Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5767] branches/1.0/package/arnofw
|
From: <abe...@us...> - 2012-11-18 23:57:20
|
Revision: 5767
http://astlinux.svn.sourceforge.net/astlinux/?rev=5767&view=rev
Author: abelbeck
Date: 2012-11-18 23:57:13 +0000 (Sun, 18 Nov 2012)
Log Message:
-----------
arnofw, version bump to 2.0.1d. Note: 2.0.1d has been officially tagged, but Arno has not yet built the official image, so files.astlinux.org hosts it for now
Modified Paths:
--------------
branches/1.0/package/arnofw/arnofw.mk
branches/1.0/package/arnofw/arnofw.serial
Removed Paths:
-------------
branches/1.0/package/arnofw/arnofw-revision-647.patch
branches/1.0/package/arnofw/arnofw-revision-650.patch
branches/1.0/package/arnofw/arnofw-revision-676.patch
Deleted: branches/1.0/package/arnofw/arnofw-revision-647.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-revision-647.patch 2012-11-15 00:13:50 UTC (rev 5766)
+++ branches/1.0/package/arnofw/arnofw-revision-647.patch 2012-11-18 23:57:13 UTC (rev 5767)
@@ -1,18 +0,0 @@
---- arno-iptables-firewall_2.0.1c/bin/arno-iptables-firewall.orig
-+++ arno-iptables-firewall_2.0.1c/bin/arno-iptables-firewall
-@@ -5128,9 +5128,13 @@
- ip4tables -F OUTPUT
- ip4tables -F FORWARD
-
-- # Flush rules in the nat/mangle tables
-+ # Flush builtin IPv4 nat chains
-+ ip4tables -t nat -F PREROUTING
-+ ip4tables -t nat -F OUTPUT
-+ ip4tables -t nat -F POSTROUTING
-+
-+ # Flush rules in the mangle table
- ip4tables -t mangle -F
-- ip4tables -t nat -F
-
- if [ "$IPV6_DETECTED" = "1" ]; then
- # Flush builtin IPv6 chains
Deleted: branches/1.0/package/arnofw/arnofw-revision-650.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-revision-650.patch 2012-11-15 00:13:50 UTC (rev 5766)
+++ branches/1.0/package/arnofw/arnofw-revision-650.patch 2012-11-18 23:57:13 UTC (rev 5767)
@@ -1,110 +0,0 @@
---- arno-iptables-firewall_2.0.1c/bin/arno-iptables-firewall.orig
-+++ arno-iptables-firewall_2.0.1c/bin/arno-iptables-firewall
-@@ -2005,13 +2005,14 @@
- iptables -A DMZ_INET_FORWARD_CHAIN -p icmp --icmp-type echo-request -j DROP
-
- # Set the default policy (switch to DROP for a protocol when xxx_OPEN_xxx variable is used)
- ###########################################################################################
- if [ -z "$DMZ_INET_OPEN_TCP" -a -z "$DMZ_INET_HOST_OPEN_TCP" -a \
- -z "$DMZ_INET_OPEN_UDP" -a -z "$DMZ_INET_HOST_OPEN_UDP" -a \
-- -z "$DMZ_INET_OPEN_IP" -a -z "$DMZ_INET_HOST_OPEN_IP" ]; then
-+ -z "$DMZ_INET_OPEN_IP" -a -z "$DMZ_INET_HOST_OPEN_IP" -a -z "$DMZ_INET_DEFAULT_POLICY_DROP" ] \
-+ || [ "$DMZ_INET_DEFAULT_POLICY_DROP" = "0" ]; then
- echo " Allowing all (other) ports/protocols"
- iptables -A DMZ_INET_FORWARD_CHAIN -j ACCEPT
- else
- if [ "$DMZ_OUTPUT_DENY_LOG" != "0" ]; then
- iptables -A DMZ_INET_FORWARD_CHAIN -p tcp -m limit \
- --limit 1/s --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "AIF:DMZ->INET denied: "
-@@ -2231,13 +2232,14 @@
- iptables -A INT_INPUT_CHAIN -p icmp --icmp-type echo-request -j DROP
-
- # Set the default policy
- ########################
- if [ -z "$LAN_OPEN_TCP" -a -z "$LAN_HOST_OPEN_TCP" -a \
- -z "$LAN_OPEN_UDP" -a -z "$LAN_HOST_OPEN_UDP" -a \
-- -z "$LAN_OPEN_IP" -a -z "$LAN_HOST_OPEN_IP" ]; then
-+ -z "$LAN_OPEN_IP" -a -z "$LAN_HOST_OPEN_IP" -a -z "$LAN_DEFAULT_POLICY_DROP" ] \
-+ || [ "$LAN_DEFAULT_POLICY_DROP" = "0" ]; then
- echo " Allowing all (other) ports/protocols"
- iptables -A INT_INPUT_CHAIN -j ACCEPT
- else
- echo " Denying all (other) ports/protocols"
- if [ "$LAN_INPUT_DENY_LOG" != "0" ]; then
- iptables -A INT_INPUT_CHAIN -m limit \
-@@ -2526,13 +2528,14 @@
- iptables -A LAN_INET_FORWARD_CHAIN -p icmp --icmp-type echo-request -j DROP
-
- # Set the default policy (switch to DROP for a protocol when xxx_OPEN_xxx variable is used)
- ###########################################################################################
- if [ -z "$LAN_INET_OPEN_TCP" -a -z "$LAN_INET_HOST_OPEN_TCP" -a \
- -z "$LAN_INET_OPEN_UDP" -a -z "$LAN_INET_HOST_OPEN_UDP" -a \
-- -z "$LAN_INET_OPEN_IP" -a -z "$LAN_INET_HOST_OPEN_IP" ]; then
-+ -z "$LAN_INET_OPEN_IP" -a -z "$LAN_INET_HOST_OPEN_IP" -a -z "$LAN_INET_DEFAULT_POLICY_DROP" ] \
-+ || [ "$LAN_INET_DEFAULT_POLICY_DROP" = "0" ]; then
- echo " Allowing all (other) ports/protocols"
- iptables -A LAN_INET_FORWARD_CHAIN -j ACCEPT
- else
- if [ "$LAN_OUTPUT_DENY_LOG" != "0" ]; then
- iptables -A LAN_INET_FORWARD_CHAIN -p tcp -m limit \
- --limit 1/s --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "AIF:LAN->INET denied: "
---- arno-iptables-firewall_2.0.1c/etc/arno-iptables-firewall/firewall.conf.orig
-+++ arno-iptables-firewall_2.0.1c/etc/arno-iptables-firewall/firewall.conf
-@@ -638,12 +638,18 @@
- # #
- # Note that when both LAN_OPEN_xxx & LAN_HOST_OPEN_xxx are NOT used, the #
- # default policy for this chain is accept (unless denied through #
- # LAN_DENY_xxx and/or LAN_HOST_DENY_xxx)! #
- ###############################################################################
-
-+# Disable this (set to "") to automatically set default policy as above.
-+# When set to "1" the LAN->localhost default policy will always be DROP
-+# When set to "0" the LAN->localhost default policy will always be ACCEPT
-+# -----------------------------------------------------------------------------
-+LAN_DEFAULT_POLICY_DROP=""
-+
- # Enable this to allow for ICMP-requests(ping) from your LAN
- # -----------------------------------------------------------------------------
- LAN_OPEN_ICMP=1
-
- # Put in the following variables the TCP/UDP ports or IP protocols TO
- # (remote end-point) which the LAN hosts are permitted to connect to.
-@@ -691,12 +697,18 @@
- # LAN_INET_xxx = LAN->internet access rules (forward) #
- # #
- # Note that when the LAN_INET_OPEN_xxx & LAN_INET_HOST_OPEN_xxx variables are #
- # NOT used, the default policy will be accept for LAN->INET (unless denied #
- # through LAN_INET_DENY_xxx and/or LAN_INET_HOST_DENY_xxx)! #
- ###############################################################################
-+
-+# Disable this (set to "") to automatically set default policy as above.
-+# When set to "1" the LAN->INET default policy will always be DROP
-+# When set to "0" the LAN->INET default policy will always be ACCEPT
-+# -----------------------------------------------------------------------------
-+LAN_INET_DEFAULT_POLICY_DROP=""
-
- # Enable this to allow for ICMP-requests(ping) for LAN->INET
- # -----------------------------------------------------------------------------
- LAN_INET_OPEN_ICMP=1
-
- # Put in the following variables the TCP/UDP ports or IP
-@@ -899,12 +911,18 @@
- # #
- # Note that when the DMZ_INET_OPEN_xxx & DMZ_INET_HOST_OPEN_xxx variables are #
- # NOT used, the default policy will be accept for DMZ->INET (unless denied #
- # through DMZ_INET_DENY_xxx and/or DMZ_INET_HOST_DENY_xxx)! #
- ###############################################################################
-
-+# Disable this (set to "") to automatically set default policy as above.
-+# When set to "1" the DMZ->INET default policy will always be DROP
-+# When set to "0" the DMZ->INET default policy will always be ACCEPT
-+# -----------------------------------------------------------------------------
-+DMZ_INET_DEFAULT_POLICY_DROP=""
-+
- # Enable this to make the default policy allow for ICMP(ping) for DMZ->INET
- # -----------------------------------------------------------------------------
- DMZ_INET_OPEN_ICMP=1
-
- # Put in the following variables the TCP/UDP ports or IP
- # protocols TO (remote end-point) which the DMZ hosts are
-
Deleted: branches/1.0/package/arnofw/arnofw-revision-676.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-revision-676.patch 2012-11-15 00:13:50 UTC (rev 5766)
+++ branches/1.0/package/arnofw/arnofw-revision-676.patch 2012-11-18 23:57:13 UTC (rev 5767)
@@ -1,43 +0,0 @@
---- arno-iptables-firewall_2.0.1c/share/arno-iptables-firewall/environment.orig
-+++ arno-iptables-firewall_2.0.1c/share/arno-iptables-firewall/environment
-@@ -307,13 +307,19 @@
- # Show any (error) messages in red
- printf "\033[40m\033[1;31m${IP4TABLES} $*\nERROR ($retval): ${result}\033[0m\n" >&2
- if note_iptables_error "$@"; then
- RULE_WARNING=1
- fi
- elif [ -n "$result" ]; then
-- echo "${INDENT}$result"
-+ # Filter successful, informational results
-+ case "$result" in
-+ 'WARNING: '*' match is obsolete'*)
-+ ;;
-+ *) echo "${INDENT}$result"
-+ ;;
-+ esac
- fi
-
- return $retval
- }
-
-
-@@ -328,13 +334,19 @@
- # Show any (error) messages in red
- printf "\033[40m\033[1;31m${IP6TABLES} $*\nERROR ($retval): ${result}\033[0m\n" >&2
- if note_iptables_error "$@"; then
- RULE_WARNING=1
- fi
- elif [ -n "$result" ]; then
-- echo "${INDENT}$result"
-+ # Filter successful, informational results
-+ case "$result" in
-+ 'WARNING: '*' match is obsolete'*)
-+ ;;
-+ *) echo "${INDENT}$result"
-+ ;;
-+ esac
- fi
-
- return $retval
- }
-
Modified: branches/1.0/package/arnofw/arnofw.mk
===================================================================
--- branches/1.0/package/arnofw/arnofw.mk 2012-11-15 00:13:50 UTC (rev 5766)
+++ branches/1.0/package/arnofw/arnofw.mk 2012-11-18 23:57:13 UTC (rev 5767)
@@ -3,11 +3,11 @@
# Arno's IPtables Firewall Script
#
#############################################################
-ARNOFW_VER:=2.0.1c
+ARNOFW_VER:=2.0.1d
ARNOFW_ROOT:=arno-iptables-firewall
ARNOFW_SOURCE:=$(ARNOFW_ROOT)_$(ARNOFW_VER).tar.gz
-ARNOFW_SITE:=http://rocky.eld.leidenuniv.nl/arno-iptables-firewall
-#ARNOFW_SITE:=http://lonnie.abelbeck.com/astlinux/aif
+#ARNOFW_SITE:=http://rocky.eld.leidenuniv.nl/arno-iptables-firewall
+ARNOFW_SITE:=http://files.astlinux.org
ARNOFW_DIR:=$(BUILD_DIR)/$(ARNOFW_ROOT)_$(ARNOFW_VER)
ARNOFW_CAT:=zcat
ARNOFW_TARGET_BINARY:=/usr/sbin/arno-iptables-firewall
Modified: branches/1.0/package/arnofw/arnofw.serial
===================================================================
--- branches/1.0/package/arnofw/arnofw.serial 2012-11-15 00:13:50 UTC (rev 5766)
+++ branches/1.0/package/arnofw/arnofw.serial 2012-11-18 23:57:13 UTC (rev 5767)
@@ -1 +1 @@
-0002~0017~0000~0000~0000~
+0002~0018~0000~0000~0000~
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
