From: sgf Date: Wed, 9 Nov 2022 10:45:42 +0000 (+0300) Subject: Add old patches. X-Git-Url: https://gitweb.sgf-dma.tk/?a=commitdiff_plain;h=b8fde31b189f36ab930d4e8464d1ddeb72dfb212;p=iptables.git Add old patches. --- diff --git a/iptables-persistent/iptables-persistent-ipset_support-squeeze.patch b/iptables-persistent/iptables-persistent-ipset_support-squeeze.patch new file mode 100644 index 0000000..cafb17b --- /dev/null +++ b/iptables-persistent/iptables-persistent-ipset_support-squeeze.patch @@ -0,0 +1,60 @@ +diff --git a/init.d/iptables-persistent b/init.d/iptables-persistent +index 13c704d..de6ba13 100755 +--- a/init.d/iptables-persistent ++++ b/init.d/iptables-persistent +@@ -10,9 +10,55 @@ + # Short-Description: Set up iptables rules + ### END INIT INFO + ++ipset_restore() ++{ ++ local f="$1" ++ local cmd="" ++ ++ if ! cmd="$(which ipset)"; then ++ return 0 ++ fi ++ ipset -R < "$f" 2> /dev/null ++} ++ ++ipset_flush() ++{ ++ local cmd="" ++ ++ if ! cmd="$(which ipset)"; then ++ return 0 ++ fi ++ # First, i need to flush 'setlist' sets, otherwise destroy will fail, ++ # because some sets may have references (from 'setlist' sets), ++ ipset -F ++ ipset -X ++} ++ ++flush_rules() ++{ ++ if [ -f /proc/net/ip_tables_names -a -x /sbin/iptables ]; then ++ for param in F Z X; do /sbin/iptables -$param; done ++ for table in $(cat /proc/net/ip_tables_names) ++ do ++ /sbin/iptables -t $table -F ++ /sbin/iptables -t $table -Z ++ /sbin/iptables -t $table -X ++ done ++ for chain in INPUT FORWARD OUTPUT ++ do ++ /sbin/iptables -P $chain ACCEPT ++ done ++ fi ++ ++ ipset_flush ++} ++ ++ + case "$1" in + start) + if [ -f /etc/iptables/rules ]; then ++ flush_rules ++ ipset_restore /etc/iptables/ipsets + iptables-restore "$f" ++} ++ ++ipset_restore() ++{ ++ local f="$1" ++ local cmd="" ++ ++ if ! cmd="$(which ipset)"; then ++ log_action_cont_msg "ipset not found, skipping restoring ipset." ++ return 0 ++ fi ++ ipset restore < "$f" 2> /dev/null ++} ++ ++ipset_flush() ++{ ++ local cmd="" ++ ++ if ! cmd="$(which ipset)"; then ++ log_action_cont_msg "ipset not found, skipping flushing ipset." ++ return 0 ++ fi ++ ipset destroy ++} ++ + load_rules() + { + log_action_begin_msg "Loading iptables rules" + ++ ipset_restore /etc/iptables/ipsets + #load IPv4 rules + if [ ! -f /etc/iptables/rules.v4 ]; then + log_action_cont_msg " skipping IPv4 (no rules to load)" + else + log_action_cont_msg " IPv4" ++ if [ $? -ne 0 ]; then ++ rc=1 ++ fi + iptables-restore < /etc/iptables/rules.v4 2> /dev/null + if [ $? -ne 0 ]; then + rc=1 +@@ -41,6 +80,9 @@ + log_action_cont_msg " skipping IPv6 (no rules to load)" + else + log_action_cont_msg " IPv6" ++ if [ $? -ne 0 ]; then ++ rc=1 ++ fi + ip6tables-restore < /etc/iptables/rules.v6 2> /dev/null + if [ $? -ne 0 ]; then + rc=1 +@@ -54,6 +96,7 @@ + { + log_action_begin_msg "Saving rules" + ++ ipset_save /etc/iptables/ipsets + #save IPv4 rules + #need at least iptable_filter loaded: + /sbin/modprobe -q iptable_filter +@@ -61,6 +104,9 @@ + log_action_cont_msg " skipping IPv4 (no modules loaded)" + elif [ -x /sbin/iptables-save ]; then + log_action_cont_msg " IPv4" ++ if [ $? -ne 0 ]; then ++ rc=1 ++ fi + iptables-save > /etc/iptables/rules.v4 + if [ $? -ne 0 ]; then + rc=1 +@@ -74,6 +120,9 @@ + log_action_cont_msg " skipping IPv6 (no modules loaded)" + elif [ -x /sbin/ip6tables-save ]; then + log_action_cont_msg " IPv6" ++ if [ $? -ne 0 ]; then ++ rc=1 ++ fi + ip6tables-save > /etc/iptables/rules.v6 + if [ $? -ne 0 ]; then + rc=1 +@@ -121,6 +170,8 @@ + done + fi + ++ ipset_flush ++ + log_action_end_msg 0 + } +