Index: /package_tags/invirt-web-iptables/0.0.1/debian/changelog =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/debian/changelog (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/debian/changelog (revision 1267) @@ -0,0 +1,24 @@ +invirt-web-iptables (0.0.1) unstable; urgency=low + + * sipb-xen-iptables -> invirt-web-iptables + + -- Greg Price Sat, 25 Oct 2008 17:47:46 -0400 + +sipb-xen-iptables (3) unstable; urgency=low + + * shorten initscript with std-init.sh + * make reload work too, just for fun + + -- Greg Price Sat, 25 Oct 2008 15:37:07 -0400 + +sipb-xen-iptables (2) unstable; urgency=low + + * invirt-configurize sipb-xen-iptables + + -- Evan Broder Sun, 05 Oct 2008 01:22:25 -0400 + +sipb-xen-iptables (1) unstable; urgency=low + + * Initial Release. + -- SIPB Xen Project Fri, 28 Mar 2008 21:22:12 -0500 + Index: /package_tags/invirt-web-iptables/0.0.1/debian/compat =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/debian/compat (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/debian/compat (revision 1267) @@ -0,0 +1,1 @@ +4 Index: /package_tags/invirt-web-iptables/0.0.1/debian/control =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/debian/control (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/debian/control (revision 1267) @@ -0,0 +1,13 @@ +Source: invirt-web-iptables +Section: base +Priority: extra +Maintainer: Invirt project +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), subversion +Standards-Version: 3.8.0 + +Package: invirt-web-iptables +Architecture: all +Depends: ${misc:Depends}, iptables +Description: Invirt web server iptables rules + The Invirt web server needs these iptables rules to forward VNC requests + to the hosts. Index: /package_tags/invirt-web-iptables/0.0.1/debian/copyright =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/debian/copyright (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/debian/copyright (revision 1267) @@ -0,0 +1,16 @@ +This software was written as part of the Invirt project . + +Copyright : + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +On Debian systems, the complete text of the GNU General Public License +can be found in the file /usr/share/common-licenses/GPL. Index: /package_tags/invirt-web-iptables/0.0.1/debian/invirt-web-iptables.init =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/debian/invirt-web-iptables.init (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/debian/invirt-web-iptables.init (revision 1267) @@ -0,0 +1,39 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: invirt-web-iptables +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Invirt web server iptables rules +# Description: +### END INIT INFO + +NAME=invirt-web-iptables +DESC="Invirt web server iptables rules" +RULES=/usr/share/invirt-web-iptables/iptables.rules +GEN_FILES=$RULES +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +dpkg -s "$NAME" >/dev/null 2>/dev/null || exit 0 + +. /lib/init/gen-files.sh +. /lib/init/std-init.sh + +do_start() +{ + gen_files + /sbin/iptables-restore < $RULES +} + +do_reload() +{ + do_start +} + +do_stop() +{ + return 0 +} + +std_init "$1" Index: /package_tags/invirt-web-iptables/0.0.1/debian/invirt-web-iptables.install =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/debian/invirt-web-iptables.install (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/debian/invirt-web-iptables.install (revision 1267) @@ -0,0 +1,1 @@ +files/* . Index: /package_tags/invirt-web-iptables/0.0.1/debian/rules =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/debian/rules (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/debian/rules (revision 1267) @@ -0,0 +1,3 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk Index: /package_tags/invirt-web-iptables/0.0.1/files/usr/share/invirt-web-iptables/iptables.rules.mako =================================================================== --- /package_tags/invirt-web-iptables/0.0.1/files/usr/share/invirt-web-iptables/iptables.rules.mako (revision 1267) +++ /package_tags/invirt-web-iptables/0.0.1/files/usr/share/invirt-web-iptables/iptables.rules.mako (revision 1267) @@ -0,0 +1,26 @@ +<% + +from invirt.config import structs as cfg +h_port = cfg.vnc.base_port +port = cfg.vnc.base_port + +%>\ +*nat +:PREROUTING ACCEPT [5:300] +:POSTROUTING ACCEPT [8:674] +:OUTPUT ACCEPT [8:674] +% for h in cfg.hosts: +-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port} +-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip} +<% port += 1 %> +% endfor +COMMIT + +*filter +:INPUT ACCEPT [366:44912] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [292:53151] +% for h in cfg.hosts: +-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT +% endfor +COMMIT