From da7ec6ae7b35bcf7b66068dcc8e6d0f2fd607eae Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 12 Oct 2009 14:27:12 +0200 Subject: arno-iptables-firewall: upstream update --- arno-iptables-firewall/PKGBUILD | 73 ++++++++++++++++++++++ .../arno-iptables-firewall.patch | 28 +++++++++ .../arno-iptables-firewall.script | 63 +++++++++++++++++++ 3 files changed, 164 insertions(+) create mode 100644 arno-iptables-firewall/PKGBUILD create mode 100644 arno-iptables-firewall/arno-iptables-firewall.patch create mode 100644 arno-iptables-firewall/arno-iptables-firewall.script diff --git a/arno-iptables-firewall/PKGBUILD b/arno-iptables-firewall/PKGBUILD new file mode 100644 index 0000000..23ed3df --- /dev/null +++ b/arno-iptables-firewall/PKGBUILD @@ -0,0 +1,73 @@ +# Maintainer: Jaroslav Lichtblau +# Contributor: Arto Puranen + +pkgname=arno-iptables-firewall +pkgver=1.9.2d +pkgrel=1 +pkgdesc="A secure stateful firewall for both single and multi-homed machine" +arch=('i686' 'x86_64') +url=("http://rocky.eld.leidenuniv.nl/joomla/") +license=('GPL') +depends=('iptables') +makedepends=('patch') +backup=(etc/${pkgname}/firewall.conf + etc/${pkgname}/custom-rules + etc/${pkgname}/plugins/dmz-dnat.conf + etc/${pkgname}/plugins/dsl-ppp-modem.conf + etc/${pkgname}/plugins/dyndns-host-open.conf + etc/${pkgname}/plugins/ids-protection.conf + etc/${pkgname}/plugins/ipsec-vpn.conf + etc/${pkgname}/plugins/ipv6-over-ipv4.conf + etc/${pkgname}/plugins/linux-upnp-igd.conf + etc/${pkgname}/plugins/mac-address-filter.conf + etc/${pkgname}/plugins/multiroute.conf + etc/${pkgname}/plugins/sip-voip.conf + etc/${pkgname}/plugins/ssh-brute-force-protection.conf + etc/${pkgname}/plugins/traffic-accounting.conf + etc/${pkgname}/plugins/traffic-shaper.conf + etc/${pkgname}/plugins/transparent-dnat.conf + etc/${pkgname}/plugins/transparent-proxy.conf + etc/${pkgname}/plugins/hfsc.conf + etc/${pkgname}/plugins/linuxigd.conf + etc/${pkgname}/plugins/racoon-ipsec-vpn.conf + etc/${pkgname}/plugins/ssh-brute-force-protection.conf) + +source=(http://rocky.eld.leidenuniv.nl/${pkgname}/${pkgname}_${pkgver}.tar.gz \ + ${pkgname}.script \ + ${pkgname}.patch) + +md5sums=('f6a3f1fbc3dac2790fe95f36587d14d8' + '0c3de10c23359728a3bd90a521d3eebc' + 'b46d833af9c0870c71ce82ec73dcbab4') + +build() { + cd ${srcdir}/${pkgname}_${pkgver} + +### patch's + patch etc/${pkgname}/firewall.conf ../${pkgname}.patch || return 1 + +### conf files + install -d -m 0755 etc/${pkgname}/plugins/ ${pkgdir}/etc/${pkgname}/plugins/ || return 1 + for i in `find etc/${pkgname} -type f`; do install -T -m 0600 $i ${pkgdir}/$i ;done + install -D -m 0644 share/${pkgname}/environment ${pkgdir}/usr/share/${pkgname}/environment || return 1 + +### plugins + install -d -m 0755 share/${pkgname}/plugins/ ${pkgdir}/usr/share/${pkgname}/plugins/ || return 1 + for i in share/${pkgname}/plugins/*plugin; do install -T -m 0644 $i ${pkgdir}/usr/$i ;done + +### binary + install -D -m 0744 bin/${pkgname} ${pkgdir}/usr/sbin/${pkgname} || return 1 + install -D -m 0744 bin/arno-fwfilter ${pkgdir}/usr/sbin/arno-fwfilter || return 1 + install -D -m 0744 contrib/adsl-failover ${pkgdir}/usr/sbin/adsl-failover || return 1 + install -D -m 0744 share/${pkgname}/plugins/dyndns-host-open-helper ${pkgdir}/usr/share/${pkgname}/plugins/dyndns-host-open-helper || return 1 + install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-helper ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-helper || return 1 + install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-log-rotate ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-log-rotate || return 1 + install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-show ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-show || return 1 + +### man files + install -D -m 0644 share/man/man1/arno-fwfilter.1 ${pkgdir}/usr/share/man/man1/arno-fwfilter.1 || return 1 + install -D -m 0644 share/man/man8/${pkgname}.8 ${pkgdir}/usr/share/man/man8/${pkgname}.8 || return 1 + +### daemon script + install -D -m 0744 ${srcdir}/${pkgname}.script ${pkgdir}/etc/rc.d/${pkgname} || return 1 +} \ No newline at end of file diff --git a/arno-iptables-firewall/arno-iptables-firewall.patch b/arno-iptables-firewall/arno-iptables-firewall.patch new file mode 100644 index 0000000..e045156 --- /dev/null +++ b/arno-iptables-firewall/arno-iptables-firewall.patch @@ -0,0 +1,28 @@ +diff -ruN arno-iptables-firewall_1.9.2b-orig/etc/arno-iptables-firewall/firewall.conf arno-iptables-firewall_1.9.2b/etc/arno-iptables-firewall/firewall.conf +--- arno-iptables-firewall_1.9.2b-orig/etc/arno-iptables-firewall/firewall.conf 2009-05-06 15:20:08.000000000 +0200 ++++ arno-iptables-firewall_1.9.2b/etc/arno-iptables-firewall/firewall.conf 2009-08-02 08:58:47.000000000 +0200 +@@ -180,20 +180,20 @@ + # (EXPERT SETTING!) Location of the iptables-binary (use 'locate iptables' or + # 'whereis iptables' to manually locate it), required for (default) IPv4 support + # ----------------------------------------------------------------------------- +-IP4TABLES="/sbin/iptables" ++IP4TABLES="/usr/sbin/iptables" + + # (EXPERT SETTING!) Location of the ip6tables-binary (use 'locate ip6tables' or + # 'whereis ip6tables' to manually locate it), required for IPv6 support + # ----------------------------------------------------------------------------- +-IP6TABLES="/sbin/ip6tables" ++IP6TABLES="/usr/sbin/ip6tables" + + # (EXPERT SETTING!) Location of the environment file + # ----------------------------------------------------------------------------- +-ENV_FILE="/usr/local/share/arno-iptables-firewall/environment" ++ENV_FILE="/usr/share/arno-iptables-firewall/environment" + + # (EXPERT SETTING!) Location of plugin binary & config files + # ----------------------------------------------------------------------------- +-PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins" ++PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins" + PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins" + + # Most people don't want to get any firewall logs being spit to the console. diff --git a/arno-iptables-firewall/arno-iptables-firewall.script b/arno-iptables-firewall/arno-iptables-firewall.script new file mode 100644 index 0000000..9607c0a --- /dev/null +++ b/arno-iptables-firewall/arno-iptables-firewall.script @@ -0,0 +1,63 @@ +#!/bin/bash + +# general config +. /etc/rc.conf +. /etc/rc.d/functions + +case "$1" in + start) + stat_busy "Starting Arno's Iptables Firewall Daemon" + /usr/sbin/arno-iptables-firewall start &>/dev/null + if [ $? -gt 0 ]; then + stat_fail + else + add_daemon arno-iptables-firewall + stat_done + fi + ;; + stop) + stat_busy "Stopping Arno's Iptables Firewall Daemon" + /usr/sbin/arno-iptables-firewall stop &>/dev/null + if [ $? -gt 0 ]; then + stat_fail + else + rm_daemon arno-iptables-firewall + stat_done + fi + ;; + restart) + $0 stop + sleep 3 + $0 start + ;; + status) + /usr/sbin/arno-iptables-firewall status + ;; + debug_start) + stat_busy "Starting Arno's Iptables Firewall Daemon" + /usr/sbin/arno-iptables-firewall start + if [ $? -gt 0 ]; then + stat_fail + else + add_daemon arno-iptables-firewall + stat_done + fi + ;; + debug_stop) + stat_busy "Stopping Arno's Iptables Firewall Daemon" + /usr/sbin/arno-iptables-firewall stop + if [ $? -gt 0 ]; then + stat_fail + else + rm_daemon arno-iptables-firewall + stat_done + fi + ;; + debug_restart) + $0 debug_stop + sleep 3 + $0 debug_start + ;; + *) + echo "usage: $0 {start|stop|restart|status|debug_start|debug_stop|debug_restart}" +esac -- cgit v1.2.3-24-g4f1b