fc21: iptables configurations conflict with fc21 yum package manager

Moved iptables configuration to /usr/lib/qubes/init
fc21 + debian + arch will place them in proper place on postinst
Fixes dedian bug of not having them in proper place

Makefile

@@ -95,8 +95,10 @@ install-rh: install-systemd install-sysvinit
 	install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/share/qubes/serial.conf
 	install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login
 
-	install -m 0400 -D network/iptables $(DESTDIR)/etc/sysconfig/iptables
-	install -m 0400 -D network/ip6tables $(DESTDIR)/etc/sysconfig/ip6tables
+	#install -m 0400 -D network/iptables $(DESTDIR)/etc/sysconfig/iptables
+	#install -m 0400 -D network/ip6tables $(DESTDIR)/etc/sysconfig/ip6tables
+	install -m 0400 -D network/iptables $(DESTDIR)/usr/lib/qubes/init/iptables
+	install -m 0400 -D network/ip6tables $(DESTDIR)/usr/lib/qubes/init/ip6tables
 
 install-common:
 	install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes

archlinux/PKGBUILD

@@ -68,8 +68,8 @@ package() {
 
   # Change the place for iptable rules to match archlinux standard
   mkdir -p $pkgdir/etc/iptables
-  mv $pkgdir/etc/sysconfig/iptables $pkgdir/etc/iptables/iptables.rules
-  mv $pkgdir/etc/sysconfig/ip6tables $pkgdir/etc/iptables/ip6tables.rules
+  mv $pkgdir/usr/lib/qubes/init/iptables $pkgdir/etc/iptables/iptables.rules
+  mv $pkgdir/usr/lib/qubes/init/ip6tables $pkgdir/etc/iptables/ip6tables.rules
 
   # Remove things non wanted in archlinux
   rm -r $pkgdir/etc/yum*

debian/qubes-core-agent.postinst

@@ -318,6 +318,17 @@ case "${1}" in
         rm -f /etc/systemd/system/default.target
         ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
 
+        # Copy ip(|6)tables into place if they do not already exist in filesystem.
+        # This prevents conflict with iptables-service with fc21 and also put config
+        # in proper place for debian
+        mkdir -p '/etc/iptables'
+        if [ ! -f '/etc/iptables/rules.v4' ]; then
+            cp -p /usr/lib/qubes/init/iptables /etc/iptables/rules.v4
+        fi
+        if [ ! -f '/etc/iptables/rules.v6' ]; then
+            cp -p /usr/lib/qubes/init/ip6tables /etc/iptables/rules.v6
+        fi
+
         # Process all triggers which will set defaults to wanted values
         triggerTriggers
 

rpm_spec/core-vm.spec

@@ -260,6 +260,15 @@ mkdir -p /rw
 #mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.orig
 #grep -v HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0.orig > /etc/sysconfig/network-scripts/ifcfg-eth0
 
+# Copy ip(|6)tables into place if they do not already exist in filesystem.
+# This prevents conflict with iptables-service
+if [ ! -f '/etc/sysconfig/iptables' ]; then
+  cp -p /usr/lib/qubes/init/iptables /etc/sysconfig/iptables
+fi
+if [ ! -f '/etc/sysconfig/ip6tables' ]; then
+  cp -p /usr/lib/qubes/init/ip6tables /etc/sysconfig/ip6tables
+fi
+
 %triggerin -- notification-daemon
 # Enable autostart of notification-daemon when installed
 if [ ! -e /etc/xdg/autostart/notification-daemon.desktop ]; then
@@ -336,8 +345,8 @@ rm -f %{name}-%{version}
 /etc/qubes-rpc/qubes.GetImageRGBA
 /etc/qubes-rpc/qubes.SetDateTime
 %config(noreplace) /etc/sudoers.d/qubes
-%config(noreplace) /etc/sysconfig/iptables
-%config(noreplace) /etc/sysconfig/ip6tables
+/usr/lib/qubes/init/iptables
+/usr/lib/qubes/init/ip6tables
 %config(noreplace) /etc/tinyproxy/filter-updates
 %config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
 %config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules