Patchwork [02/10] Add recipe for ebtables_2.0.10-4

login
register
mail settings
Submitter Yauhen Kharuzhy
Date Jan. 25, 2012, 10:55 a.m.
Message ID <1327488903-28082-1-git-send-email-yauhen.kharuzhy@promwad.com>
Download mbox | patch
Permalink /patch/20137/
State Superseded
Headers show

Comments

Yauhen Kharuzhy - Jan. 25, 2012, 10:55 a.m.
From: Vladimir Redzhepoff <vladimir.redzhepoff@promwad.com>

Recipe for this package has been taken from Openembedded-classic project.

Signed-off-by: Vladimir Redzhepoff <vladimir.redzhepoff@promwad.com>
---
 .../ebtables-2.0.10-4/01debian_defaultconfig.patch |   50 ++++++
 .../ebtables/ebtables-2.0.10-4/ebtables.init       |  186 ++++++++++++++++++++
 .../ebtables-2.0.10-4/installnonroot.patch         |   43 +++++
 .../recipes-extended/ebtables/ebtables_2.0.10-4.bb |   51 ++++++
 4 files changed, 330 insertions(+), 0 deletions(-)
 create mode 100644 meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
 create mode 100755 meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init
 create mode 100644 meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch
 create mode 100644 meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb
Khem Raj - Jan. 26, 2012, 5:33 a.m.
On (25/01/12 13:55), Yauhen Kharuzhy wrote:
> From: Vladimir Redzhepoff <vladimir.redzhepoff@promwad.com>
> 
> Recipe for this package has been taken from Openembedded-classic project.
> 
> Signed-off-by: Vladimir Redzhepoff <vladimir.redzhepoff@promwad.com>
> ---
>  .../ebtables-2.0.10-4/01debian_defaultconfig.patch |   50 ++++++
>  .../ebtables/ebtables-2.0.10-4/ebtables.init       |  186 ++++++++++++++++++++
>  .../ebtables-2.0.10-4/installnonroot.patch         |   43 +++++
>  .../recipes-extended/ebtables/ebtables_2.0.10-4.bb |   51 ++++++
>  4 files changed, 330 insertions(+), 0 deletions(-)
>  create mode 100644 meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
>  create mode 100755 meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init
>  create mode 100644 meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch
>  create mode 100644 meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb
> 
> diff --git a/meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
> new file mode 100644
> index 0000000..c260403
> --- /dev/null
> +++ b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
> @@ -0,0 +1,50 @@
> +#! /bin/sh /usr/share/dpatch/dpatch-run
> +## debian_defaultconfig.dpatch by  <hesso@pool.math.tu-berlin.de>
> +##
> +## DP: Debian enhancements to the ebtables "sysconfig" default settings.
> +
> +@DPATCH@
> +
> +--- ebtables-2.0.8.1.orig/ebtables-config
> ++++ ebtables-2.0.8.1/ebtables-config
> +@@ -1,17 +1,3 @@
> +-# Save (and possibly restore) in text format.
> +-#   Value: yes|no,  default: yes
> +-# Save the firewall rules in text format to __SYSCONFIG__/ebtables
> +-# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules
> +-# is done using this text format.
> +-EBTABLES_TEXT_FORMAT="yes"
> +-
> +-# Save (and restore) in binary format.
> +-#   Value: yes|no,  default: yes
> +-# Save (and restore) the firewall rules in binary format to (and from)
> +-# __SYSCONFIG__/ebtables.<chain>. Enabling this option will make
> +-# firewall initialisation a lot faster.
> +-EBTABLES_BINARY_FORMAT="yes"
> +-
> + # Unload modules on restart and stop
> + #   Value: yes|no,  default: yes
> + # This option has to be 'yes' to get to a sane state for a firewall
> +@@ -19,6 +5,12 @@
> + # modules.
> + EBTABLES_MODULES_UNLOAD="yes"
> + 
> ++# Load firewall rules on system startup.
> ++#   Value: yes|no,  default: no
> ++# Restores the ebtables rulesets from the last saved state when the
> ++# system boots up.
> ++EBTABLES_LOAD_ON_START="no"
> ++
> + # Save current firewall rules on stop.
> + #   Value: yes|no,  default: no
> + # Saves all firewall rules if firewall gets stopped
> +@@ -35,3 +27,9 @@
> + # Save rule counters when saving a kernel table to a file. If the
> + # rule counters were saved, they will be restored when restoring the table.
> + EBTABLES_SAVE_COUNTER="no"
> ++
> ++# Backup suffix for ruleset save files.
> ++#   Value: <string>,  default: "~"
> ++# Keep one backup level of saved rules.
> ++# Set this variable to the empty string to disable backups.
> ++EBTABLES_BACKUP_SUFFIX="~"
> diff --git a/meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init
> new file mode 100755
> index 0000000..0044e98
> --- /dev/null
> +++ b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init
> @@ -0,0 +1,186 @@
> +#!/bin/sh
> +#
> +# init script for the Ethernet Bridge filter tables
> +#
> +# Written by Dag Wieers <dag@wieers.com>
> +# Modified by Rok Papez <rok.papez@arnes.si>
> +#	     Bart De Schuymer <bdschuym@pandora.be>
> +# Adapted to Debian by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
> +# Adapted to OpenEmbedded by Roman I Khimov <khimov@altell.ru>
> +#
> +# chkconfig: - 15 85
> +# description: Ethernet Bridge filtering tables
> +#
> +### BEGIN INIT INFO
> +# Provides:		ebtables
> +# Required-Start:	
> +# Required-Stop:	
> +# Should-Start:		$local_fs
> +# Should-Stop:		$local_fs
> +# Default-Start:	S
> +# Default-Stop:		0 6
> +# Short-Description:	ebtables ruleset management
> +# Description:		Saves and restores the state of the ebtables rulesets.
> +### END INIT INFO
> +
> +[ -x /sbin/ebtables ] || exit 1
> +
> +EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump
> +
> +RETVAL=0
> +prog="ebtables"
> +desc="Ethernet bridge filtering"
> +umask 0077
> +
> +#default configuration
> +EBTABLES_MODULES_UNLOAD="yes"
> +EBTABLES_LOAD_ON_START="no"
> +EBTABLES_SAVE_ON_STOP="no"
> +EBTABLES_SAVE_ON_RESTART="no"
> +EBTABLES_SAVE_COUNTER="no"
> +EBTABLES_BACKUP_SUFFIX="~"
> +
> +config=/etc/default/$prog
> +[ -f "$config" ] && . "$config"
> +
> +function get_supported_tables() {
> +	EBTABLES_SUPPORTED_TABLES=
> +	/sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission
> +	if [ $? -eq 0 ]; then
> +		echo "Error: insufficient privileges to access the ebtables rulesets."
> +		exit 1
> +	fi
> +	for table in filter nat broute; do
> +		/sbin/ebtables -t $table -L &> /dev/null
> +		if [ $? -eq 0 ]; then
> +			EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
> +		fi
> +	done
> +}
> +
> +function load() {
> +	RETVAL=0
> +	get_supported_tables
> +	echo -n "Restoring ebtables rulesets: "
> +	for table in $EBTABLES_SUPPORTED_TABLES; do
> +		echo -n "$table "
> +		if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
> +			/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
> +			RET=$?
> +			if [ $RET -ne 0 ]; then
> +				echo -n "(failed) "
> +				RETVAL=$RET
> +			fi
> +		else
> +			echo -n "(no saved state) "
> +		fi
> +	done
> +	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> +		echo -n "no kernel support. "
> +	else
> +		echo -n "done. "
> +	fi
> +	if [ $RETVAL -eq 0 ]; then
> +		echo "ok"
> +	else
> +		echo "fail"
> +	fi
> +}
> +
> +function clear() {
> +	RETVAL=0
> +	get_supported_tables
> +	echo -n "Clearing ebtables rulesets: "
> +	for table in $EBTABLES_SUPPORTED_TABLES; do
> +		echo -n "$table "
> +		/sbin/ebtables -t $table --init-table
> +	done
> +
> +	if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
> +		for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do
> +			rmmod $mod 2> /dev/null
> +		done
> +	fi
> +	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> +		echo -n "no kernel support. "
> +	else
> +		echo -n "done. "
> +	fi
> +	if [ $RETVAL -eq 0 ]; then
> +		echo "ok"
> +	else
> +		echo "fail"
> +	fi
> +}
> +
> +function save() {
> +	RETVAL=0
> +	get_supported_tables
> +	echo -n "Saving ebtables rulesets: "
> +	for table in $EBTABLES_SUPPORTED_TABLES; do
> +		echo -n "$table "
> +		[ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
> +		  mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
> +		/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
> +		RET=$?
> +		if [ $RET -ne 0 ]; then
> +			echo -n "(failed) "
> +			RETVAL=$RET
> +		else
> +			if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
> +				/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
> +			fi
> +		fi
> +	done
> +	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> +		echo -n "no kernel support. "
> +	else
> +		echo -n "done. "
> +	fi
> +	if [ $RETVAL -eq 0 ]; then
> +		echo "ok"
> +	else
> +		echo "fail"
> +	fi
> +}
> +
> +case "$1" in
> +  start)
> +	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
> +	;;
> +  stop)
> +	[ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
> +	clear
> +	;;
> +  restart|reload|force-reload)
> +	[ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
> +	clear
> +	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
> +	;;
> +  load)
> +	load
> +	;;
> +  save)
> +	save
> +	;;
> +  status)
> +	get_supported_tables
> +	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
> +		echo "No kernel support for ebtables."
> +		RETVAL=1
> +	else
> +		echo -n "Ebtables support available, number of installed rules: "
> +		for table in $EBTABLES_SUPPORTED_TABLES; do
> +			COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 ))
> +			echo -n "$table($COUNT) "
> +		done
> +		echo ok
> +		RETVAL=0
> +	fi
> +	;;
> +  *)
> +	echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2
> +	RETVAL=1
> +esac
> +
> +exit $RETVAL
> diff --git a/meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch
> new file mode 100644
> index 0000000..bcd9bed
> --- /dev/null
> +++ b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch
> @@ -0,0 +1,43 @@
> +diff --git a/Makefile b/Makefile
> +index c1106a4..7ea6b7a 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\//\\\//g')
> + scripts: ebtables-save ebtables.sysv ebtables-config
> + 	cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_
> + 	mkdir -p $(DESTDIR)$(BINDIR)
> +-	install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
> ++	install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
> + 	cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_
> + 	if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi
> +-	if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
> ++	if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
> + 	cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_
> + 	if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi
> +-	if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
> ++	if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
> + 	rm -f ebtables-save_ ebtables.sysv_ ebtables-config_
> + 
> + tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g')
> + $(MANDIR)/man8/ebtables.8: ebtables.8
> + 	mkdir -p $(DESTDIR)$(@D)
> + 	sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_
> +-	install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@
> ++	install -m 0644 ebtables.8_ $(DESTDIR)$@
> + 	rm -f ebtables.8_
> + 
> + $(DESTDIR)$(ETHERTYPESFILE): ethertypes
> + 	mkdir -p $(@D)
> +-	install -m 0644 -o root -g root $< $@
> ++	install -m 0644 $< $@
> + 
> + .PHONY: exec
> + exec: ebtables ebtables-restore
> + 	mkdir -p $(DESTDIR)$(BINDIR)
> +-	install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
> +-	install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
> ++	install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
> ++	install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
> + 
> + .PHONY: install
> + install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts
> diff --git a/meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb b/meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb
> new file mode 100644
> index 0000000..b0b95b4
> --- /dev/null
> +++ b/meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb
> @@ -0,0 +1,51 @@
> +DESCRIPTION = "Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting."
> +PRIORITY = "optional"
> +LICENSE = "GPL"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=53b4a999993871a28ab1488fdbd2e73e"
> +SECTION = "console/network"
> +PR = "r2"
> +

remove that PR setting

> +TARGET_CC_ARCH += "${LDFLAGS}"

you do not need this
> +
> +SRC_URI = " \
> +	${SOURCEFORGE_MIRROR}/ebtables/ebtables-v${PV}.tar.gz \
> +    file://installnonroot.patch \
> +    file://01debian_defaultconfig.patch \
> +    file://ebtables.init \
> +	"
> +
> +SRC_URI[md5sum] = "506742a3d44b9925955425a659c1a8d0"
> +SRC_URI[sha256sum] = "dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d"
> +
> +S = "${WORKDIR}/ebtables-v${PV}"
> +
> +EXTRA_OEMAKE = " \
> +	BINDIR=${base_sbindir} \
> +	MANDIR=${mandir} \
> +	ETHERTYPESPATH=${sysconfdir} \
> +	INITDIR=${sysconfdir}/init.d \
> +	SYSCONFIGDIR=${sysconfdir}/default \
> +	LIBDIR=${base_libdir}/ebtables \
> +	'CC=${CC}' \
> +	'CFLAGS=${CFLAGS}' \
> +	'LD=${LD}' \
> +	"
> +
> +do_install () {
> +	install -d ${D}${sysconfdir}/init.d
> +	install -d ${D}${sysconfdir}/default
> +	install -d ${D}${sysconfdir}/ebtables
> +	oe_runmake DESTDIR='${D}' install
> +	install -m 0755 ${WORKDIR}/ebtables.init ${D}/${sysconfdir}/init.d/ebtables
> +	mv ${D}${sysconfdir}/default/ebtables-config ${D}${sysconfdir}/default/ebtables
> +}
> +
> +CONFFILES_${PN} += "${sysconfdir}/default/ebtables"
> +
> +inherit update-rc.d
> +
> +INITSCRIPT_NAME = "ebtables"
> +INITSCRIPT_PARAMS = "start 41 S . stop 41 6 ."
> +
> +FILES_${PN}-dbg += "${base_libdir}/ebtables/.debug"
> +FILES_${PN} += "${base_libdir}/ebtables/*.so"

should this .so go into -dev instead ?
check if they are symlinks to other .so files
if yes then they should be in -dev package

> -- 
> 1.7.6.4
> 
> 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel

Patch

diff --git a/meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
new file mode 100644
index 0000000..c260403
--- /dev/null
+++ b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/01debian_defaultconfig.patch
@@ -0,0 +1,50 @@ 
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## debian_defaultconfig.dpatch by  <hesso@pool.math.tu-berlin.de>
+##
+## DP: Debian enhancements to the ebtables "sysconfig" default settings.
+
+@DPATCH@
+
+--- ebtables-2.0.8.1.orig/ebtables-config
++++ ebtables-2.0.8.1/ebtables-config
+@@ -1,17 +1,3 @@
+-# Save (and possibly restore) in text format.
+-#   Value: yes|no,  default: yes
+-# Save the firewall rules in text format to __SYSCONFIG__/ebtables
+-# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules
+-# is done using this text format.
+-EBTABLES_TEXT_FORMAT="yes"
+-
+-# Save (and restore) in binary format.
+-#   Value: yes|no,  default: yes
+-# Save (and restore) the firewall rules in binary format to (and from)
+-# __SYSCONFIG__/ebtables.<chain>. Enabling this option will make
+-# firewall initialisation a lot faster.
+-EBTABLES_BINARY_FORMAT="yes"
+-
+ # Unload modules on restart and stop
+ #   Value: yes|no,  default: yes
+ # This option has to be 'yes' to get to a sane state for a firewall
+@@ -19,6 +5,12 @@
+ # modules.
+ EBTABLES_MODULES_UNLOAD="yes"
+ 
++# Load firewall rules on system startup.
++#   Value: yes|no,  default: no
++# Restores the ebtables rulesets from the last saved state when the
++# system boots up.
++EBTABLES_LOAD_ON_START="no"
++
+ # Save current firewall rules on stop.
+ #   Value: yes|no,  default: no
+ # Saves all firewall rules if firewall gets stopped
+@@ -35,3 +27,9 @@
+ # Save rule counters when saving a kernel table to a file. If the
+ # rule counters were saved, they will be restored when restoring the table.
+ EBTABLES_SAVE_COUNTER="no"
++
++# Backup suffix for ruleset save files.
++#   Value: <string>,  default: "~"
++# Keep one backup level of saved rules.
++# Set this variable to the empty string to disable backups.
++EBTABLES_BACKUP_SUFFIX="~"
diff --git a/meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init
new file mode 100755
index 0000000..0044e98
--- /dev/null
+++ b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/ebtables.init
@@ -0,0 +1,186 @@ 
+#!/bin/sh
+#
+# init script for the Ethernet Bridge filter tables
+#
+# Written by Dag Wieers <dag@wieers.com>
+# Modified by Rok Papez <rok.papez@arnes.si>
+#	     Bart De Schuymer <bdschuym@pandora.be>
+# Adapted to Debian by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
+# Adapted to OpenEmbedded by Roman I Khimov <khimov@altell.ru>
+#
+# chkconfig: - 15 85
+# description: Ethernet Bridge filtering tables
+#
+### BEGIN INIT INFO
+# Provides:		ebtables
+# Required-Start:	
+# Required-Stop:	
+# Should-Start:		$local_fs
+# Should-Stop:		$local_fs
+# Default-Start:	S
+# Default-Stop:		0 6
+# Short-Description:	ebtables ruleset management
+# Description:		Saves and restores the state of the ebtables rulesets.
+### END INIT INFO
+
+[ -x /sbin/ebtables ] || exit 1
+
+EBTABLES_DUMPFILE_STEM=/etc/ebtables/dump
+
+RETVAL=0
+prog="ebtables"
+desc="Ethernet bridge filtering"
+umask 0077
+
+#default configuration
+EBTABLES_MODULES_UNLOAD="yes"
+EBTABLES_LOAD_ON_START="no"
+EBTABLES_SAVE_ON_STOP="no"
+EBTABLES_SAVE_ON_RESTART="no"
+EBTABLES_SAVE_COUNTER="no"
+EBTABLES_BACKUP_SUFFIX="~"
+
+config=/etc/default/$prog
+[ -f "$config" ] && . "$config"
+
+function get_supported_tables() {
+	EBTABLES_SUPPORTED_TABLES=
+	/sbin/ebtables -t filter -L 2>&1 1>/dev/null | grep -q permission
+	if [ $? -eq 0 ]; then
+		echo "Error: insufficient privileges to access the ebtables rulesets."
+		exit 1
+	fi
+	for table in filter nat broute; do
+		/sbin/ebtables -t $table -L &> /dev/null
+		if [ $? -eq 0 ]; then
+			EBTABLES_SUPPORTED_TABLES="${EBTABLES_SUPPORTED_TABLES} $table"
+		fi
+	done
+}
+
+function load() {
+	RETVAL=0
+	get_supported_tables
+	echo -n "Restoring ebtables rulesets: "
+	for table in $EBTABLES_SUPPORTED_TABLES; do
+		echo -n "$table "
+		if [ -s ${EBTABLES_DUMPFILE_STEM}.$table ]; then
+			/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-commit
+			RET=$?
+			if [ $RET -ne 0 ]; then
+				echo -n "(failed) "
+				RETVAL=$RET
+			fi
+		else
+			echo -n "(no saved state) "
+		fi
+	done
+	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+		echo -n "no kernel support. "
+	else
+		echo -n "done. "
+	fi
+	if [ $RETVAL -eq 0 ]; then
+		echo "ok"
+	else
+		echo "fail"
+	fi
+}
+
+function clear() {
+	RETVAL=0
+	get_supported_tables
+	echo -n "Clearing ebtables rulesets: "
+	for table in $EBTABLES_SUPPORTED_TABLES; do
+		echo -n "$table "
+		/sbin/ebtables -t $table --init-table
+	done
+
+	if [ "$EBTABLES_MODULES_UNLOAD" = "yes" ]; then
+		for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -d' ' -f1) ebtables; do
+			rmmod $mod 2> /dev/null
+		done
+	fi
+	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+		echo -n "no kernel support. "
+	else
+		echo -n "done. "
+	fi
+	if [ $RETVAL -eq 0 ]; then
+		echo "ok"
+	else
+		echo "fail"
+	fi
+}
+
+function save() {
+	RETVAL=0
+	get_supported_tables
+	echo -n "Saving ebtables rulesets: "
+	for table in $EBTABLES_SUPPORTED_TABLES; do
+		echo -n "$table "
+		[ -n "$EBTABLES_BACKUP_SUFFIX" ] && [ -s ${EBTABLES_DUMPFILE_STEM}.$table ] && \
+		  mv ${EBTABLES_DUMPFILE_STEM}.$table ${EBTABLES_DUMPFILE_STEM}.$table$EBTABLES_BACKUP_SUFFIX
+		/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table --atomic-save
+		RET=$?
+		if [ $RET -ne 0 ]; then
+			echo -n "(failed) "
+			RETVAL=$RET
+		else
+			if [ "$EBTABLES_SAVE_COUNTER" = "no" ]; then
+				/sbin/ebtables -t $table --atomic-file ${EBTABLES_DUMPFILE_STEM}.$table -Z
+			fi
+		fi
+	done
+	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+		echo -n "no kernel support. "
+	else
+		echo -n "done. "
+	fi
+	if [ $RETVAL -eq 0 ]; then
+		echo "ok"
+	else
+		echo "fail"
+	fi
+}
+
+case "$1" in
+  start)
+	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
+	;;
+  stop)
+	[ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
+	clear
+	;;
+  restart|reload|force-reload)
+	[ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
+	clear
+	[ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
+	;;
+  load)
+	load
+	;;
+  save)
+	save
+	;;
+  status)
+	get_supported_tables
+	if [ -z "$EBTABLES_SUPPORTED_TABLES" ]; then
+		echo "No kernel support for ebtables."
+		RETVAL=1
+	else
+		echo -n "Ebtables support available, number of installed rules: "
+		for table in $EBTABLES_SUPPORTED_TABLES; do
+			COUNT=$(( $(/sbin/ebtables -t $table -L | sed -e "/^Bridge chain/! d" -e "s/^.*entries: //" -e "s/,.*$/ +/") 0 ))
+			echo -n "$table($COUNT) "
+		done
+		echo ok
+		RETVAL=0
+	fi
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart|reload|force-reload|load|save|status}" >&2
+	RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch
new file mode 100644
index 0000000..bcd9bed
--- /dev/null
+++ b/meta/recipes-extended/ebtables/ebtables-2.0.10-4/installnonroot.patch
@@ -0,0 +1,43 @@ 
+diff --git a/Makefile b/Makefile
+index c1106a4..7ea6b7a 100644
+--- a/Makefile
++++ b/Makefile
+@@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\//\\\//g')
+ scripts: ebtables-save ebtables.sysv ebtables-config
+ 	cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_
+ 	mkdir -p $(DESTDIR)$(BINDIR)
+-	install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
++	install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
+ 	cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_
+ 	if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi
+-	if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
++	if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
+ 	cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_
+ 	if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi
+-	if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
++	if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
+ 	rm -f ebtables-save_ ebtables.sysv_ ebtables-config_
+ 
+ tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g')
+ $(MANDIR)/man8/ebtables.8: ebtables.8
+ 	mkdir -p $(DESTDIR)$(@D)
+ 	sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_
+-	install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@
++	install -m 0644 ebtables.8_ $(DESTDIR)$@
+ 	rm -f ebtables.8_
+ 
+ $(DESTDIR)$(ETHERTYPESFILE): ethertypes
+ 	mkdir -p $(@D)
+-	install -m 0644 -o root -g root $< $@
++	install -m 0644 $< $@
+ 
+ .PHONY: exec
+ exec: ebtables ebtables-restore
+ 	mkdir -p $(DESTDIR)$(BINDIR)
+-	install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
+-	install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
++	install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
++	install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
+ 
+ .PHONY: install
+ install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts
diff --git a/meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb b/meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb
new file mode 100644
index 0000000..b0b95b4
--- /dev/null
+++ b/meta/recipes-extended/ebtables/ebtables_2.0.10-4.bb
@@ -0,0 +1,51 @@ 
+DESCRIPTION = "Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting."
+PRIORITY = "optional"
+LICENSE = "GPL"
+LIC_FILES_CHKSUM = "file://COPYING;md5=53b4a999993871a28ab1488fdbd2e73e"
+SECTION = "console/network"
+PR = "r2"
+
+TARGET_CC_ARCH += "${LDFLAGS}"
+
+SRC_URI = " \
+	${SOURCEFORGE_MIRROR}/ebtables/ebtables-v${PV}.tar.gz \
+    file://installnonroot.patch \
+    file://01debian_defaultconfig.patch \
+    file://ebtables.init \
+	"
+
+SRC_URI[md5sum] = "506742a3d44b9925955425a659c1a8d0"
+SRC_URI[sha256sum] = "dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d"
+
+S = "${WORKDIR}/ebtables-v${PV}"
+
+EXTRA_OEMAKE = " \
+	BINDIR=${base_sbindir} \
+	MANDIR=${mandir} \
+	ETHERTYPESPATH=${sysconfdir} \
+	INITDIR=${sysconfdir}/init.d \
+	SYSCONFIGDIR=${sysconfdir}/default \
+	LIBDIR=${base_libdir}/ebtables \
+	'CC=${CC}' \
+	'CFLAGS=${CFLAGS}' \
+	'LD=${LD}' \
+	"
+
+do_install () {
+	install -d ${D}${sysconfdir}/init.d
+	install -d ${D}${sysconfdir}/default
+	install -d ${D}${sysconfdir}/ebtables
+	oe_runmake DESTDIR='${D}' install
+	install -m 0755 ${WORKDIR}/ebtables.init ${D}/${sysconfdir}/init.d/ebtables
+	mv ${D}${sysconfdir}/default/ebtables-config ${D}${sysconfdir}/default/ebtables
+}
+
+CONFFILES_${PN} += "${sysconfdir}/default/ebtables"
+
+inherit update-rc.d
+
+INITSCRIPT_NAME = "ebtables"
+INITSCRIPT_PARAMS = "start 41 S . stop 41 6 ."
+
+FILES_${PN}-dbg += "${base_libdir}/ebtables/.debug"
+FILES_${PN} += "${base_libdir}/ebtables/*.so"