%global script_path %{_libexecdir}/iptables %global legacy_actions %{_libexecdir}/initscripts/legacy-actions Name: iptables Version: 1.8.1 Release: 2 Summary: IP packet filter administration utilities License: GPLv2 and Artistic Licence 2.0 and ISC URL: https://www.netfilter.org/ Source0: https://www.netfilter.org/projects/iptables/files/iptables-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config Source3: iptables.service Source4: sysconfig_iptables Source5: sysconfig_ip6tables Patch1: iptables-apply-Use-mktemp-instead-of-tempfile.patch BuildRequires: bison flex gcc kernel-headers libpcap-devel libselinux-devel systemd git BuildRequires: libmnl-devel libnetfilter_conntrack-devel libnfnetlink-devel libnftnl-devel Requires: %{name}-libs = %{version}-%{release} Requires(post): %{_sbindir}/update-alternatives Requires(postun): %{_sbindir}/update-alternatives %systemd_requires Provides: iptables-utils iptables-services Obsoletes: iptables-utils iptables-services %description Netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. Iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target). Netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together build the major parts of the framework. %package libs Summary: iptables libraries %description libs iptables libraries. %package devel Summary: header files for iproute Requires: %{name} = %{version}-%{release} pkgconfig %description devel Header files for iproute. %package nft Summary: nft package for iproute Requires: %{name} = %{version}-%{release} Obsoletes: iptables-compat < 1.6.2-4 %description nft Nft package for iproute. %package_help %prep %autosetup -n %{name}-%{version} -p1 -S git %build %configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr %disable_rpath rm -f include/linux/types.h %make_build %install %make_install %delete_la install -m 0755 -d %{buildroot}%{_includedir}/iptables install -m 0644 include/ip*tables.h %{buildroot}%{_includedir} install -m 0644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables install -m 0755 -d %{buildroot}%{_includedir}/libipulog/ install -m 0644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog install -m 0755 -d %{buildroot}/%{script_path} install -m 0644 -c %{SOURCE1} %{buildroot}/%{script_path}/iptables.init sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init install -m 0755 ip6tables.init %{buildroot}/%{script_path}/ip6tables.init install -m 0755 -d %{buildroot}%{_sysconfdir}/sysconfig install -m 0600 -c %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/iptables-config sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config install -m 0600 -c ip6tables-config %{buildroot}%{_sysconfdir}/sysconfig/ip6tables-config install -m 0600 -c %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/iptables install -m 0600 -c %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables install -m 0755 -d %{buildroot}%{_unitdir} install -m 0644 -c %{SOURCE3} %{buildroot}%{_unitdir} sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service install -m 0644 -c ip6tables.service %{buildroot}%{_unitdir} install -m 0755 -d %{buildroot}/%{legacy_actions}/iptables install -m 0755 -d %{buildroot}/%{legacy_actions}/ip6tables pushd %{buildroot}/%{legacy_actions}/iptables cat << EOF > save #!/bin/bash exec %{script_path}/iptables.init save EOF chmod 0755 save popd sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy install -m 0755 -c ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save pushd %{buildroot}/%{legacy_actions}/iptables cat << EOF > panic #!/bin/bash exec %{script_path}/iptables.init panic EOF chmod 0755 panic popd sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/panic > ip6tabes.panic-legacy install -m 0755 -c ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic install -m 0755 iptables/iptables-apply %{buildroot}%{_sbindir} install -m 0755 iptables/iptables-apply.8 %{buildroot}%{_mandir}/man8 pushd %{buildroot}%{_sbindir} mv ebtables ebtables-nft mv arptables arptables-nft touch ebtables \ arptables \ iptables \ ip6tables popd %ldconfig_scriptlets %post pfx=%{_sbindir}/iptables pfx6=%{_sbindir}/ip6tables %{_sbindir}/update-alternatives --install \ $pfx iptables $pfx-legacy 10 \ --slave $pfx6 ip6tables $pfx6-legacy \ --slave $pfx-restore iptables-restore $pfx-legacy-restore \ --slave $pfx-save iptables-save $pfx-legacy-save \ --slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \ --slave $pfx6-save ip6tables-save $pfx6-legacy-save %systemd_post iptables.service ip6tables.service %preun %systemd_preun iptables.service ip6tables.service %postun if [ $1 -eq 0 ]; then %{_sbindir}/update-alternatives --remove \ iptables %{_sbindir}/iptables-legacy fi %?ldconfig %systemd_postun iptables.service ip6tables.service %post nft pfx=%{_sbindir}/iptables pfx6=%{_sbindir}/ip6tables %{_sbindir}/update-alternatives --install \ $pfx iptables $pfx-nft 5 \ --slave $pfx6 ip6tables $pfx6-nft \ --slave $pfx-restore iptables-restore $pfx-nft-restore \ --slave $pfx-save iptables-save $pfx-nft-save \ --slave $pfx6-restore ip6tables-restore $pfx6-nft-restore \ --slave $pfx6-save ip6tables-save $pfx6-nft-save for cmd in ebtables arptables; do if [ "$(readlink -e %{_sbindir}/$cmd)" == %{_sbindir}/$cmd ]; then rm -f %{_sbindir}/$cmd fi %{_sbindir}/update-alternatives --install \ %{_sbindir}/$cmd $cmd %{_sbindir}/$cmd-nft 5 done %postun nft if [ $1 -eq 0 ]; then for cmd in iptables ebtables arptables; do %{_sbindir}/update-alternatives --remove \ $cmd %{_sbindir}/$cmd-nft done fi %files %defattr(-,root,root) %license COPYING %{script_path}/ip*tables.init %{_sysconfdir}/ethertypes %config(noreplace) %{_sysconfdir}/sysconfig/* %{_sbindir}/nfnl_osf %{_sbindir}/nfbpf_* %{_sbindir}/iptables-apply %{_sbindir}/ip*tables-legacy* %{_sbindir}/xtables-legacy-multi %{_sbindir}/arptables-restore %{_sbindir}/arptables-save %{_sbindir}/ebtables-restore %{_sbindir}/ebtables-save %exclude %{_sbindir}/*-nft* %exclude %{_sbindir}/*-translate %exclude %{_sbindir}/xtables-monitor %{_bindir}/iptables-xml %{_libdir}/xtables/* %{_unitdir}/*.service %dir %{legacy_actions} %{legacy_actions}/ip* %{_datadir}/xtables/pf.os %ghost %{_sbindir}/ip*tables %ghost %{_sbindir}/ip*tables-restore %ghost %{_sbindir}/ip*tables-save %files libs %defattr(-,root,root) %{_libdir}/libip*tc.so.* %{_libdir}/libxtables.so.* %files devel %defattr(-,root,root) %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %files nft %defattr(-,root,root) %{_sbindir}/*-nft* %{_sbindir}/*-translate %{_sbindir}/xtables-monitor %ghost %{_sbindir}/ip*tables %ghost %{_sbindir}/ip*tables-restore %ghost %{_sbindir}/ip*tables-save %ghost %{_sbindir}/ebtables %ghost %{_sbindir}/arptables %files help %defattr(-,root,root) %doc INCOMPATIBILITIES %{_mandir}/* %changelog * Sun Jan 12 2020 openEuler Buildteam - 1.8.1-2 - optimization the patch * Fri Jan 10 2020 openEuler Buildteam - 1.8.1-1 - Package update * Thu Nov 7 2019 openEuler Buildteam - 1.8.0-6 - Type:bugfix - Id:NA - SUG:NA - DESC:add iptables-libs package * Fri Sep 20 2019 openEuler Buildteam - 1.8.0-5 - Package init