%define name iptables
-%define version 1.4.9
+%define version 1.4.12
+%define subversion .1
%define taglevel 0
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+%define actual_name %{name}-%{version}%{subversion}
Vendor: PlanetLab
Packager: PlanetLab Central <support@planet-lab.org>
Name: %{name}
Version: %{version}
Release: %{release}
-Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
+Source: http://www.netfilter.org/projects/iptables/files/%{actual_name}.tar.bz2
Source1: iptables.init
Source2: iptables-config
Source3: planetlab-config
BuildRequires: kernel-headers
Conflicts: kernel < 2.4.20
Requires(post): chkconfig
-Requires(post): service
+Requires(post): initscripts
Requires(preun): chkconfig
%description
stable and may change with every new version. It is therefore unsupported.
%prep
-%setup -q
+%setup -q -n %{actual_name}
%patch1 -p1
%build
%post
/sbin/ldconfig
/sbin/chkconfig --add iptables
-service iptables restart
+DEFAULT_IFACE=$(ip route show default | awk '/default/ {print $5}')
+sed -i -e "s;__eth;$DEFAULT_IFACE;g" /etc/sysconfig/iptables
+[ "$PL_BOOTCD" = "1" ] || service iptables restart
%postun -p /sbin/ldconfig
%defattr(-,root,root)
%doc COPYING INSTALL INCOMPATIBILITIES
%attr(0755,root,root) /etc/rc.d/init.d/iptables
-%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
-%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables
+%config %attr(0600,root,root) /etc/sysconfig/iptables-config
+%config %attr(0600,root,root) /etc/sysconfig/iptables
/sbin/iptables*
/bin/iptables-xml
%{_mandir}/man8/iptables*
%{_libdir}/pkgconfig/xtables.pc
%changelog
+* Tue Aug 09 2011 Sapan Bhatia <sapanb@cs.princeton.edu> - iptables-1.4.10-5
+- Adding a recently abused (=received experimental traffic from planetlab) node to a global iptables blacklist. I will be
+- implementing this mechanism more formally
+- using
+- iptables in the coming days. Unfortunately, because of the complexity of the recipient network we are unable to
+- determine a comprehensive set of the slices responsible in this case, so I am adding this temporary hack for now.
+
+* Thu Mar 24 2011 S.Çağlar Onur <caglar@verivue.com> - iptables-1.4.10-4
+- Don't start iptables service on build time
+
+* Wed Feb 23 2011 S.Çağlar Onur <caglar@verivue.com> - iptables-1.4.10-3
+- Remove ugly hack for config files
+
+* Thu Jan 27 2011 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.10-2
+- Fix the patch
+
+* Wed Jan 26 2011 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.10-1
+- Fix incorrect sha1sum
+
+* Sun Jan 23 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - iptables-1.4.9-1
+- add requires initscripts in deps
+
* Wed May 12 2010 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.7-5
- Restart iptables service after package upgrades