacy
|
||||
Ethernet bridge tables is a firewalling tool to transparently filter network
|
||||
traffic passing a bridge. The filtering possibilities are limited to link
|
||||
|
|
@ -62,17 +60,6 @@ functionality in a much newer code-base. To aid in migration, there is
|
|||
ebtables-nft utility, a drop-in replacement for the legacy one which uses
|
||||
nftables internally. It is provided by iptables-nft package.
|
||||
|
||||
%package services
|
||||
Summary: ebtables systemd services
|
||||
%{?systemd_ordering}
|
||||
Obsoletes: ebtables-compat < 2.0.10-39
|
||||
|
||||
%description services
|
||||
ebtables systemd services
|
||||
|
||||
This package provides the systemd ebtables service that has been split
|
||||
out of the base package for better integration with alternatives.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n ebtables-%{version}
|
||||
# Convert to UTF-8
|
||||
|
|
@ -85,10 +72,6 @@ f=THANKS; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
|
|||
|
||||
%install
|
||||
%make_install
|
||||
install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/ebtables.service
|
||||
install -D -m 755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables-helper
|
||||
install -D -m 600 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/ebtables-config
|
||||
touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables
|
||||
|
||||
# install ebtables-legacy-save bash script
|
||||
install -m 755 %{SOURCE1} %{buildroot}%{_sbindir}/ebtables-legacy-save
|
||||
|
|
@ -102,14 +85,8 @@ rm -f %{buildroot}%{_sysconfdir}/ethertypes
|
|||
# Drop these binaries (for now at least)
|
||||
rm %{buildroot}/%{_sbindir}/ebtables{d,u}
|
||||
|
||||
# Prepare for Alternatives system
|
||||
touch %{buildroot}%{_sbindir}/ebtables
|
||||
touch %{buildroot}%{_sbindir}/ebtables-save
|
||||
touch %{buildroot}%{_sbindir}/ebtables-restore
|
||||
touch %{buildroot}%{_mandir}/man8/ebtables.8
|
||||
|
||||
%post legacy
|
||||
pfx=%{_sbindir}/ebtables
|
||||
pfx=%{_prefix}/sbin/ebtables
|
||||
manpfx=%{_mandir}/man8/ebtables
|
||||
for sfx in "" "-restore" "-save"; do
|
||||
if [ "$(readlink -e $pfx$sfx)" == $pfx$sfx ]; then
|
||||
|
|
@ -119,7 +96,9 @@ done
|
|||
if [ "$(readlink -e $manpfx.8.gz)" == $manpfx.8.gz ]; then
|
||||
rm -f $manpfx.8.gz
|
||||
fi
|
||||
%{_sbindir}/update-alternatives --install \
|
||||
# drop the extra entry linking to /usr/bin which previous version installed
|
||||
update-alternatives --remove ebtables /usr/bin/ebtables-legacy 2>/dev/null
|
||||
update-alternatives --install \
|
||||
$pfx ebtables $pfx-legacy 10 \
|
||||
--slave $pfx-save ebtables-save $pfx-legacy-save \
|
||||
--slave $pfx-restore ebtables-restore $pfx-legacy-restore \
|
||||
|
|
@ -128,49 +107,44 @@ fi
|
|||
%postun legacy
|
||||
if [ $1 -eq 0 ]; then
|
||||
%{_sbindir}/update-alternatives --remove \
|
||||
ebtables %{_sbindir}/ebtables-legacy
|
||||
ebtables %{_prefix}/sbin/ebtables-legacy
|
||||
fi
|
||||
|
||||
# When upgrading ebtables to ebtables-{legacy,services},
|
||||
# postun in ebtables thinks it is uninstalled and removes alternatives.
|
||||
# Counter this with a trigger here to have it installed again.
|
||||
%triggerpostun legacy -- ebtables
|
||||
pfx=%{_sbindir}/ebtables
|
||||
pfx=%{_prefix}/sbin/ebtables
|
||||
manpfx=%{_mandir}/man8/ebtables
|
||||
%{_sbindir}/update-alternatives --install \
|
||||
update-alternatives --install \
|
||||
$pfx ebtables $pfx-legacy 10 \
|
||||
--slave $pfx-save ebtables-save $pfx-legacy-save \
|
||||
--slave $pfx-restore ebtables-restore $pfx-legacy-restore \
|
||||
--slave $manpfx.8.gz ebtables-man $manpfx-legacy.8.gz
|
||||
|
||||
|
||||
%post services
|
||||
%systemd_post ebtables.service
|
||||
|
||||
%preun services
|
||||
%systemd_preun ebtables.service
|
||||
|
||||
%postun services
|
||||
%systemd_postun ebtables.service
|
||||
|
||||
%files legacy
|
||||
%license COPYING
|
||||
%doc ChangeLog THANKS
|
||||
%{_sbindir}/ebtables-legacy*
|
||||
%{_mandir}/*/ebtables-legacy*
|
||||
%{_libdir}/libebtc.so*
|
||||
%ghost %{_sbindir}/ebtables
|
||||
%ghost %{_sbindir}/ebtables-save
|
||||
%ghost %{_sbindir}/ebtables-restore
|
||||
%ghost %{_mandir}/man8/ebtables.8.gz
|
||||
|
||||
%files services
|
||||
%{_unitdir}/ebtables.service
|
||||
%{_libexecdir}/ebtables-helper
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config
|
||||
%ghost %{_sysconfdir}/sysconfig/ebtables
|
||||
%ghost %attr(0755,root,root) %{_prefix}/sbin/ebtables
|
||||
%ghost %attr(0755,root,root) %{_prefix}/sbin/ebtables-save
|
||||
%ghost %attr(0755,root,root) %{_prefix}/sbin/ebtables-restore
|
||||
%ghost %attr(0644,root,root) %{_mandir}/man8/ebtables.8.gz
|
||||
|
||||
%changelog
|
||||
* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.11-21
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
|
||||
|
||||
* Thu Apr 03 2025 Phil Sutter <psutter@redhat.com> - 2.0.11-20
|
||||
- Drop ebtables-services package
|
||||
- Add fixes/hooks for bin-sbin merge, analogous to iptables.spec
|
||||
|
||||
* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.11-19
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
|
||||
|
||||
* Thu Jul 25 2024 Miroslav Suchý <msuchy@redhat.com> - 2.0.11-18
|
||||
- convert license to SPDX
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue