diff --git a/centos_pkg_dirs b/centos_pkg_dirs index ccde2a422..541adb161 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -138,3 +138,4 @@ ldap/ldapscripts networking/net-tools filesystem/drbd/drbd-tools database/mariadb +networking/iptables diff --git a/networking/iptables/PKG-INFO b/networking/iptables/PKG-INFO new file mode 100644 index 000000000..fe0d3abcd --- /dev/null +++ b/networking/iptables/PKG-INFO @@ -0,0 +1,16 @@ +Metadata-Version: 1.1 +Name: iptables +Version: 1.4.21 +Summary: Tools for managing Linux kernel packet filtering capabilities +Home-page: +Author: +Author-email: +License: GPLv2 + +Description: +The iptables utility controls the network packet filtering code in the +Linux kernel. If you need to set up firewalls and/or IP masquerading, +you should install this package. + + +Platform: UNKNOWN diff --git a/networking/iptables/centos/build_srpm.data b/networking/iptables/centos/build_srpm.data new file mode 100644 index 000000000..f158cfbd2 --- /dev/null +++ b/networking/iptables/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="iptables/*" +TIS_PATCH_VER=3 diff --git a/networking/iptables/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/networking/iptables/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 000000000..c8292cdea --- /dev/null +++ b/networking/iptables/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,27 @@ +From d34bb2d38b4a62db5be32ddd901b1ebd6966165c Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:15:33 -0400 +Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch + +Conflicts: + SPECS/iptables.spec +--- + SPECS/iptables.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index ddf75a0..9d65fc7 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -7,7 +7,7 @@ + Name: iptables + Summary: Tools for managing Linux kernel packet filtering capabilities + Version: 1.4.21 +-Release: 18.0.1%{?dist} ++Release: 18.0.1.el7%{?_tis_dist}.%{tis_patch_ver} + Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 + Source1: iptables.init + Source2: iptables-config +-- +1.9.1 + diff --git a/networking/iptables/centos/meta_patches/0002-default-service-enabled.patch b/networking/iptables/centos/meta_patches/0002-default-service-enabled.patch new file mode 100644 index 000000000..34869386c --- /dev/null +++ b/networking/iptables/centos/meta_patches/0002-default-service-enabled.patch @@ -0,0 +1,24 @@ +From 48e4805ac9d088837bd639b06388dd34f0a6e0f1 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:15:33 -0400 +Subject: [PATCH 3/3] WRS: 0002-default-service-enabled.patch + +--- + SPECS/iptables.spec | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index 9d65fc7..9f59ede 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -223,6 +223,7 @@ done + + %post services + %systemd_post iptables.service ip6tables.service ++/usr/bin/systemctl enable iptables.service ip6tables.service >/dev/null 2>&1 + + %preun services + %systemd_preun iptables.service ip6tables.service +-- +1.9.1 + diff --git a/networking/iptables/centos/meta_patches/PATCH_ORDER b/networking/iptables/centos/meta_patches/PATCH_ORDER new file mode 100644 index 000000000..08234f333 --- /dev/null +++ b/networking/iptables/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,3 @@ +spec-include-custom-rules.patch +0001-Update-package-versioning-for-TIS-format.patch +0002-default-service-enabled.patch diff --git a/networking/iptables/centos/meta_patches/spec-include-custom-rules.patch b/networking/iptables/centos/meta_patches/spec-include-custom-rules.patch new file mode 100644 index 000000000..fc7c926b4 --- /dev/null +++ b/networking/iptables/centos/meta_patches/spec-include-custom-rules.patch @@ -0,0 +1,50 @@ +From 2c6bfc5f39203c8293f1db33804816c9d881ddde Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:15:33 -0400 +Subject: [PATCH 1/3] WRS: spec-include-custom-rules.patch + +--- + SPECS/iptables.spec | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index fc07a38..ddf75a0 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -16,6 +16,11 @@ Source4: iptables.save-legacy + Source5: sysconfig_iptables + Source6: sysconfig_ip6tables + Source7: iptables.panic-legacy ++ ++# WRS ++Source8: iptables.rules ++Source9: ip6tables.rules ++ + Patch1: iptables-1.4.21-rhbz_1054871.patch + Patch2: iptables-1.4.21-libxt_cgroup.patch + Patch3: iptables-1.4.21-wait_seconds.patch +@@ -76,8 +81,8 @@ Requires(post): systemd + Requires(preun): systemd + Requires(postun): systemd + # provide and obsolete old main package +-Provides: %{name} = 1.4.16.1 +-Obsoletes: %{name} < 1.4.16.1 ++#Provides: %{name} = 1.4.16.1 ++#Obsoletes: %{name} < 1.4.16.1 + # provide and obsolete ipv6 sub package + Provides: %{name}-ipv6 = 1.4.11.1 + Obsoletes: %{name}-ipv6 < 1.4.11.1 +@@ -179,6 +184,10 @@ sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildr + install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save + install -c -m 755 ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic + ++# WRS ++install -m 600 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/iptables ++install -m 600 %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables ++ + %if 0%{?rhel} + %pre + for p in %{_sysconfdir}/alternatives/iptables.*; do +-- +1.9.1 + diff --git a/networking/iptables/centos/srpm_path b/networking/iptables/centos/srpm_path new file mode 100644 index 000000000..d46cdfd76 --- /dev/null +++ b/networking/iptables/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/iptables-1.4.21-18.0.1.el7.centos.src.rpm diff --git a/networking/iptables/iptables/ip6tables.rules b/networking/iptables/iptables/ip6tables.rules new file mode 100644 index 000000000..9ba9a2636 --- /dev/null +++ b/networking/iptables/iptables/ip6tables.rules @@ -0,0 +1,8 @@ +# system default rules +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:INPUT-custom-pre - [0:0] +:INPUT-custom-post - [0:0] +COMMIT diff --git a/networking/iptables/iptables/iptables.rules b/networking/iptables/iptables/iptables.rules new file mode 100644 index 000000000..9ba9a2636 --- /dev/null +++ b/networking/iptables/iptables/iptables.rules @@ -0,0 +1,8 @@ +# system default rules +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:INPUT-custom-pre - [0:0] +:INPUT-custom-post - [0:0] +COMMIT