add rootbld to ignores and add iptables

2020-11-28 15:28:22 +00:00 · 2020-11-28 15:28:22 +00:00 · 308215c1e5
commit 308215c1e5
parent 8814bd65b5
7 changed files with 140 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,6 @@
 src/
 pkg/
+.rootbld-repositories
 secret-packages/
 software-configs/murmur-redxen-config/murmur.ini
 software-configs/transmission-redxen-config/main.json
--- a/openrc-configs/iptables-redxen-openrc/APKBUILD
+++ b/openrc-configs/iptables-redxen-openrc/APKBUILD
@ -0,0 +1,29 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=iptables-redxen-openrc
+pkgver=1
+pkgrel=0
+pkgdesc="IPTables service overrides"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc iptables-redxen-config"
+options="!check"
+source="
+	runfile-$pkgname-$pkgver.$pkgrel.initd::https://git.alpinelinux.org/aports/plain/main/iptables/iptables.initd
+	conffile-4
+	conffile-6
+"
+provides="iptables-openrc ip6tables-openrc"
+builddir="$srcdir"
+
+package() {
+	install -Dm755 "$srcdir"/runfile-iptables-redxen-openrc-"$pkgver"."$pkgrel".initd "$pkgdir"/etc/init.d/iptables
+	(cd "$pkgdir"/etc/init.d && ln -s iptables ip6tables)
+	install -Dm644 conffile-4 "$pkgdir"/etc/conf.d/iptables
+	install -Dm644 conffile-6 "$pkgdir"/etc/conf.d/ip6tables
+}
+
+sha512sums="19cb376bd7a48889daa41ae34d31dfbeac1c277476496e3a1901dc91775c8f596681e0cbccd5c4618158de45da24fcc378a9beb426d79ce26bf46b54599126fe  runfile-iptables-redxen-openrc-1.0.initd
+9673f6611a4bfdc27fd4f6759331ce6696d688950c98cc8017ac396e9c26b2036c46108c2ea7f5d631d0dd67f79552e3713b973a752f2c47c8e4178f3d16da9a  conffile-4
+02ce6849b1f9723f97bba57682ad3f3aebe9e80ee89cf0f324c69bc753654a8e6693804c4462b848945f0b50752378b4c3b7c4a95c1ce81406b37288968aaa1b  conffile-6"
--- a/openrc-configs/iptables-redxen-openrc/conffile-4
+++ b/openrc-configs/iptables-redxen-openrc/conffile-4
@ -0,0 +1,14 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IPTABLES_SAVE="/etc/iptables/rx-rules4"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="no"
+
+# Enable/disable IPv4 forwarding with the rules
+IPFORWARD="no"
--- a/openrc-configs/iptables-redxen-openrc/conffile-6
+++ b/openrc-configs/iptables-redxen-openrc/conffile-6
@ -0,0 +1,14 @@
+# /etc/conf.d/ip6tables
+
+# Location in which ip6tables initscript will save set rules on 
+# service shutdown
+IP6TABLES_SAVE="/etc/iptables/rx-rules6"
+
+# Options to pass to ip6tables-save and ip6tables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="no"
+
+# Enable/disable IPv6 forwarding with the rules
+IPFORWARD="no"
--- a/software-configs/iptables-redxen-config/APKBUILD
+++ b/software-configs/iptables-redxen-config/APKBUILD
@ -0,0 +1,23 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=iptables-redxen-config
+pkgver=1
+pkgrel=0
+pkgdesc="IPTables firewall configs"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="iptables ip6tables"
+source="
+	rules-v4
+	rules-v6
+"
+options="!check"
+
+package() {
+	install -Dm644 rules-v4 "$pkgdir"/etc/iptables/rx-rules4
+	install -Dm644 rules-v6 "$pkgdir"/etc/iptables/rx-rules6
+}
+
+sha512sums="102b407af2163bb783f39b5e7dad52fbc17d5b8e00a03514774c4445b3d6ce6024c498cb46d29e74e694156836e6039256b9dde6ae69dc28c7cd3be5211d8548  rules-v4
+549322db21f71334f399a3e5b537f703251beabe45571a008e8f76fae78cc4517ce76e39647a15fc4977df981825599e6df0bae0e9e1d25f25e98c386c2e69cf  rules-v6"
--- a/software-configs/iptables-redxen-config/rules-v4
+++ b/software-configs/iptables-redxen-config/rules-v4
@ -0,0 +1,29 @@
+# Filter
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [6:359]
+-A INPUT -m conntrack --ctstate INVALID -j DROP
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ens10 -j ACCEPT
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
+-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+COMMIT
+
+# Mangle
+*mangle
+:PREROUTING ACCEPT [8948:5925361]
+:INPUT ACCEPT [8943:5924001]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [10902:1431630]
+:POSTROUTING ACCEPT [10965:1438415]
+COMMIT
+
+# Raw
+*raw
+:PREROUTING ACCEPT [8948:5925361]
+:OUTPUT ACCEPT [10902:1431630]
+COMMIT
--- a/software-configs/iptables-redxen-config/rules-v6
+++ b/software-configs/iptables-redxen-config/rules-v6
@ -0,0 +1,30 @@
+# Filter
+*filter
+:INPUT DROP [17:2112]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [31:3265]
+-A INPUT -m conntrack --ctstate INVALID -j DROP
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ens10 -j ACCEPT
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+COMMIT
+
+# Mangle
+*mangle
+:PREROUTING ACCEPT [18:2161]
+:INPUT ACCEPT [18:2161]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [31:3265]
+:POSTROUTING ACCEPT [48:5377]
+-A OUTPUT -j TOS --set-tos 0x10/0xff
+COMMIT
+
+# Raw electrons
+*raw
+:PREROUTING ACCEPT [18:2161]
+:OUTPUT ACCEPT [31:3265]
+COMMIT