From 0439fdc89ad2e4f82005df9451fe5f49b09a5536 Mon Sep 17 00:00:00 2001 From: "M. Vefa Bicakci" Date: Sat, 4 Dec 2021 10:49:27 -0500 Subject: [PATCH] iptables: Include legacy tools in StarlingX This commit adds a patch to the iptables packaging so that iptables-legacy and ipt6tables-legacy are included in StarlingX. This is required in case a container sets up firewall rules with iptables-legacy and it is necessary to inspect or manipulate these rules from the host side. With this patch, /usr/sbin on a StarlingX host will include the iptables-legacy and ip6tables-legacy symlinks to xtables-legacy-multi. Verification: - Incremental monolithic ISO build is successful. - iptables RPM included in the just-built ISO is confirmed to include iptables-legacy and ip6tables-legacy. - Installation and bootstrap with a VM in all-in-one simplex configuration is successful. - iptables-legacy and ip6tables-legacy binaries were confirmed to be able to list firewall rules, as a sanity test. Partial-Bug: #1953232 Change-Id: I65fa4280d55a16db8c49fb392203033c5e564cdd Signed-off-by: M. Vefa Bicakci --- .../iptables/centos/meta_patches/PATCH_ORDER | 1 + ...spec-Include-legacy-tools-in-the-RPM.patch | 74 +++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 networking/iptables/centos/meta_patches/iptables.spec-Include-legacy-tools-in-the-RPM.patch diff --git a/networking/iptables/centos/meta_patches/PATCH_ORDER b/networking/iptables/centos/meta_patches/PATCH_ORDER index 82442ff73..9a77dc6c4 100644 --- a/networking/iptables/centos/meta_patches/PATCH_ORDER +++ b/networking/iptables/centos/meta_patches/PATCH_ORDER @@ -1,2 +1,3 @@ iptables.spec-Modify-Release-field-for-StarlingX.patch iptables.spec-Add-a-patch-for-compat.-with-older-gli.patch +iptables.spec-Include-legacy-tools-in-the-RPM.patch diff --git a/networking/iptables/centos/meta_patches/iptables.spec-Include-legacy-tools-in-the-RPM.patch b/networking/iptables/centos/meta_patches/iptables.spec-Include-legacy-tools-in-the-RPM.patch new file mode 100644 index 000000000..7c00debae --- /dev/null +++ b/networking/iptables/centos/meta_patches/iptables.spec-Include-legacy-tools-in-the-RPM.patch @@ -0,0 +1,74 @@ +From cc1555a06c7deb3fd0c281d6b8d3ab01059a9c73 Mon Sep 17 00:00:00 2001 +From: "M. Vefa Bicakci" +Date: Sat, 4 Dec 2021 10:42:39 -0500 +Subject: [PATCH] iptables.spec: Include legacy tools in the RPM + +This patch modifies the iptables.spec file so that iptables-legacy +binaries are included in the RPM package as well. This is required in +case a container sets up firewall rules with iptables-legacy and it is +necessary to inspect or manipulate these rules from the host side. + +With this patch, /usr/sbin on a StarlingX host will include the +iptables-legacy and ip6tables-legacy symlinks to xtables-legacy-multi. + +Signed-off-by: M. Vefa Bicakci +--- + SPECS/iptables.spec | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index befe5ec262f1..9147bead122b 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -334,12 +334,6 @@ install -m 644 iptables/iptables-apply.8 %{buildroot}%{_mandir}/man8/ + rm -f %{buildroot}%{_sysconfdir}/ethertypes + %endif + +-# drop all legacy tools +-rm -f %{buildroot}%{_sbindir}/*legacy* +-rm -f %{buildroot}%{_bindir}/iptables-xml +-rm -f %{buildroot}%{_mandir}/man1/iptables-xml* +-rm -f %{buildroot}%{_mandir}/man8/xtables-legacy* +- + # rename nft versions to standard name + pfx=%{buildroot}%{_sbindir}/iptables + for pfx in %{buildroot}%{_sbindir}/{iptables,ip6tables,arptables,ebtables}; do +@@ -418,25 +412,35 @@ done + %if 0%{?fedora} <= 24 + %{_sysconfdir}/ethertypes + %endif ++%{_bindir}/iptables-xml + %{_sbindir}/iptables + %{_sbindir}/iptables-apply ++%{_sbindir}/iptables-legacy ++%{_sbindir}/iptables-legacy-restore ++%{_sbindir}/iptables-legacy-save + %{_sbindir}/iptables-restore + %{_sbindir}/iptables-restore-translate + %{_sbindir}/iptables-save + %{_sbindir}/iptables-translate + %{_sbindir}/ip6tables ++%{_sbindir}/ip6tables-legacy ++%{_sbindir}/ip6tables-legacy-restore ++%{_sbindir}/ip6tables-legacy-save + %{_sbindir}/ip6tables-restore + %{_sbindir}/ip6tables-restore-translate + %{_sbindir}/ip6tables-save + %{_sbindir}/ip6tables-translate + %{_sbindir}/xtables-monitor + %{_sbindir}/xtables-nft-multi ++%{_sbindir}/xtables-legacy-multi ++%doc %{_mandir}/man1/iptables-xml* + %doc %{_mandir}/man8/iptables* + %doc %{_mandir}/man8/ip6tables* + %doc %{_mandir}/man8/xtables-monitor* + %doc %{_mandir}/man8/xtables-nft* + %doc %{_mandir}/man8/*tables-translate* + %doc %{_mandir}/man8/*tables-restore-translate* ++%doc %{_mandir}/man8/xtables-legacy* + %dir %{_libdir}/xtables + %{_libdir}/xtables/libarpt* + %{_libdir}/xtables/libebt* +-- +2.29.2 +