|
|
15b07d |
%define rpmversion 0.9.3
|
|
|
15b07d |
%define specrelease 4%{?dist}
|
|
|
15b07d |
|
|
|
34625f |
Name: nftables
|
|
|
15b07d |
Version: %{rpmversion}
|
|
|
15b07d |
Release: %{specrelease}%{?buildid}
|
|
|
34625f |
# Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
|
|
|
34625f |
Epoch: 1
|
|
|
34625f |
Summary: Netfilter Tables userspace utillites
|
|
|
34625f |
|
|
|
34625f |
License: GPLv2
|
|
|
34625f |
URL: http://netfilter.org/projects/nftables/
|
|
|
34625f |
Source0: http://ftp.netfilter.org/pub/nftables/nftables-%{version}.tar.bz2
|
|
|
34625f |
Source1: nftables.service
|
|
|
34625f |
Source2: nftables.conf
|
|
|
34625f |
|
|
|
15b07d |
BuildRequires: autogen
|
|
|
15b07d |
BuildRequires: autoconf
|
|
|
15b07d |
BuildRequires: automake
|
|
|
15b07d |
BuildRequires: libtool
|
|
|
15b07d |
BuildRequires: gcc
|
|
|
34625f |
BuildRequires: flex
|
|
|
34625f |
BuildRequires: bison
|
|
|
34625f |
BuildRequires: libmnl-devel
|
|
|
34625f |
BuildRequires: gmp-devel
|
|
|
34625f |
BuildRequires: readline-devel
|
|
|
15b07d |
BuildRequires: pkgconfig(libnftnl) >= 1.1.5-1
|
|
|
34625f |
BuildRequires: systemd
|
|
|
15b07d |
BuildRequires: asciidoc
|
|
|
34625f |
BuildRequires: iptables-devel
|
|
|
15b07d |
BuildRequires: jansson-devel
|
|
|
15b07d |
BuildRequires: python3-devel
|
|
|
15b07d |
|
|
|
15b07d |
Requires: libnftnl >= 1.1.5-1
|
|
|
34625f |
|
|
|
34625f |
%description
|
|
|
34625f |
Netfilter Tables userspace utilities.
|
|
|
34625f |
|
|
|
34625f |
%package devel
|
|
|
34625f |
Summary: Development library for nftables / libnftables
|
|
|
34625f |
Group: Development/Libraries
|
|
|
34625f |
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
|
34625f |
Requires: pkgconfig
|
|
|
34625f |
|
|
|
34625f |
%description devel
|
|
|
34625f |
Development tools and static libraries and header files for the libnftables library.
|
|
|
34625f |
|
|
|
15b07d |
%package -n python3-nftables
|
|
|
15b07d |
Summary: Python module providing an interface to libnftables
|
|
|
15b07d |
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
|
15b07d |
|
|
|
15b07d |
%description -n python3-nftables
|
|
|
15b07d |
The nftables python module provides an interface to libnftables via ctypes.
|
|
|
15b07d |
|
|
|
34625f |
%prep
|
|
|
34625f |
%autosetup -p1
|
|
|
34625f |
|
|
|
34625f |
%build
|
|
|
15b07d |
autoreconf -fi
|
|
|
15b07d |
rm -Rf autom4te*.cache config.h.in~
|
|
|
15b07d |
%configure --disable-silent-rules --with-json --with-xtables \
|
|
|
15b07d |
--enable-python --with-python-bin=%{__python3}
|
|
|
34625f |
make %{?_smp_mflags}
|
|
|
34625f |
|
|
|
34625f |
%install
|
|
|
34625f |
%make_install
|
|
|
34625f |
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
|
|
|
34625f |
|
|
|
34625f |
# Don't ship static lib (for now at least)
|
|
|
34625f |
rm -f $RPM_BUILD_ROOT/%{_libdir}/libnftables.a
|
|
|
34625f |
|
|
|
34625f |
chmod 644 $RPM_BUILD_ROOT/%{_mandir}/man8/nft*
|
|
|
34625f |
|
|
|
34625f |
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
|
|
|
34625f |
cp -a %{SOURCE1} $RPM_BUILD_ROOT/%{_unitdir}/
|
|
|
34625f |
|
|
|
34625f |
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig
|
|
|
34625f |
cp -a %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/
|
|
|
34625f |
|
|
|
15b07d |
find $RPM_BUILD_ROOT/%{_sysconfdir} \
|
|
|
15b07d |
\( -type d -exec chmod 0700 {} \; \) , \
|
|
|
15b07d |
\( -type f -exec chmod 0600 {} \; \)
|
|
|
15b07d |
|
|
|
15b07d |
# make nftables.py use the real library file name
|
|
|
15b07d |
# to avoid nftables-devel package dependency
|
|
|
15b07d |
sofile=$(readlink $RPM_BUILD_ROOT/%{_libdir}/libnftables.so)
|
|
|
15b07d |
sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
|
|
|
15b07d |
$RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
|
|
|
15b07d |
touch -r %{SOURCE2} $RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
|
|
|
34625f |
|
|
|
34625f |
%post
|
|
|
34625f |
%systemd_post nftables.service
|
|
|
34625f |
|
|
|
34625f |
%preun
|
|
|
34625f |
%systemd_preun nftables.service
|
|
|
34625f |
|
|
|
34625f |
%postun
|
|
|
34625f |
%systemd_postun_with_restart nftables.service
|
|
|
34625f |
|
|
|
34625f |
%post devel
|
|
|
34625f |
%ldconfig_post
|
|
|
34625f |
|
|
|
34625f |
%postun devel
|
|
|
34625f |
%ldconfig_postun
|
|
|
34625f |
|
|
|
34625f |
%files
|
|
|
34625f |
%license COPYING
|
|
|
34625f |
%config(noreplace) %{_sysconfdir}/nftables/
|
|
|
34625f |
%config(noreplace) %{_sysconfdir}/sysconfig/nftables.conf
|
|
|
34625f |
%{_sbindir}/nft
|
|
|
34625f |
%{_libdir}/libnftables.so.*
|
|
|
15b07d |
%{_mandir}/man5/libnftables-json.5*
|
|
|
34625f |
%{_mandir}/man8/nft*
|
|
|
34625f |
%{_unitdir}/nftables.service
|
|
|
15b07d |
%{_docdir}/nftables/examples/*.nft
|
|
|
34625f |
|
|
|
34625f |
%files devel
|
|
|
34625f |
%{_libdir}/libnftables.so
|
|
|
34625f |
%{_libdir}/pkgconfig/libnftables.pc
|
|
|
34625f |
%{_includedir}/nftables/libnftables.h
|
|
|
15b07d |
%{_mandir}/man3/libnftables.3*
|
|
|
15b07d |
|
|
|
15b07d |
%files -n python3-nftables
|
|
|
15b07d |
%{python3_sitelib}/nftables-*.egg-info
|
|
|
15b07d |
%{python3_sitelib}/nftables/
|
|
|
34625f |
|
|
|
34625f |
%changelog
|
|
|
15b07d |
* Wed Dec 04 2019 Phil Sutter <psutter@redhat.com> [0.9.3-4.el8]
|
|
|
15b07d |
- Explicitly depend on newer libnftl version (Phil Sutter) [1643192]
|
|
|
15b07d |
|
|
|
15b07d |
* Tue Dec 03 2019 Phil Sutter <psutter@redhat.com> [0.9.3-3.el8]
|
|
|
15b07d |
- Fix permissions of osf-related configs (Phil Sutter) [1776462]
|
|
|
15b07d |
|
|
|
15b07d |
* Tue Dec 03 2019 Phil Sutter <psutter@redhat.com> [0.9.3-2.el8]
|
|
|
15b07d |
- Add example scripts to nftables package (Phil Sutter) [1643192]
|
|
|
15b07d |
|
|
|
15b07d |
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> [0.9.3-1.el8]
|
|
|
15b07d |
- Rebase onto upstream release 0.9.3 (Phil Sutter) [1643192]
|
|
|
15b07d |
|
|
|
15b07d |
* Mon Oct 21 2019 Phil Sutter <psutter@redhat.com> [0.9.2-4.el8]
|
|
|
15b07d |
- tproxy: Add missing error checking when parsing from netlink (Phil Sutter) [1643192]
|
|
|
15b07d |
- parser_json: Fix checking of parse_policy() return code (Phil Sutter) [1643192]
|
|
|
15b07d |
|
|
|
15b07d |
* Fri Oct 18 2019 Phil Sutter <psutter@redhat.com> [0.9.2-3.el8]
|
|
|
15b07d |
- spec: Avoid multilib problems due to updated nftables.py (Phil Sutter) [1643192]
|
|
|
15b07d |
|
|
|
15b07d |
* Fri Oct 18 2019 Phil Sutter <psutter@redhat.com> [0.9.2-2.el8]
|
|
|
15b07d |
- rule: Fix for single line ct timeout printing (Phil Sutter) [1643192]
|
|
|
15b07d |
- tests/monitor: Fix for changed ct timeout format (Phil Sutter) [1643192]
|
|
|
15b07d |
- monitor: Add missing newline to error message (Phil Sutter) [1643192]
|
|
|
15b07d |
- src: restore --echo with anonymous sets (Phil Sutter) [1643192]
|
|
|
15b07d |
|
|
|
15b07d |
* Tue Oct 15 2019 Phil Sutter <psutter@redhat.com> [0.9.2-1.el8]
|
|
|
15b07d |
- src: obj: fix memleak in handle_free() (Phil Sutter) [1643192]
|
|
|
15b07d |
- libnftables: memleak when list of commands is empty (Phil Sutter) [1643192]
|
|
|
15b07d |
- mnl: do not cache sender buffer size (Phil Sutter) [1643192]
|
|
|
15b07d |
- src: meter: avoid double-space in list ruleset output (Phil Sutter) [1643192]
|
|
|
15b07d |
- src: parser_json: fix crash while restoring secmark object (Phil Sutter) [1643192]
|
|
|
15b07d |
- nftables: don't crash in 'list ruleset' if policy is not set (Phil Sutter) [1643192]
|
|
|
15b07d |
- json: tests: fix typo in ct expectation json test (Phil Sutter) [1643192]
|
|
|
15b07d |
- parser_bison: Fix 'exists' keyword on Big Endian (Phil Sutter) [1643192]
|
|
|
15b07d |
- json: fix type mismatch on "ct expect" json exporting (Phil Sutter) [1643192]
|
|
|
15b07d |
- libnftables: use-after-free in exit path (Phil Sutter) [1643192]
|
|
|
15b07d |
- netlink_delinearize: fix wrong conversion to "list" in ct mark (Phil Sutter) [1643192]
|
|
|
15b07d |
- mnl: fix --echo buffer size again (Phil Sutter) [1643192]
|
|
|
15b07d |
- parser_json: fix crash on insert rule to bad references (Phil Sutter) [1643192]
|
|
|
15b07d |
- evaluate: flag fwd and queue statements as terminal (Phil Sutter) [1643192]
|
|
|
15b07d |
- tests: shell: check that rule add with index works with echo (Phil Sutter) [1643192]
|
|
|
15b07d |
- cache: fix --echo with index/position (Phil Sutter) [1643192]
|
|
|
15b07d |
- src: secmark: fix brace indentation and missing quotes in selctx output (Phil Sutter) [1643192]
|
|
|
15b07d |
- Add python3-nftables sub-package (Phil Sutter) [1643192]
|
|
|
15b07d |
- Rebase onto upstream version 0.9.2 (Phil Sutter) [1643192]
|
|
|
15b07d |
|
|
|
15b07d |
* Mon Aug 12 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-14
|
|
|
15b07d |
- src: fix jumps on bigendian arches
|
|
|
15b07d |
- src: json: fix constant parsing on bigendian
|
|
|
15b07d |
|
|
|
15b07d |
* Thu Aug 08 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-13
|
|
|
15b07d |
- Fix for adding a rule with index and set reference
|
|
|
15b07d |
|
|
|
15b07d |
* Wed Jul 31 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-12
|
|
|
15b07d |
- Fix permissions of /etc/nftables directory
|
|
|
15b07d |
|
|
|
15b07d |
* Wed Jun 26 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-11
|
|
|
15b07d |
- Fix segfault with xtables support
|
|
|
15b07d |
|
|
|
15b07d |
* Wed Jun 26 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-10
|
|
|
15b07d |
- Fix typo in spec file
|
|
|
15b07d |
|
|
|
15b07d |
* Wed Jun 26 2019 Phil Sutter <psutter@redhat.com> - 1:0.9.0-9
|
|
|
15b07d |
- Allow variables in jump statement
|
|
|
15b07d |
- Make example configs readable only by root
|
|
|
15b07d |
- Document nft list parameters
|
|
|
15b07d |
- Document vmap statement
|
|
|
15b07d |
- Install netdev-ingress.nft sample config in the right spot
|
|
|
15b07d |
- Backport upstream fixes since last release
|
|
|
15b07d |
|
|
|
34625f |
* Fri Mar 01 2019 Phil Sutter - 1:0.9.0-8
|
|
|
34625f |
- Add missing patch to spec file
|
|
|
34625f |
|
|
|
34625f |
* Fri Dec 21 2018 Phil Sutter - 1:0.9.0-7
|
|
|
34625f |
- src: Reject 'export vm json' command
|
|
|
34625f |
|
|
|
34625f |
* Tue Dec 18 2018 Phil Sutter - 1:0.9.0-6
|
|
|
34625f |
- Rebuild for updated libnftnl
|
|
|
34625f |
|
|
|
34625f |
* Thu Dec 13 2018 Phil Sutter - 1:0.9.0-5
|
|
|
34625f |
- nft.8: Document log level audit
|
|
|
34625f |
- nft.8: Clarify 'index' option of add rule command
|
|
|
34625f |
|
|
|
34625f |
* Thu Oct 25 2018 Phil Sutter - 1:0.9.0-4
|
|
|
34625f |
- Add fixes for covscan report
|
|
|
34625f |
- Fix for ECN keyword in LHS of relational
|
|
|
34625f |
- Update meta pkt_type value description
|
|
|
34625f |
- Fix for segfault with JSON output if xt expression is present
|
|
|
34625f |
- Add missing nft suffix to files included from /etc/sysconfig/nftables.conf
|
|
|
34625f |
- Use native JSON API in nft monitor
|
|
|
34625f |
|
|
|
34625f |
* Thu Oct 11 2018 Phil Sutter - 1:0.9.0-3
|
|
|
34625f |
- Enable xtables support
|
|
|
34625f |
- Enable JSON support
|
|
|
34625f |
|
|
|
34625f |
* Mon Sep 10 2018 Phil Sutter - 1:0.9.0-2
|
|
|
34625f |
- Allow icmpx in inet/bridge families
|
|
|
34625f |
|
|
|
34625f |
* Tue Aug 14 2018 Phil Sutter - 1:0.9.0-1
|
|
|
34625f |
- New version 0.9.0
|
|
|
34625f |
- Install libnftables
|
|
|
34625f |
- Add devel sub-package
|
|
|
34625f |
- Add gcc BuildRequires
|
|
|
34625f |
|
|
|
34625f |
* Sat Mar 03 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.3-1
|
|
|
34625f |
- Update to 0.8.3. Fixes bug #1551207
|
|
|
34625f |
|
|
|
34625f |
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.8.2-2
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Mon Feb 05 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.2-1
|
|
|
34625f |
- Update to 0.8.2. Fixes bug #1541582
|
|
|
34625f |
|
|
|
34625f |
* Tue Jan 16 2018 Kevin Fenzi <kevin@scrye.com> - 0.8.1-1
|
|
|
34625f |
- Update to 0.8.1. Fixes bug #1534982
|
|
|
34625f |
|
|
|
34625f |
* Sun Oct 22 2017 Kevin Fenzi <kevin@scrye.com> - 0.8-1
|
|
|
34625f |
- Update to 0.8.
|
|
|
34625f |
|
|
|
34625f |
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-5
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-4
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.7-3
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 1:0.7-2
|
|
|
34625f |
- Rebuild for readline 7.x
|
|
|
34625f |
|
|
|
34625f |
* Thu Dec 22 2016 Kevin Fenzi <kevin@scrye.com> - 0.7-1
|
|
|
34625f |
- Update to 0.7
|
|
|
34625f |
|
|
|
34625f |
* Fri Jul 15 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-2
|
|
|
34625f |
- Rebuild for new glibc symbols
|
|
|
34625f |
|
|
|
34625f |
* Thu Jun 02 2016 Kevin Fenzi <kevin@scrye.com> - 0.6-1
|
|
|
34625f |
- Update to 0.6.
|
|
|
34625f |
|
|
|
34625f |
* Sun Apr 10 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-4
|
|
|
34625f |
- Add example config files and move config to /etc/sysconfig. Fixes bug #1313936
|
|
|
34625f |
|
|
|
34625f |
* Fri Mar 25 2016 Kevin Fenzi <kevin@scrye.com> - 0.5-3
|
|
|
34625f |
- Add systemd unit file. Fixes bug #1313936
|
|
|
34625f |
|
|
|
34625f |
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.5-2
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Thu Sep 17 2015 Kevin Fenzi <kevin@scrye.com> 0.5-1
|
|
|
34625f |
- Update to 0.5
|
|
|
34625f |
|
|
|
34625f |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.4-3
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Sat Jan 10 2015 Kevin Fenzi <kevin@scrye.com> 0.4-2
|
|
|
34625f |
- Add patch to fix nft -f dep gen.
|
|
|
34625f |
|
|
|
34625f |
* Fri Dec 26 2014 Kevin Fenzi <kevin@scrye.com> 0.4-1
|
|
|
34625f |
- Update to 0.4
|
|
|
34625f |
- Add Epoch to fix versioning.
|
|
|
34625f |
|
|
|
34625f |
* Wed Sep 03 2014 Kevin Fenzi <kevin@scrye.com> 0.100-4.20140903git
|
|
|
34625f |
- Update to 20140903 snapshot
|
|
|
34625f |
|
|
|
34625f |
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-4.20140704git
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Fri Jul 04 2014 Kevin Fenzi <kevin@scrye.com> 0.100-3.20140704git
|
|
|
34625f |
- Update to new snapshot
|
|
|
34625f |
|
|
|
34625f |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.100-2.20140426git
|
|
|
34625f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
34625f |
|
|
|
34625f |
* Sat Apr 26 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140426git
|
|
|
34625f |
- Update t0 20140426
|
|
|
34625f |
|
|
|
34625f |
* Sun Mar 30 2014 Kevin Fenzi <kevin@scrye.com> 0.100-1.20140330git
|
|
|
34625f |
- Update to 20140330 snapshot
|
|
|
34625f |
- Sync versions to be post 0.100 release.
|
|
|
34625f |
|
|
|
34625f |
* Wed Mar 26 2014 Kevin Fenzi <kevin@scrye.com> 0-0.7.20140326git
|
|
|
34625f |
- Update to 20140326 snapshot
|
|
|
34625f |
- Fix permissions on man pages.
|
|
|
34625f |
|
|
|
34625f |
* Mon Mar 24 2014 Kevin Fenzi <kevin@scrye.com> 0-0.6.20140324git
|
|
|
34625f |
- Update to 20140324 snapshot
|
|
|
34625f |
|
|
|
34625f |
* Fri Mar 07 2014 Kevin Fenzi <kevin@scrye.com> 0-0.5.20140307git
|
|
|
34625f |
- Update to 20140307
|
|
|
34625f |
|
|
|
34625f |
* Sat Jan 25 2014 Kevin Fenzi <kevin@scrye.com> 0-0.4.20140125git
|
|
|
34625f |
- Update to 20140125 snapshot
|
|
|
34625f |
|
|
|
34625f |
* Sat Jan 18 2014 Kevin Fenzi <kevin@scrye.com> 0-0.3.20140118git
|
|
|
34625f |
- Update to 20140118 snapshot
|
|
|
34625f |
- Fixed License tag to be correct
|
|
|
34625f |
- Fixed changelog
|
|
|
34625f |
- nft scripts now use full path for nft
|
|
|
34625f |
- Fixed man page building
|
|
|
34625f |
- Dropped unneeded rm in install
|
|
|
34625f |
- Patched build to not be silent.
|
|
|
34625f |
|
|
|
34625f |
* Tue Dec 03 2013 Kevin Fenzi <kevin@scrye.com> 0-0.2.20131202git
|
|
|
34625f |
- Use upstream snapshots for source.
|
|
|
34625f |
- Use 0 for version.
|
|
|
34625f |
|
|
|
34625f |
* Sat Nov 30 2013 Kevin Fenzi <kevin@scrye.com> 0-0.1
|
|
|
34625f |
- initial version for Fedora review
|