[gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/libexec/, net-firewall/nftables/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/libexec/, net-firewall/nftables/
@ 2019-01-15 23:20 Matthew Thode
  0 siblings, 0 replies; only message in thread
From: Matthew Thode @ 2019-01-15 23:20 UTC (permalink / raw
  To: gentoo-commits

commit:     5340dc96865d410a32ab4cb9f900bcb88e035600
Author:     Francisco Blas (klondike) Izquierdo Riera <klondike <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 15 23:13:18 2019 +0000
Commit:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Tue Jan 15 23:20:42 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5340dc96

net-firewall/nftables: Minor fixes on the script closes #675188

* Use printf instead of echo for better shell compatibility.
* Use an include instead of concatenating the ruleset.
  (Note that this is likely to fail is the ruleset path contains
   special characters).
* Empty the table first when executing panic actions.

Fixes: https://bugs.gentoo.org/675188

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Matthew Thode <prometheanfire <AT> gentoo.org>

 net-firewall/nftables/files/libexec/nftables-mk.sh                 | 7 ++++---
 .../{nftables-0.9.0-r2.ebuild => nftables-0.9.0-r3.ebuild}         | 0
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/net-firewall/nftables/files/libexec/nftables-mk.sh b/net-firewall/nftables/files/libexec/nftables-mk.sh
index b6ad37867b6..b3d7db60d7f 100644
--- a/net-firewall/nftables/files/libexec/nftables-mk.sh
+++ b/net-firewall/nftables/files/libexec/nftables-mk.sh
@@ -13,7 +13,8 @@ main() {
 			nft ${SAVE_OPTIONS} list ruleset
 		;;
 		"load")
-			( echo "flush ruleset;"; cat "${NFTABLES_SAVE}" ) | nft -f -
+			# We use an include because cat fails with long rulesets see #675188
+			printf 'flush ruleset\ninclude "%s"\n' "${NFTABLES_SAVE}" | nft -f -
 		;;
 		"panic")
 			panic hard | nft -f -
@@ -25,8 +26,7 @@ main() {
 			local tmp_save="${NFTABLES_SAVE}.tmp"
 			umask 600;
 			(
-				echo "#!/sbin/nft -f"
-				echo "flush ruleset;"
+				printf '#!/sbin/nft -f\nflush ruleset\n'
 				nft ${SAVE_OPTIONS} list ruleset
 			) > "$tmp_save" && mv ${tmp_save} ${NFTABLES_SAVE}
 		;;
@@ -37,6 +37,7 @@ panic() {
 	local erule;
 	[ "$1" = soft ] && erule="ct state established,related accept;" || erule="";
 	cat <<EOF
+flush ruleset
 table inet filter {
 	chain input {
 		type filter hook input priority 0;

diff --git a/net-firewall/nftables/nftables-0.9.0-r2.ebuild b/net-firewall/nftables/nftables-0.9.0-r3.ebuild
similarity index 100%
rename from net-firewall/nftables/nftables-0.9.0-r2.ebuild
rename to net-firewall/nftables/nftables-0.9.0-r3.ebuild


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2019-01-15 23:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-15 23:20 [gentoo-commits] repo/gentoo:master commit in: net-firewall/nftables/files/libexec/, net-firewall/nftables/ Matthew Thode

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox