From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1353179-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 5CB06158086
	for <garchives@archives.gentoo.org>; Tue, 28 Dec 2021 01:51:42 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7F4DDE07BA;
	Tue, 28 Dec 2021 01:51:38 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 29205E07B3
	for <gentoo-commits@lists.gentoo.org>; Tue, 28 Dec 2021 01:51:36 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 54463342F17
	for <gentoo-commits@lists.gentoo.org>; Tue, 28 Dec 2021 01:51:32 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A99CA1BF
	for <gentoo-commits@lists.gentoo.org>; Tue, 28 Dec 2021 01:51:30 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1640656228.b1630545b0a0b1d71775a2c7ec89025be32c3f49.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/firewalld/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-firewall/firewalld/firewalld-1.0.2.ebuild
X-VCS-Directories: net-firewall/firewalld/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: b1630545b0a0b1d71775a2c7ec89025be32c3f49
X-VCS-Branch: master
Date: Tue, 28 Dec 2021 01:51:30 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: baeda1bd-67a8-4aa2-a24d-7204ac3c3a2d
X-Archives-Hash: 291cee86b8dfd2fa58e3100bb00d0ed2

commit:     b1630545b0a0b1d71775a2c7ec89025be32c3f49
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 28 01:50:24 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec 28 01:50:28 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1630545

net-firewall/firewalld: update needed kernel options/modules

See: https://zigford.org/firewalld-kernel-requirements.html
Thanks-to: Jessie Harris <jesse <AT> zigford.org>
Thanks-to: Stijn Tintel <stijn+gentoo <AT> linux-ipv6.be>
Thanks-to: genr8eofl_
Closes: https://bugs.gentoo.org/830132
Closes: https://bugs.gentoo.org/703322
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-firewall/firewalld/firewalld-1.0.2.ebuild | 89 ++++++++++++++++++++++++++-
 1 file changed, 86 insertions(+), 3 deletions(-)

diff --git a/net-firewall/firewalld/firewalld-1.0.2.ebuild b/net-firewall/firewalld/firewalld-1.0.2.ebuild
index d3413dec38c9..a5b813717e90 100644
--- a/net-firewall/firewalld/firewalld-1.0.2.ebuild
+++ b/net-firewall/firewalld/firewalld-1.0.2.ebuild
@@ -6,8 +6,8 @@ EAPI=7
 PYTHON_COMPAT=( python3_{8,9,10} )
 inherit autotools bash-completion-r1 gnome2-utils linux-info plocale python-single-r1 systemd xdg-utils
 
-DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall"
-HOMEPAGE="http://www.firewalld.org/"
+DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall"
+HOMEPAGE="https://www.firewalld.org/"
 SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="GPL-2+"
@@ -49,7 +49,90 @@ QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*"
 PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW"
 
 pkg_setup() {
-	local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK"
+	# See bug #830132 for the huge list
+	# We can probably narrow it down a bit but it's rather fragile
+	local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK
+	~NETFILTER
+	~NETFILTER_ADVANCED
+	~NETFILTER_INGRESS
+	~NF_NAT_MASQUERADE
+	~NF_NAT_REDIRECT
+	~NF_TABLES_INET
+	~NF_TABLES_IPV4
+	~NF_TABLES_IPV6
+	~NF_CONNTRACK
+	~NF_CONNTRACK_BROADCAST
+	~NF_CONNTRACK_NETBIOS
+	~NF_CONNTRACK_TFTP
+	~NF_CT_NETLINK
+	~NF_CT_NETLINK_HELPER
+	~NF_DEFRAG_IPV4
+	~NF_DEFRAG_IPV6
+	~NF_NAT
+	~NF_NAT_TFTP
+	~NF_REJECT_IPV4
+	~NF_REJECT_IPV6
+	~NF_SOCKET_IPV4
+	~NF_SOCKET_IPV6
+	~NF_TABLES
+	~NF_TABLES_SET
+	~NF_TPROXY_IPV4
+	~NF_TPROXY_IPV6
+	~IP_NF_FILTER
+	~IP_NF_IPTABLES
+	~IP_NF_MANGLE
+	~IP_NF_NAT
+	~IP_NF_RAW
+	~IP_NF_SECURITY
+	~IP_NF_TARGET_MASQUERADE
+	~IP_NF_TARGET_REJECT
+	~IP6_NF_FILTER
+	~IP6_NF_IPTABLES
+	~IP6_NF_MANGLE
+	~IP6_NF_NAT
+	~IP6_NF_RAW
+	~IP6_NF_SECURITY
+	~IP6_NF_TARGET_MASQUERADE
+	~IP6_NF_TARGET_REJECT
+	~IP_SET
+	~NETFILTER_CONNCOUNT
+	~NETFILTER_NETLINK
+	~NETFILTER_NETLINK_OSF
+	~NETFILTER_NETLINK_QUEUE
+	~NETFILTER_SYNPROXY
+	~NETFILTER_XTABLES
+	~NETFILTER_XT_CONNMARK
+	~NETFILTER_XT_MATCH_CONNTRACK
+	~NETFILTER_XT_MATCH_MULTIPORT
+	~NETFILTER_XT_MATCH_STATE
+	~NETFILTER_XT_NAT
+	~NETFILTER_XT_TARGET_MASQUERADE
+	~NFT_COMPAT
+	~NFT_COUNTER
+	~NFT_CT
+	~NFT_FIB
+	~NFT_FIB_INET
+	~NFT_FIB_IPV4
+	~NFT_FIB_IPV6
+	~NFT_HASH
+	~NFT_LIMIT
+	~NFT_LOG
+	~NFT_MASQ
+	~NFT_NAT
+	~NFT_NET
+	~NFT_OBJREF
+	~NFT_QUEUE
+	~NFT_QUOTA
+	~NFT_REDIR
+	~NFT_REJECT
+	~NFT_REJECT_INET
+	~NFT_REJECT_IPV4
+	~NFT_REJECT_IPV6
+	~NFT_SOCKET
+	~NFT_SYNPROXY
+	~NFT_TPROXY
+	~NFT_TUNNEL
+	~NFT_XFRM"
 
 	# kernel >= 4.19 has unified a NF_CONNTRACK module, bug 692944
 	if kernel_is -lt 4 19; then