%define name iptables
-%define version 1.4.10
-%define taglevel 2
+%define version 1.4.12
+%define subversion .1
+%define taglevel 0
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+%define actual_name %{name}-%{version}%{subversion}
Vendor: PlanetLab
Packager: PlanetLab Central <support@planet-lab.org>
Name: %{name}
Version: %{version}
Release: %{release}
-Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
+Source: http://www.netfilter.org/projects/iptables/files/%{actual_name}.tar.bz2
Source1: iptables.init
Source2: iptables-config
Source3: planetlab-config
stable and may change with every new version. It is therefore unsupported.
%prep
-%setup -q
+%setup -q -n %{actual_name}
%patch1 -p1
%build
%post
/sbin/ldconfig
/sbin/chkconfig --add iptables
-DEFAULT_IFACE=$(ip route show default | awk '/default/ {print $5}'
+DEFAULT_IFACE=$(ip route show default | awk '/default/ {print $5}')
sed -i -e "s;__eth;$DEFAULT_IFACE;g" /etc/sysconfig/iptables
-service iptables restart
+[ "$PL_BOOTCD" = "1" ] || service iptables restart
%postun -p /sbin/ldconfig
%defattr(-,root,root)
%doc COPYING INSTALL INCOMPATIBILITIES
%attr(0755,root,root) /etc/rc.d/init.d/iptables
-%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
-%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables
+%config %attr(0600,root,root) /etc/sysconfig/iptables-config
+%config %attr(0600,root,root) /etc/sysconfig/iptables
/sbin/iptables*
/bin/iptables-xml
%{_mandir}/man8/iptables*
%{_libdir}/pkgconfig/xtables.pc
%changelog
+* Tue Aug 09 2011 Sapan Bhatia <sapanb@cs.princeton.edu> - iptables-1.4.10-5
+- Adding a recently abused (=received experimental traffic from planetlab) node to a global iptables blacklist. I will be
+- implementing this mechanism more formally
+- using
+- iptables in the coming days. Unfortunately, because of the complexity of the recipient network we are unable to
+- determine a comprehensive set of the slices responsible in this case, so I am adding this temporary hack for now.
+
+* Thu Mar 24 2011 S.Çağlar Onur <caglar@verivue.com> - iptables-1.4.10-4
+- Don't start iptables service on build time
+
+* Wed Feb 23 2011 S.Çağlar Onur <caglar@verivue.com> - iptables-1.4.10-3
+- Remove ugly hack for config files
+
* Thu Jan 27 2011 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.10-2
- Fix the patch