[pkg-perl-tools] 03/04: examples/pbuilder-hooks/*00iptables: use 127.0.0.0/8 instead of 127.0.0.1.
gregor herrmann
gregoa at debian.org
Fri Sep 29 16:04:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
gregoa pushed a commit to branch master
in repository pkg-perl-tools.
commit 92d9b8f8ecaca04e4d39a82cbf5520d2571155ff
Author: gregor herrmann <gregoa at debian.org>
Date: Fri Sep 29 17:58:22 2017 +0200
examples/pbuilder-hooks/*00iptables: use 127.0.0.0/8 instead of 127.0.0.1.
(An alternative would be "! -o lo".)
Thanks: Tincho for the bug report.
---
examples/pbuilder-hooks/A00iptables | 11 ++++++-----
examples/pbuilder-hooks/B00iptables | 10 +++++-----
examples/pbuilder-hooks/C00iptables | 10 +++++-----
3 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/examples/pbuilder-hooks/A00iptables b/examples/pbuilder-hooks/A00iptables
index 08e96bf..32c96ed 100755
--- a/examples/pbuilder-hooks/A00iptables
+++ b/examples/pbuilder-hooks/A00iptables
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright: 2012-2016 gregor herrmann <gregoa at debian.org>
+# Copyright: 2012-2017 gregor herrmann <gregoa at debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.
@@ -12,8 +12,9 @@
apt-get install -y iptables
dmesg --clear
+
# GID must match the one defined by BUILDUSERID into pbuilderrc file
-iptables -A OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
-iptables -A OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
-ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
-ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
+iptables -A OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
+iptables -A OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
+ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
+ip6tables -A OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
diff --git a/examples/pbuilder-hooks/B00iptables b/examples/pbuilder-hooks/B00iptables
index 128b79f..210422f 100755
--- a/examples/pbuilder-hooks/B00iptables
+++ b/examples/pbuilder-hooks/B00iptables
@@ -1,14 +1,14 @@
#!/bin/sh
-# Copyright: 2012-2016 gregor herrmann <gregoa at debian.org>
+# Copyright: 2012-2017 gregor herrmann <gregoa at debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.
# GID must match the one defined by BUILDUSERID into pbuilderrc file
-iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
-iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
-ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
-ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
+iptables -D OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
+iptables -D OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
+ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
+ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
dmesg | grep "COWBUILDER: " || true
diff --git a/examples/pbuilder-hooks/C00iptables b/examples/pbuilder-hooks/C00iptables
index 128b79f..210422f 100755
--- a/examples/pbuilder-hooks/C00iptables
+++ b/examples/pbuilder-hooks/C00iptables
@@ -1,14 +1,14 @@
#!/bin/sh
-# Copyright: 2012-2016 gregor herrmann <gregoa at debian.org>
+# Copyright: 2012-2017 gregor herrmann <gregoa at debian.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the same terms as Perl itself.
# GID must match the one defined by BUILDUSERID into pbuilderrc file
-iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
-iptables -D OUTPUT ! -s 127.0.0.1 ! -d 127.0.0.1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
-ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
-ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
+iptables -D OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
+iptables -D OUTPUT ! -s 127.0.0.0/8 ! -d 127.0.0.0/8 -m owner --gid-owner 1234 -j REJECT --reject-with icmp-port-unreachable || true
+ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j LOG --log-uid --log-prefix "COWBUILDER: " || true
+ip6tables -D OUTPUT ! -s ::1 ! -d ::1 -m owner --gid-owner 1234 -j REJECT --reject-with icmp6-port-unreachable || true
dmesg | grep "COWBUILDER: " || true
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/pkg-perl-tools.git
More information about the Pkg-perl-cvs-commits
mailing list