Changeset d8717e4

Timestamp:

10/16/2012 05:13:00 PM (12 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

983b6a6

Parents:

699b552c

Message:

Update to iptables-1.4.16.2.
Fix firewall scripts to be compatible with current iptables.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@10735 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (1 diff)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/firewalling.xml (modified) (8 diffs)
• postlfs/security/iptables.xml (modified) (4 diffs)

general.ent

@@ -177 +177 @@
 <!ENTITY gnutls-version               "3.0.24">
 <!ENTITY gpgme-version                "1.3.2">
-<!ENTITY iptables-version             "1.4.15">
+<!ENTITY iptables-version             "1.4.16.2">
 <!ENTITY libcap2-version              "2.22">
 <!ENTITY liboauth-version             "0.9.7">

introduction/welcome/changelog.xml

@@ -45 +45 @@
 -->
     
+    <listitem>
+      <para>October 16th, 2012</para>
+      <itemizedlist>
+        <listitem>
+          <para>[bdubbs] - Update to iptables-1.4.16.2. Fixes
+          <ulink url="&blfs-ticket-root;3595">#3595</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[bdubbs] - Fixed firewall scripts to be compatible with
+          current iptables. Fixes
+          <ulink url="&blfs-ticket-root;3626">#3626</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>October 15th, 2012</para>

postlfs/security/firewalling.xml

@@ -181 +181 @@
 <literal>#!/bin/sh
 
-# Begin $rc_base/rc.iptables
+# Begin rc.iptables
 
 # Insert connection-tracking modules
 # (not needed if built into the kernel)
-modprobe ip_tables
-modprobe iptable_filter
-modprobe ip_conntrack
-modprobe ip_conntrack_ftp
-modprobe ipt_state
-modprobe ipt_LOG
+modprobe nf_conntrack
+modprobe xt_LOG
 
 # Enable broadcast echo Protection
@@ -249 +245 @@
 # and permit new connections related to established ones
 # (e.g. port mode ftp)
-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 
 # Log everything else. What's Windows' latest exploitable vulnerability?
@@ -291 +287 @@
 <literal>#!/bin/sh
 
-# Begin $rc_base/rc.iptables
+# Begin rc.iptables
 
 echo
@@ -307 +303 @@
 # Insert iptables modules (not needed if built into the kernel).
 
-modprobe ip_tables
-modprobe iptable_filter
-modprobe ip_conntrack
-modprobe ip_conntrack_ftp
-modprobe ipt_state
-modprobe iptable_nat
-modprobe ip_nat_ftp
-modprobe ipt_MASQUERADE
-modprobe ipt_LOG
-modprobe ipt_REJECT
+modprobe nf_conntrack
+modprobe nf_conntrack_ftp
+modprobe xt_conntrack
+modprobe xt_LOG
+modprobe xt_state
 
 # Enable broadcast echo Protection
@@ -366 +357 @@
 
 # Allow forwarding if the initiated on the intranet
-iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A FORWARD  -i ! ppp+ -m state --state NEW      -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -A FORWARD  -i ! ppp+ -m conntrack --ctstate NEW      -j ACCEPT
 
 # Do masquerading
@@ -437 +428 @@
       INPUT.</para>
 
-<screen><literal>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+<screen><literal>iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 iptables -A OUTPUT -j ACCEPT</literal></screen>
 
@@ -458 +449 @@
 
 <screen><literal>iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
-iptables -A INPUT  -p tcp --sport 80 -m state --state ESTABLISHED \
+iptables -A INPUT  -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED \
   -j ACCEPT</literal></screen>
 
@@ -497 +488 @@
           network scans) insert these rules at the top of the chain:</para>
 
-<screen><literal>iptables -I INPUT 0 -p tcp -m state --state INVALID \
+<screen><literal>iptables -I INPUT 0 -p tcp -m conntrack --ctstate INVALID \
   -j LOG --log-prefix "FIREWALL:INVALID "
-iptables -I INPUT 1 -p tcp -m state --state INVALID -j DROP</literal></screen>
+iptables -I INPUT 1 -p tcp -m conntrack --ctstate INVALID -j DROP</literal></screen>
 
         </listitem>

postlfs/security/iptables.xml

@@ -7 +7 @@
   <!ENTITY iptables-download-http "http://www.netfilter.org/projects/iptables/files/iptables-&iptables-version;.tar.bz2">
   <!ENTITY iptables-download-ftp  "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
-  <!ENTITY iptables-md5sum        "8bf564ea8348522fc1db727868828def">
-  <!ENTITY iptables-size          "504 KB">
-  <!ENTITY iptables-buildsize     "15 MB">
+  <!ENTITY iptables-md5sum        "57220bb26866a713073e5614f88071fc">
+  <!ENTITY iptables-size          "532 KB">
+  <!ENTITY iptables-buildsize     "13 MB">
   <!ENTITY iptables-time          "0.2 SBU">
 ]>
@@ -72 +72 @@
       </listitem>
     </itemizedlist>
-
+<!--
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing="compact">
@@ -82 +82 @@
       </listitem>
     </itemizedlist>
-
+-->
     <para condition="html" role="usernotes">User Notes:
       <ulink url="&blfs-wiki;/iptables"/>
@@ -135 +135 @@
     </para>
 
-<screen><userinput>patch -Np1 -i ../iptables-&iptables-version;-missing-includes-1.patch &amp;&amp;
-./configure --prefix=/usr                          \
+<screen><userinput>./configure --prefix=/usr                          \
             --exec-prefix=                         \
             --bindir=/sbin                         \