Commit Graph

186 Commits

Author SHA1 Message Date
Phil Sutter
85aff8c513 Support /etc/sysctl.d
When searching for sysctl settings to reapply at start/restart, search
in all files in /etc/sysctl.d/ instead of just in /etc/sysctl.conf.
2018-02-28 08:34:22 +01:00
Phil Sutter
948527f3fe Kill module unloading support
The whole concept is unfixably broken:

Some kernel modules are used by both IPv4 and IPv6 netfilter and the
algorithm has no way to identify this situation. Therefore if iptables
and ip6tables services are restarted in parallel, one's module unloading
tends to stomp onto the other's attempt at loading rules.

Another problem is with OVS: iptables service unloading conntrack
modules breaks a running OVS instance.
2018-02-28 08:18:43 +01:00
Michael Cronenworth
7ad3a27f69 Update to 1.6.2 2018-02-21 16:55:57 -06:00
Fedora Release Engineering
cb6ace7de5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 17:37:12 +00:00
Phil Sutter
8375340a72 Merge #1 Initial checkin of tests from upstreamfirst project 2018-01-24 13:03:35 +00:00
Kevin Fenzi
7cee468d60 Rebuild for new libnftnl 2017-10-22 17:51:40 -07:00
Mike Gahagan
b241cc5c2f Initial checkin of tests from upstreamfirst project 2017-10-12 14:41:36 -04:00
Fedora Release Engineering
d67764cf41 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 23:50:56 +00:00
Fedora Release Engineering
4b5891814a - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 13:40:00 +00:00
Fedora Release Engineering
7ee46ed2f5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 16:32:06 +00:00
Thomas Woerner
ab4bf24e8c - New upstream version 1.6.1 with enhanced translation to nft support and
several fixes (RHBZ#1417323)
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.1.txt
- Enable parallel build again
2017-02-02 13:23:06 +01:00
Petr Šabata
b1d8cbb34a Disabling parallel build to avoid build issues with xtables
See http://patchwork.alpinelinux.org/patch/1787/ for reference
This should be fixed in 1.6.1; parallel build can be restored after the
  update
2017-02-02 12:40:51 +01:00
Thomas Woerner
453291408a - Dropped bad provides for iptables in services sub package (RHBZ#1327786) 2016-12-19 17:23:43 +01:00
Thomas Woerner
803e775de0 Made /etc/ethertypes provide and conflict for setup < 2.10.4-1 fedora version dependant 2016-07-22 13:45:10 +02:00
Thomas Woerner
faa3761f94 - /etc/ethertypes has been moved into the setup package. (RHBZ#1329256) 2016-07-22 13:29:16 +02:00
Thomas Woerner
28989740b2 iMissing iptables-apply mktemp patch 2016-04-13 19:07:50 +02:00
Thomas Woerner
6791134663 - New upstream version 1.6.0 with nft-compat support and lots of fixes (RHBZ#1292990)
Upstream changelog:
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
- New libs sub package containing libxtables and unstable libip*tc libraries (RHBZ#1323161)
- Using scripts form RHEL-7 (RHBZ#1240366)
- New compat sub package for nftables compatibility
- Install iptables-apply (RHBZ#912047)
- Fixed module uninstall (RHBZ#1324101)
- Incorporated changes by Petr Pisar
- Enabled bpf compiler (RHBZ#1170227) Thanks to Yanko Kaneti for the patch
2016-04-13 19:00:02 +02:00
Dennis Gilmore
cea668f0bf - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 00:37:42 +00:00
Jiri Popelka
35929033de %define -> %global 2016-01-04 15:50:43 +01:00
Dennis Gilmore
1fdfc18236 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 11:32:02 +00:00
Jiri Popelka
69f9a1a33c add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
In firewalld it's also allowed by default.
2014-12-01 12:46:00 +01:00
Jiri Popelka
2962b798c0 iptables.init: make sure the subsys directory exists (RHBZ#1159573)
Also use /run/lock/subsys/ instead of /var/lock/subsys/
to be consistent with /usr/lib/tmpfiles.d/legacy.conf
2014-11-03 14:44:32 +01:00
Jiri Popelka
edc59df70f ip[6]tables.init: change shebang from /bin/sh to /bin/bash (RHBZ#1147272) 2014-09-29 14:10:21 +02:00
Jiri Popelka
bede095d8e Merge branch 'f21' 2014-09-29 14:09:01 +02:00
Peter Robinson
952410fde0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 21:47:17 +00:00
Peter Robinson
466c4fce29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 21:47:05 +00:00
Tom Callaway
d9665f2d1d fix license handling 2014-07-12 18:17:52 -04:00
Tom Callaway
f46436e6be fix license handling 2014-07-12 18:17:33 -04:00
Dennis Gilmore
0ff94dd968 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 17:38:38 -05:00
Jiri Popelka
957e271192 no need to specify file mode bits twice (in %install and %files) 2014-03-12 15:05:45 +01:00
Jiri Popelka
40b71666b9 BuildRequires: pkgconfig(x) instead of x-devel
https://fedoraproject.org/wiki/Packaging:PkgConfigBuildRequires
2014-03-12 14:55:46 +01:00
Jiri Popelka
e4ddd6e657 add missing reload and panic actions 2014-03-12 14:47:42 +01:00
Ville Skyttä
77482a7964 Don't order services after syslog.target.
https://bugzilla.redhat.com/show_bug.cgi?id=1055204
2014-01-20 18:56:12 +01:00
Thomas Woerner
bec2813925 - Enable connlabel support again, needs libnetfilter_conntrack 2014-01-15 16:28:53 +01:00
Thomas Woerner
b16a3888f1 - fixed update from RHEL-6 to RHEL-7 (RHBZ#1043901) 2014-01-15 13:22:39 +01:00
Jiri Popelka
e3b3aa4924 chmod /etc/sysconfig/ip[6]tables 755 -> 600 2014-01-14 16:59:53 +01:00
Jiri Popelka
d94a3dd4be better comment in default /etc/sysconfig/ip[6]tables 2014-01-10 16:37:48 +01:00
Jiri Popelka
77638b4505 fix permission mode value for installing /etc/sysconfig/ip[6]tables-config 2014-01-10 16:25:25 +01:00
Jiri Popelka
840a7d2d37 add default /etc/sysconfig/ip[6]tables (RHBZ#1034494) 2014-01-10 16:19:56 +01:00
Jiri Popelka
208299e925 revert the libtoolize change 2014-01-10 15:48:33 +01:00
Thomas Woerner
85656c6cde - Dropped virtual provide for xtables.so.9 2014-01-10 13:35:50 +01:00
Jiri Popelka
d303677f88 add libtoolize to build properly on ppc64le (RHBZ#1051220) 2014-01-10 13:18:23 +01:00
Jiri Popelka
7922fcbc7d fix self-obsoletion 2014-01-09 16:36:48 +01:00
Jiri Popelka
74edc3b4b2 remove unused patches 2014-01-09 16:34:15 +01:00
Jiri Popelka
ba11125edd spec clean up 2014-01-09 16:28:18 +01:00
Jiri Popelka
791b05803d ./configure -> %configure 2014-01-09 16:19:43 +01:00
Jiri Popelka
9832ccc0c7 remove scriptlets for migrating to a systemd unit from a SysV initscripts
https://lists.fedoraproject.org/pipermail/devel/2013-June/184271.html
2014-01-09 16:17:42 +01:00
Jiri Popelka
52081b603c use systemd macros (#850166) 2014-01-09 16:14:01 +01:00
Jiri Popelka
b848c2b54c no need to support the pre-systemd things 2014-01-09 16:12:00 +01:00
Thomas Woerner
0316b6eed1 - fixed system hang at shutdown if root device is network based (RHBZ#1007934)
Thanks to Rodrigo A B Freire for the patch
2014-01-09 12:53:42 +01:00