Index: /package_tags/sipb-xen-iptables/2/debian/changelog =================================================================== --- /package_tags/sipb-xen-iptables/2/debian/changelog (revision 1059) +++ /package_tags/sipb-xen-iptables/2/debian/changelog (revision 1059) @@ -0,0 +1,11 @@ +sipb-xen-iptables (2) unstable; urgency=low + + * invirt-configurize sipb-xen-iptables + + -- Evan Broder Sun, 05 Oct 2008 01:22:25 -0400 + +sipb-xen-iptables (1) unstable; urgency=low + + * Initial Release. + -- SIPB Xen Project Fri, 28 Mar 2008 21:22:12 -0500 + Index: /package_tags/sipb-xen-iptables/2/debian/compat =================================================================== --- /package_tags/sipb-xen-iptables/2/debian/compat (revision 1059) +++ /package_tags/sipb-xen-iptables/2/debian/compat (revision 1059) @@ -0,0 +1,1 @@ +4 Index: /package_tags/sipb-xen-iptables/2/debian/control =================================================================== --- /package_tags/sipb-xen-iptables/2/debian/control (revision 1059) +++ /package_tags/sipb-xen-iptables/2/debian/control (revision 1059) @@ -0,0 +1,11 @@ +Source: sipb-xen-iptables +Section: base +Priority: extra +Maintainer: SIPB Xen Project +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), subversion +Standards-Version: 3.7.2 + +Package: sipb-xen-iptables +Architecture: all +Depends: ${misc:Depends}, iptables +Description: Configure at boot the iptables rules for the VNC proxy client Index: /package_tags/sipb-xen-iptables/2/debian/copyright =================================================================== --- /package_tags/sipb-xen-iptables/2/debian/copyright (revision 1059) +++ /package_tags/sipb-xen-iptables/2/debian/copyright (revision 1059) @@ -0,0 +1,3 @@ +This package was created for internal use of the SIPB Xen Project of +the MIT Student Information Processing Board. Ask sipb-xen@mit.edu if +you have questions about redistribution. Index: /package_tags/sipb-xen-iptables/2/debian/rules =================================================================== --- /package_tags/sipb-xen-iptables/2/debian/rules (revision 1059) +++ /package_tags/sipb-xen-iptables/2/debian/rules (revision 1059) @@ -0,0 +1,3 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk Index: /package_tags/sipb-xen-iptables/2/debian/sipb-xen-iptables.init =================================================================== --- /package_tags/sipb-xen-iptables/2/debian/sipb-xen-iptables.init (revision 1059) +++ /package_tags/sipb-xen-iptables/2/debian/sipb-xen-iptables.init (revision 1059) @@ -0,0 +1,116 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: sipb-xen-iptables +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: sipb-xen iptables rules +# Description: +### END INIT INFO + +# Author: SIPB Xen Project + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Load the sipb-xen iptables rules" +NAME=sipb-xen-iptables +RULES=/usr/share/sipb-xen-iptables/iptables.rules + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + for i in /usr/share/sipb-xen-iptables/iptables.rules + do mako-render $i.mako > $i + done + + /sbin/iptables-restore < $RULES +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: Index: /package_tags/sipb-xen-iptables/2/debian/sipb-xen-iptables.install =================================================================== --- /package_tags/sipb-xen-iptables/2/debian/sipb-xen-iptables.install (revision 1059) +++ /package_tags/sipb-xen-iptables/2/debian/sipb-xen-iptables.install (revision 1059) @@ -0,0 +1,1 @@ +files/* . Index: /package_tags/sipb-xen-iptables/2/files/usr/share/sipb-xen-iptables/iptables.rules.mako =================================================================== --- /package_tags/sipb-xen-iptables/2/files/usr/share/sipb-xen-iptables/iptables.rules.mako (revision 1059) +++ /package_tags/sipb-xen-iptables/2/files/usr/share/sipb-xen-iptables/iptables.rules.mako (revision 1059) @@ -0,0 +1,26 @@ +<% + +from invirt.config import structs as cfg +h_port = cfg.vnc.base_port +port = cfg.vnc.base_port + +%>\ +*nat +:PREROUTING ACCEPT [5:300] +:POSTROUTING ACCEPT [8:674] +:OUTPUT ACCEPT [8:674] +% for h in cfg.hosts: +-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port} +-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} +<% port += 1 %> +% endfor +COMMIT + +*filter +:INPUT ACCEPT [366:44912] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [292:53151] +% for h in cfg.hosts: +-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT +% endfor +COMMIT