Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux: [1583] trunk/package/iptables
|
From: <dha...@us...> - 2008-02-13 05:54:53
|
Revision: 1583
http://astlinux.svn.sourceforge.net/astlinux/?rev=1583&view=rev
Author: dhartman
Date: 2008-02-12 21:54:59 -0800 (Tue, 12 Feb 2008)
Log Message:
-----------
ip_nat_sip changes from Philip
Modified Paths:
--------------
trunk/package/iptables/astfw
trunk/package/iptables/iptables.mk
Modified: trunk/package/iptables/astfw
===================================================================
--- trunk/package/iptables/astfw 2008-02-12 13:35:55 UTC (rev 1582)
+++ trunk/package/iptables/astfw 2008-02-13 05:54:59 UTC (rev 1583)
@@ -36,9 +36,20 @@
# protect against syn flood attacks
echo 1 >/proc/sys/net/ipv4/tcp_syncookies
+SIPCOMMA=""
+for i in $SIP_PORTS
+do
+SIPCOMMA="$SIPCOMMA${SIPCOMMA:+,}$i"
+done
+
modprobe ip_conntrack_ftp
modprobe ip_conntrack_tftp
modprobe ip_conntrack_irc
+if [ "$SIPCOMMA" ]
+then
+modprobe ip_conntrack_sip ports="$SIPCOMMA"
+modprobe ip_nat_sip
+fi
modprobe ip_nat_ftp
modprobe ip_nat_tftp
modprobe ip_nat_irc
@@ -145,9 +156,18 @@
done
fi
-if [ "$EXTOPEN" ]
+#
+# this is tedious but necessary
+#
+EXTPLUS=""
+for i in $SIP_PORTS
+do
+EXTPLUS="$EXTPLUS u$i"
+done
+
+if [ "$EXTOPEN" -o "$EXTPLUS" ]
then
-for i in $EXTOPEN
+for i in $EXTOPEN $EXTPLUS
do
if `echo $i | grep -q "u"`
then
@@ -305,21 +325,12 @@
for i in $EXTOPEN
do
-if `echo $i | grep -q "u"`
-then
-PROTOCOL=udp
-fi
+case $i in
+u*) PROTOCOL=udp ;;
+t*) PROTOCOL=tcp ;;
+i*) PROTOCOL=icmp ;;
+esac
-if `echo $i | grep -q "t"`
-then
-PROTOCOL=tcp
-fi
-
-if `echo $i | grep -q "i"`
-then
-PROTOCOL=icmp
-fi
-
PORT=`echo $i | tr -d itu`
if [ "$PROTOCOL" = "icmp" ]
Modified: trunk/package/iptables/iptables.mk
===================================================================
--- trunk/package/iptables/iptables.mk 2008-02-12 13:35:55 UTC (rev 1582)
+++ trunk/package/iptables/iptables.mk 2008-02-13 05:54:59 UTC (rev 1583)
@@ -7,6 +7,8 @@
IPTABLES_SOURCE_URL:=ftp.netfilter.org/pub/iptables/
IPTABLES_SOURCE:=iptables-$(IPTABLES_VER).tar.bz2
IPTABLES_BUILD_DIR:=$(BUILD_DIR)/iptables-$(IPTABLES_VER)
+IPTABLES_BIN:=/usr/sbin/iptables
+ASTFW_BIN:=/usr/sbin/astfw
$(DL_DIR)/$(IPTABLES_SOURCE):
$(WGET) -P $(DL_DIR) $(IPTABLES_SOURCE_URL)/$(IPTABLES_SOURCE)
@@ -26,34 +28,29 @@
KERNEL_DIR=$(LINUX_DIR) PREFIX=/usr \
CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)"
-$(TARGET_DIR)/usr/sbin/iptables: $(IPTABLES_BUILD_DIR)/iptables
+$(TARGET_DIR)$(IPTABLES_BIN): $(IPTABLES_BUILD_DIR)/iptables
$(TARGET_CONFIGURE_OPTS) \
$(MAKE) -C $(IPTABLES_BUILD_DIR) \
DO_IPV6=0 NO_SHARED_LIBS=1 \
KERNEL_DIR=$(LINUX_DIR) PREFIX=/usr \
CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)" \
DESTDIR=$(STAGING_DIR) install
- $(INSTALL) -D -m 0755 $(STAGING_DIR)/usr/sbin/iptables $(TARGET_DIR)/usr/sbin/iptables
- -$(INSTALL) -D -m 0755 $(STAGING_DIR)/usr/sbin/ip6tables $(TARGET_DIR)/usr/sbin/ip6tables
- $(STRIP) $(TARGET_DIR)/usr/sbin/iptables
- -$(STRIP) $(TARGET_DIR)/usr/sbin/ip6tables
+ $(INSTALL) -D -m 0755 -s $(STAGING_DIR)$(IPTABLES_BIN) $(TARGET_DIR)$(IPTABLES_BIN)
$(INSTALL) -D -m 0755 package/iptables/iptables.init $(TARGET_DIR)/etc/init.d/iptables
- $(INSTALL) -D -m 0755 package/iptables/astfw $(TARGET_DIR)/usr/sbin/astfw
+ $(INSTALL) -D -m 0755 package/iptables/astfw $(TARGET_DIR)$(ASTFW_BIN)
-iptables: uclibc linux $(TARGET_DIR)/usr/sbin/iptables
+iptables: uclibc linux $(TARGET_DIR)$(IPTABLES_BIN)
iptables-source: $(DL_DIR)/$(IPTABLES_SOURCE)
iptables-clean:
-$(MAKE) -C $(IPTABLES_BUILD_DIR) KERNEL_DIR=$(LINUX_DIR) clean
- -rm -rf $(STAGING_DIR)/usr/sbin/iptables
- -rm -rf $(TARGET_DIR)/usr/sbin/iptables
- -rm -rf $(STAGING_DIR)/usr/sbin/ip6tables
- -rm -rf $(TARGET_DIR)/usr/sbin/ip6tables
- rm -rf $(TARGET_DIR)/etc/init.d/iptables
+ rm -f $(STAGING_DIR)$(IPTABLES_BIN) $(TARGET_DIR)$(IPTABLES_BIN) \
+ $(TARGET_DIR)/etc/init.d/iptables
iptables-dirclean:
rm -rf $(IPTABLES_BUILD_DIR)
+
#############################################################
#
# Toplevel Makefile options
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
