| 1 |
%define accountmajor 1 |
| 2 |
%define libaccount %mklibname account %{accountmajor} |
| 3 |
%define libaccountdevel %mklibname account -d |
| 4 |
|
| 5 |
Name: xtables-addons |
| 6 |
Version: 3.23 |
| 7 |
Release: %mkrel 1 |
| 8 |
Summary: Extensions that were not, or are not yet, accepted in the main kernel/iptables packages |
| 9 |
Group: System/Kernel and hardware |
| 10 |
License: GPLv2 |
| 11 |
URL: https://inai.de/projects/xtables-addons/ |
| 12 |
Source0: https://inai.de/files/xtables-addons/%{name}-%{version}.tar.xz |
| 13 |
|
| 14 |
Provides: iptables-addons = %{version}-%{release} |
| 15 |
|
| 16 |
BuildRequires: pkgconfig(xtables) >= 1.4.5 |
| 17 |
BuildRequires: kernel >= 3.7 |
| 18 |
Requires: kernel >= 3.7 |
| 19 |
Recommends: iptaccount |
| 20 |
Recommends: xtables-geoip |
| 21 |
|
| 22 |
# ease upgrade mga7->mga8 |
| 23 |
# /sbin/pknlusr moved from iptaccount to xtables-addons |
| 24 |
Conflicts: iptaccount < 3.13-1 |
| 25 |
|
| 26 |
%description |
| 27 |
Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains |
| 28 |
extensions that were not, or are not yet, accepted in the main kernel/iptables |
| 29 |
packages. |
| 30 |
|
| 31 |
Xtables-addons is different from patch-o-matic in that you do not have to |
| 32 |
patch or recompile the kernel, sometimes recompiling iptables is also not |
| 33 |
needed. But please see the INSTALL file for the minimum requirements of this |
| 34 |
package. |
| 35 |
|
| 36 |
(The name stems from Xtables, which is the protocol-agnostic code part of the |
| 37 |
table-based firewalling schema.) |
| 38 |
|
| 39 |
|
| 40 |
%package -n iptaccount |
| 41 |
Summary: Helper example program for iptables accounting |
| 42 |
Group: System/Kernel and hardware |
| 43 |
Requires: %{libaccount} == %{version}-%{release} |
| 44 |
|
| 45 |
%description -n iptaccount |
| 46 |
Helper example program for iptables accounting using the ACCOUNT target. |
| 47 |
|
| 48 |
|
| 49 |
%package -n xtables-geoip |
| 50 |
Summary: Helper scripts for using geoip in iptables |
| 51 |
Group: System/Kernel and hardware |
| 52 |
Requires: kmod(xt_geoip.ko) = %{version} |
| 53 |
Requires: %{name} = %{version}-%{release} |
| 54 |
BuildArch: noarch |
| 55 |
|
| 56 |
%description -n xtables-geoip |
| 57 |
Helper scripts for using geoip in iptables. |
| 58 |
|
| 59 |
|
| 60 |
%package -n %{libaccount} |
| 61 |
Summary: Library for iptaccount |
| 62 |
Group: System/Kernel and hardware |
| 63 |
Requires: kmod(xt_ACCOUNT.ko) = %{version} |
| 64 |
Requires: %{name} = %{version}-%{release} |
| 65 |
|
| 66 |
%description -n %{libaccount} |
| 67 |
Library for iptaccount. iptaccount is a helper example program for iptables |
| 68 |
accounting using the ACCOUNT target. |
| 69 |
|
| 70 |
|
| 71 |
%package -n %{libaccountdevel} |
| 72 |
Summary: Development library for iptaccount |
| 73 |
Group: System/Kernel and hardware |
| 74 |
Requires: %{libaccount} == %{version}-%{release} |
| 75 |
|
| 76 |
%description -n %{libaccountdevel} |
| 77 |
Development library for iptaccount. iptaccount is a helper example program |
| 78 |
for iptables accounting using the ACCOUNT target. |
| 79 |
|
| 80 |
|
| 81 |
%package -n dkms-%{name} |
| 82 |
Summary: dkms package for xtables-addons |
| 83 |
Group: System/Kernel and hardware |
| 84 |
Provides: kmod(xt_geoip.ko) = %{version} |
| 85 |
Provides: kmod(xt_ACCOUNT.ko) = %{version} |
| 86 |
Requires: kernel-devel >= 3.7 |
| 87 |
Requires: dkms >= 2.0.19-37 |
| 88 |
Requires(post): dkms >= 2.0.19-37 |
| 89 |
Requires(preun):dkms >= 2.0.19-37 |
| 90 |
|
| 91 |
%description -n dkms-%{name} |
| 92 |
This contains the dkms package building the xtables-addons kernel modules. |
| 93 |
|
| 94 |
Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains |
| 95 |
extensions that were not, or are not yet, accepted in the main kernel/iptables |
| 96 |
packages. |
| 97 |
|
| 98 |
Xtables-addons is different from patch-o-matic in that you do not have to |
| 99 |
patch or recompile the kernel, sometimes recompiling iptables is also not |
| 100 |
needed. But please see the INSTALL file for the minimum requirements of this |
| 101 |
package. |
| 102 |
|
| 103 |
(The name stems from Xtables, which is the protocol-agnostic code part of the |
| 104 |
table-based firewalling schema.) |
| 105 |
|
| 106 |
|
| 107 |
%prep |
| 108 |
%setup -q |
| 109 |
%autopatch -p1 |
| 110 |
|
| 111 |
%build |
| 112 |
# don't build the modules |
| 113 |
%configure --without-kbuild |
| 114 |
%make_build |
| 115 |
|
| 116 |
%install |
| 117 |
%make_install |
| 118 |
|
| 119 |
# we don't package .la |
| 120 |
rm -f %{buildroot}%{_libdir}/libxt_ACCOUNT_cl.la |
| 121 |
|
| 122 |
# prepare the dkms sources |
| 123 |
mkdir -p %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/ACCOUNT %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/pknock |
| 124 |
cp extensions/Kbuild extensions/Mbuild mconfig extensions/Makefile* extensions/mac.c extensions/xt_* extensions/compat_* %{buildroot}%{_usr}/src/%{name}-%{version}-%{release} |
| 125 |
cp extensions/ACCOUNT/Kbuild extensions/ACCOUNT/Mbuild extensions/ACCOUNT/Makefile* extensions/ACCOUNT/xt_* %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/ACCOUNT |
| 126 |
cp extensions/pknock/Kbuild extensions/pknock/Mbuild extensions/pknock/Makefile* extensions/pknock/xt_* %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/pknock |
| 127 |
|
| 128 |
# mconfig is not in parent dir anymore |
| 129 |
sed -i 's/${XA_ABSTOPSRCDIR}/${M}/' %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/Kbuild |
| 130 |
|
| 131 |
# remove ipset-6 references to silence make clean errors |
| 132 |
sed -i '/ipset-6/ d' %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/Kbuild |
| 133 |
sed -i '/ipset-6/ d' %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/Mbuild |
| 134 |
|
| 135 |
cat > %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/dkms.conf << EOF |
| 136 |
PACKAGE_NAME="%{name}" |
| 137 |
PACKAGE_VERSION="%{version}-%{release}" |
| 138 |
AUTOINSTALL="yes" |
| 139 |
MAKE[0]="'make' -j\${parallel_jobs} -C \${kernel_source_dir} M=\\\$(pwd)" |
| 140 |
CLEAN="make -C \${kernel_source_dir} M=\\\$(pwd) clean" |
| 141 |
BUILT_MODULE_LOCATION[0]="ACCOUNT" |
| 142 |
DEST_MODULE_LOCATION[0]="/kernel/extra" |
| 143 |
BUILT_MODULE_NAME[0]="xt_ACCOUNT" |
| 144 |
BUILT_MODULE_LOCATION[1]="pknock" |
| 145 |
DEST_MODULE_LOCATION[1]="/kernel/extra" |
| 146 |
BUILT_MODULE_NAME[1]="xt_pknock" |
| 147 |
EOF |
| 148 |
|
| 149 |
i=2 |
| 150 |
for mod in compat_xtables xt_CHAOS \ |
| 151 |
xt_condition xt_DELUDE xt_DHCPMAC xt_DNETMAP xt_fuzzy xt_geoip xt_iface \ |
| 152 |
xt_IPMARK xt_ipp2p xt_ipv4options xt_length2 xt_LOGMARK xt_lscan xt_psd \ |
| 153 |
xt_quota2 xt_SYSRQ xt_TARPIT; do |
| 154 |
echo -e "DEST_MODULE_LOCATION[$i]=\"/kernel/extra\"\nBUILT_MODULE_NAME[$i]=\"$mod\"" >> %{buildroot}%{_usr}/src/%{name}-%{version}-%{release}/dkms.conf |
| 155 |
(( i = $i + 1 )) |
| 156 |
done |
| 157 |
|
| 158 |
cat > README.urpmi <<EOF |
| 159 |
|
| 160 |
NOTE1: Be careful, since the xt_ACCOUNT module seems not to be loaded, if |
| 161 |
you have shorewall, you'll need to put this module in shorewalls |
| 162 |
modules.xtables file. |
| 163 |
|
| 164 |
NOTE2: if you're using shorewall, you can put the following in the |
| 165 |
/etc/shorewall/accounting file: |
| 166 |
|
| 167 |
SECTION PREROUTING |
| 168 |
ACCOUNT(down,0.0.0.0/0) - eth0 - |
| 169 |
ACCOUNT(local,192.168.0.0/24) - eth1 - |
| 170 |
SECTION POSTROUTING |
| 171 |
ACCOUNT(up,0.0.0.0/0) - - eth0 |
| 172 |
ACCOUNT(local,192.168.0.0/24) - - eth1 |
| 173 |
|
| 174 |
(assuming you have a LAN 192.168.0.0/24 on eth1 and internet on eth0) |
| 175 |
|
| 176 |
[]# iptables -l down (will show your total downstream traffic in the src) |
| 177 |
[]# iptables -l up (will show your total upstream traffic in the src section) |
| 178 |
[]# iptables -l local (will show your up/downstream traffic per ip address) |
| 179 |
|
| 180 |
(special case 0.0.0.0/0 will have all traffic always in src) |
| 181 |
|
| 182 |
EOF |
| 183 |
|
| 184 |
%post -n dkms-%{name} |
| 185 |
set -x |
| 186 |
/usr/sbin/dkms add -m %{name} -v %{version}-%{release} --rpm_safe_upgrade |
| 187 |
if [ -z "$DURING_INSTALL" ] ; then |
| 188 |
/usr/sbin/dkms build -m %{name} -v %{version}-%{release} --rpm_safe_upgrade && |
| 189 |
/usr/sbin/dkms install -m %{name} -v %{version}-%{release} --rpm_safe_upgrade --force |
| 190 |
true |
| 191 |
fi |
| 192 |
|
| 193 |
%preun -n dkms-%{name} |
| 194 |
set -x |
| 195 |
/usr/sbin/dkms remove -m %{name} -v %{version}-%{release} --rpm_safe_upgrade --all |
| 196 |
true |
| 197 |
|
| 198 |
%files |
| 199 |
%doc LICENSE README.rst INSTALL.rst |
| 200 |
/%{_lib}/iptables/libxt_*.so |
| 201 |
%{_mandir}/man8/xtables-addons.8* |
| 202 |
%{_sbindir}/pknlusr |
| 203 |
|
| 204 |
%files -n dkms-%{name} |
| 205 |
%{_usr}/src/%{name}-%{version}-%{release} |
| 206 |
|
| 207 |
%files -n iptaccount |
| 208 |
%doc README.urpmi |
| 209 |
%{_sbindir}/iptaccount |
| 210 |
%{_mandir}/man8/iptaccount.8* |
| 211 |
|
| 212 |
%files -n %libaccount |
| 213 |
%{_libdir}/libxt_ACCOUNT_cl.so.%{accountmajor} |
| 214 |
%{_libdir}/libxt_ACCOUNT_cl.so.%{accountmajor}.* |
| 215 |
|
| 216 |
%files -n %libaccountdevel |
| 217 |
%{_libdir}/libxt_ACCOUNT_cl.so |
| 218 |
|
| 219 |
%files -n xtables-geoip |
| 220 |
%{_bindir}/xt_geoip_query |
| 221 |
%{_libexecdir}/xtables-addons/xt_asn_build |
| 222 |
%{_libexecdir}/xtables-addons/xt_asn_dl |
| 223 |
%{_libexecdir}/xtables-addons/xt_asn_fetch |
| 224 |
%{_libexecdir}/xtables-addons/xt_geoip_build |
| 225 |
%{_libexecdir}/xtables-addons/xt_geoip_build_maxmind |
| 226 |
%{_libexecdir}/xtables-addons/xt_geoip_dl |
| 227 |
%{_libexecdir}/xtables-addons/xt_geoip_dl_maxmind |
| 228 |
%{_mandir}/man1/xt_asn_build.1* |
| 229 |
%{_mandir}/man1/xt_asn_dl.1* |
| 230 |
%{_mandir}/man1/xt_geoip_build.1* |
| 231 |
%{_mandir}/man1/xt_geoip_build_maxmind.1.xz |
| 232 |
%{_mandir}/man1/xt_geoip_dl.1* |
| 233 |
%{_mandir}/man1/xt_geoip_dl_maxmind.1.xz |
| 234 |
%{_mandir}/man1/xt_geoip_query.1.xz |
| 235 |
%{_mandir}/man8/pknlusr.8* |
Parent Directory
| 
Revision Log