diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-firewall | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-firewall')
361 files changed, 17727 insertions, 0 deletions
diff --git a/net-firewall/arno-iptables-firewall/Manifest b/net-firewall/arno-iptables-firewall/Manifest new file mode 100644 index 000000000000..20eb3185cb5f --- /dev/null +++ b/net-firewall/arno-iptables-firewall/Manifest @@ -0,0 +1,2 @@ +DIST arno-iptables-firewall_2.0.1d.tar.gz 125329 SHA256 177343362063125985e8b0008fe69bc6ca8d3ba252cfa35a316e708f52fef9c6 SHA512 a99f4fcf4f84a47cc1bda26b39e4f3dc7e10b74f3aeaea8a2519bf18f43ff08ec0bfbd0f078ac36ce12da31d3ac0eabc51231b4559cadca13cd4d75e0940bf9d WHIRLPOOL 2dd56678015cf49ed9442c63c5455c70e72a6f252d9278a56ae1eaabda34d597c44f7fdb97695656882754776385778a5e67d83e7e35e4554e5765e3a0e68b13 +DIST arno-iptables-firewall_2.0.1e.tar.gz 126238 SHA256 fa7b865e5d9b8e077cba73b2f28695a2fd691092a0a7f9e1c16ee369fc27fe43 SHA512 244b3bbf08b2d97128908aece487388bb71ced002cc129885144f4eacf9cf6053c9eb1225a1cd33fdefc502f1e6822a85710d35a7884e99cfde35d34f3fd4f70 WHIRLPOOL f6c1b5ade8b4acdcc4c8e90e19a84335c3932d2a58bbba2221a91b7cbd228c4d6072af6e21836314d86ef005780b47c5ce85198219b345116af529178e2133c1 diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1d-r2.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1d-r2.ebuild new file mode 100644 index 000000000000..b61173224188 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1d-r2.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit readme.gentoo systemd + +DESCRIPTION="Arno's iptables firewall script" +HOMEPAGE="http://rocky.eld.leidenuniv.nl" +SRC_URI="http://rocky.eld.leidenuniv.nl/${PN}/${PN}_${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="+plugins" + +# sys-apps/coreutils dependency wrt +# https://bugs.gentoo.org/show_bug.cgi?id=448716 + +DEPEND="" +RDEPEND="net-firewall/iptables + || ( <sys-apps/coreutils-8.20 >sys-apps/coreutils-8.20-r1 ) + sys-apps/iproute2 + plugins? ( net-dns/bind-tools )" + +S="${WORKDIR}/${PN}_${PV}" + +DISABLE_AUTOFORMATTING="yes" +DOC_CONTENTS="You will need to configure /etc/${PN}/firewall.conf +before using this package. To start the script, run: + +/etc/init.d/${PN} start (for openRC) +systemctl start ${PN} (for Systemd) + +If you want to start this script at boot, run: + +rc-update add ${PN} default (for openRC) +systemctl enable ${PN} (for Systemd)" + +src_prepare() { + sed -i -e 's:/usr/local/share/:/usr/libexec/:' \ + etc/"${PN}"/firewall.conf || die "Sed failed!" +} + +src_install() { + + insinto /etc/"${PN}" + doins etc/"${PN}"/firewall.conf + doins etc/"${PN}"/custom-rules + + doinitd "${FILESDIR}/${PN}" + systemd_dounit "${FILESDIR}/${PN}.service" + + dobin bin/arno-fwfilter + dosbin bin/"${PN}" + + insinto /usr/libexec/"${PN}" + doins share/"${PN}"/environment + + dodoc CHANGELOG README + readme.gentoo_create_doc + + if use plugins + then + insinto /etc/"${PN}"/plugins + doins etc/"${PN}"/plugins/* + + insinto /usr/libexec/"${PN}"/plugins + doins share/"${PN}"/plugins/*.plugin + + exeinto /usr/libexec/"${PN}"/plugins + doexe share/"${PN}"/plugins/dyndns-host-open-helper + doexe share/"${PN}"/plugins/traffic-accounting-helper + doexe share/"${PN}"/plugins/traffic-accounting-log-rotate + doexe share/"${PN}"/plugins/traffic-accounting-show + + docinto plugins + dodoc share/"${PN}"/plugins/*.CHANGELOG + fi + + doman share/man/man1/arno-fwfilter.1 \ + share/man/man8/"${PN}".8 +} + +pkg_postinst () { + ewarn "When you stop this script, all firewall rules are flushed!" + ewarn "Make sure to not use multiple firewall scripts simultaneously" + ewarn "unless you know what you are doing!" + readme.gentoo_print_elog +} diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild new file mode 100644 index 000000000000..094b69b02099 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit readme.gentoo systemd + +DESCRIPTION="Arno's iptables firewall script" +HOMEPAGE="http://rocky.eld.leidenuniv.nl" +SRC_URI="http://rocky.eld.leidenuniv.nl/${PN}/${PN}_${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="+plugins" + +# sys-apps/coreutils dependency wrt +# https://bugs.gentoo.org/show_bug.cgi?id=448716 + +DEPEND="" +RDEPEND="net-firewall/iptables + || ( <sys-apps/coreutils-8.20 >sys-apps/coreutils-8.20-r1 ) + sys-apps/iproute2 + plugins? ( net-dns/bind-tools )" + +S="${WORKDIR}/${PN}_${PV}" + +DISABLE_AUTOFORMATTING="yes" +DOC_CONTENTS="You will need to configure /etc/${PN}/firewall.conf +before using this package. To start the script, run: + +/etc/init.d/${PN} start (for OpenRC) +systemctl start ${PN} (for systemd) + +If you want to start this script at boot, run: + +rc-update add ${PN} default (for OpenRC) +systemctl enable ${PN} (for systemd)" + +src_prepare() { + sed -i -e 's:/usr/local/share/:/usr/libexec/:' \ + etc/"${PN}"/firewall.conf || die "Sed failed!" + sed -i -e 's:/usr/local/sbin/:/usr/sbin/:' \ + lib/systemd/system/"${PN}.service" || die "Sed failed!" +} + +src_install() { + insinto /etc/"${PN}" + doins etc/"${PN}"/firewall.conf + doins etc/"${PN}"/custom-rules + + doinitd "${FILESDIR}/${PN}" + systemd_dounit lib/systemd/system/"${PN}.service" + + dobin bin/arno-fwfilter + dosbin bin/"${PN}" + + insinto /usr/libexec/"${PN}" + doins share/"${PN}"/environment + + dodoc CHANGELOG README + readme.gentoo_create_doc + + if use plugins + then + insinto /etc/"${PN}"/plugins + doins etc/"${PN}"/plugins/* + + insinto /usr/libexec/"${PN}"/plugins + doins share/"${PN}"/plugins/*.plugin + + exeinto /usr/libexec/"${PN}"/plugins + doexe share/"${PN}"/plugins/dyndns-host-open-helper + doexe share/"${PN}"/plugins/traffic-accounting-helper + doexe share/"${PN}"/plugins/traffic-accounting-log-rotate + doexe share/"${PN}"/plugins/traffic-accounting-show + + docinto plugins + dodoc share/"${PN}"/plugins/*.CHANGELOG + fi + + doman share/man/man1/arno-fwfilter.1 \ + share/man/man8/"${PN}".8 +} + +pkg_postinst () { + ewarn "When you stop this script, all firewall rules are flushed!" + ewarn "Make sure to not use multiple firewall scripts simultaneously" + ewarn "unless you know what you are doing!" + readme.gentoo_print_elog +} diff --git a/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall new file mode 100644 index 000000000000..7a56dfb24654 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall @@ -0,0 +1,27 @@ +#!/sbin/runscript +command=/usr/sbin/arno-iptables-firewall +description="Single- & multi-homed firewall script with DSL/ADSL support" + +extra_started_commands="reload" +description_reload="Reload blocked hosts (blackhole) file" + +depend() { + before net + use logger +} + +start() { + ${command} start +} + +stop() { + ${command} stop +} + +restart() { + ${command} restart +} + +reload() { + ${command} force-reload +} diff --git a/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall.service b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall.service new file mode 100644 index 000000000000..e663f08a08eb --- /dev/null +++ b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall.service @@ -0,0 +1,14 @@ +[Unit] +Description=A secure stateful firewall for both single and multi-homed machine +Before=network.target +Wants=network.target + +[Service] +Type=oneshot +ExecStart=/usr/sbin/arno-iptables-firewall start +ExecStop=/usr/sbin/arno-iptables-firewall stop +ExecReload=/usr/sbin/arno-iptables-firewall force-reload +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/arno-iptables-firewall/files/rc.firewall_replace_opts.patch b/net-firewall/arno-iptables-firewall/files/rc.firewall_replace_opts.patch new file mode 100644 index 000000000000..6c271d5584b3 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/files/rc.firewall_replace_opts.patch @@ -0,0 +1,11 @@ +--- contrib/Gentoo/rc.firewall 2012-11-29 08:44:13.000000000 +0100 ++++ contrib/Gentoo/rc.firewall.new 2012-12-15 18:38:12.179072084 +0100 +@@ -1,6 +1,7 @@ + #!/sbin/runscript + +-opts="${opts} stats help reload" ++extra_commands="stats help" ++extra_started_commands="reload" + + depend() { + before net diff --git a/net-firewall/arno-iptables-firewall/metadata.xml b/net-firewall/arno-iptables-firewall/metadata.xml new file mode 100644 index 000000000000..5a526d1b97d2 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>proxy-maintainers</herd> +<maintainer> + <email>erkiferenc@gmail.com</email> + <name>Ferenc Erki</name> +</maintainer> +<use> + <flag name='plugins'>Install optional plugins</flag> +</use> +</pkgmetadata> diff --git a/net-firewall/arptables/Manifest b/net-firewall/arptables/Manifest new file mode 100644 index 000000000000..9f893d711cfa --- /dev/null +++ b/net-firewall/arptables/Manifest @@ -0,0 +1 @@ +DIST arptables-v0.0.3-4.tar.gz 44335 SHA256 e529fd465c67d69ad335299a043516e6b38cdcd337a5ed21718413e96073f928 diff --git a/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild b/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild new file mode 100644 index 000000000000..fa5e7726722d --- /dev/null +++ b/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="2" +inherit versionator eutils + +MY_P=${PN}-v$(replace_version_separator 3 - ) + +DESCRIPTION="set up, maintain, and inspect the tables of ARP rules in the Linux kernel" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="mirror://sourceforge/ebtables/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc x86" +IUSE="" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + epatch "${FILESDIR}/${P}-ldflags.patch" + epatch "${FILESDIR}/${P}-arptables_save.patch" + epatch "${FILESDIR}/${P}-manpage.patch" + epatch "${FILESDIR}/${P}-type.patch" +} + +src_compile() { + # -O0 does not work and at least -O2 is required, bug #240752 + emake CC="$(tc-getCC)" COPT_FLAGS="-O2 ${CFLAGS//-O0/-O2}" || die "make failed" + sed -ie 's:__EXEC_PATH__:/sbin:g' arptables-save arptables-restore \ + || die "sed failed" +} + +src_install() { + into / + dosbin arptables arptables-restore arptables-save || die + doman arptables.8 || die +} diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch b/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch new file mode 100644 index 000000000000..a1b60b24ea10 --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch @@ -0,0 +1,24 @@ +# Don't resolve host names and don't convert '*' interface names to any. +# Remove '*' interface names. + +diff -urNad arptables-0.0.3.3~/arptables-save arptables-0.0.3.3/arptables-save +--- arptables-0.0.3.3~/arptables-save 2009-08-19 14:17:17.000000000 +0200 ++++ arptables-0.0.3.3/arptables-save 2009-08-19 14:19:58.000000000 +0200 +@@ -35,6 +35,8 @@ + # Due to arptables "issues" with displaying device names + # we need to use -v and then do some processing + $line =~ s/\s,\s.*//; ++ $line =~ s/-i\s\*//; ++ $line =~ s/-o\s\*//; + $rules = $rules . "-A $chain $line\n"; + } + +@@ -47,7 +49,7 @@ + # ======================================================== + + unless (-x "$tool") { print "ERROR: Tool $tool isn't executable"; exit -1; }; +-$table =`$tool -t filter -L -v`; ++$table =`$tool -t filter -L -v -n`; + unless ($? == 0) { print $table; exit -1 }; + &process_table($table); + diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch b/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch new file mode 100644 index 000000000000..b5ced69c504b --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch @@ -0,0 +1,13 @@ +=== modified file 'Makefile' +--- Makefile 2010-09-15 11:51:49 +0000 ++++ Makefile 2010-09-15 11:52:56 +0000 +@@ -31,7 +31,7 @@ + $(CC) $(CFLAGS) -c -o $@ $< + + arptables: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS) +- $(CC) $(CFLAGS) -o $@ $^ ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ + + $(DESTDIR)$(MANDIR)/man8/arptables.8: arptables.8 + mkdir -p $(@D) + diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch b/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch new file mode 100644 index 000000000000..76295b6d9b5c --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch @@ -0,0 +1,12 @@ +diff -urNad arptables-0.0.3.3~/arptables.8 arptables-0.0.3.3/arptables.8 +--- arptables-0.0.3.3~/arptables.8 2007-08-19 15:04:51.000000000 +0200 ++++ arptables-0.0.3.3/arptables.8 2008-05-08 18:56:35.000000000 +0200 +@@ -22,7 +22,7 @@ + .\" + .\" + .SH NAME +-arptables (v.0.0.3-3) \- ARP table administration ++arptables \- ARP table administration + .SH SYNOPSIS + .BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ] + .br diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-type.patch b/net-firewall/arptables/files/arptables-0.0.3.4-type.patch new file mode 100644 index 000000000000..851bf0ee247f --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-type.patch @@ -0,0 +1,17 @@ +# Patch from Jeroen van Wolffelaar <jeroen@wolffelaar.nl> to make +# arptables --proto-type also accept hexadecimal inputs (ethernet protocol +# numbers are often specfied in hex, not decimal), using standard strtol() +# behaviour (hex iff starts with 0x). + +diff -urNad arptables-0.0.3.3~/arptables.c arptables-0.0.3.3/arptables.c +--- arptables-0.0.3.3~/arptables.c 2007-08-19 15:04:51.000000000 +0200 ++++ arptables-0.0.3.3/arptables.c 2008-05-08 19:16:43.000000000 +0200 +@@ -2039,7 +2039,7 @@ + check_inverse(optarg, &invert, &optind, argc); + set_option(&options, OPT_P_TYPE, &fw.arp.invflags, + invert); +- if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 10)) { ++ if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 0)) { + if (strcasecmp(argv[optind-1], "ipv4")) + exit_error(PARAMETER_PROBLEM, "Problem with specified protocol type"); + fw.arp.arpro = htons(0x800); diff --git a/net-firewall/arptables/metadata.xml b/net-firewall/arptables/metadata.xml new file mode 100644 index 000000000000..23b2d799bbe8 --- /dev/null +++ b/net-firewall/arptables/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>base-system</herd> + <upstream> + <remote-id type="sourceforge">ebtables</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/conntrack-tools/Manifest b/net-firewall/conntrack-tools/Manifest new file mode 100644 index 000000000000..b523438b4dde --- /dev/null +++ b/net-firewall/conntrack-tools/Manifest @@ -0,0 +1 @@ +DIST conntrack-tools-1.4.2.tar.bz2 472074 SHA256 e5c423dc077f9ca8767eaa6cf40446943905711c6a8fe27f9cc1977d4d6aa11e SHA512 1fed742593caf8bbac96a58df8f7e806d1c0f1dfea8fc601d65aa89b4243b1022949a2bf03ab0ca25994a13e50b3b1ee43a31827e0dc4da1399801ddac623d56 WHIRLPOOL 7405e8b812c98c06bdcdbfea983178f5830001cf247b9a63aac6e19e2497b1bf2bdf8c7c6445dad60f5463eff6cc0ea58d14eca2990b2b3b3f54032daca85572 diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild new file mode 100644 index 000000000000..eab048983e3d --- /dev/null +++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit autotools eutils linux-info + +DESCRIPTION="Connection tracking userspace tools" +HOMEPAGE="http://conntrack-tools.netfilter.org" +SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 hppa x86" +IUSE="doc" + +RDEPEND=" + >=net-libs/libmnl-1.0.3 + >=net-libs/libnetfilter_conntrack-1.0.4 + >=net-libs/libnetfilter_cthelper-1.0.0 + >=net-libs/libnetfilter_cttimeout-1.0.0 + >=net-libs/libnetfilter_queue-1.0.2 + >=net-libs/libnfnetlink-1.0.1 +" +DEPEND="${RDEPEND} + doc? ( + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + ) + virtual/pkgconfig + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is lt 2 6 18 ; then + die "${PN} requires at least 2.6.18 kernel version" + fi + + #netfilter core team has changed some option names with kernel 2.6.20 + if kernel_is lt 2 6 20 ; then + CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK" + else + CONFIG_CHECK="~NF_CT_NETLINK" + fi + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK + ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS" + + check_extra_config + + linux_config_exists || \ + linux_chkconfig_present "NF_CONNTRACK_IPV4" || \ + linux_chkconfig_present "NF_CONNTRACK_IPV6" || \ + ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \ + "are not set when one at least should be." +} + +src_prepare() { + # bug #474858 + sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed' + + epatch_user + eautoreconf +} + +src_compile() { + default + use doc && emake -C doc/manual +} + +src_install() { + default + + newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd + newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd + + insinto /etc/conntrackd + doins doc/stats/conntrackd.conf + + dodoc -r doc/sync doc/stats AUTHORS TODO + use doc && dohtml doc/manual/${PN}.html +} diff --git a/net-firewall/conntrack-tools/files/conntrackd.confd-r2 b/net-firewall/conntrack-tools/files/conntrackd.confd-r2 new file mode 100644 index 000000000000..01c0633809d5 --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrackd.confd-r2 @@ -0,0 +1,14 @@ +# conntrackd config file +# default: /etc/conntrackd/conntrackd.conf +#CONNTRACKD_CFG=/etc/conntrackd/conntrackd.conf + +# conntrackd lockfile (must match the "LockFile" entry +# from the "General" section in the config file) +# default: /run/lock/conntrack.lock +#CONNTRACKD_LOCK=/run/lock/conntrack.lock + +# extra options for conntrackd +#CONNTRACKD_OPTS="" # you must NOT use -C here! + +# depend on a specific network interface +#rc_need="net.eth1" diff --git a/net-firewall/conntrack-tools/files/conntrackd.initd-r3 b/net-firewall/conntrack-tools/files/conntrackd.initd-r3 new file mode 100644 index 000000000000..5309321ff8ab --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrackd.initd-r3 @@ -0,0 +1,77 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +CONNTRACKD_BIN="/usr/sbin/conntrackd" +CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf} +CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/run/lock/conntrack.lock} + +depend() { + use logger + need net +} + +checkconfig() { + # check for netfilter conntrack kernel support + local nf_ct_available=0 + for k in net.netfilter.nf_conntrack_max \ + net.ipv4.netfilter.ip_conntrack_max \ + net.nf_conntrack_max; do + if sysctl -e -n ${k} &>/dev/null; then + nf_ct_available=1 # sysctl key found + break + fi + done + if [ ${nf_ct_available} -eq 0 ]; then + eerror + eerror "Your kernel is missing netfilter conntrack support!" + eerror "Make sure your kernel was compiled with netfilter conntrack support." + eerror + eerror "If it was compiled as a module you need to ensure the module is being" + eerror "loaded before starting conntrackd." + eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)" + eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module" + eerror "by hand like this, depending on your kernel version:" + eerror + eerror " modprobe nf_conntrack # (for newer kernels)" + eerror " modprobe ip_conntrack # (for older kernels)" + eerror + return 1 + fi + # check for config file + if [ ! -e "${CONNTRACKD_CFG}" ]; then + eerror + eerror "The conntrackd config file (${CONNTRACKD_CFG})" + eerror "is missing!" + eerror + return 1 + fi + # check for leftover lockfile + if [ -f "${CONNTRACKD_LOCK}" ]; then + ewarn + ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})" + ewarn "exists although the service is not marked as started." + ewarn "Will remove the lockfile and start the service in 10s" + ewarn "if not interrupted..." + ewarn + sleep 10 + if ! rm -f "${CONNTRACKD_LOCK}"; then + eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})" + return 1 + fi + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting conntrackd" + start-stop-daemon --start --exec "${CONNTRACKD_BIN}" \ + -- -d -C "${CONNTRACKD_CFG}" ${CONNTRACKD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping conntrackd" + start-stop-daemon --stop --exec "${CONNTRACKD_BIN}" + eend $? +} diff --git a/net-firewall/conntrack-tools/metadata.xml b/net-firewall/conntrack-tools/metadata.xml new file mode 100644 index 000000000000..5c490dd32d99 --- /dev/null +++ b/net-firewall/conntrack-tools/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <longdescription lang="en"> + A set of tools targeted at system administrators. They are conntrack, + the userspace command line interface, and conntrackd, the userspace + daemon. + </longdescription> +</pkgmetadata> diff --git a/net-firewall/dshieldpy/Manifest b/net-firewall/dshieldpy/Manifest new file mode 100644 index 000000000000..e660f2a3b175 --- /dev/null +++ b/net-firewall/dshieldpy/Manifest @@ -0,0 +1 @@ +DIST dshieldpy-3.2.tar.gz 28754 SHA256 c7fe2bcbf250e86af30b5ddc294da0c1508b82f90dfc57c5991c1330c350db8b diff --git a/net-firewall/dshieldpy/dshieldpy-3.2-r1.ebuild b/net-firewall/dshieldpy/dshieldpy-3.2-r1.ebuild new file mode 100644 index 000000000000..8c3cc06c927f --- /dev/null +++ b/net-firewall/dshieldpy/dshieldpy-3.2-r1.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" +PYTHON_DEPEND="2" +inherit python + +DESCRIPTION="Python script to submit firewall logs to dshield.org" +HOMEPAGE="http://dshieldpy.sourceforge.net/" +SRC_URI="mirror://sourceforge/dshieldpy/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="" +DEPEND="" +RDEPEND="" +S=${WORKDIR}/DShield.py + +src_install() { + dodoc CHANGELOG README* + dobin dshield.py + + insinto /etc + doins dshieldpy.conf + python_convert_shebangs 2 "${ED}"usr/bin/dshield.py +} diff --git a/net-firewall/dshieldpy/metadata.xml b/net-firewall/dshieldpy/metadata.xml new file mode 100644 index 000000000000..798fd62f4e36 --- /dev/null +++ b/net-firewall/dshieldpy/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="sourceforge">dshieldpy</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest new file mode 100644 index 000000000000..68edfb1359dd --- /dev/null +++ b/net-firewall/ebtables/Manifest @@ -0,0 +1 @@ +DIST ebtables-v2.0.10-4.tar.gz 103764 SHA256 dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d SHA512 a6832453812eaede3fcbb5b4cab5902ea1ea752a80a259eed276a01b61e2afaa6cf07d3d023d86a883f9a02505aecc44a1c6e0d27b3a61f341002e4c051cd60a WHIRLPOOL 5a1e0703e3fd5c79e149824e789646d042660081fb8a9f301fa4cc2716e84fbf842216d5b6b4c8c33de3b6949bfbfcaa2eb7293fe7afa71a2305de8f70abd57d diff --git a/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild new file mode 100644 index 000000000000..5bd127821e76 --- /dev/null +++ b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit versionator eutils toolchain-funcs multilib flag-o-matic + +MY_PV=$(replace_version_separator 3 '-' ) +MY_P=${PN}-v${MY_PV} + +DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz" + +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="static" +LICENSE="GPL-2" +SLOT="0" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + if use static; then + ewarn "You've chosen static build which is useful for embedded devices." + ewarn "It has no init script. Make sure that's really what you want." + fi +} + +src_prepare() { + # Enhance ebtables-save to take table names as parameters bug #189315 + epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff" + + sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \ + -e "s,^BINDIR:=.*,BINDIR:=/sbin," \ + -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \ + -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \ + -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile +} + +src_compile() { + # This package uses _init functions to initialise extensions. With + # --as-needed this will not work. + append-ldflags $(no-as-needed) + # This package correctly aliases pointers, but gcc is unable to know that: + # unsigned char ip[4]; + # if (*((uint32_t*)ip) == 0) { + #append-cflags -Wno-strict-aliasing + emake \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + $(use static && echo static) +} + +src_install() { + if ! use static; then + make DESTDIR="${D}" install + keepdir /var/lib/ebtables/ + newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables + newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables + else + into / + newsbin static ebtables + insinto /etc + doins ethertypes + fi + dodoc ChangeLog THANKS || die +} diff --git a/net-firewall/ebtables/ebtables-2.0.10.4.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4.ebuild new file mode 100644 index 000000000000..75eec735f5cc --- /dev/null +++ b/net-firewall/ebtables/ebtables-2.0.10.4.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit versionator eutils toolchain-funcs multilib flag-o-matic + +MY_PV=$(replace_version_separator 3 '-' ) +MY_P=${PN}-v${MY_PV} + +DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz" + +KEYWORDS="amd64 ppc x86" +IUSE="static" +LICENSE="GPL-2" +SLOT="0" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + if use static; then + ewarn "You've chosen static build which is useful for embedded devices." + ewarn "It has no init script. Make sure that's really what you want." + fi +} + +src_prepare() { + # Enhance ebtables-save to take table names as parameters bug #189315 + epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff" + + sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \ + -e "s,^BINDIR:=.*,BINDIR:=/sbin," \ + -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \ + -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \ + -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile +} + +src_compile() { + # This package uses _init functions to initialise extensions. With + # --as-needed this will not work. + append-ldflags $(no-as-needed) + # This package correctly aliases pointers, but gcc is unable to know that: + # unsigned char ip[4]; + # if (*((uint32_t*)ip) == 0) { + #append-cflags -Wno-strict-aliasing + emake \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + $(use static && echo static) +} + +src_install() { + if ! use static; then + make DESTDIR="${D}" install + keepdir /var/lib/ebtables/ + newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables + newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables + else + into / + newsbin static ebtables + insinto /etc + doins ethertypes + fi + dodoc ChangeLog THANKS || die +} diff --git a/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff new file mode 100644 index 000000000000..cdfd823447ed --- /dev/null +++ b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff @@ -0,0 +1,31 @@ +--- ./ebtables-save.orig 2007-09-28 22:50:35.000000000 +0400 ++++ ./ebtables-save 2007-09-28 22:51:22.000000000 +0400 +@@ -12,6 +12,7 @@ + my $cnt = ""; + my $version = "1.0"; + my $table_name; ++my @table_names; + + # ======================================================== + # Process filter table +@@ -49,12 +50,19 @@ + } + # ======================================================== + ++if ($#ARGV + 1 == 0) { ++ @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`); ++} ++else { ++ @table_names = @ARGV; ++} ++# ======================================================== + unless (-x $ebtables) { exit -1 }; + print "# Generated by ebtables-save v$version on " . `date`; + if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") { + $cnt = "--Lc"; + } +-foreach $table_name (split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`)) { ++foreach $table_name (@table_names) { + $table =`$ebtables -t $table_name -L $cnt`; + unless ($? == 0) { print $table; exit -1 }; + &process_table($table); diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1 new file mode 100644 index 000000000000..645b26edae99 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.confd-r1 @@ -0,0 +1,11 @@ +# /etc/conf.d/ebtables + +# Location in which ebtables initscript will save set rules on +# service shutdown +EBTABLES_SAVE="/var/lib/ebtables/rules-save" + +# Options to pass to ebtables-save and ebtables-restore +SAVE_RESTORE_OPTIONS="" + +# Save state on stopping ebtables +SAVE_ON_STOP="yes" diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1 new file mode 100644 index 000000000000..770dd435d907 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.initd-r1 @@ -0,0 +1,102 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save panic" +extra_started_commands="reload" + +ebtables_bin="/sbin/ebtables" +ebtables_save=${EBTABLES_SAVE} + +depend() { + before net + use logger +} + +ebtables_tables() { + for table in filter nat broute; do + if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then + echo -n "${table} " + fi + done +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + broute) chains="BROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${ebtables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkconfig() { + if [ ! -f ${ebtables_save} ] ; then + eerror "Not starting ebtables. First create some rules then run:" + eerror "/etc/init.d/ebtables save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ebtables state and starting bridge firewall" + ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + ebegin "Stopping bridge firewall" + local a + for a in $(ebtables_tables); do + set_table_policy $a ACCEPT + + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? +} + +reload() { + ebegin "Flushing bridge firewall" + local a + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? + + start +} + +save() { + ebegin "Saving ebtables state" + touch "${ebtables_save}" + chmod 0600 "${ebtables_save}" + ${ebtables_bin}-save $(ebtables_tables) ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}" + eend $? +} + +panic() { + service_started ebtables && svc_stop + + local a + ebegin "Dropping all packets forwarded on bridges" + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/ebtables/metadata.xml b/net-firewall/ebtables/metadata.xml new file mode 100644 index 000000000000..23b2d799bbe8 --- /dev/null +++ b/net-firewall/ebtables/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>base-system</herd> + <upstream> + <remote-id type="sourceforge">ebtables</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ferm/Manifest b/net-firewall/ferm/Manifest new file mode 100644 index 000000000000..5f8e916d72e0 --- /dev/null +++ b/net-firewall/ferm/Manifest @@ -0,0 +1 @@ +DIST ferm-2.2.tar.gz 118828 SHA256 6d5447a2560495f34da78b4189b5d04d5cc1fca6733496de94ba900aec8b7a63 SHA512 af703c8a77f41c08b59c88cad523427dd5ab2a9209b51c2396d4eb7d5922e1821beeded9b4d0cdc33d7c757cdbf4c825332c7493522f548bfd9294f3657b807b WHIRLPOOL 3f86002b4b7a1ec2f9986ec74579a5ad300dd01601e66c6b5ccaee04eb0befe9955e8df8372bded2a7d03d80a9ce8cb2493f2d9e7a51d4a57483dba80a986ddb diff --git a/net-firewall/ferm/ferm-2.2.ebuild b/net-firewall/ferm/ferm-2.2.ebuild new file mode 100644 index 000000000000..3cceec1f2cff --- /dev/null +++ b/net-firewall/ferm/ferm-2.2.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit versionator systemd + +MY_PV="$(get_version_component_range 1-2)" + +DESCRIPTION="Command line util for managing firewall rules" +HOMEPAGE="http://ferm.foo-projects.org/" +SRC_URI="http://ferm.foo-projects.org/download/${MY_PV}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc x86" +IUSE="" + +# does not install any perl libs +RDEPEND="dev-lang/perl:* + net-firewall/iptables + virtual/perl-File-Spec" + +src_compile() { :; } + +src_install () { + dobin src/{,import-}ferm + dodoc -r AUTHORS NEWS README TODO doc/*.txt examples + doman doc/*.1 + dohtml doc/*.html + + systemd_dounit ferm.service +} + +pkg_postinst() { + elog "See /usr/share/doc/${PF}/examples for sample configs" +} diff --git a/net-firewall/ferm/metadata.xml b/net-firewall/ferm/metadata.xml new file mode 100644 index 000000000000..91f4e72fb544 --- /dev/null +++ b/net-firewall/ferm/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest new file mode 100644 index 000000000000..e571ba74fdef --- /dev/null +++ b/net-firewall/firehol/Manifest @@ -0,0 +1,2 @@ +DIST firehol-1.273.tar.bz2 128128 SHA256 e8d3b4ac3e54097c0e0f14bfab773a75d43b522fa123a42088b7f23f13495ea2 SHA512 dbb311fb9d4fa8861480bae1fac449ce85f52612264ec21658946d87be02027c37af13b754acd791ad454964c588897f8187ec8ce80de3b3ed8a888429bfd708 WHIRLPOOL 0fa7f7644d7bf0268bfc6e817eeb95e7c1784cefa6d4a930c2fec6644774347c28e7a4d39c55df7a4e0f7a0c4697ce6b3c4bafdf6e2124bd478c097b9a6cfb27 +DIST firehol-2.0.2.tar.xz 918860 SHA256 8778d0fc891676777b55e68d852a765205a995029f6e9f599c0090a14ca8ee7c SHA512 d125c4ca7d60494afde04f806bb0fc44ebdb12d7bf59e027c441a087082d9c326d009ba568ef640b01409abdecc3c192a9ae6db6c7370ad0221a19cb3a706902 WHIRLPOOL 10b6edee6a4db07a217e7d13eea4dc5ba02d7f3a44ba1955a5b138a09aa41aea6e39acbcdb04e0ee80d22f3f1d9fc1f061d26d7a10a9d1a7f02230ca21efe514 diff --git a/net-firewall/firehol/files/RESERVED_IPS b/net-firewall/firehol/files/RESERVED_IPS new file mode 100644 index 000000000000..2cfd261c132c --- /dev/null +++ b/net-firewall/firehol/files/RESERVED_IPS @@ -0,0 +1,19 @@ +0.0.0.0/8 +10.0.0.0/8 +127.0.0.0/8 +240.0.0.0/8 +241.0.0.0/8 +242.0.0.0/8 +243.0.0.0/8 +244.0.0.0/8 +245.0.0.0/8 +246.0.0.0/8 +247.0.0.0/8 +248.0.0.0/8 +249.0.0.0/8 +250.0.0.0/8 +251.0.0.0/8 +252.0.0.0/8 +253.0.0.0/8 +254.0.0.0/8 +255.0.0.0/8 diff --git a/net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch b/net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch new file mode 100644 index 000000000000..99a958aa701f --- /dev/null +++ b/net-firewall/firehol/files/firehol-1.273-CVE-2008-4953.patch @@ -0,0 +1,58 @@ +From 545db8cd292957158bf3fa1c1c370e4be83c6688 Mon Sep 17 00:00:00 2001 +From: Robert Buchholz <rbu@goodpoint.de> +Date: Tue, 6 Jan 2009 23:26:00 +0100 +Subject: [PATCH] Use mktemp instead of relying that $$-$RANDOM-$RANDOM does not exist. + +References: +* CVE-2008-4953 +* https://bugs.gentoo.org/246013 +--- + firehol.sh | 25 +++++++++---------------- + 1 files changed, 9 insertions(+), 16 deletions(-) + +diff --git a/firehol.sh b/firehol.sh +index 6acb497..f5dba16 100755 +--- a/firehol.sh ++++ b/firehol.sh +@@ -238,8 +238,15 @@ ${IPTABLES_CMD} -nxvL >/dev/null 2>&1 + # ---------------------------------------------------------------------- + # Directories and files + +-# These files will be created and deleted during our run. +-FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}" ++# Create an empty temporary directory we need for this run. ++if ! FIREHOL_DIR="`mktemp -d -t .firehol-tmp-XXXXXX`" ++then ++ echo >&2 ++ echo >&2 ++ echo >&2 "Cannot create temporary directory." ++ echo >&2 ++ exit 1 ++fi + FIREHOL_CHAINS_DIR="${FIREHOL_DIR}/chains" + FIREHOL_OUTPUT="${FIREHOL_DIR}/firehol-out.sh" + FIREHOL_SAVED="${FIREHOL_DIR}/firehol-save.sh" +@@ -329,20 +336,6 @@ then + "${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}/services" + fi + +-# Remove any old directories that might be there. +-if [ -d "${FIREHOL_DIR}" ] +-then +- "${RM_CMD}" -rf "${FIREHOL_DIR}" +- if [ $? -ne 0 -o -e "${FIREHOL_DIR}" ] +- then +- echo >&2 +- echo >&2 +- echo >&2 "Cannot clean temporary directory '${FIREHOL_DIR}'." +- echo >&2 +- exit 1 +- fi +-fi +-"${MKDIR_CMD}" "${FIREHOL_DIR}" || exit 1 + "${MKDIR_CMD}" "${FIREHOL_CHAINS_DIR}" || exit 1 + + # prepare the file that will hold all modules to be loaded. +-- +1.6.0.4 + diff --git a/net-firewall/firehol/files/firehol-1.273-log-output.patch b/net-firewall/firehol/files/firehol-1.273-log-output.patch new file mode 100644 index 000000000000..66f0fd4c9b2e --- /dev/null +++ b/net-firewall/firehol/files/firehol-1.273-log-output.patch @@ -0,0 +1,11 @@ +--- firehol.sh-old 2010-08-11 09:01:29.000000000 -0600 ++++ firehol.sh 2010-08-12 09:22:07.000000000 -0600 +@@ -5212,7 +5212,7 @@ + printf >&2 "\n" + echo >&2 "OUTPUT : " + echo >&2 +- ${CAT_CMD} ${FIREHOL_OUTPUT}.log ++ ${CAT_CMD} ${FIREHOL_OUTPUT}.log >&2 + echo >&2 + + return 0 diff --git a/net-firewall/firehol/files/firehol-2.0.2-autosave.patch b/net-firewall/firehol/files/firehol-2.0.2-autosave.patch new file mode 100644 index 000000000000..f552b2b167b3 --- /dev/null +++ b/net-firewall/firehol/files/firehol-2.0.2-autosave.patch @@ -0,0 +1,18 @@ +diff -urNp firehol-2.0.1/sbin/firehol.in firehol-2.0.1.new/sbin/firehol.in +--- firehol-2.0.1/sbin/firehol.in 2015-02-15 17:08:03.000000000 +0200 ++++ firehol-2.0.1.new/sbin/firehol.in 2015-04-14 18:05:22.262234003 +0300 +@@ -846,12 +846,12 @@ test -z "$FIREHOL_ROUTING" && \ + # Where /etc/init.d/iptables expects its configuration? + # Leave it empty for automatic detection + test -z "$FIREHOL_AUTOSAVE" && \ +- FIREHOL_AUTOSAVE= ++ FIREHOL_AUTOSAVE="@FIREHOL_AUTOSAVE@" + + # Where /etc/init.d/ip6tables expects its configuration? + # Leave it empty for automatic detection + test -z "$FIREHOL_AUTOSAVE6" && \ +- FIREHOL_AUTOSAVE6= ++ FIREHOL_AUTOSAVE6="@FIREHOL_AUTOSAVE6@" + + # Set to non-empty to wait (max 60 seconds) for a network interface + test -z "$WAIT_FOR_IFACE" && \ diff --git a/net-firewall/firehol/files/firehol.conf.d b/net-firewall/firehol/files/firehol.conf.d new file mode 100644 index 000000000000..c8b06e0eaf09 --- /dev/null +++ b/net-firewall/firehol/files/firehol.conf.d @@ -0,0 +1,2 @@ +#Locate of FireHOL conf file +FIREHOL_CONF="/etc/firehol/firehol.conf" diff --git a/net-firewall/firehol/files/firehol.initrd.1 b/net-firewall/firehol/files/firehol.initrd.1 new file mode 100644 index 000000000000..8d34b68b14ee --- /dev/null +++ b/net-firewall/firehol/files/firehol.initrd.1 @@ -0,0 +1,67 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save panic try" +extra_started_commands="reload" + +depend() { + need localmount + after bootmisc + before net + provide firewall +} + +checkrules() { + if [ ! -f ${FIREHOL_CONF} ]; then + eerror "Not starting FireHOL. Create ${FIREHOL_CONF}" + eerror "and fill it with some rules." + eerror "man firehol.conf for more info." + return 1 + fi +} + +start() { + checkrules || return 1 + ebegin "Starting FireHOL" + /usr/sbin/firehol ${FIREHOL_CONF} start > /dev/null + eend $? +} + +stop() { + ebegin "Stopping FireHOL" + /usr/sbin/firehol stop > /dev/null + eend $? +} + +restart() { + ebegin "Restarting Firewall" + svc_stop; + svc_start; + eend $? +} + +try() { + ebegin "Trying FireHOL configuration" + /usr/sbin/firehol ${FIREHOL_CONF} try + eend $? +} + +status() { + ebegin "Showing FireHOL status" + /usr/sbin/firehol status + eend $? +} + +panic() { + ebegin "FireHOL PANIC" + /usr/sbin/firehol panic + eend $? +} + +save() { + ebegin "Saving FireHOL configuration" + /usr/sbin/firehol save + eend $? +} diff --git a/net-firewall/firehol/files/fireqos.conf.d b/net-firewall/firehol/files/fireqos.conf.d new file mode 100644 index 000000000000..55fa2e037e01 --- /dev/null +++ b/net-firewall/firehol/files/fireqos.conf.d @@ -0,0 +1,2 @@ +#Locate of FireQOS conf file +FIREQOS="/etc/firehol/fireqos.conf" diff --git a/net-firewall/firehol/files/fireqos.initrd b/net-firewall/firehol/files/fireqos.initrd new file mode 100644 index 000000000000..ebfbaac5b6e2 --- /dev/null +++ b/net-firewall/firehol/files/fireqos.initrd @@ -0,0 +1,45 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + need localmount + after bootmisc + before net +} + +checkrules() { + if [ ! -f ${FIREQOS_CONF} ]; then + eerror "Not starting FireQOS. Create ${FIREQOS_CONF}" + eerror "and fill it with some rules." + eerror "man fireqos.conf for more info." + return 1 + fi +} + +start() { + checkrules || return 1 + ebegin "Starting FireQOS" + /usr/sbin/fireqos start ${FIREQOS_CONF} -- ${FIREQOS_EXTRA_ARGS} > /dev/null + eend $? +} + +stop() { + ebegin "Stopping FireQOS" + /usr/sbin/fireqos stop > /dev/null + eend $? +} + +restart() { + ebegin "Restarting FireQOS" + svc_stop; + svc_start; + eend $? +} + +status() { + ebegin "Showing FireQOS status" + /usr/sbin/fireqos status + eend $? +} diff --git a/net-firewall/firehol/firehol-1.273-r3.ebuild b/net-firewall/firehol/firehol-1.273-r3.ebuild new file mode 100644 index 000000000000..d5f5d8b2757f --- /dev/null +++ b/net-firewall/firehol/firehol-1.273-r3.ebuild @@ -0,0 +1,78 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 +inherit eutils linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="http://firehol.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +IUSE="" +KEYWORDS="amd64 ~ppc ~sparc x86" + +DEPEND="sys-apps/iproute2" +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal] + virtual/modutils + || ( + net-misc/wget + net-misc/curl + )" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2008-4953.patch + epatch "${FILESDIR}"/${P}-log-output.patch #332507 +} + +pkg_setup() { + local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \ + ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \ + ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \ + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER" + + get_version + if [ ${KV_PATCH} -ge 25 ]; then + CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}" + else + CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}" + fi + linux-info_pkg_setup +} + +src_install() { + newsbin firehol.sh firehol + + dodir /etc/firehol /etc/firehol/examples /etc/firehol/services + insinto /etc/firehol/examples + doins examples/* || die + + newconfd "${FILESDIR}"/firehol.conf.d firehol + newinitd "${FILESDIR}"/firehol.initrd.1 firehol + + dodoc ChangeLog README TODO WhatIsNew + dohtml doc/*.html doc/*.css + + docinto scripts + dodoc get-iana.sh adblock.sh + + doman man/*.1 man/*.5 + + # Install this RESERVED_IPS as discussed in bug #332135 + insinto /etc/firehol + doins "${FILESDIR}"/RESERVED_IPS +} + +pkg_postinst() { + elog "The default path to firehol's configuration file is /etc/firehol/firehol.conf" + elog "See /etc/firehol/examples for configuration examples." + # + # Install a default configuration if none is available yet + if [[ ! -e "${ROOT}/etc/firehol/firehol.conf" ]]; then + einfo "Installing a sample configuration as ${ROOT}/etc/firehol/firehol.conf" + cp "${ROOT}/etc/firehol/examples/client-all.conf" "${ROOT}/etc/firehol/firehol.conf" + fi +} diff --git a/net-firewall/firehol/firehol-2.0.2.ebuild b/net-firewall/firehol/firehol-2.0.2.ebuild new file mode 100644 index 000000000000..f39413ce29c1 --- /dev/null +++ b/net-firewall/firehol/firehol-2.0.2.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="http://firehol.sourceforge.net/" +SRC_URI="http://firehol.org/download/releases/v${PV}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +IUSE="doc" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" + +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal] + virtual/modutils + app-arch/gzip" +DEPEND="${RDEPEND}" + +pkg_setup() { + local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \ + ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \ + ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \ + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER" + + get_version + if [ ${KV_PATCH} -ge 25 ]; then + CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}" + else + CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}" + fi + linux-info_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}/${P}-autosave.patch" +} + +src_configure() { + # removing IP6TABLES_CMD has no effect and enable build + # without ipv6 available + econf \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + --with-autosave="${EPREFIX}/var/lib/iptables/rules-save" \ + --with-autosave6="${EPREFIX}/var/lib/ip6tables/rules-save" \ + $(use_enable doc) \ + IP6TABLES_CMD=/bin/false \ + IP6TABLES_SAVE_CMD=/bin/false +} + +src_install() { + default + + newconfd "${FILESDIR}"/firehol.conf.d firehol + newinitd "${FILESDIR}"/firehol.initrd.1 firehol + newconfd "${FILESDIR}"/fireqos.conf.d fireqos + newinitd "${FILESDIR}"/fireqos.initrd fireqos +} diff --git a/net-firewall/firehol/metadata.xml b/net-firewall/firehol/metadata.xml new file mode 100644 index 000000000000..7f679d64a788 --- /dev/null +++ b/net-firewall/firehol/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>alonbl@gentoo.org</email> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/firewalld/Manifest b/net-firewall/firewalld/Manifest new file mode 100644 index 000000000000..0a1e1cff4666 --- /dev/null +++ b/net-firewall/firewalld/Manifest @@ -0,0 +1,3 @@ +DIST firewalld-0.3.10.tar.bz2 548013 SHA256 0f5e051655fc06690f5ab72b1b38cb57b4368e49bd5ad98a27e2f88c79e82f2b SHA512 3fb3363959203d90d51b2c9b7b7819a4f3521a51a10a59d73d65054018e1fe90d0fdd2e31d0b83a3d38e2b2fd6e92fccd6dd2a30ec7f1be3f98a018a5a49aeac WHIRLPOOL fc6d1ceeb4e5ba91b072526ffa2dd7a790d883176104bec6e7e547b9035757ff22743746389f50edd32d646a07e9bf311b109f89b8c59acfa350e71176d0bd3c +DIST firewalld-0.3.13.tar.bz2 561948 SHA256 bca88cbce4290b6959b3c0eea560e7f19c7cf2f563caca585b7db5cd2fca8ac9 SHA512 987ea3e243f87b8ded2f9627b4efc9649a22d878d19b6b760ba1a281e9e7280abcda558feebe6bd30e1cd27e7277a8ec99a7da623c29f04ab290c1d7ac3d6789 WHIRLPOOL 795f63fa5415c37ea9c6a835860dca4eb71879d1d69fcd6fbb022d0c4b4ab507d74e0e17098724846bd97246be3a98fab1d25134df69c9ac25db2fb77508b159 +DIST firewalld-0.3.14.2.tar.bz2 617592 SHA256 4b6c3e1deab41b6002b8dc25639e466085941c98a6c14a56bef4f621a5651567 SHA512 18d57ca4501101b217b0854851f6bf18b5bd036e1e143ef1b3c2b97ef06e0cbb7399249f4904576381c9839a82ff51296f44f4520c7b221568c9e4518e593d8c WHIRLPOOL a00930a63dab654f64caac0deb5c24a28f5aa7c9882ca40bde642b9b765c9eeb81a582dcf015885b989543d4c85f6da6dc792c6532a844d87110bda2aa9a598f diff --git a/net-firewall/firewalld/files/firewalld-0.3.10-py3k-compat.patch b/net-firewall/firewalld/files/firewalld-0.3.10-py3k-compat.patch new file mode 100644 index 000000000000..e91590f1cff6 --- /dev/null +++ b/net-firewall/firewalld/files/firewalld-0.3.10-py3k-compat.patch @@ -0,0 +1,24 @@ +diff --git a/src/firewall/core/io/direct.py b/src/firewall/core/io/direct.py +index b698e4c..6b80201 100644 +--- a/src/firewall/core/io/direct.py ++++ b/src/firewall/core/io/direct.py +@@ -295,8 +295,8 @@ class Direct(IO_Object): + if len(self.passthroughs[ipv]) == 0: + del self.passthroughs[ipv] + else: +- raise ValueError, "Passthrough '%s' for ipv '%s'" % \ +- ("',".join(args), ipv) + "not in list" ++ raise ValueError("Passthrough '%s' for ipv '%s'" % \ ++ ("',".join(args), ipv) + "not in list") + + def query_passthrough(self, ipv, args): + return (ipv in self.passthroughs and args in self.passthroughs[ipv]) +@@ -305,7 +305,7 @@ class Direct(IO_Object): + if ipv in self.passthroughs: + return self.passthroughs[ipv] + else: +- raise ValueError, "No passthroughs for ipv '%s'" % (ipv) ++ raise ValueError("No passthroughs for ipv '%s'" % (ipv)) + + def get_all_passthroughs(self): + return self.passthroughs diff --git a/net-firewall/firewalld/files/firewalld.init b/net-firewall/firewalld/files/firewalld.init new file mode 100644 index 000000000000..3e8b2dd84fba --- /dev/null +++ b/net-firewall/firewalld/files/firewalld.init @@ -0,0 +1,13 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description="FirewallD" +command=/usr/sbin/firewalld +pidfile=/var/run/firewalld.pid + +depend() { + need dbus + provide iptables ip6tables ebtables +} diff --git a/net-firewall/firewalld/firewalld-0.3.10.ebuild b/net-firewall/firewalld/firewalld-0.3.10.ebuild new file mode 100644 index 000000000000..4e87f122943e --- /dev/null +++ b/net-firewall/firewalld/firewalld-0.3.10.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) +#BACKPORTS=190680ba + +inherit autotools eutils gnome2-utils python-r1 systemd multilib bash-completion-r1 + +DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall" +HOMEPAGE="http://fedorahosted.org/firewalld" +SRC_URI="https://fedorahosted.org/released/firewalld/${P}.tar.bz2 + ${BACKPORTS:+http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="gui" + +RDEPEND="${PYTHON_DEPS} + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/decorator[${PYTHON_USEDEP}] + >=dev-python/python-slip-0.2.7[dbus,${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + net-firewall/ebtables + net-firewall/iptables[ipv6] + || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) + gui? ( x11-libs/gtk+:3 )" +DEPEND="${RDEPEND} + dev-libs/glib:2 + >=dev-util/intltool-0.35 + sys-devel/gettext" + +src_prepare() { + [[ -n ${BACKPORTS} ]] && \ + EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ + epatch + + epatch "${FILESDIR}/${P}-py3k-compat.patch" + epatch_user + eautoreconf +} + +src_configure() { + python_setup + + econf \ + --enable-systemd \ + "$(systemd_with_unitdir 'systemd-unitdir')" \ + --with-bashcompletiondir="$(get_bashcompdir)" +} + +src_install() { + # manually split up the installation to avoid "file already exists" errors + emake -C config DESTDIR="${D}" install + emake -C po DESTDIR="${D}" install + emake -C shell-completion DESTDIR="${D}" install + emake -C doc DESTDIR="${D}" install + + install_python() { + emake -C src DESTDIR="${D}" pythondir="$(python_get_sitedir)" install + python_optimize + } + python_foreach_impl install_python + + python_replicate_script "${D}"/usr/bin/firewall-{offline-cmd,cmd,applet,config} + python_replicate_script "${D}/usr/sbin/firewalld" + + # Get rid of junk + rm -rf "${D}/etc/rc.d/" + rm -rf "${D}/etc/sysconfig/" + + # For non-gui installs we need to remove GUI bits + if ! use gui; then + rm -f "${D}/usr/bin/firewall-applet" + rm -f "${D}/usr/bin/firewall-config" + rm -rf "${D}/usr/share/icons" + rm -rf "${D}/usr/share/applications" + fi + + newinitd "${FILESDIR}"/firewalld.init firewalld +} + +pkg_preinst() { + gnome2_icon_savelist + gnome2_schemas_savelist +} + +pkg_postinst() { + gnome2_icon_cache_update + gnome2_schemas_update +} + +pkg_postrm() { + gnome2_icon_cache_update + gnome2_schemas_update +} diff --git a/net-firewall/firewalld/firewalld-0.3.13.ebuild b/net-firewall/firewalld/firewalld-0.3.13.ebuild new file mode 100644 index 000000000000..d979fe1bcbd1 --- /dev/null +++ b/net-firewall/firewalld/firewalld-0.3.13.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) +#BACKPORTS= + +inherit autotools eutils gnome2-utils python-r1 systemd multilib bash-completion-r1 + +DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall" +HOMEPAGE="http://fedorahosted.org/firewalld" +SRC_URI="https://fedorahosted.org/released/firewalld/${P}.tar.bz2 + ${BACKPORTS:+http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="gui" + +RDEPEND="${PYTHON_DEPS} + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/decorator[${PYTHON_USEDEP}] + >=dev-python/python-slip-0.2.7[dbus,${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + net-firewall/ebtables + net-firewall/iptables[ipv6] + || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) + gui? ( x11-libs/gtk+:3 )" +DEPEND="${RDEPEND} + dev-libs/glib:2 + >=dev-util/intltool-0.35 + sys-devel/gettext" + +src_prepare() { + [[ -n ${BACKPORTS} ]] && \ + EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ + epatch + + epatch "${FILESDIR}/${PN}-0.3.10-py3k-compat.patch" + epatch_user + eautoreconf +} + +src_configure() { + python_setup + + econf \ + --enable-systemd \ + "$(systemd_with_unitdir 'systemd-unitdir')" \ + --with-bashcompletiondir="$(get_bashcompdir)" +} + +src_install() { + # manually split up the installation to avoid "file already exists" errors + emake -C config DESTDIR="${D}" install + emake -C po DESTDIR="${D}" install + emake -C shell-completion DESTDIR="${D}" install + emake -C doc DESTDIR="${D}" install + + install_python() { + emake -C src DESTDIR="${D}" pythondir="$(python_get_sitedir)" install + python_optimize + } + python_foreach_impl install_python + + python_replicate_script "${D}"/usr/bin/firewall-{offline-cmd,cmd,applet,config} + python_replicate_script "${D}/usr/sbin/firewalld" + + # Get rid of junk + rm -rf "${D}/etc/rc.d/" + rm -rf "${D}/etc/sysconfig/" + + # For non-gui installs we need to remove GUI bits + if ! use gui; then + rm -f "${D}/usr/bin/firewall-applet" + rm -f "${D}/usr/bin/firewall-config" + rm -rf "${D}/usr/share/icons" + rm -rf "${D}/usr/share/applications" + fi + + newinitd "${FILESDIR}"/firewalld.init firewalld +} + +pkg_preinst() { + gnome2_icon_savelist + gnome2_schemas_savelist +} + +pkg_postinst() { + gnome2_icon_cache_update + gnome2_schemas_update +} + +pkg_postrm() { + gnome2_icon_cache_update + gnome2_schemas_update +} diff --git a/net-firewall/firewalld/firewalld-0.3.14.2.ebuild b/net-firewall/firewalld/firewalld-0.3.14.2.ebuild new file mode 100644 index 000000000000..5863d17d526e --- /dev/null +++ b/net-firewall/firewalld/firewalld-0.3.14.2.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) +#BACKPORTS= + +inherit autotools eutils gnome2-utils python-r1 systemd multilib bash-completion-r1 + +DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall" +HOMEPAGE="http://fedorahosted.org/firewalld" +SRC_URI="https://fedorahosted.org/released/firewalld/${P}.tar.bz2 + ${BACKPORTS:+http://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="gui" + +RDEPEND="${PYTHON_DEPS} + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/decorator[${PYTHON_USEDEP}] + >=dev-python/python-slip-0.2.7[dbus,${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + net-firewall/ebtables + net-firewall/iptables[ipv6] + || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) + gui? ( x11-libs/gtk+:3 )" +DEPEND="${RDEPEND} + dev-libs/glib:2 + >=dev-util/intltool-0.35 + sys-devel/gettext" + +src_prepare() { + [[ -n ${BACKPORTS} ]] && \ + EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ + epatch + + epatch_user + eautoreconf +} + +src_configure() { + python_setup + + econf \ + --enable-systemd \ + "$(systemd_with_unitdir 'systemd-unitdir')" \ + --with-bashcompletiondir="$(get_bashcompdir)" +} + +src_install() { + # manually split up the installation to avoid "file already exists" errors + emake -C config DESTDIR="${D}" install + emake -C po DESTDIR="${D}" install + emake -C shell-completion DESTDIR="${D}" install + emake -C doc DESTDIR="${D}" install + + install_python() { + emake -C src DESTDIR="${D}" pythondir="$(python_get_sitedir)" install + python_optimize + } + python_foreach_impl install_python + + python_replicate_script "${D}"/usr/bin/firewall-{offline-cmd,cmd,applet,config} + python_replicate_script "${D}/usr/sbin/firewalld" + + # Get rid of junk + rm -rf "${D}/etc/rc.d/" + rm -rf "${D}/etc/sysconfig/" + + # For non-gui installs we need to remove GUI bits + if ! use gui; then + rm -f "${D}/usr/bin/firewall-applet" + rm -f "${D}/usr/bin/firewall-config" + rm -rf "${D}/usr/share/icons" + rm -rf "${D}/usr/share/applications" + fi + + newinitd "${FILESDIR}"/firewalld.init firewalld +} + +pkg_preinst() { + gnome2_icon_savelist + gnome2_schemas_savelist +} + +pkg_postinst() { + gnome2_icon_cache_update + gnome2_schemas_update +} + +pkg_postrm() { + gnome2_icon_cache_update + gnome2_schemas_update +} diff --git a/net-firewall/firewalld/metadata.xml b/net-firewall/firewalld/metadata.xml new file mode 100644 index 000000000000..773fdd88c2cb --- /dev/null +++ b/net-firewall/firewalld/metadata.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>tamiko@gentoo.org</email> + <name>Matthias Maier</name> + <description>Please assign bugs to me</description> + </maintainer> + <maintainer> + <email>cardoe@gentoo.org</email> + <name>Doug Goldstein</name> + </maintainer> + <herd>virtualization</herd> + <use> + <flag name='gui'>Builds and installs GUI configurator and GTK+ applet</flag> + </use> +</pkgmetadata> + diff --git a/net-firewall/fwanalog/Manifest b/net-firewall/fwanalog/Manifest new file mode 100644 index 000000000000..3a12aefcdb00 --- /dev/null +++ b/net-firewall/fwanalog/Manifest @@ -0,0 +1 @@ +DIST fwanalog-0.6.4.tar.gz 128787 SHA256 8ddc4c7ec16e59a27691e25fdd1f266838230ee08c3495fa289db0e7fc008e13 SHA512 953ca03c070e82370dc2a993c19113b4a92f89be6a0d77edbbcb722420c9fc28d3f4bb454441c3e82f36eb27584ff88090beab18c095051a2e8ef7bc28b52da2 WHIRLPOOL 3b274f44788e411ddec0256e47f735de94cc2eadb66ab4f295986417cf3f4b525c0c35f40f83f5e5dec6179ea44d26cc61c8f74db5fc47d6b56f6eab174d9fa9 diff --git a/net-firewall/fwanalog/fwanalog-0.6.4.ebuild b/net-firewall/fwanalog/fwanalog-0.6.4.ebuild new file mode 100644 index 000000000000..8434ec8babe4 --- /dev/null +++ b/net-firewall/fwanalog/fwanalog-0.6.4.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +DESCRIPTION="Script to parse firewall logs and analyze them with Analog" +HOMEPAGE="http://tud.at/programm/fwanalog/" +SRC_URI="http://tud.at/programm/fwanalog/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 x86 ppc sparc" +IUSE="" + +DEPEND="" # this is just a bash script +RDEPEND="app-shells/bash + sys-apps/grep + virtual/awk + sys-apps/sed + app-arch/gzip + sys-apps/diffutils + dev-lang/perl + >=app-admin/analog-5.31" + +src_install() { + insinto /etc/fwanalog + + insopts -m0700 ; doins fwanalog.sh + + insopts -m0600 + doins fwanalog-dom.tab fwanalog.lng services.conf + doins fwanalog.analog.conf fwanalog.analog.conf.local + newins fwanalog.opts.linux24 fwanalog.opts + + dosed "s/\"zegrep\"/\"egrep\"/" /etc/fwanalog/fwanalog.opts + + dodoc CONTRIBUTORS ChangeLog README + docinto support ; dodoc support/* + docinto langfiles ; dodoc langfiles/* +} diff --git a/net-firewall/fwanalog/metadata.xml b/net-firewall/fwanalog/metadata.xml new file mode 100644 index 000000000000..f9d50da18d39 --- /dev/null +++ b/net-firewall/fwanalog/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + <description>This package lacks a primary herd or maintainer.</description> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/fwbuilder/Manifest b/net-firewall/fwbuilder/Manifest new file mode 100644 index 000000000000..46af7ab839a4 --- /dev/null +++ b/net-firewall/fwbuilder/Manifest @@ -0,0 +1,2 @@ +DIST fwbuilder-5.0.1.3592.tar.gz 6733502 SHA256 22120de712844b5d89a3f2924964c16cc86f96f2156ace7c3f551bd0d713c94b +DIST fwbuilder-5.1.0.3599.tar.gz 7182573 SHA256 452514a1ec0be1416bfca93603e6c89deb91d1a3a19671c64b5a8868a3743daf diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch new file mode 100644 index 000000000000..d9df8429d390 --- /dev/null +++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch @@ -0,0 +1,11 @@ +diff -Naurp fwbuilder-5.0.0.3568.orig//qmake.inc.in fwbuilder-5.0.0.3568//qmake.inc.in +--- fwbuilder-5.0.0.3568.orig//qmake.inc.in 2011-07-25 19:27:44.000000000 -0400 ++++ fwbuilder-5.0.0.3568//qmake.inc.in 2011-08-19 17:00:41.259985388 -0400 +@@ -39,6 +39,7 @@ unix { + QMAKE_CFLAGS_RELEASE += -Wno-unused-parameter + QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter + QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter ++ QMAKE_LFLAGS = @LDFLAGS@ + + !macx { + diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch new file mode 100644 index 000000000000..7849e2b6da95 --- /dev/null +++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch @@ -0,0 +1,11 @@ +--- a/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-06-04 15:02:55.909203733 -0400 ++++ b/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-06-04 15:04:54.079198998 -0400 +@@ -31,7 +31,7 @@ + + #include <time.h> //for time_t definition + #include <pthread.h> +- ++#include <unistd.h> + #include <string> + #include <queue> + diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch new file mode 100644 index 000000000000..3658c10a3eec --- /dev/null +++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch @@ -0,0 +1,51 @@ +From: Vadim Kurland <vadim@slot.vk.crocodile.org> +Date: Tue, 14 Feb 2012 04:59:26 +0000 (-0800) +Subject: fix for SF bug #3468802. Define macro __STDC_FORMAT_MACROS. This still +X-Git-Url: http://fwbuilder.git.sourceforge.net/git/gitweb.cgi?p=fwbuilder%2Ffwbuilder;a=commitdiff_plain;h=f97a1b50ba51be5fa31cc54dba829a9e77609160;hp=15565ade5dc843e5fefe83568a023c37256c3c3c + +fix for SF bug #3468802. Define macro __STDC_FORMAT_MACROS. This still +needs to be tested on all build machines. +--- + +diff --git a/qmake.inc.in b/qmake.inc.in +index 6bf27e0..3e31fd6 100644 +--- a/qmake.inc.in ++++ b/qmake.inc.in +@@ -67,6 +67,9 @@ unix { + + CONFIG += warn_on + ++ QMAKE_CXXFLAGS_DEBUG += -D__STDC_FORMAT_MACROS ++ QMAKE_CXXFLAGS_RELEASE += -D__STDC_FORMAT_MACROS ++ + } + } + +diff --git a/src/libfwbuilder/qmake.inc.in b/src/libfwbuilder/qmake.inc.in +index b4f15bb..a8114cf 100644 +--- a/src/libfwbuilder/qmake.inc.in ++++ b/src/libfwbuilder/qmake.inc.in +@@ -34,6 +34,9 @@ unix { + QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter @CXXFLAGS@ + QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter @CXXFLAGS@ + ++ QMAKE_CXXFLAGS_DEBUG += -D__STDC_FORMAT_MACROS ++ QMAKE_CXXFLAGS_RELEASE += -D__STDC_FORMAT_MACROS ++ + exec_prefix = @EXEC_PREFIX@ + DESTDIR = + +diff --git a/src/libfwbuilder/src/fwbuilder/uint128.h b/src/libfwbuilder/src/fwbuilder/uint128.h +index 0a2e7a4..b00ab47 100644 +--- a/src/libfwbuilder/src/fwbuilder/uint128.h ++++ b/src/libfwbuilder/src/fwbuilder/uint128.h +@@ -36,7 +36,7 @@ + + #include <stdio.h> + +-#define __STDC_FORMAT_MACROS ++// #define __STDC_FORMAT_MACROS + #include <inttypes.h> // for sprintf formats for "long long" + + // convinience macro + diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.1.0.3599-gcc47.patch b/net-firewall/fwbuilder/files/fwbuilder-5.1.0.3599-gcc47.patch new file mode 100644 index 000000000000..c909028467a8 --- /dev/null +++ b/net-firewall/fwbuilder/files/fwbuilder-5.1.0.3599-gcc47.patch @@ -0,0 +1,11 @@ +diff -ruN fwbuilder-5.1.0.3599.orig/src/libfwbuilder/src/fwbuilder/ThreadTools.h fwbuilder-5.1.0.3599/src/libfwbuilder/src/fwbuilder/ThreadTools.h +--- fwbuilder-5.1.0.3599.orig/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-03-23 07:10:54.000000000 +0100 ++++ fwbuilder-5.1.0.3599/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-06-27 02:33:32.122340892 +0200 +@@ -31,6 +31,7 @@ + + #include <time.h> //for time_t definition + #include <pthread.h> ++#include <unistd.h> + + #include <string> + #include <queue> diff --git a/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild b/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild new file mode 100644 index 000000000000..c96f3362220b --- /dev/null +++ b/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils base qt4-r2 multilib autotools + +DESCRIPTION="A firewall GUI" +HOMEPAGE="http://www.fwbuilder.org/" +SRC_URI="mirror://sourceforge/fwbuilder/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc ppc64 x86" +IUSE="" + +DEPEND=">=dev-qt/qtgui-4.3:4 + dev-libs/openssl + dev-libs/elfutils" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.0.3568-ldflags.patch" + "${FILESDIR}/${PN}-5.0.1.3592-gcc47.patch" +) + +src_prepare() { + # Fix a compile bug that affects some x86_64 platforms. + # Addressed in the upcoming 5.0.2.3596 release. + # Closes #395151. + epatch "${FILESDIR}/${P}-stdc-format-macros.patch" + + qt4-r2_src_prepare + sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die #398743 + eautoreconf +} + +src_configure() { + eqmake4 + # portage handles ccache/distcc itself + econf --without-{ccache,distcc} +} + +src_install() { + emake INSTALL_ROOT="${D}" install +} + +pkg_postinst() { + validate_desktop_entries + + elog "You need to emerge sys-apps/iproute2 on the machine" + elog "that will run the firewall script." +} diff --git a/net-firewall/fwbuilder/fwbuilder-5.1.0.3599.ebuild b/net-firewall/fwbuilder/fwbuilder-5.1.0.3599.ebuild new file mode 100644 index 000000000000..9980be17349a --- /dev/null +++ b/net-firewall/fwbuilder/fwbuilder-5.1.0.3599.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils base qt4-r2 multilib autotools + +DESCRIPTION="A firewall GUI" +HOMEPAGE="http://www.fwbuilder.org/" +SRC_URI="mirror://sourceforge/fwbuilder/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" +IUSE="" + +DEPEND=">=dev-qt/qtgui-4.3:4 + dev-libs/openssl + dev-libs/elfutils" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.0.3568-ldflags.patch" + "${FILESDIR}/${PN}-5.1.0.3599-gcc47.patch" +) + +src_prepare() { + qt4-r2_src_prepare + sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die #398743 + eautoreconf +} + +src_configure() { + eqmake4 + # portage handles ccache/distcc itself + econf --without-{ccache,distcc} +} + +src_install() { + emake INSTALL_ROOT="${D}" install +} + +pkg_postinst() { + validate_desktop_entries + + elog "You need to emerge sys-apps/iproute2 on the machine" + elog "that will run the firewall script." +} diff --git a/net-firewall/fwbuilder/metadata.xml b/net-firewall/fwbuilder/metadata.xml new file mode 100644 index 000000000000..bfd104c96f2d --- /dev/null +++ b/net-firewall/fwbuilder/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="sourceforge">fwbuilder</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/fwipsec/Manifest b/net-firewall/fwipsec/Manifest new file mode 100644 index 000000000000..bfbf2e2fd1af --- /dev/null +++ b/net-firewall/fwipsec/Manifest @@ -0,0 +1 @@ +DIST fwipsec-0.4.2.tar.bz2 13114 SHA256 8fa4204c968198a3ea40c8b5efa20c77258be4c912d11d16c1a4c51f712d9aa4 diff --git a/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild b/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild new file mode 100644 index 000000000000..cf42caca04d8 --- /dev/null +++ b/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild @@ -0,0 +1,29 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +S=${WORKDIR}/${PN} +DESCRIPTION="Firewall scripts that control iptables, FreeS/WAN, and squid" +HOMEPAGE="http://fwipsec.sourceforge.net/" +SRC_URI="mirror://gentoo/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +IUSE="" +KEYWORDS="alpha amd64 ~hppa ia64 ~mips ~ppc ~sparc x86" + +DEPEND=">=net-firewall/iptables-1.2.7 + sys-apps/iproute2" + +src_install() { + exeinto /etc/fwipsec + doexe fwipsec.* + doinitd fwipsec + + dodoc LICENSE DOCS/README* + doman DOCS/*.5 +} + +pkg_postinst() { + elog "Edit /etc/fwipsec/fwipsec.defs to set your base rules." +} diff --git a/net-firewall/fwipsec/metadata.xml b/net-firewall/fwipsec/metadata.xml new file mode 100644 index 000000000000..91f4e72fb544 --- /dev/null +++ b/net-firewall/fwipsec/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest new file mode 100644 index 000000000000..ae32b6f25adc --- /dev/null +++ b/net-firewall/fwknop/Manifest @@ -0,0 +1 @@ +DIST fwknop-2.6.6.tar.gz 2433846 SHA256 724e986b6bc47d3b6f5ba5c9232e2b411ae8ef4b2e8f7fffd16210c20d3be932 SHA512 ccd25701908a1bc653b59571013f0953ee40c967537b68cfaff48e1eea4fde11402712f70f07db308f7a37cfd49ef8ad11b1535d3012cf32e09cc677673c067f WHIRLPOOL df8025e8a2551e0485473715bc10fef31b373f38293b8f8f678aa7ec03f9fbe353a089cfbdbb783e5972b917313f4a90edfac4557e53bd962df6d8ba0e9fca2e diff --git a/net-firewall/fwknop/files/fwknopd.confd b/net-firewall/fwknop/files/fwknopd.confd new file mode 100644 index 000000000000..63bcd01dd82f --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.confd @@ -0,0 +1,21 @@ +# /etc/conf.d/fwknopd: config file for /etc/init.d/fwknopd + +# Path to the fwknopd config directory (needs to be an absolute path). + +FWKNOPD_CONFDIR="/etc/fwknop" + + +# Additional options to pass to fwknopd. +# Refer to the fwknopd(8) manpage for more information. + +#FWKNOPD_OPTS="" + + +# Pid file to use (needs to be an absolute path). + +#FWKNOPD_PIDFILE="/run/fwknop/fwknopd.pid" + + +# Path to the fwknopd binary (needs to be an absolute path). + +#FWKNOPD_BINARY="/usr/sbin/fwknopd" diff --git a/net-firewall/fwknop/files/fwknopd.init b/net-firewall/fwknop/files/fwknopd.init new file mode 100644 index 000000000000..232e1fc7b053 --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.init @@ -0,0 +1,92 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="checkconfig" +extra_started_commands="reload" + +: ${FWKNOPD_BINARY:=/usr/sbin/fwknopd} +: ${FWKNOPD_CONFDIR:=/etc/fwknop} +: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf} +: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid} + +depend() { + after iptables ip6tables ebtables firewall + use logger + if [ "${rc_need+set}" = "set" ]; then + : # Do nothing, the user has explicitly set rc_need + else + local x warn_intf + for x in $(awk '/^PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do + warn_intf="${warn_intf} ${x}" + done + if [ -n "${warn_intf}" ]; then + need net + ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!" + ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME}," + ewarn "where FOO is the following interface(s):" + ewarn "${warn_intf}" + else + # if PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0 + if ! grep -q '^PCAP_FILE' "${FWKNOPD_CONFIG}"; then + need net + ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf," + ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0." + ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}." + fi + fi + fi +} + +checkconfig() { + if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then + eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd" + eerror "Example is located at /etc/fwknop/fwknopd.conf.example" + return 1 + fi + + if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then + eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd" + eerror "Example is located at /etc/fwknop/access.conf.example" + return 1 + fi + + [ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \ + && FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}" + + [ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \ + && FWKNOPD_OPTS="${FWKNOPD_OPTS} \ + --config=${FWKNOPD_CONFDIR}/fwknopd.conf \ + --access-file=${FWKNOPD_CONFDIR}/access.conf" + + return 0 +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start \ + --exec ${FWKNOPD_BINARY} --pidfile ${FWKNOPD_PIDFILE} \ + -- ${FWKNOPD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ]; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --pidfile ${FWKNOPD_PIDFILE} + eend $? +} + +reload() { + checkconfig || return 1 + + ebegin "Reloading ${SVCNAME} configuration" + start-stop-daemon --signal HUP --pidfile ${FWKNOPD_PIDFILE} + eend $? +} diff --git a/net-firewall/fwknop/files/fwknopd.service b/net-firewall/fwknop/files/fwknopd.service new file mode 100644 index 000000000000..d2e8c3125200 --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.service @@ -0,0 +1,12 @@ +[Unit] +Description=Firewall Knock Operator Daemon +After=network-online.target + +[Service] +Type=forking +PIDFile=/run/fwknop/fwknopd.pid +ExecStart=/usr/sbin/fwknopd +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/fwknop/files/fwknopd.tmpfiles.conf b/net-firewall/fwknop/files/fwknopd.tmpfiles.conf new file mode 100644 index 000000000000..b7cb3856b056 --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.tmpfiles.conf @@ -0,0 +1 @@ +d /run/fwknop 0700 root root - diff --git a/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild new file mode 100644 index 000000000000..7fcc35d6ce5f --- /dev/null +++ b/net-firewall/fwknop/fwknop-2.6.6-r1.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +# Does work with python2_7, does not work with python3_3 on my machine +# More feedback is welcome, since setup.py does not provide any info +PYTHON_COMPAT=( python2_7 ) +DISTUTILS_OPTIONAL=1 +DISTUTILS_SINGLE_IMPL=1 +AUTOTOOLS_AUTORECONF=1 +AUTOTOOLS_IN_SOURCE_BUILD=1 + +inherit autotools-utils distutils-r1 systemd + +DESCRIPTION="Single Packet Authorization and Port Knocking application" +HOMEPAGE="http://www.cipherdyne.org/fwknop/" +SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="client extras gdbm gpg python server udp-server" + +RDEPEND=" + client? ( net-misc/wget[ssl] ) + gpg? ( + dev-libs/libassuan + dev-libs/libgpg-error + ) + python? ( ${PYTHON_DEPS} ) +" +DEPEND="${RDEPEND} + gdbm? ( sys-libs/gdbm ) + gpg? ( app-crypt/gpgme ) + server? ( + !udp-server? ( net-libs/libpcap ) + net-firewall/iptables + ) +" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + udp-server? ( server ) +" + +DOCS=( ChangeLog README.md ) + +src_prepare() { + # Install example configs with .example suffix + if use server; then + sed -i 's/conf;/conf.example;/g' "${S}"/Makefile.am || die + fi + + autotools-utils_src_prepare + + if use python; then + cd "${S}"/python || die + distutils-r1_src_prepare + fi +} + +src_configure() { + local myeconfargs=( + --localstatedir=/run + --enable-digest-cache + $(use_enable client) + $(use_enable !gdbm file-cache) + $(use_enable server) + $(use_enable udp-server) + $(use_with gpg gpgme) + ) + autotools-utils_src_configure +} + +src_compile() { + autotools-utils_src_compile + + if use python; then + cd "${S}"/python || die + distutils-r1_src_compile + fi +} + +src_install() { + autotools-utils_src_install + prune_libtool_files --modules + + if use server; then + newinitd "${FILESDIR}/fwknopd.init" fwknopd + newconfd "${FILESDIR}/fwknopd.confd" fwknopd + systemd_dounit "${FILESDIR}/fwknopd.service" + systemd_newtmpfilesd "${FILESDIR}/fwknopd.tmpfiles.conf" fwknopd.conf + fi + + use extras && dodoc "${S}/extras/apparmor/usr.sbin.fwknopd" + + if use python; then + # Unset DOCS since distutils-r1.eclass interferes + local DOCS=() + cd "${S}"/python || die + distutils-r1_src_install + fi +} diff --git a/net-firewall/fwknop/metadata.xml b/net-firewall/fwknop/metadata.xml new file mode 100644 index 000000000000..79031c2f7e61 --- /dev/null +++ b/net-firewall/fwknop/metadata.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>proxy-maintainers</herd> + <maintainer> + <email>itumaykin@gmail.com</email> + <name>Coacher</name> + </maintainer> + <use> + <flag name="client">Build fwknop client</flag> + <flag name="gdbm">Replace file digest-cache with gdbm</flag> + <flag name="gpg">Enable GPG support via <pkg>app-crypt/gpgme</pkg></flag> + <flag name="server">Build fwknopd server</flag> + <flag name="extras">Install example apparmor policy</flag> + <flag name="udp-server">Build fwknopd with UDP server mode only</flag> + </use> + <upstream> + <remote-id type="github">mrash/fwknop</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/gshield/Manifest b/net-firewall/gshield/Manifest new file mode 100644 index 000000000000..df8e8810553e --- /dev/null +++ b/net-firewall/gshield/Manifest @@ -0,0 +1 @@ +DIST gShield-2.8.tgz 47346 SHA256 19b04059ac4a6ad28f8653d804376779a83516ba4e0b5b041fe45d422ef68b85 SHA512 f91ef18267817e3296c795b3f1629dad9ade269e12aba7f95d39b7ae39aaf76dc15e0046747281dc44859241a18b2ce7ac03e276984aee11af15e28cf80f736c WHIRLPOOL 3e834f39be912d039112971c57e62ca2b645afc33672bdb140f77b4c2cb16227b07f82fd2983dddb492381d798c4f7567d6b1fe61ad0f67554968c937c7d5e2b diff --git a/net-firewall/gshield/files/gshield.init b/net-firewall/gshield/files/gshield.init new file mode 100644 index 000000000000..b7c40cf8e150 --- /dev/null +++ b/net-firewall/gshield/files/gshield.init @@ -0,0 +1,27 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + need logger net +} + +start() { + ebegin "Loading gShield network firewall" + /usr/share/gshield/gShield.rc start > /dev/null + # check that it loaded + iptables -L DMZ > /dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Unloading gShield network firewall" + /usr/share/gshield/gShield.rc stop > /dev/null + # check that it unloaded + if iptables -L DMZ > /dev/null 2>&1 ; then + eend 1 + else + eend 0; + fi +} diff --git a/net-firewall/gshield/gshield-2.8-r3.ebuild b/net-firewall/gshield/gshield-2.8-r3.ebuild new file mode 100644 index 000000000000..333d514cd7a3 --- /dev/null +++ b/net-firewall/gshield/gshield-2.8-r3.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +DESCRIPTION="iptables firewall configuration system" +HOMEPAGE="http://muse.linuxmafia.org/gshield.html" +SRC_URI="ftp://muse.linuxmafia.org/pub/gShield/v2/gShield-${PV}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc x86" + +RDEPEND=" + net-dns/bind-tools + net-firewall/iptables + virtual/logger +" + +S=${WORKDIR}/gShield-${PV} + +src_install() { + # install config files + dodir /etc/gshield + cp -pPR * "${D}"/etc/gshield || die + ln -s gshield "${D}"/etc/firewall || die + + # get rid of docs from config + rm -r "${D}"/etc/gshield/{Changelog,INSTALL,LICENSE,docs} || die + + # move non-config stuff out of config, but make symlinks + dodir /usr/share/gshield/routables + for q in gShield-version gShield.rc tools sourced routables/routable.rules + do + mv "${D}"/etc/gshield/$q "${D}"/usr/share/gshield/ || die + ln -s /usr/share/gshield/$q "${D}"/etc/gshield/$q || die + done + chmod -R u+rwX "${D}"/etc/gshield || die + + # install init script + newinitd "${FILESDIR}"/gshield.init gshield + chmod -R u+rwx "${D}"/etc/init.d/gshield || die + + # install docs + dodoc Changelog docs/* +} diff --git a/net-firewall/gshield/metadata.xml b/net-firewall/gshield/metadata.xml new file mode 100644 index 000000000000..03aa50bab7e3 --- /dev/null +++ b/net-firewall/gshield/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>netmon</herd> +</pkgmetadata> diff --git a/net-firewall/ipkungfu/Manifest b/net-firewall/ipkungfu/Manifest new file mode 100644 index 000000000000..070635b89847 --- /dev/null +++ b/net-firewall/ipkungfu/Manifest @@ -0,0 +1,2 @@ +DIST ipkungfu-0.5.2.tgz 35985 RMD160 c60c0fd1361b4306c1a3d310b1430e71ef937982 SHA1 6d749633bb6d6d4a3284a9a350c7ea9c61c28acf SHA256 6543815384f1935631121fba833b5988ca6e88ff19646a561d0315b29f2f5ef8 +DIST ipkungfu-0.6.1.tar.bz2 104516 RMD160 5137ca4ffdd8ab8188fbd42a60da87a6c5149610 SHA1 ef57bbe666f8c946b99c3970ddc7f38c615b6efc SHA256 a1b19c588ecc9584c37e7578c869842f9ceb97b5fd8320abe5b4bd98c136fa76 diff --git a/net-firewall/ipkungfu/files/ipkungfu.init b/net-firewall/ipkungfu/files/ipkungfu.init new file mode 100644 index 000000000000..29f54420dc20 --- /dev/null +++ b/net-firewall/ipkungfu/files/ipkungfu.init @@ -0,0 +1,20 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + need logger net +} + +start () { + ebegin "Starting ipkungfu" + /usr/sbin/ipkungfu --init + eend $? "Failed to start ipkungfu" +} + +stop() { + ebegin "Stopping ipkungfu" + /usr/sbin/ipkungfu --disable > /dev/null + eend $? "Failed to stop ipkungfu" +} diff --git a/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch b/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch new file mode 100644 index 000000000000..eed657f2dada --- /dev/null +++ b/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch @@ -0,0 +1,24 @@ +diff -ru ipkungfu-0.6.1.orig/ipkungfu.in ipkungfu-0.6.1/ipkungfu.in +--- ipkungfu-0.6.1.orig/ipkungfu.in 2007-01-22 04:47:04.000000000 +0100 ++++ ipkungfu-0.6.1/ipkungfu.in 2007-07-04 12:49:23.000000000 +0200 +@@ -753,11 +753,15 @@ + fi + + function delTestChain { +-# {{{ Flush and delete test chains +- $IPTABLES -t filter -F SYSTEST +- $IPTABLES -t filter -X SYSTEST +- $IPTABLES -t mangle -F SYSTEST +- $IPTABLES -t mangle -X SYSTEST ++# {{{ Flush and delete test chains, if exist ++ if $IPTABLES -t filter -L SYSTEST > /dev/null 2>&1 ; then ++ $IPTABLES -t filter -F SYSTEST ++ $IPTABLES -t filter -X SYSTEST ++ fi ++ if $IPTABLES -t mangle -L SYSTEST > /dev/null 2>&1 ; then ++ $IPTABLES -t mangle -F SYSTEST ++ $IPTABLES -t mangle -X SYSTEST ++ fi + # }}} + } + diff --git a/net-firewall/ipkungfu/files/nat_ftp.patch b/net-firewall/ipkungfu/files/nat_ftp.patch new file mode 100644 index 000000000000..db919c5565e1 --- /dev/null +++ b/net-firewall/ipkungfu/files/nat_ftp.patch @@ -0,0 +1,11 @@ +--- ipkungfu 2003-10-03 13:05:59.000000000 -0400 ++++ ipkungfu 2004-02-09 16:34:37.000000000 -0500 +@@ -138,7 +138,7 @@ + if [ $INIT != 1 ] ; then + echo "Loading FTP NAT module..." + fi +- $MODPROBE ip_nat_irc ++ $MODPROBE ip_nat_ftp + fi + fi + } diff --git a/net-firewall/ipkungfu/ipkungfu-0.5.2-r1.ebuild b/net-firewall/ipkungfu/ipkungfu-0.5.2-r1.ebuild new file mode 100644 index 000000000000..3b084543a634 --- /dev/null +++ b/net-firewall/ipkungfu/ipkungfu-0.5.2-r1.ebuild @@ -0,0 +1,58 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils + +DESCRIPTION="A nice iptables firewall script" +HOMEPAGE="http://www.linuxkungfu.org/" +SRC_URI="http://www.linuxkungfu.org/ipkungfu/${P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc x86" +IUSE="" + +DEPEND="net-firewall/iptables" +RDEPEND="${DEPEND} + virtual/logger" + +src_unpack() { + unpack ${A} + + # Patch ipkungfu to load the right module for ip_nat_ftp + # Fixes bug #42443. Thanks to George L. Emigh <george@georgelemigh.com> + cd "${WORKDIR}"/${P} && epatch "${FILESDIR}"/nat_ftp.patch + + # man page comes bzip2'd, so bunzip2 it. + cd "${WORKDIR}"/${P}/files + bunzip2 ipkungfu.8.bz2 +} + +src_install() { + + # Package comes with a hard coded shell script, so here we + # replicate what they did, but so it's compatible with portage. + + # Install shell script executable + dosbin ipkungfu + + # Install Gentoo init script + newinitd "${FILESDIR}"/ipkungfu.init ipkungfu + + # Install config files into /etc + dodir /etc/ipkungfu + insinto /etc/ipkungfu + doins files/*.conf + + # Install man page + doman files/ipkungfu.8 + + # Install documentation + dodoc COPYRIGHT Changelog FAQ INSTALL README gpl.txt +} + +pkg_postinst() { + einfo "Be sure to edit the config files" + einfo "in /etc/ipkungfu before running" +} diff --git a/net-firewall/ipkungfu/ipkungfu-0.6.1.ebuild b/net-firewall/ipkungfu/ipkungfu-0.6.1.ebuild new file mode 100644 index 000000000000..360fec9dd4c7 --- /dev/null +++ b/net-firewall/ipkungfu/ipkungfu-0.6.1.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils + +DESCRIPTION="A nice iptables firewall script" +HOMEPAGE="http://www.linuxkungfu.org/" +SRC_URI="http://www.linuxkungfu.org/ipkungfu/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="" + +DEPEND="net-firewall/iptables" +RDEPEND="${DEPEND} + virtual/logger" + +src_compile() { + epatch "${FILESDIR}/ipkungfu_noiseless.patch" || die "Could not apply ipkungfu_noiseless.patch patch" + econf || die "Could not run econf" + emake || die "Couldn't run make" +} + +src_install() { + make DESTDIR="${D}" install || die + + # Install configuration files + make DESTDIR="${D}" install-config || die + + # Install Gentoo init script + newinitd "${FILESDIR}"/ipkungfu.init ipkungfu +} + +pkg_postinst() { + # Remove the cache dir so ipkungfu won't fail when running for + # the first time, case 0.6.0 was installed before. + rm -rf /etc/ipkungfu/cache + + einfo "Be sure to, before running ipkungfu, edit the config files in:" + einfo "/etc/ipkungfu/" + echo + einfo "Also, be sure to run ipkungfu prior to rebooting," + einfo "especially if you you're updating from <0.6.0 to >=0.6.0." + einfo "There are some significant configuration changes on this" + einfo "release covered by the ipkungfu script." +} diff --git a/net-firewall/ipkungfu/metadata.xml b/net-firewall/ipkungfu/metadata.xml new file mode 100644 index 000000000000..1b0f1b3c4cdb --- /dev/null +++ b/net-firewall/ipkungfu/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + <name>Default assignee for orphaned packages</name> + </maintainer> + <longdescription lang="en"> + ipkungfu is a nice iptables firewall script + </longdescription> +</pkgmetadata> diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest new file mode 100644 index 000000000000..e0cc9b545193 --- /dev/null +++ b/net-firewall/ipsec-tools/Manifest @@ -0,0 +1,3 @@ +DIST ipsec-tools-0.8.0.tar.bz2 809297 SHA256 2359a24aa8eda9ca7043fc47950c8e6b7f58a07c5d5ad316aa7de2bc5e3a8717 SHA512 3bec6bab4fe555612f1d48966e797202830f5254a8d2146a14d268ff0c68445af790285214db41ab08ee4888625e8e680c3b848c30789d836169d1612a25fe2c WHIRLPOOL 862d2bbf78aca8c9e01e00c995aeb3b662e1ea4a769081b9880a3fee7821ef5968e10fe75d9671268979188c7ca3b91d507a1fc9a097729d0648bc4c965e675d +DIST ipsec-tools-0.8.1.tar.bz2 860717 SHA256 fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4 SHA512 c8308aba9764a8e0a0507dbc62e8e93dc4b51f7215f2c3bb50f2e7e1f46dde0c773cfe2992660ccd319523775a9bab668371ee53cd4af153d2fcf13a0ef4e1eb WHIRLPOOL b3e8743174f7a05ca028f47f5faa66286e397a50c68e7724568b89e5fd2eea76a903c3e77a144e772f913fd51a253466b93e10690125a87d643f186a9689476c +DIST ipsec-tools-0.8.2.tar.bz2 866465 SHA256 8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d SHA512 2b7d0efa908d3a699be7ef8b2b126a3809956cb7add50e8efb1cfdfc2d9b70c39ef517379cb9a4fad9e5f0c25937e98535b06c32bd3e729f5129da4ab133e30f WHIRLPOOL 16452a98d6c179913fc7acf8d92f8e9e6f5614c2ac0b798158c218bfb4f6c5228ffea426fe0b26774242b4f29477323de5a4e31a623d94d82b90184a6664c2ce diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch b/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch new file mode 100644 index 000000000000..5c69bbb2fa61 --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools-0.8.0-sysctl.patch @@ -0,0 +1,22 @@ +https://bugs.gentoo.org/425770 + +--- a/src/racoon/pfkey.c ++++ b/src/racoon/pfkey.c +@@ -59,7 +59,6 @@ + #include <sys/param.h> + #include <sys/socket.h> + #include <sys/queue.h> +-#include <sys/sysctl.h> + + #include <net/route.h> + #include <net/pfkeyv2.h> +--- a/src/setkey/setkey.c ++++ b/src/setkey/setkey.c +@@ -40,7 +40,6 @@ + #include <sys/socket.h> + #include <sys/time.h> + #include <sys/stat.h> +-#include <sys/sysctl.h> + #include <err.h> + #include <netinet/in.h> + #include <net/pfkeyv2.h> diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch new file mode 100644 index 000000000000..f351860a84e9 --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools-def-psk.patch @@ -0,0 +1,25 @@ +diff -brau ipsec-tools-0.7.3.o/src/racoon/oakley.c ipsec-tools-0.7.3/src/racoon/oakley.c +--- ipsec-tools-0.7.3.o/src/racoon/oakley.c 2009-08-13 11:18:45.000000000 +0200 ++++ ipsec-tools-0.7.3/src/racoon/oakley.c 2011-06-06 09:36:11.000000000 +0200 +@@ -2498,8 +2498,21 @@ + plog(LLV_ERROR, LOCATION, iph1->remote, + "couldn't find the pskey for %s.\n", + saddrwop2str(iph1->remote)); ++ } ++ } ++ if (iph1->authstr == NULL) { ++ /* ++ * If we could not locate a psk above try and locate ++ * the default psk, ie, "*". ++ */ ++ iph1->authstr = privsep_getpsk("*", 1); ++ if (iph1->authstr == NULL) { ++ plog(LLV_ERROR, LOCATION, iph1->remote, ++ "couldn't find the the default pskey either.\n"); + goto end; + } ++ plog(LLV_NOTIFY, LOCATION, iph1->remote, ++ "Using default PSK.\n"); + } + plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); + /* should be secret PSK */ diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch new file mode 100644 index 000000000000..2e22c82db478 --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools-include-vendoridh.patch @@ -0,0 +1,11 @@ +diff -Naur ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c ipsec-tools-0.8.0/src/racoon/ipsec_doi.c +--- ipsec-tools-0.8.0.orig//src/racoon/ipsec_doi.c 2012-02-28 13:42:24.000000000 -0500 ++++ ipsec-tools-0.8.0/src/racoon/ipsec_doi.c 2012-02-28 13:41:22.000000000 -0500 +@@ -87,6 +87,7 @@ + #ifdef HAVE_GSSAPI + #include <iconv.h> + #include "gssapi.h" ++#include "vendorid.h" + #ifdef HAVE_ICONV_2ND_CONST + #define __iconv_const const + #else diff --git a/net-firewall/ipsec-tools/files/ipsec-tools.conf b/net-firewall/ipsec-tools/files/ipsec-tools.conf new file mode 100644 index 000000000000..bfff04af069a --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools.conf @@ -0,0 +1,26 @@ +#!/usr/sbin/setkey -f +# +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +flush; +spdflush; + +# +# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon. +# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; +#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b; +#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; +#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require; +#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require; diff --git a/net-firewall/ipsec-tools/files/psk.txt b/net-firewall/ipsec-tools/files/psk.txt new file mode 100644 index 000000000000..97f5180f5ae5 --- /dev/null +++ b/net-firewall/ipsec-tools/files/psk.txt @@ -0,0 +1,10 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +# Peer IP/FQDN Secret +# 192.168.3.25 sample +192.168.3.21 sample diff --git a/net-firewall/ipsec-tools/files/racoon.conf b/net-firewall/ipsec-tools/files/racoon.conf new file mode 100644 index 000000000000..2e9206db9506 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.conf @@ -0,0 +1,33 @@ +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +path pre_shared_key "/etc/racoon/psk.txt"; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#remote 192.168.3.25 +remote 192.168.3.21 +{ + exchange_mode main; + proposal { + encryption_algorithm 3des; + hash_algorithm md5; + authentication_method pre_shared_key; + dh_group modp1024; + } +} + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#sainfo address 192.168.3.21 any address 192.168.3.25 any +sainfo address 192.168.3.25 any address 192.168.3.21 any +{ + pfs_group modp768; + encryption_algorithm 3des; + authentication_algorithm hmac_md5; + compression_algorithm deflate; +} diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d-r1 b/net-firewall/ipsec-tools/files/racoon.conf.d-r1 new file mode 100644 index 000000000000..80b89f966188 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.conf.d-r1 @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Config file for /etc/init.d/racoon + +# See the man page or run `racoon --help` for valid command-line options +# RACOON_OPTS="-d" + +RACOON_CONF="/etc/racoon/racoon.conf" +RACOON_PSK_FILE="/etc/racoon/psk.txt" + +# The amount of time in ms for start-stop-daemon to wait before a timeout +# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398. + +RACOON_WAIT="1000" + +# The setkey config file. Don't name it ipsec.conf as this clashes +# with strongswan. We'll follow debian's naming. Bug #436144. + +SETKEY_CONF="/etc/ipsec-tools.conf" + +# Comment or remove the following if you don't want the policy tables +# to be flushed when racoon is stopped. + +RACOON_RESET_TABLES="true" + diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d-r2 b/net-firewall/ipsec-tools/files/racoon.conf.d-r2 new file mode 100644 index 000000000000..84efa9df6e58 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.conf.d-r2 @@ -0,0 +1,30 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Config file for /etc/init.d/racoon + +# See the man page or run `racoon --help` for valid command-line options +# RACOON_OPTS="-d" + +RACOON_CONF="/etc/racoon/racoon.conf" +RACOON_PSK_FILE="/etc/racoon/psk.txt" + +# The amount of time in ms for start-stop-daemon to wait before a timeout +# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398. + +RACOON_WAIT="1000" + +# The setkey config file. Don't name it ipsec.conf as this clashes +# with strongswan. We'll follow debian's naming. Bug #436144. + +SETKEY_CONF="/etc/ipsec-tools.conf" + +# Comment or remove the following if you don't want the policy tables +# to be flushed when racoon is stopped. + +RACOON_RESET_TABLES="true" + +# If you need to set custom options to the setkey command when loading rules, use this +# more info in the setkey mangage (example below sets kernel mode instead of RFC mode): +#SETKEY_OPTS="-k" diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r2 b/net-firewall/ipsec-tools/files/racoon.init.d-r2 new file mode 100644 index 000000000000..aeed27d2287c --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.init.d-r2 @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before netmount + use net +} + +checkconfig() { + if [ ! -e ${SETKEY_CONF} ] ; then + eerror "You need to configure setkey before starting racoon." + return 1 + fi + if [ ! -e ${RACOON_CONF} ] ; then + eerror "You need a configuration file to start racoon." + return 1 + fi + if [ ! -z ${RACOON_PSK_FILE} ] ; then + if [ ! -f ${RACOON_PSK_FILE} ] ; then + eerror "PSK file not found as specified." + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." + return 1 + fi + case "`ls -Lldn ${RACOON_PSK_FILE}`" in + -r--------*) + ;; + *) + eerror "Your defined PSK file should be mode 400 for security!" + return 1 + ;; + esac + fi +} + +command=/usr/sbin/racoon +command_args="-f ${RACOON_CONF} ${RACOON_OPTS}" +pidfile=/var/run/racoon.pid +start_stop_daemon_args="--wait ${RACOON_WAIT}" + +start_pre() { + checkconfig || return 1 + einfo "Loading ipsec policies from ${SETKEY_CONF}." + /usr/sbin/setkey -f ${SETKEY_CONF} + if [ $? -eq 1 ] ; then + eerror "Error while loading ipsec policies" + fi +} + +stop_post() { + if [ -n "${RACOON_RESET_TABLES}" ]; then + ebegin "Flushing policy entries" + /usr/sbin/setkey -F + /usr/sbin/setkey -FP + eend $? + fi +} diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r3 b/net-firewall/ipsec-tools/files/racoon.init.d-r3 new file mode 100644 index 000000000000..5bfc654ed904 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.init.d-r3 @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before netmount + use net +} + +checkconfig() { + if [ ! -e ${SETKEY_CONF} ] ; then + eerror "You need to configure setkey before starting racoon." + return 1 + fi + if [ ! -e ${RACOON_CONF} ] ; then + eerror "You need a configuration file to start racoon." + return 1 + fi + if [ ! -z ${RACOON_PSK_FILE} ] ; then + if [ ! -f ${RACOON_PSK_FILE} ] ; then + eerror "PSK file not found as specified." + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." + return 1 + fi + case "`ls -Lldn ${RACOON_PSK_FILE}`" in + -r--------*) + ;; + *) + eerror "Your defined PSK file should be mode 400 for security!" + return 1 + ;; + esac + fi +} + +command=/usr/sbin/racoon +command_args="-f ${RACOON_CONF} ${RACOON_OPTS}" +pidfile=/var/run/racoon.pid +start_stop_daemon_args="--wait ${RACOON_WAIT}" + +start_pre() { + checkconfig || return 1 + einfo "Loading ipsec policies from ${SETKEY_CONF}." + /usr/sbin/setkey ${SETKEY_OPTS} -f ${SETKEY_CONF} + if [ $? -eq 1 ] ; then + eerror "Error while loading ipsec policies" + fi +} + +stop_post() { + if [ -n "${RACOON_RESET_TABLES}" ]; then + ebegin "Flushing policy entries" + /usr/sbin/setkey -F + /usr/sbin/setkey -FP + eend $? + fi +} diff --git a/net-firewall/ipsec-tools/files/racoon.pam.d b/net-firewall/ipsec-tools/files/racoon.pam.d new file mode 100644 index 000000000000..b801aaafa0f9 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.pam.d @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild new file mode 100644 index 000000000000..927c65a3cb0a --- /dev/null +++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r5.ebuild @@ -0,0 +1,276 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils flag-o-matic autotools linux-info pam + +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" +HOMEPAGE="http://ipsec-tools.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~mips ppc ppc64 x86" +IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" + +RDEPEND=" + dev-libs/openssl + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + readline? ( sys-libs/readline ) + selinux? ( + sys-libs/libselinux + sec-policy/selinux-ipsec + )" + +DEPEND="${RDEPEND} + >=sys-kernel/linux-headers-2.6.30" + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + if ! has_version "net-misc/strongswan" && + ! has_version "net-misc/openswan" && + ! has_version "net-misc/libreswan"; then + ewarn "We found an earlier version of ${PN} installed." + ewarn "As of ${PN}-0.8.0-r5, the old configuration file," + ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" + ewarn "a conflict with net-misc/strongswan; bug #436144. We will" + ewarn "rename this file for you with this upgrade. However, if" + ewarn "you later downgrade, you'll have to rename the file to" + ewarn "its orignal manually or change /etc/conf.d/racoon to point" + ewarn "to the new file." + + if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then + mv /etc/ipsec.conf /etc/ipsec-tools.conf + else + ewarn + ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" + ewarn "Either the former doesn't exist or the later does and" + ewarn "I won't clobber it. Please fix this situation manually." + fi + else + ewarn "You had both an earlier version of ${PN} and" + ewarn "net-misc/strongswan installed. I can't tell whether" + ewarn "the configuration file, ipsec.conf, belongs to one" + ewarn "package or the other due to a file conflict; bug #436144." + ewarn "The current version of ${PN} uses ipsec-tools.conf" + ewarn "as its configuration file, as will future versions." + ewarn "Please fix this situation manually." + fi + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + fi +} + +pkg_setup() { + linux-info_pkg_setup + + get_version + + if linux_config_exists && kernel_is -ge 2 6 19; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + ewarn "Checking kernel configuration in /usr/src/linux or" + ewarn "or /proc/config.gz for compatibility with ${PN}." + ewarn "Here are the potential problems:" + ewarn + + local nothing="1" + + # Check options for all flavors of IPSec + local msg="" + for i in XFRM_USER NET_KEY; do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "ALL IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check unencrypted IPSec + if ! linux_chkconfig_present CRYPTO_NULL; then + nothing="0" + ewarn + ewarn "Unencrypted IPSec may fail. CHECK:" + ewarn " CRYPTO_NULL" + fi + + # Check IPv4 IPSec + msg="" + for i in \ + INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv4 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check IPv6 IPSec + if use ipv6; then + msg="" + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv6 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + fi + + # Check IPSec behind NAT + if use nat; then + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then + nothing="0" + ewarn + ewarn "IPSec behind NAT may fail. CHECK:" + ewarn " NETFILTER_XT_MATCH_POLICY" + fi + fi + + if [[ $nothing == "1" ]]; then + ewarn "NO PROBLEMS FOUND" + fi + + ewarn + ewarn "WARNING: If your *configured* and *running* kernel" + ewarn "differ either now or in the future, then these checks" + ewarn "may lead to misleading results." + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + else + eerror + eerror "\033[1;31m**************************************************\033[00m" + eerror "Make sure that your *running* kernel is/will be >=2.6.19." + eerror "Building ${PN} now, assuming that you know what you're doing." + eerror "\033[1;31m**************************************************\033[00m" + eerror + fi +} + +src_prepare() { + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + epatch "${FILESDIR}/${PN}-def-psk.patch" + epatch "${FILESDIR}/${PN}-include-vendoridh.patch" + epatch "${FILESDIR}"/${P}-sysctl.patch #425770 + + AT_M4DIR="${S}" eautoreconf +} + +src_configure() { + #--with-{iconv,libradius} lead to "Broken getaddrinfo()" + #--enable-samode-unspec is not supported in linux + local myconf + myconf="--with-kernel-headers=/usr/include \ + --enable-adminport \ + --enable-dependency-tracking \ + --enable-dpd \ + --enable-frag \ + --without-libiconv \ + --without-libradius \ + --disable-samode-unspec \ + $(use_enable idea) \ + $(use_enable ipv6) \ + $(use_enable kerberos gssapi) \ + $(use_with ldap libldap) \ + $(use_enable nat natt) \ + $(use_with pam libpam) \ + $(use_enable rc5) \ + $(use_with readline) \ + $(use_enable selinux security-context) \ + $(use_enable stats)" + + use nat && myconf="${myconf} --enable-natt-versions=yes" + + # enable mode-cfg and xauth support + if use pam; then + myconf="${myconf} --enable-hybrid" + else + myconf="${myconf} $(use_enable hybrid)" + fi + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d-r1 racoon + newinitd "${FILESDIR}"/racoon.init.d-r2 racoon + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon + + insinto /etc + doins "${FILESDIR}"/ipsec-tools.conf + insinto /etc/racoon + doins "${FILESDIR}"/racoon.conf + doins "${FILESDIR}"/psk.txt + chmod 400 "${D}"/etc/racoon/psk.txt + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + docinto samples + newdoc src/setkey/sample.cf ipsec-tools.conf +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with {$PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild new file mode 100644 index 000000000000..4ffffcaf24c8 --- /dev/null +++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.1-r1.ebuild @@ -0,0 +1,276 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils flag-o-matic autotools linux-info pam + +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" +HOMEPAGE="http://ipsec-tools.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~mips ppc ppc64 x86" +IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" + +RDEPEND=" + dev-libs/openssl + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + readline? ( sys-libs/readline ) + selinux? ( + sys-libs/libselinux + sec-policy/selinux-ipsec + )" + +DEPEND="${RDEPEND} + >=sys-kernel/linux-headers-2.6.30" + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + if ! has_version "net-misc/strongswan" && + ! has_version "net-misc/openswan" && + ! has_version "net-misc/libreswan"; then + ewarn "We found an earlier version of ${PN} installed." + ewarn "As of ${PN}-0.8.0-r5, the old configuration file," + ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" + ewarn "a conflict with net-misc/strongswan; bug #436144. We will" + ewarn "rename this file for you with this upgrade. However, if" + ewarn "you later downgrade, you'll have to rename the file to" + ewarn "its orignal manually or change /etc/conf.d/racoon to point" + ewarn "to the new file." + + if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then + mv /etc/ipsec.conf /etc/ipsec-tools.conf + else + ewarn + ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" + ewarn "Either the former doesn't exist or the later does and" + ewarn "I won't clobber it. Please fix this situation manually." + fi + else + ewarn "You had both an earlier version of ${PN} and" + ewarn "net-misc/strongswan installed. I can't tell whether" + ewarn "the configuration file, ipsec.conf, belongs to one" + ewarn "package or the other due to a file conflict; bug #436144." + ewarn "The current version of ${PN} uses ipsec-tools.conf" + ewarn "as its configuration file, as will future versions." + ewarn "Please fix this situation manually." + fi + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + fi +} + +pkg_setup() { + linux-info_pkg_setup + + get_version + + if linux_config_exists && kernel_is -ge 2 6 19; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + ewarn "Checking kernel configuration in /usr/src/linux or" + ewarn "or /proc/config.gz for compatibility with ${PN}." + ewarn "Here are the potential problems:" + ewarn + + local nothing="1" + + # Check options for all flavors of IPSec + local msg="" + for i in XFRM_USER NET_KEY; do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "ALL IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check unencrypted IPSec + if ! linux_chkconfig_present CRYPTO_NULL; then + nothing="0" + ewarn + ewarn "Unencrypted IPSec may fail. CHECK:" + ewarn " CRYPTO_NULL" + fi + + # Check IPv4 IPSec + msg="" + for i in \ + INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv4 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check IPv6 IPSec + if use ipv6; then + msg="" + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv6 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + fi + + # Check IPSec behind NAT + if use nat; then + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then + nothing="0" + ewarn + ewarn "IPSec behind NAT may fail. CHECK:" + ewarn " NETFILTER_XT_MATCH_POLICY" + fi + fi + + if [[ $nothing == "1" ]]; then + ewarn "NO PROBLEMS FOUND" + fi + + ewarn + ewarn "WARNING: If your *configured* and *running* kernel" + ewarn "differ either now or in the future, then these checks" + ewarn "may lead to misleading results." + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + else + eerror + eerror "\033[1;31m**************************************************\033[00m" + eerror "Make sure that your *running* kernel is/will be >=2.6.19." + eerror "Building ${PN} now, assuming that you know what you're doing." + eerror "\033[1;31m**************************************************\033[00m" + eerror + fi +} + +src_prepare() { + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + epatch "${FILESDIR}/${PN}-def-psk.patch" + epatch "${FILESDIR}/${PN}-include-vendoridh.patch" + epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 + + AT_M4DIR="${S}" eautoreconf +} + +src_configure() { + #--with-{libiconv,libradius} lead to "Broken getaddrinfo()" + #--enable-samode-unspec is not supported in linux + local myconf + myconf="--with-kernel-headers=/usr/include \ + --enable-adminport \ + --enable-dependency-tracking \ + --enable-dpd \ + --enable-frag \ + --without-libiconv \ + --without-libradius \ + --disable-samode-unspec \ + $(use_enable idea) \ + $(use_enable ipv6) \ + $(use_enable kerberos gssapi) \ + $(use_with ldap libldap) \ + $(use_enable nat natt) \ + $(use_with pam libpam) \ + $(use_enable rc5) \ + $(use_with readline) \ + $(use_enable selinux security-context) \ + $(use_enable stats)" + + use nat && myconf="${myconf} --enable-natt-versions=yes" + + # enable mode-cfg and xauth support + if use pam; then + myconf="${myconf} --enable-hybrid" + else + myconf="${myconf} $(use_enable hybrid)" + fi + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon + newinitd "${FILESDIR}"/racoon.init.d-r3 racoon + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon + + insinto /etc + doins "${FILESDIR}"/ipsec-tools.conf + insinto /etc/racoon + doins "${FILESDIR}"/racoon.conf + doins "${FILESDIR}"/psk.txt + chmod 400 "${D}"/etc/racoon/psk.txt + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + docinto samples + newdoc src/setkey/sample.cf ipsec-tools.conf +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with {$PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild new file mode 100644 index 000000000000..82a2e96f72a1 --- /dev/null +++ b/net-firewall/ipsec-tools/ipsec-tools-0.8.2.ebuild @@ -0,0 +1,277 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils flag-o-matic autotools linux-info pam + +DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" +HOMEPAGE="http://ipsec-tools.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="amd64 arm ~mips ppc ppc64 x86" +IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" + +CDEPEND=" + dev-libs/openssl:0= + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( sys-libs/pam ) + readline? ( sys-libs/readline:0= ) + selinux? ( sys-libs/libselinux )" + +DEPEND="${CDEPEND} + >=sys-kernel/linux-headers-2.6.30" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ipsec ) +" + +pkg_preinst() { + if has_version "<${CATEGORY}/${PN}-0.8.0-r5" ; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + if ! has_version "net-misc/strongswan" && + ! has_version "net-misc/openswan" && + ! has_version "net-misc/libreswan"; then + ewarn "We found an earlier version of ${PN} installed." + ewarn "As of ${PN}-0.8.0-r5, the old configuration file," + ewarn "ipsec.conf, has been changed to ipsec-tools.conf to avoid" + ewarn "a conflict with net-misc/strongswan; bug #436144. We will" + ewarn "rename this file for you with this upgrade. However, if" + ewarn "you later downgrade, you'll have to rename the file to" + ewarn "its orignal manually or change /etc/conf.d/racoon to point" + ewarn "to the new file." + + if [[ -f /etc/ipsec.conf && ! -f /etc/ipsec-tools.conf ]] ; then + mv /etc/ipsec.conf /etc/ipsec-tools.conf + else + ewarn + ewarn "Oops! I can't move ipsec.conf to ipsec-tools.conf!" + ewarn "Either the former doesn't exist or the later does and" + ewarn "I won't clobber it. Please fix this situation manually." + fi + else + ewarn "You had both an earlier version of ${PN} and" + ewarn "net-misc/strongswan installed. I can't tell whether" + ewarn "the configuration file, ipsec.conf, belongs to one" + ewarn "package or the other due to a file conflict; bug #436144." + ewarn "The current version of ${PN} uses ipsec-tools.conf" + ewarn "as its configuration file, as will future versions." + ewarn "Please fix this situation manually." + fi + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + fi +} + +pkg_setup() { + linux-info_pkg_setup + + get_version + + if linux_config_exists && kernel_is -ge 2 6 19; then + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + ewarn "Checking kernel configuration in /usr/src/linux or" + ewarn "or /proc/config.gz for compatibility with ${PN}." + ewarn "Here are the potential problems:" + ewarn + + local nothing="1" + + # Check options for all flavors of IPSec + local msg="" + for i in XFRM_USER NET_KEY; do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "ALL IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check unencrypted IPSec + if ! linux_chkconfig_present CRYPTO_NULL; then + nothing="0" + ewarn + ewarn "Unencrypted IPSec may fail. CHECK:" + ewarn " CRYPTO_NULL" + fi + + # Check IPv4 IPSec + msg="" + for i in \ + INET_IPCOMP INET_AH INET_ESP \ + INET_XFRM_MODE_TRANSPORT \ + INET_XFRM_MODE_TUNNEL \ + INET_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv4 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + + # Check IPv6 IPSec + if use ipv6; then + msg="" + for i in INET6_IPCOMP INET6_AH INET6_ESP \ + INET6_XFRM_MODE_TRANSPORT \ + INET6_XFRM_MODE_TUNNEL \ + INET6_XFRM_MODE_BEET + do + if ! linux_chkconfig_present ${i}; then + msg="${msg} ${i}" + fi + done + if [[ ! -z "$msg" ]]; then + nothing="0" + ewarn + ewarn "IPv6 IPSec may fail. CHECK:" + ewarn "${msg}" + fi + fi + + # Check IPSec behind NAT + if use nat; then + if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then + nothing="0" + ewarn + ewarn "IPSec behind NAT may fail. CHECK:" + ewarn " NETFILTER_XT_MATCH_POLICY" + fi + fi + + if [[ $nothing == "1" ]]; then + ewarn "NO PROBLEMS FOUND" + fi + + ewarn + ewarn "WARNING: If your *configured* and *running* kernel" + ewarn "differ either now or in the future, then these checks" + ewarn "may lead to misleading results." + ewarn + ewarn "\033[1;33m**************************************************\033[00m" + ewarn + else + eerror + eerror "\033[1;31m**************************************************\033[00m" + eerror "Make sure that your *running* kernel is/will be >=2.6.19." + eerror "Building ${PN} now, assuming that you know what you're doing." + eerror "\033[1;31m**************************************************\033[00m" + eerror + fi +} + +src_prepare() { + # fix for bug #124813 + sed -i 's:-Werror::g' "${S}"/configure.ac || die + # fix for building with gcc-4.6 + sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die + + epatch "${FILESDIR}/${PN}-def-psk.patch" + epatch "${FILESDIR}/${PN}-include-vendoridh.patch" + epatch "${FILESDIR}"/${PN}-0.8.0-sysctl.patch #425770 + + AT_M4DIR="${S}" eautoreconf +} + +src_configure() { + #--with-{libiconv,libradius} lead to "Broken getaddrinfo()" + #--enable-samode-unspec is not supported in linux + local myconf + myconf="--with-kernel-headers=/usr/include \ + --enable-adminport \ + --enable-dependency-tracking \ + --enable-dpd \ + --enable-frag \ + --without-libiconv \ + --without-libradius \ + --disable-samode-unspec \ + $(use_enable idea) \ + $(use_enable ipv6) \ + $(use_enable kerberos gssapi) \ + $(use_with ldap libldap) \ + $(use_enable nat natt) \ + $(use_with pam libpam) \ + $(use_enable rc5) \ + $(use_with readline) \ + $(use_enable selinux security-context) \ + $(use_enable stats)" + + use nat && myconf="${myconf} --enable-natt-versions=yes" + + # enable mode-cfg and xauth support + if use pam; then + myconf="${myconf} --enable-hybrid" + else + myconf="${myconf} $(use_enable hybrid)" + fi + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + keepdir /var/lib/racoon + newconfd "${FILESDIR}"/racoon.conf.d-r2 racoon + newinitd "${FILESDIR}"/racoon.init.d-r3 racoon + use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon + + insinto /etc + doins "${FILESDIR}"/ipsec-tools.conf + insinto /etc/racoon + doins "${FILESDIR}"/racoon.conf + doins "${FILESDIR}"/psk.txt + chmod 400 "${D}"/etc/racoon/psk.txt + + dodoc ChangeLog README NEWS + dodoc -r src/racoon/samples + dodoc -r src/racoon/doc + docinto samples + newdoc src/setkey/sample.cf ipsec-tools.conf +} + +pkg_postinst() { + if use nat; then + elog + elog "You have enabled the nat traversal functionnality." + elog "Nat versions wich are enabled by default are 00,02,rfc" + elog "you can find those drafts in the CVS repository:" + elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" + elog + elog "If you feel brave enough and you know what you are" + elog "doing, you can consider emerging this ebuild with" + elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" + elog + fi + + if use ldap; then + elog + elog "You have enabled ldap support with {$PN}." + elog "The man page does NOT contain any information on it yet." + elog "Consider using a more recent version or CVS." + elog + fi + + elog + elog "Please have a look in /usr/share/doc/${P} and visit" + elog "http://www.netbsd.org/Documentation/network/ipsec/" + elog "to find more information on how to configure this tool." + elog +} diff --git a/net-firewall/ipsec-tools/metadata.xml b/net-firewall/ipsec-tools/metadata.xml new file mode 100644 index 000000000000..e71c61508b60 --- /dev/null +++ b/net-firewall/ipsec-tools/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>blueness@gentoo.org</email> + </maintainer> + <use> + <flag name="hybrid">Makes available both mode-cfg and xauth support</flag> + <flag name="idea">Enable support for the IDEA algorithm</flag> + <flag name="nat">Enable NAT-Traversal</flag> + <flag name="rc5">Enable support for the patented RC5 algorithm</flag> + <flag name="stats">Enable statistics reporting</flag> + </use> + <upstream> + <remote-id type="sourceforge">ipsec-tools</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest new file mode 100644 index 000000000000..0d2769cd4949 --- /dev/null +++ b/net-firewall/ipset/Manifest @@ -0,0 +1,8 @@ +DIST ipset-6.15.tar.bz2 432771 SHA256 6f60a472bc2ef7b1c864be6472de65365c90e264dfadf28da48c2361393d8fd1 SHA512 f72329bb8610717ccdddbfaf7b7774e717a34d71fdb7f9c7eac97e3d1b314915500c88137b6e229411df99c86d2228bef447f26c116bc2cf992cfb60ab1422d3 WHIRLPOOL 868ee3cd722c2d86c273aca8f3ca7695e8ef5d00d30111ef0f2bf972a119211008d8cadec1760b43b4f0efb24690f20a2cf5f0fdbbb0700cf66e5660d363ab2a +DIST ipset-6.16.1.tar.bz2 433347 SHA256 cb5b02deab8521946fd473b77c40f00452b76fed621f0eee76746c74e89e4c3c SHA512 e54d32932875a9d06acba598280de9e83529f36326cbaaeb05d38b985bc40d276dc46e37eae3d1d4c1afcdd69b3074678512349ebd964b6189ca1c6871efe304 WHIRLPOOL ff2276446c7dbb4005de236b73bf9879ead8273f3ec014883160b779f6c089eaf7d4c4dce06233ef357f0a8b5376754b158eec29187ae5f5f7bb52bfd2d8ae3c +DIST ipset-6.16.tar.bz2 433118 SHA256 bc3ea05cfbacd43aebff6668825453d0a626edd5d3495a8670103ab895fba464 SHA512 34ef44af76f3609035ae1bdacb7586f2288ee66701ed8a1a5a0632fb23b5f651fe02b070e0f0f1b0ebae6cab02b3f827cc7e67f740cf77f51ba494c25dcc47dd WHIRLPOOL 3b3c2172626530145401bd813c39114f31bf3546ebe0af6e168ed32ade102c158f3bc5f4690ee8bf0540415adc35929da5d8ca8e4e1c2ec83bf631849a24b8a7 +DIST ipset-6.17.tar.bz2 448076 SHA256 7987bb8de1b0490b32084ab72165ae53038e497a96ab9940920280d8068629b0 SHA512 668f173b7ddd8a18af2730205e2e2c38610aa9fd191af52f91080e903bcd8e1f38e8e3a7fd57077decb00fd0556df89c3315c91eaffaa6977f2caf2a3300b175 WHIRLPOOL 1d08c841d87c7a5ca355857ac823ee696922b867690e9066c631414615c98f3cf3e59c6dd8d9f556170eef90a029260c7d41dc1e3f47811ede2190c5d0298e8b +DIST ipset-6.19.tar.bz2 465927 SHA256 058e7950efdf8b9539ab79eb145de7be60d6cb7b92c0c011edda37e70135024c SHA512 9e9fdccd8ae34ad56c5fc6da03060b39b3acc9a53154acf7e82df3f2c1545b2bdcc7b5b9b4f6ddd6ee3e8582e81b1fa51fae37cb4f46948c053d5153bdca6f39 WHIRLPOOL 31472a732781598c8d99ee562766492c225e359b8153ff68a7769d8fa86f41cac9749eda08e4e3922a6ada5a815192109104b42c59ba3079530f6c0b0169613c +DIST ipset-6.20.1.tar.bz2 500898 SHA256 356cac020438cd0871acbfc4cb119b8296030f0bb4661ad0d44bbc115ccbce92 SHA512 3fda3a71c18c8d5f9567038fc72f95abec81b4c789fbca7f7b9c032b15000cfbd2829f11a07f2f9ad2afcff54d6851923caff0917b2ead73756673a6b3667565 WHIRLPOOL f31cd533d286238e63f38aecbf281d428d75e856b393f61db5f6622d0dc0cd0a6de7aa4d3eaa2831e1da7dd0846e95c22f92b3a586cf3918cee074360a4caff3 +DIST ipset-6.21.1.tar.bz2 510013 SHA256 cf46c9c35a15aa0f2e0fbab0422586757bd82386c8ad3864936e6cffbd74a331 SHA512 c2ffb2eafc780e15370fd48841f4323c39e8fef1893216c8bc0b8aa8d143f9daf078c6e261e4558243004fe9612ce1d5ca4cca16f8b3f324f4194700c1b0accb WHIRLPOOL 230ebb4756891283980f5b7f67c0c64772b1527b8e8c0b6cdd2714de450b3f6c2a75d961d44563e440edd1399bdee8cce820fe59f46c28355a6f053ad6b1c37b +DIST ipset-6.24.tar.bz2 518811 SHA256 3071fc283f00a6472b5b352ef57f9825c9face70dda5b0d8715f8d43d0e995d0 SHA512 107bf492030dc4e8e4c2a939e46a715f58458126bfb636dae993e5bf31151d33c2a41b89eb5cca85b71d95b3e36debf97cdfc72c568f351091df17159003d6c6 WHIRLPOOL d34e8d5d197be85cf00ea6a5dbfeb7c52b5d42d9e78299620928e69ba1fbbe124cb16b9f5f2e05d1213b2b7a29a2bed2c1edac2f15ee3c83d8dc19eb3afcc112 diff --git a/net-firewall/ipset/files/ipset.confd b/net-firewall/ipset/files/ipset.confd new file mode 100644 index 000000000000..9fe42e9c75c5 --- /dev/null +++ b/net-firewall/ipset/files/ipset.confd @@ -0,0 +1,16 @@ +# /etc/conf.d/ipset + +# Location in which ipset initscript will save set rules on +# service shutdown +IPSET_SAVE="/var/lib/ipset/rules-save" + +# Save state on stopping ipset +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/ipset/files/ipset.initd-r2 b/net-firewall/ipset/files/ipset.initd-r2 new file mode 100644 index 000000000000..e97ebe352069 --- /dev/null +++ b/net-firewall/ipset/files/ipset.initd-r2 @@ -0,0 +1,60 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save" + +IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} + +depend() { + before iptables ip6tables +} + +checkconfig() { + if [ ! -f "${IPSET_SAVE}" ] ; then + eerror "Not starting ${SVCNAME}. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ipset session" + ipset restore < "${IPSET_SAVE}" + eend $? +} + +stop() { + # check if there are any references to current sets + + if ! ipset list | gawk ' + ($1 == "References:") { refcnt += $2 } + ($1 == "Type:" && $2 == "list:set") { set = 1 } + (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } + (set && $1 == "Members:") {scan = 1} + END { if ((refcnt - setcnt) > 0) exit 1 } + '; then + eerror "ipset is in use, can't stop" + return 1 + fi + + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Removing kernel IP sets" + ipset flush + ipset destroy + eend $? +} + +save() { + ebegin "Saving ipset session" + touch "${IPSET_SAVE}" + chmod 0600 "${IPSET_SAVE}" + ipset save > "${IPSET_SAVE}" + eend $? +} diff --git a/net-firewall/ipset/files/ipset.initd-r3 b/net-firewall/ipset/files/ipset.initd-r3 new file mode 100644 index 000000000000..66294da58058 --- /dev/null +++ b/net-firewall/ipset/files/ipset.initd-r3 @@ -0,0 +1,96 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save" +extra_started_commands="reload" + +IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} + +depend() { + before iptables ip6tables +} + +checkconfig() { + if [ ! -f "${IPSET_SAVE}" ] ; then + eerror "Not starting ${SVCNAME}. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ipset session" + ipset restore < "${IPSET_SAVE}" + eend $? +} + +stop() { + # check if there are any references to current sets + + if ! ipset list | gawk ' + ($1 == "References:") { refcnt += $2 } + ($1 == "Type:" && $2 == "list:set") { set = 1 } + (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } + (set && $1 == "Members:") {scan = 1} + END { if ((refcnt - setcnt) > 0) exit 1 } + '; then + eerror "ipset is in use, can't stop" + return 1 + fi + + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Removing kernel IP sets" + ipset flush + ipset destroy + eend $? +} + +reload() { + ebegin "Reloading ipsets" + + # Loading sets from a save file is only additive (there is no + # automatic flushing or replacing). And, we can not remove sets + # that are currently used in existing iptables rules. + # + # Instead, we create new temp sets for any set that is already + # in use, and then atomically swap them into place. + # + # XXX: This does not clean out previously used ipsets that are + # not in the new saved policy--it can't, because they may still + # be referenced in the current iptables rules. + + # Build a list of all currently used sets (if any). + running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}') + running_ipset_list="${running_ipset_list% }" + # Build a regular expression that matches those set names. + running_ipset_list_regex="${running_ipset_list// /|}" + + # Load up sets from the save file, but rename any set that already + # exists to a temporary name that we will swap later. + if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then + eend $? "Failed to load new ipsets" + fi + + # Now for every set name that currently exists, atomically swap it + # with the temporary new one we created, and then destroy the old set. + for ipset_name in ${running_ipset_list} ; do + ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name" + ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp" + done + eend 0 +} + +save() { + ebegin "Saving ipset session" + touch "${IPSET_SAVE}" + chmod 0600 "${IPSET_SAVE}" + ipset save > "${IPSET_SAVE}" + eend $? +} diff --git a/net-firewall/ipset/ipset-6.15.ebuild b/net-firewall/ipset/ipset-6.15.ebuild new file mode 100644 index 000000000000..55328570d6f7 --- /dev/null +++ b/net-firewall/ipset/ipset-6.15.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" \ + --disable-silent-rules +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.16.1.ebuild b/net-firewall/ipset/ipset-6.16.1.ebuild new file mode 100644 index 000000000000..334752d8055d --- /dev/null +++ b/net-firewall/ipset/ipset-6.16.1.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.16.ebuild b/net-firewall/ipset/ipset-6.16.ebuild new file mode 100644 index 000000000000..334752d8055d --- /dev/null +++ b/net-firewall/ipset/ipset-6.16.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.17.ebuild b/net-firewall/ipset/ipset-6.17.ebuild new file mode 100644 index 000000000000..fa6b78f49592 --- /dev/null +++ b/net-firewall/ipset/ipset-6.17.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.19.ebuild b/net-firewall/ipset/ipset-6.19.ebuild new file mode 100644 index 000000000000..334752d8055d --- /dev/null +++ b/net-firewall/ipset/ipset-6.19.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.20.1.ebuild b/net-firewall/ipset/ipset-6.20.1.ebuild new file mode 100644 index 000000000000..650eacc6b5fa --- /dev/null +++ b/net-firewall/ipset/ipset-6.20.1.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r3 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.21.1.ebuild b/net-firewall/ipset/ipset-6.21.1.ebuild new file mode 100644 index 000000000000..9819b4b19433 --- /dev/null +++ b/net-firewall/ipset/ipset-6.21.1.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r3 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.24.ebuild b/net-firewall/ipset/ipset-6.24.ebuild new file mode 100644 index 000000000000..0db53d79e7b6 --- /dev/null +++ b/net-firewall/ipset/ipset-6.24.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +#src_prepare() { +# eautoreconf +#} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r3 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/metadata.xml b/net-firewall/ipset/metadata.xml new file mode 100644 index 000000000000..c6d862855eb5 --- /dev/null +++ b/net-firewall/ipset/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer> + <email>robbat2@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest new file mode 100644 index 000000000000..c0b5d1d89a4f --- /dev/null +++ b/net-firewall/ipt_netflow/Manifest @@ -0,0 +1 @@ +DIST ipt-netflow-2.1.tgz 87872 SHA256 1cc1ee518ecd6c7d8d792ea79c0f69d03ce450c10fefd37f053c43aac92e9931 SHA512 0055ebb1846077f94c1fbf701af8a07a432058c8e86e31c6f420d5c00c96b45012abdcdeef3c5b1ead7d20c7efd51ac65d000b6cb931d878f528f52de0ab9c21 WHIRLPOOL e46ffe69f58293cca0fc26c2ff13ee30e68e2a60a4b198c89fdb24ebc45a4376877285358d4e72019c811d70d0a77194dbc0d46f44c8076923fc626cfe2e7488 diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch new file mode 100644 index 000000000000..f6b3a005ba21 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch @@ -0,0 +1,10 @@ +--- a/configure ++++ b/configure +@@ -421,7 +421,6 @@ + iptables_find_version #IPTVER + iptables_try_pkgconfig #try to configure from pkg-config + iptables_find_src #IPTSRC +-iptables_src_version #check that IPTSRC match to IPTVER + iptables_inc #IPTINC + iptables_modules #IPTLIB + diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.1-linux-3.19.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.1-linux-3.19.patch new file mode 100644 index 000000000000..47fec4f73da8 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.1-linux-3.19.patch @@ -0,0 +1,45 @@ +commit 582fd497a5f0f5ae5dce24cba042d856d63bfbe1 +Author: ABC <abc@telekom.ru> +Date: Mon Feb 16 21:53:54 2015 +0400 + + Compatibility of __get_cpu_var with linux 3.19. + + Fixes #28, thanks boyarsh@github. + +diff --git a/ipt_NETFLOW.h b/ipt_NETFLOW.h +index bc2734f..5548e57 100644 +--- a/ipt_NETFLOW.h ++++ b/ipt_NETFLOW.h +@@ -396,6 +396,9 @@ struct netflow_aggr_p { + __u16 aggr_port; + }; + ++#ifndef __get_cpu_var ++#define __get_cpu_var(var) (*this_cpu_ptr(&(var))) ++#endif + #define NETFLOW_STAT_INC(count) (__get_cpu_var(ipt_netflow_stat).count++) + #define NETFLOW_STAT_ADD(count, val) (__get_cpu_var(ipt_netflow_stat).count += (unsigned long long)val) + #define NETFLOW_STAT_SET(count, val) (__get_cpu_var(ipt_netflow_stat).count = (unsigned long long)val) +diff --git a/testing.sh b/testing.sh +index b465c8d..caa4f03 100755 +--- a/testing.sh ++++ b/testing.sh +@@ -6,7 +6,7 @@ if [ "$1" = "" ]; then + echo Maintainer only tool. + exit 1 + elif [ "$1" = all ]; then +- exec bash $0 linux-2.6.18 centos5 linux-3.11.2 centos6 linux-3.4.66 linux-3.9.11 centos7 linux-3.14 linux-3.17 ++ exec bash $0 linux-2.6.18 centos5 linux-3.11.2 centos6 linux-3.4.66 linux-3.9.11 centos7 linux-3.14 linux-3.17 linux-3.19 + exit 1 + fi + +@@ -33,6 +33,9 @@ readarray -t opts <<EOF + --enable-sampler=hash + --enable-promisc + EOF ++if [ "$SHORT" ]; then ++ opts=("") ++fi + + colorecho() { + echo -e "\033[1;32m$@\033[m" diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.1.ebuild new file mode 100644 index 000000000000..af6bc1fbee93 --- /dev/null +++ b/net-firewall/ipt_netflow/ipt_netflow-2.1.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +MY_PN="${PN/_/-}" +MY_P="${MY_PN}-${PV}" +inherit eutils linux-info linux-mod multilib toolchain-funcs + +DESCRIPTION="Netflow iptables module" +HOMEPAGE="http://sourceforge.net/projects/ipt-netflow" +SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" + +IUSE="debug snmp" + +RDEPEND=" + net-firewall/iptables + snmp? ( net-analyzer/net-snmp ) +" +DEPEND="${RDEPEND} + virtual/linux-sources + virtual/pkgconfig +" + +# set S before MODULE_NAMES +S="${WORKDIR}/${MY_P}" + +BUILD_TARGETS="all" +MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})" + +IPT_LIB="/usr/$(get_libdir)/xtables" + +pkg_setup() { + local CONFIG_CHECK="~IP_NF_IPTABLES" + use debug && CONFIG_CHECK+=" ~DEBUG_FS" + linux-mod_pkg_setup +} + +src_prepare() { + sed -i \ + -e 's:make -C:$(MAKE) -C:g' \ + -e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \ + -e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' \ + Makefile.in || die + + # Checking for directory is enough + sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die + + # bug #455984 + epatch "${FILESDIR}/${PN}-2.0-configure.patch" + + # bug #552476 + epatch "${FILESDIR}/${PN}-2.1-linux-3.19.patch" + + epatch_user +} + +do_conf() { + echo ./configure $* + ./configure $* ${EXTRA_ECONF} || die 'configure failed' +} + +src_configure() { + local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)" + # this configure script is not based on autotools + # ipt-src need to be defined, see bug #455984 + do_conf \ + --disable-dkms \ + --ipt-lib="${IPT_LIB}" \ + --ipt-src="/usr/" \ + --ipt-ver="${IPT_VERSION}" \ + --kdir="${KV_DIR}" \ + --kver="${KV_FULL}" \ + $(use debug && echo '--enable-debugfs') \ + $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent') +} + +src_compile() { + emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all +} + +src_install() { + linux-mod_src_install + exeinto "${IPT_LIB}" + doexe libipt_NETFLOW.so + use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall + doheader ipt_NETFLOW.h + dodoc README* +} diff --git a/net-firewall/ipt_netflow/metadata.xml b/net-firewall/ipt_netflow/metadata.xml new file mode 100644 index 000000000000..e2cd4f38e85b --- /dev/null +++ b/net-firewall/ipt_netflow/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <maintainer> + <email>pinkbyte@gentoo.org</email> + <name>Sergey Popov</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">ipt-netflow</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest new file mode 100644 index 000000000000..285a257c0005 --- /dev/null +++ b/net-firewall/iptables/Manifest @@ -0,0 +1,15 @@ +DIST iptables-1.4.10.tar.bz2 478007 SHA256 7544e437d2222078b15e6cd063b521c6f1ec4dac49e6af9ba3bfece2a6a93445 SHA512 264a974cc303cf9b352ccdf50d3aa1491167cdf1d7919074925645cc94d7f5e40d315cff048d0fab48e31853dcdad64bd65b83ef6fdd05f9e896be4e3317cd1e WHIRLPOOL 4ca6629ed2f43f1393be5a24284147272ff208d27e8bc073ccadb80f27887f2ef2c477e08ab2f8f22414cd11ab6a33dc42071f2ee3168e15026a76a3270cbc2e +DIST iptables-1.4.11.1.tar.bz2 486926 SHA256 170c294698ca573477b1b2a3815e1563bf9929d182efef6cf0331a6e955c9ade SHA512 432dff8d1bc2b65cd636bb7a8d9ace5402db134df6e5e15c11c2bf1684d513a0f3cf70af099875fbddb25a1ef8868716b4a80791d7475848dd9d7917752d451a WHIRLPOOL ace3dc5ed59f98faea78cce2f1e673cb9b9726360cb1fcaa6ff73b9c36ba2ece8b415f191f1c6862a85829bb857202571bb851132a503ffb272c078d87889cbf +DIST iptables-1.4.12.1.tar.bz2 473418 SHA256 77e6581f21f15946a814fa311236e5f3f7c6593180f9d695cea06aa95e464aba SHA512 ca8960d6d11faaba293e62169a32f8821d9240907d7ca11741dfca78ce92e32d5e2625f99786f55fb08d27ff7643e2531cc741aa0867f45df61248264b8ffe18 WHIRLPOOL b737fb2704511066d052227f7fe73a1ce64f427c614e56a1a681a7dcc37bac214448f9821b416a35cbe7efdf5436c49d0202f6da77aa0ec60de724137d28abda +DIST iptables-1.4.12.tar.bz2 487036 SHA256 3e07a0beb746b580fbcfb04b3842ef0bd94a2f281786552f586415b26a7e971c SHA512 e61652cee5b3e691643769ac16dd9674ad7e2d5684f9e3146200be91a6db5674cead4525a97e232644f966692bea9143eb3b0c64a2dc01a32bf34834d3a0b4de WHIRLPOOL c5f5b29387322b36cce9c59fd548bb582b7b9b11da2616f5ff14c4ddc5eec8bc500da3756593406f5a5a4ab5b43d0f0b9d44b028b270479e10d1d8f716e1d0a0 +DIST iptables-1.4.13.tar.bz2 502942 SHA256 321e2600fc4541a958e44cafd85a42864b0035404097e0f2e082d474029b9ded SHA512 598b05aa1446172c65b5103bdd02e29f8c8253eb3395e8cabc33e664e7d7afb4a842deea4f0faaac4645acd29a4fbfc0c0675c55f67e38c822ae28b549eab73c WHIRLPOOL 44df42d7fd66349c6bdef8cfa6d80571e7ec7d58a7092b188ef41a8431cd02394835177bdc4d31255b8a115f088daba269f6ecb9230b8d04df6e01151a926017 +DIST iptables-1.4.14.tar.bz2 507123 SHA256 9be675696f41cd4f35cc332b667d285fe9489ca93c8e1f77804bd04b3315a522 SHA512 3bf6db564359acafa738068980793129982318317bea69f21282d80f40dcb1e16938f8e2928e6cdcc4e77d89b2bc3f6c45aad7eb11ff84063b78e5f8e1907f9e WHIRLPOOL 16f630e38272b76c3d7eefa83869902b0f111d9ffba2eca6fe885759619dc81f1c9fc1bfe2f946adc99edfdfc5f4002a331e412a8fef674f63bfb760aa44e868 +DIST iptables-1.4.15.tar.bz2 514830 SHA256 867c144e60075e7bebe6fcecf0b65169d5e2d1fa5ceec2ebd9780cd5026123ea SHA512 2ef559f1079838b2aa8348e66248aac7bc7549be93014ddbdaf730fbad168a657e20e031dcfd9ffa62ed45a52dbefc3683783a5d9b929d539d07ba6ad6adcfa0 WHIRLPOOL 8a56ed3cffd572f2202f172a3b903283452b4fd9647b6123530a1cc489a150bc88e7eb1f911f896b655d1de37f26c0a5eadd383c06103a0f395a82e1bc321b89 +DIST iptables-1.4.16.2.tar.bz2 536755 SHA256 4468ce7e1d68349a8e30f26110eb7969dbfdbf497d6c53758883123b3f2d6f6e SHA512 1ec9d12cc069a8acb1a443e7325c2bb98f0216e0a454413424b49c90bd6f4f94832ed1187a8fc75bdc7d80aa4ca9f3534e15799c46cb17344886d7b4ad34e4c0 WHIRLPOOL b0c782f41bb7d0df794064b1f57853ec664ddf0f899ab4b1f8cf51df0f98594065b7e7e3a77ee398cbb4fcc03fe360e67cf679bf6f9f730263ad29be394e76e0 +DIST iptables-1.4.16.3.tar.bz2 536872 SHA256 643ccf34099d53d5b839e1d889c05627745a51ec122648e76a9fcec3a8a9ec79 SHA512 c232a927fe63623cc0d336b4a09d7baad2d0c5a2a5e3b7ad083727e9f17cd0b668a826a4c5ff0bbb45233fee6c38c153710b13f458514516af7cf7df10d720e2 WHIRLPOOL 2dadcdb39f7741cb7b3c493bc36792a6edbdd9ddaa0c862d2ec0a6fbb89eb82c55f04ae407ab641f425208b15ef6e689af10ce6c03368e40652367c39dead75f +DIST iptables-1.4.17.tar.bz2 541137 SHA256 51e7a769469383b6ad308a6a19cdd2bd813cf4593e21a156a543a1cd70554925 SHA512 022f89cbf56408842bdeb1adbe05076addaad007599fdb662f32a1c134d743dade28c26842acc7545d2474903164be5fe3ec7fd1e276cd2c37bd3b33b8a30de1 WHIRLPOOL f2cb85d5f4080fce2c6673a58737ace3d55130f74c66207bc515d0c7b4ecd75bd7ac8540a862e8af133e740d34eee40833d72c9c3236c7ef4dc75cd43816ec41 +DIST iptables-1.4.18.tar.bz2 542308 SHA256 14a99fb8b0ca22027a9ac6eb72fa32c834ceb3073820e0ba79bf251c6a7bcf3c SHA512 fc62916bd90863c0868f70d711fd6716cbcb54402c32bdeebfd0cee05137fa3ff1a137f0a4b5b31ee0bb6492e23e60e7025d51914b26c0e0b233181cbb1cb1b5 WHIRLPOOL 5d89e0f8d2dfad0f25a369f936f86386c799b2c475cef9fb13fb3c8cb9fcb201361c7d134a24f68099b2b5468c97476e1982bc116fa6448a07d776c724fddbd3 +DIST iptables-1.4.19.1.tar.bz2 543785 SHA256 dd51d3b942758a462afc7c8495930d25c93058e5319303247375183ad50164d2 SHA512 a3232ae92b997f67b5895c110f2cb8ec3aecbc383e804a870351c61e49cd83c1d7bf750818768f5560d615090157a17cc5c4ef101bc104905915de67fa022088 WHIRLPOOL 99ec72c45eb5a5721e4228b3ae79ffa2d1a67db362a9c67a09190c8bed54f023e6550b300b41d0d119c518d234559d7bc1182313b26460a2d224768d1f7955b3 +DIST iptables-1.4.20.tar.bz2 546864 SHA256 109b8c7ca90b4536bc5de869ae705f6d5efcc0c08ef3003755aad3ed6d2d49ad SHA512 6c8e1d89db66c0cfd76afd7fa7de8a7d451337f6f15f01d811585714f6d488275621ca9a1f4967a2ae99e90f3890cf0e3c7f7a9a3a98fda902b0a56717d7ffe0 WHIRLPOOL 8146d632ec00c663988d4e82e3adfa8b9fa2df269df2e6cc359dae65727e59f4ef614540eb4f970d020eac558d7423731a88246f9df1265718346ca62e59a8e7 +DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200 +DIST iptables-1.4.6.tar.bz2 463758 SHA256 6e732798cad62163d6e033aa52e22b771246556a230c0f66cd33fe69e96d72a4 SHA512 0ec1314462a154b5892093b17b997f130760b2ada4fb2b7cdc0f6cb7bb9da9ddaf77400c3fcbe57c4db1400adaec37d38f9debe37f7ed33dabbbe3b58c13e942 WHIRLPOOL 39e1f0f3f46350c81d2fe219b5d40174f4a390180f71ac8c896a634aa29abe98da665c8e93d373465dad351a9604d6c5e36c0f99f7256b85ffbc3615cefa28ae diff --git a/net-firewall/iptables/files/ip6tables-1.3.2.confd b/net-firewall/iptables/files/ip6tables-1.3.2.confd new file mode 100644 index 000000000000..93c0bc89b38a --- /dev/null +++ b/net-firewall/iptables/files/ip6tables-1.3.2.confd @@ -0,0 +1,11 @@ +# /etc/conf.d/ip6tables + +# Location in which iptables initscript will save set rules on +# service shutdown +IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd new file mode 100644 index 000000000000..3bb36989d37e --- /dev/null +++ b/net-firewall/iptables/files/ip6tables-1.4.13.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/ip6tables + +# Location in which iptables initscript will save set rules on +# service shutdown +IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/iptables/files/iptables-1.3.2.confd b/net-firewall/iptables/files/iptables-1.3.2.confd new file mode 100644 index 000000000000..91287debdbcf --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.3.2.confd @@ -0,0 +1,11 @@ +# /etc/conf.d/iptables + +# Location in which iptables initscript will save set rules on +# service shutdown +IPTABLES_SAVE="/var/lib/iptables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" diff --git a/net-firewall/iptables/files/iptables-1.3.2.init b/net-firewall/iptables/files/iptables-1.3.2.init new file mode 100755 index 000000000000..907a39e7479a --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.3.2.init @@ -0,0 +1,115 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then + iptables_name="iptables" +fi + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + before net + use logger +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? + + start +} + +save() { + ebegin "Saving ${iptables_name} state" + touch "${iptables_save}" + chmod 0600 "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + service_started ${iptables_name} && svc_stop + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch b/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch new file mode 100644 index 000000000000..d83a7059f37b --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.11.1-man-fixes.patch @@ -0,0 +1,17 @@ +diff --git a/iptables/Makefile.am b/iptables/Makefile.am +index 13cca9c..a068278 100644 +--- a/iptables/Makefile.am ++++ b/iptables/Makefile.am +@@ -51,10 +51,10 @@ v6_sbin_links = ip6tables ip6tables-restore ip6tables-save + endif + + iptables.8: ${srcdir}/iptables.8.in ../extensions/matches4.man ../extensions/targets4.man +- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches4.man' -e '/@TARGET@/ r extensions/targets4.man' $< >$@; ++ ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches4.man' -e '/@TARGET@/ r ../extensions/targets4.man' $< >$@; + + ip6tables.8: ${srcdir}/ip6tables.8.in ../extensions/matches6.man ../extensions/targets6.man +- ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r extensions/matches6.man' -e '/@TARGET@/ r extensions/targets6.man' $< >$@; ++ ${AM_VERBOSE_GEN} sed -e 's/@PACKAGE_AND_VERSION@/${PACKAGE} ${PACKAGE_VERSION}/g' -e '/@MATCH@/ r ../extensions/matches6.man' -e '/@TARGET@/ r ../extensions/targets6.man' $< >$@; + + pkgconfig_DATA = xtables.pc + diff --git a/net-firewall/iptables/files/iptables-1.4.11.init b/net-firewall/iptables/files/iptables-1.4.11.init new file mode 100644 index 000000000000..6b2b88c5dbed --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.11.init @@ -0,0 +1,117 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then + iptables_name="iptables" +fi + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + before net + use logger +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? + + start +} + +save() { + ebegin "Saving ${iptables_name} state" + touch "${iptables_save}" + chmod 0600 "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch new file mode 100644 index 000000000000..9bbcc67cb6a5 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.12.1-conntrack-v2-ranges.patch @@ -0,0 +1,48 @@ +commit 3412bd0bfb8b8bac9834cbfd3392b3d5487133bf +Author: Tom Eastep <teastep@shorewall.net> +Date: Thu Aug 18 15:11:16 2011 -0700 + + libxt_conntrack: improve error message on parsing violation + + Tom Eastep noted: + + $ iptables -A foo -m conntrack --ctorigdstport 22 + iptables v1.4.12: conntrack rev 2 does not support port ranges + Try `iptables -h' or 'iptables --help' for more information. + + Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug, + but let's include Tom's patch nevertheless for the better error + message in case one actually does specify a range with rev 2. + + References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 + Signed-off-by: Jan Engelhardt <jengelh@medozas.de> + +diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c +index 060b947..fff69f8 100644 +--- a/extensions/libxt_conntrack.c ++++ b/extensions/libxt_conntrack.c +@@ -129,13 +129,20 @@ static const struct xt_option_entry conntrack2_mt_opts[] = { + .flags = XTOPT_INVERT}, + {.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC, + .flags = XTOPT_INVERT}, +- {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORT, ++ /* ++ * Rev 1 and 2 only store one port, and we would normally use ++ * %XTTYPE_PORT (rather than %XTTYPE_PORTRC) for that. The resulting ++ * error message - in case a user passed a range nevertheless - ++ * "port 22:23 resolved to nothing" is not quite as useful as using ++ * %XTTYPE_PORTC and libxt_conntrack's own range test. ++ */ ++ {.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, +- {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORT, ++ {.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, +- {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORT, ++ {.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, +- {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORT, ++ {.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC, + .flags = XTOPT_INVERT | XTOPT_NBO}, + {.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING}, + XTOPT_TABLEEND, diff --git a/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch b/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch new file mode 100644 index 000000000000..4d9e1d8ed4dd --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.12.1-lm.patch @@ -0,0 +1,61 @@ +parent 2ca6273c73b42e8c74afd5f8b1fe10c5c93ce363 (v1.4.12-43-g2ca6273) +commit d4e72dc1c684c2f8361d87e6bde2902cd2ee8efb +Author: Jan Engelhardt <jengelh@medozas.de> +Date: Sat Sep 3 13:34:40 2011 +0200 + +libxt_statistic: link with -lm + +$ ldd -r libxt_statistic.so +undefined symbol: lround (./libxt_statistic.so) + +References: https://bugs.archlinux.org/task/25358 +Signed-off-by: Jan Engelhardt <jengelh@medozas.de> +--- + extensions/GNUmakefile.in | 5 ++++- + iptables/Makefile.am | 9 +++++++-- + 2 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index 2b48d84..dbf210c 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -90,11 +90,14 @@ init%.o: init%.c + # Shared libraries + # + lib%.so: lib%.oo +- ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<; ++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< ${$*_LIBADD}; + + lib%.oo: ${srcdir}/lib%.c + ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; + ++# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD ++xt_statistic_LIBADD = -lm ++ + + # + # Static bits +diff --git a/iptables/Makefile.am b/iptables/Makefile.am +index addb159..f6db32d 100644 +--- a/iptables/Makefile.am ++++ b/iptables/Makefile.am +@@ -6,12 +6,17 @@ AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir} + lib_LTLIBRARIES = libxtables.la + libxtables_la_SOURCES = xtables.c xtoptions.c + libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage} ++libxtables_la_LIBADD = ++if ENABLE_STATIC ++# With --enable-static, shipped extensions are linked into the main executable, ++# so we need all the LIBADDs here too ++libxtables_la_LIBADD += -lm ++endif + if ENABLE_SHARED + libxtables_la_CFLAGS = ${AM_CFLAGS} +-libxtables_la_LIBADD = -ldl ++libxtables_la_LIBADD += -ldl + else + libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1 +-libxtables_la_LIBADD = + endif + + xtables_multi_SOURCES = xtables-multi.c iptables-xml.c diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init new file mode 100644 index 000000000000..440e840c41a8 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init @@ -0,0 +1,130 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="check save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +case ${iptables_name} in +iptables|ip6tables) ;; +*) iptables_name="iptables" ;; +esac + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + need localmount #434774 + before net +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + checkrules || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? + + start +} + +checkrules() { + ebegin "Checking rules" + ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +check() { + # Short name for users of init.d script. + checkrules +} + +save() { + ebegin "Saving ${iptables_name} state" + checkpath -q -d "$(dirname "${iptables_save}")" + checkpath -q -m 0600 -f "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd new file mode 100644 index 000000000000..7225374c3a8a --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.13.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/iptables + +# Location in which iptables initscript will save set rules on +# service shutdown +IPTABLES_SAVE="/var/lib/iptables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/iptables/files/iptables-1.4.13.init b/net-firewall/iptables/files/iptables-1.4.13.init new file mode 100644 index 000000000000..a45c6d1a9918 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.13.init @@ -0,0 +1,116 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then + iptables_name="iptables" +fi + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + before net +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? + + start +} + +save() { + ebegin "Saving ${iptables_name} state" + touch "${iptables_save}" + chmod 0600 "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/iptables/files/iptables-1.4.16.2-static.patch b/net-firewall/iptables/files/iptables-1.4.16.2-static.patch new file mode 100644 index 000000000000..a5d6fe71f670 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.16.2-static.patch @@ -0,0 +1,55 @@ +https://bugs.gentoo.org/437712 + +From 269655d54e22f3a36250bb2c4639dddd102258c6 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt <jengelh@inai.de> +Date: Mon, 8 Oct 2012 12:04:56 +0000 +Subject: [PATCH] build: remove symlink-only extensions from static object + list + +$ ./configure --enable-static --disable-shared --enable-ipv4 + --enable-ipv6 && make +[...] +make[3]: *** No rule to make target "libxt_NOTRACK.o", needed by +"libext.a". Stop. + +Signed-off-by: Jan Engelhardt <jengelh@inai.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + extensions/GNUmakefile.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index 8b38df9..1cef239 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -39,7 +39,7 @@ endif + # Wildcard module list + # + pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c))) +-pfx_build_mod += NOTRACK state ++pfx_symlinks := NOTRACK state + @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c))) + @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c))) + pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) +@@ -48,7 +48,7 @@ pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) + pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) + pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod}) + pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod}) +-pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod}) ++pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks}) + pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) + pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) + +@@ -220,7 +220,7 @@ man_run = \ + done >$@; + + matches.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man) +- $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod})) ++ $(call man_run,$(call ex_matches,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks})) + + targets.man: .initext.dd .initext4.dd .initext6.dd $(wildcard ${srcdir}/lib*.man) +- $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod})) ++ $(call man_run,$(call ex_targets,${pfx_build_mod} ${pf4_build_mod} ${pf6_build_mod} ${pfx_symlinks})) +-- +1.7.12 + diff --git a/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch new file mode 100644 index 000000000000..5212dd253aa8 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.17-libip6tc.patch @@ -0,0 +1,32 @@ +From d42bc7c100de69396a527e90736198f8e4e3000b Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sun, 30 Dec 2012 18:06:15 -0500 +Subject: [PATCH] extensions: fix linking against -lip6tc + +The current build forgets to specify a path to find libip6tc which means +it either fails (if there is no libip6tc in the system), or links against +an old version (if there is one in the system). + +References: https://bugs.gentoo.org/449262 +Reported-by: Mike Gilbert <floppym@gentoo.org> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + extensions/GNUmakefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index e71e3ff..a605474 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -101,7 +101,7 @@ libxt_state.so: libxt_conntrack.so + ln -fs $< $@ + + # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD +-ip6t_NETMAP_LIBADD = -lip6tc ++ip6t_NETMAP_LIBADD = -L../libiptc/.libs -lip6tc + xt_RATEEST_LIBADD = -lm + xt_statistic_LIBADD = -lm + +-- +1.8.0 + diff --git a/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch new file mode 100644 index 000000000000..33d048163a18 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.18-extensions-link.patch @@ -0,0 +1,74 @@ +From 37b19d08f3cbc83a653386d76261490e173a874b Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Sat, 16 Mar 2013 12:15:30 +0100 +Subject: [PATCH] Revert "build: resolve link failure for ip6t_NETMAP" + +This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6. + +The use of libtool was introduced to resolve linking problems +in NETMAP (IPv6 version), but that resulted in RPATH problems +reported from distributors and warnings spotted by libtool at +linking stage. + +Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and +get rid of libip6tc dependency) fixed the NETMAP issue, let's +roll back to our previous stage. + +A small conflicts in extensions/GNUmakefile.in has been resolved +in this revert. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + extensions/GNUmakefile.in | 18 +++++++----------- + 1 file changed, 7 insertions(+), 11 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index 3db6985..1ae7f74 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -33,7 +33,6 @@ AM_VERBOSE_CXX = @echo " CXX " $@; + AM_VERBOSE_CXXLD = @echo " CXXLD " $@; + AM_VERBOSE_AR = @echo " AR " $@; + AM_VERBOSE_GEN = @echo " GEN " $@; +-AM_VERBOSE_NULL = @ + endif + + # +@@ -76,7 +75,7 @@ install: ${targets_install} + if test -n "${targets_install}"; then install -pm0755 $^ "${DESTDIR}${xtlibdir}/"; fi; + + clean: +- rm -f *.la *.o *.lo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; ++ rm -f *.o *.oo *.so *.a {matches,targets}.man initext.c initext4.c initext6.c; + rm -f .*.d .*.dd; + + distclean: clean +@@ -90,19 +89,16 @@ init%.o: init%.c + # + # Shared libraries + # +-lib%.so: lib%.la +- ${AM_VERBOSE_NULL} ln -fs .libs/$@ $@ ++lib%.so: lib%.oo ++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD}; + +-lib%.la: lib%.lo +- ${AM_VERBOSE_CCLD} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=link ${CCLD} ${AM_LDFLAGS} -module ${LDFLAGS} -o $@ $< ../libxtables/libxtables.la ${$*_LIBADD} -rpath ${xtlibdir} +- +-lib%.lo: ${srcdir}/lib%.c +- ${AM_VERBOSE_CC} ../libtool ${AM_LIBTOOL_SILENT} --tag=CC --mode=compile ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init ${CFLAGS} -o $@ -c $< ++lib%.oo: ${srcdir}/lib%.c ++ ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; + + libxt_NOTRACK.so: libxt_CT.so +- ${AM_VERBOSE_GEN} ln -fs $< $@ ++ ln -fs $< $@ + libxt_state.so: libxt_conntrack.so +- ${AM_VERBOSE_GEN} ln -fs $< $@ ++ ln -fs $< $@ + + # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD + xt_RATEEST_LIBADD = -lm +-- +1.8.2.1 + diff --git a/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch new file mode 100644 index 000000000000..52829de24a5f --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.18-ipv6-linkage.patch @@ -0,0 +1,88 @@ +From cccfff9309743f173c504dd265fae173caa5b47f Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Sat, 16 Mar 2013 12:11:07 +0100 +Subject: [PATCH] libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of + libip6tc dependency + +This patch changes the NETMAP target extension (IPv6 side) to use +the xtables_ip6mask_to_cidr available in libxtables. + +As a side effect, we get rid of the libip6tc dependency. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + extensions/GNUmakefile.in | 1 - + extensions/libip6t_NETMAP.c | 2 +- + include/libiptc/libip6tc.h | 3 --- + iptables/ip6tables.c | 2 +- + libiptc/libip6tc.c | 2 +- + 5 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in +index adad4d6..3db6985 100644 +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -105,7 +105,6 @@ libxt_state.so: libxt_conntrack.so + ${AM_VERBOSE_GEN} ln -fs $< $@ + + # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD +-ip6t_NETMAP_LIBADD = ../libiptc/libip6tc.la + xt_RATEEST_LIBADD = -lm + xt_statistic_LIBADD = -lm + +diff --git a/extensions/libip6t_NETMAP.c b/extensions/libip6t_NETMAP.c +index d14dece..a4df70e 100644 +--- a/extensions/libip6t_NETMAP.c ++++ b/extensions/libip6t_NETMAP.c +@@ -61,7 +61,7 @@ static void NETMAP_print(const void *ip, const struct xt_entry_target *target, + printf("%s", xtables_ip6addr_to_numeric(&a)); + for (i = 0; i < 4; i++) + a.s6_addr32[i] = ~(r->min_addr.ip6[i] ^ r->max_addr.ip6[i]); +- bits = ipv6_prefix_length(&a); ++ bits = xtables_ip6mask_to_cidr(&a); + if (bits < 0) + printf("/%s", xtables_ip6addr_to_numeric(&a)); + else +diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h +index c656bc4..9aed80a 100644 +--- a/include/libiptc/libip6tc.h ++++ b/include/libiptc/libip6tc.h +@@ -154,9 +154,6 @@ int ip6tc_get_raw_socket(void); + /* Translates errno numbers into more human-readable form than strerror. */ + const char *ip6tc_strerror(int err); + +-/* Return prefix length, or -1 if not contiguous */ +-int ipv6_prefix_length(const struct in6_addr *a); +- + extern void dump_entries6(struct xtc_handle *const); + + extern const struct xtc_ops ip6tc_ops; +diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c +index 4cfbea3..7d02cc1 100644 +--- a/iptables/ip6tables.c ++++ b/iptables/ip6tables.c +@@ -1022,7 +1022,7 @@ static void print_ip(const char *prefix, const struct in6_addr *ip, + const struct in6_addr *mask, int invert) + { + char buf[51]; +- int l = ipv6_prefix_length(mask); ++ int l = xtables_ip6mask_to_cidr(mask); + + if (l == 0 && !invert) + return; +diff --git a/libiptc/libip6tc.c b/libiptc/libip6tc.c +index 7128e1c..ca01bcb 100644 +--- a/libiptc/libip6tc.c ++++ b/libiptc/libip6tc.c +@@ -113,7 +113,7 @@ typedef unsigned int socklen_t; + #define BIT6(a, l) \ + ((ntohl(a->s6_addr32[(l) / 32]) >> (31 - ((l) & 31))) & 1) + +-int ++static int + ipv6_prefix_length(const struct in6_addr *a) + { + int l, i; +-- +1.8.2.1 + diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service new file mode 100644 index 000000000000..88415fa37a64 --- /dev/null +++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service @@ -0,0 +1,14 @@ +[Unit] +Description=Restore ip6tables firewall rules +# if both are queued for some reason, don't store before restoring :) +Before=ip6tables-store.service +# sounds reasonable to have firewall up before any of the services go up +Before=network.target +Conflicts=shutdown.target + +[Service] +Type=oneshot +ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save + +[Install] +WantedBy=basic.target diff --git a/net-firewall/iptables/files/systemd/ip6tables-store.service b/net-firewall/iptables/files/systemd/ip6tables-store.service new file mode 100644 index 000000000000..9975378353d3 --- /dev/null +++ b/net-firewall/iptables/files/systemd/ip6tables-store.service @@ -0,0 +1,11 @@ +[Unit] +Description=Store ip6tables firewall rules +Before=shutdown.target +DefaultDependencies=No + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save" + +[Install] +WantedBy=shutdown.target diff --git a/net-firewall/iptables/files/systemd/ip6tables.service b/net-firewall/iptables/files/systemd/ip6tables.service new file mode 100644 index 000000000000..0a6d7fa1c8ab --- /dev/null +++ b/net-firewall/iptables/files/systemd/ip6tables.service @@ -0,0 +1,6 @@ +[Unit] +Description=Store and restore ip6tables firewall rules + +[Install] +Also=ip6tables-store.service +Also=ip6tables-restore.service diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service new file mode 100644 index 000000000000..9d568d78b309 --- /dev/null +++ b/net-firewall/iptables/files/systemd/iptables-restore.service @@ -0,0 +1,14 @@ +[Unit] +Description=Restore iptables firewall rules +# if both are queued for some reason, don't store before restoring :) +Before=iptables-store.service +# sounds reasonable to have firewall up before any of the services go up +Before=network.target +Conflicts=shutdown.target + +[Service] +Type=oneshot +ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save + +[Install] +WantedBy=basic.target diff --git a/net-firewall/iptables/files/systemd/iptables-store.service b/net-firewall/iptables/files/systemd/iptables-store.service new file mode 100644 index 000000000000..aa16e75e9ccf --- /dev/null +++ b/net-firewall/iptables/files/systemd/iptables-store.service @@ -0,0 +1,11 @@ +[Unit] +Description=Store iptables firewall rules +Before=shutdown.target +DefaultDependencies=No + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save" + +[Install] +WantedBy=shutdown.target diff --git a/net-firewall/iptables/files/systemd/iptables.service b/net-firewall/iptables/files/systemd/iptables.service new file mode 100644 index 000000000000..3643a3e31034 --- /dev/null +++ b/net-firewall/iptables/files/systemd/iptables.service @@ -0,0 +1,6 @@ +[Unit] +Description=Store and restore iptables firewall rules + +[Install] +Also=iptables-store.service +Also=iptables-restore.service diff --git a/net-firewall/iptables/iptables-1.4.10-r1.ebuild b/net-firewall/iptables/iptables-1.4.10-r1.ebuild new file mode 100644 index 000000000000..ff152ec86761 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.10-r1.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="2" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink" + +COMMON_DEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers +" +RDEPEND=" + ${COMMON_DEPEND} +" + +src_prepare() { + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \ + configure + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + --enable-static \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 || die +} + +src_install() { + emake install DESTDIR="${D}" || die + doman iptables-apply.8 || die + dodoc INCOMPATIBILITIES iptables.xslt || die + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables-apply || die + dosym iptables-apply /sbin/ip6tables-apply || die + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die + insinto /usr/include/iptables + doins include/iptables/internal.h || die + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${D}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.10.ebuild b/net-firewall/iptables/iptables-1.4.10.ebuild new file mode 100644 index 000000000000..82e42fdf7ee5 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.10.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="2" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="ipv6" + +DEPEND="virtual/os-headers" +RDEPEND="" + +src_prepare() { + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + --enable-static \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 || die +} + +src_install() { + emake install DESTDIR="${D}" || die + dosbin iptables-apply || die + doman iptables-apply.8 || die + dodoc INCOMPATIBILITIES iptables.xslt || die + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die + insinto /usr/include/iptables + doins include/iptables/internal.h || die + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${D}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild b/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild new file mode 100644 index 000000000000..77310ab04511 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.11.1-r2.ebuild @@ -0,0 +1,86 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm ~hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="ipv6 netlink" + +COMMON_DEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + sys-devel/automake +" +RDEPEND=" + ${COMMON_DEPEND} +" + +src_prepare() { + # Only run autotools if user patched something + epatch "${FILESDIR}/${P}-man-fixes.patch" + eautomake + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \ + configure + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + --enable-static \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + emake install DESTDIR="${D}" + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild b/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild new file mode 100644 index 000000000000..2055cf251814 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.12.1-r1.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + sys-devel/automake +" + +src_prepare() { + epatch \ + "${FILESDIR}/iptables-1.4.12.1-lm.patch" \ + "${FILESDIR}/iptables-1.4.12.1-conntrack-v2-ranges.patch" + eautomake + + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.12.1.ebuild b/net-firewall/iptables/iptables-1.4.12.1.ebuild new file mode 100644 index 000000000000..2639b2e56363 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.12.1.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="ipv6 netlink" + +COMMON_DEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + sys-devel/automake +" +RDEPEND=" + ${COMMON_DEPEND} +" + +src_prepare() { + epatch "${FILESDIR}/iptables-1.4.12.1-lm.patch" + eautomake + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \ + configure || die + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + --enable-static \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + emake install DESTDIR="${D}" + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.12.ebuild b/net-firewall/iptables/iptables-1.4.12.ebuild new file mode 100644 index 000000000000..80e13cc88046 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.12.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink" + +COMMON_DEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND=" + ${COMMON_DEPEND} + virtual/os-headers + sys-devel/automake +" +RDEPEND=" + ${COMMON_DEPEND} +" + +src_prepare() { + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(use netlink && echo 1 || echo 0):" \ + configure || die + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + --enable-static \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + emake install DESTDIR="${D}" + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.13-r2.ebuild b/net-firewall/iptables/iptables-1.4.13-r2.ebuild new file mode 100644 index 000000000000..e10df947ab5c --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.13-r2.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + !>=sys-kernel/linux-headers-3.5 +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.13.ebuild b/net-firewall/iptables/iptables-1.4.13.ebuild new file mode 100644 index 000000000000..efa45e2e066b --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.13.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + !>=sys-kernel/linux-headers-3.5 +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.11.init iptables + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.11.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc ipq iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.14-r1.ebuild b/net-firewall/iptables/iptables-1.4.14-r1.ebuild new file mode 100644 index 000000000000..829beb00e618 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.14-r1.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + !>=sys-kernel/linux-headers-3.5 +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.15-r1.ebuild b/net-firewall/iptables/iptables-1.4.15-r1.ebuild new file mode 100644 index 000000000000..829beb00e618 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.15-r1.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + !>=sys-kernel/linux-headers-3.5 +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.16.2.ebuild b/net-firewall/iptables/iptables-1.4.16.2.ebuild new file mode 100644 index 000000000000..4dc89f6921c8 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.16.2.ebuild @@ -0,0 +1,85 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + epatch "${FILESDIR}"/${P}-static.patch #437712 + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.16.3.ebuild b/net-firewall/iptables/iptables-1.4.16.3.ebuild new file mode 100644 index 000000000000..a5c40e6fda90 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.16.3.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.17.ebuild b/net-firewall/iptables/iptables-1.4.17.ebuild new file mode 100644 index 000000000000..0bbfa2b99cba --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.17.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + epatch "${FILESDIR}"/${P}-libip6tc.patch #449262 + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.18.ebuild b/net-firewall/iptables/iptables-1.4.18.ebuild new file mode 100644 index 000000000000..6976767da282 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.18.ebuild @@ -0,0 +1,88 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + epatch "${FILESDIR}"/${P}-extensions-link.patch + epatch "${FILESDIR}"/${P}-ipv6-linkage.patch + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' || die "la removal failed" +} diff --git a/net-firewall/iptables/iptables-1.4.19.1.ebuild b/net-firewall/iptables/iptables-1.4.19.1.ebuild new file mode 100644 index 000000000000..052c7e70e34e --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.19.1.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-1.4.20.ebuild b/net-firewall/iptables/iptables-1.4.20.ebuild new file mode 100644 index 000000000000..43dc46ce3714 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.20.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild new file mode 100644 index 000000000000..95ceda5539c2 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.21-r1.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib systemd toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-1.4.21.ebuild b/net-firewall/iptables/iptables-1.4.21.ebuild new file mode 100644 index 000000000000..56a8118d78b0 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.21.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6 netlink static-libs" + +RDEPEND=" + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + # Move important libs to /lib + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-1.4.6.ebuild b/net-firewall/iptables/iptables-1.4.6.ebuild new file mode 100644 index 000000000000..c8e790cd6996 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.6.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils multilib toolchain-funcs + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.iptables.org/" +SRC_URI="http://iptables.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="ipv6" + +DEPEND="virtual/os-headers + !>=sys-kernel/linux-headers-2.6.33" +RDEPEND="" + +src_unpack() { + unpack ${P}.tar.bz2 + cd "${S}" + epatch_user +} + +src_compile() { + econf \ + --sbindir=/sbin \ + --libexecdir=/$(get_libdir) \ + --enable-devel \ + --enable-libipq \ + --enable-shared \ + --enable-static \ + $(use_enable ipv6) + emake V=1 || die +} + +src_install() { + emake install DESTDIR="${D}" || die + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) || die + insinto /usr/include/iptables + doins include/iptables/internal.h || die + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.3.2.init iptables || die + newconfd "${FILESDIR}"/${PN}-1.3.2.confd iptables || die + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.3.2.init ip6tables || die + newconfd "${FILESDIR}"/ip6tables-1.3.2.confd ip6tables || die + fi +} diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml new file mode 100644 index 000000000000..ed96e3dd4e4e --- /dev/null +++ b/net-firewall/iptables/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>base-system</herd> +<use> + <flag name='netlink'>Build against libnfnetlink which enables the nfnl_osf util</flag> +</use> +<longdescription> + iptables is the userspace command line program used to set up, maintain, and + inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a + part of packet filtering framework which allows the stateless and stateful + packet filtering, all kinds of network address and port translation, and is a + flexible and extensible infrastructure with multiple layers of API's for 3rd + party extensions. The iptables package also includes ip6tables. ip6tables is + used for configuring the IPv6 packet filter. + + Note that some extensions (e.g. imq and l7filter) are not included into + official kernel sources so you have to patch the sources before installation. +</longdescription> +<upstream> + <remote-id type="cpe">cpe:/a:netfilter_core_team:iptables</remote-id> +</upstream> +</pkgmetadata> diff --git a/net-firewall/itval/Manifest b/net-firewall/itval/Manifest new file mode 100644 index 000000000000..b1343e53b77c --- /dev/null +++ b/net-firewall/itval/Manifest @@ -0,0 +1 @@ +DIST ITVal-20121104.tar.bz2 71398 SHA256 dba3bcd2876b28fad4baedfd39a4d8ddd658d128e50c6f53253d321a082dcf42 SHA512 145f464154d0c88e6c43a16a6ea59f3f6f525612c99032bd5acb934975d46568a40b25996a92d63d190afbe2f129010fb7cdb843dced9eae4ec925b97ee17eca WHIRLPOOL 6c4ebb99b496988749559e83d6170e2f7c211cb9afe7e079a2591f11e01fc679dee5e94b030291bc76995f760b1ad3f056a5a64b110757f93e9d3e3cdbe8bdd2 diff --git a/net-firewall/itval/files/itval-1.1-gcc44.patch b/net-firewall/itval/files/itval-1.1-gcc44.patch new file mode 100644 index 000000000000..796b67481796 --- /dev/null +++ b/net-firewall/itval/files/itval-1.1-gcc44.patch @@ -0,0 +1,28 @@ +--- a/FDDL/mdd.h ++++ b/FDDL/mdd.h +@@ -29,10 +29,11 @@ + //#define BRIEF_DEBUG + + #ifndef FDDL_MDD_H + # define FDDL_MDD_H 1 + ++# include <cstdio> + # include <iostream> + # include <assert.h> + + # include <FDDL/mddtypes.h> + # include <FDDL/caches.h> +--- a/src/structures.h ++++ b/src/structures.h +@@ -28,10 +28,11 @@ + + #ifndef __STRUCTURES_H + #define __STRUCTURES_H + + #include <stdlib.h> ++#include <cstdio> + + //Linked list of IP addresses + class address + { + public: diff --git a/net-firewall/itval/itval-1.2_p20121104.ebuild b/net-firewall/itval/itval-1.2_p20121104.ebuild new file mode 100644 index 000000000000..87c74aa5e6f0 --- /dev/null +++ b/net-firewall/itval/itval-1.2_p20121104.ebuild @@ -0,0 +1,37 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +CMAKE_IN_SOURCE_BUILD=1 +inherit cmake-utils versionator + +MY_PN="ITVal" +MY_PV="$(get_version_component_range 3)" +MY_PV="${MY_PV/p/}" +MY_P="${MY_PN}-${MY_PV}" + +DESCRIPTION="Iptables policy testing and validation tool" +HOMEPAGE="http://itval.sourceforge.net" +SRC_URI="http://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" + +RDEPEND="dev-libs/fddl" +DEPEND=" + sys-devel/flex + sys-devel/bison + ${RDEPEND} +" + +S=${WORKDIR}/${MY_P} + +DOCS=( AUTHORS ChangeLog README RELEASE ) + +src_install() { + default + doman man/ITVal.n +} diff --git a/net-firewall/itval/metadata.xml b/net-firewall/itval/metadata.xml new file mode 100644 index 000000000000..78692635ad22 --- /dev/null +++ b/net-firewall/itval/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> +</pkgmetadata> diff --git a/net-firewall/lutelwall/Manifest b/net-firewall/lutelwall/Manifest new file mode 100644 index 000000000000..2509d88a91c1 --- /dev/null +++ b/net-firewall/lutelwall/Manifest @@ -0,0 +1 @@ +DIST lutelwall-0.99.tar.gz 29209 SHA256 92ab7ab320cbefd694cd5ba3799e6143244402eac65ffcd4b52528bc31d1a1f8 SHA512 8812048c9e4ec3beff2214ed3ceb2d980d769ada686a934af22baec76a3670e51ddb171097adbfb78c63ce9bc25554b1da93ec8c86f59457277fd4651cf1068c WHIRLPOOL 842979556cecab887f9f050d5d92e0539c608023a694608d82e77a7d338ca6a6d8fc842dee49aa2def49dfeebc82faf23b12108e0363ec881395ced8279bdb76 diff --git a/net-firewall/lutelwall/files/lutelwall b/net-firewall/lutelwall/files/lutelwall new file mode 100644 index 000000000000..5c9c64ec54b9 --- /dev/null +++ b/net-firewall/lutelwall/files/lutelwall @@ -0,0 +1,26 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later +# $Id$ + +depend() { + need net + use logger +} + +start() { + ebegin "Starting LutelWall" + /usr/sbin/lutelwall start + eend $? +} + +stop() { + ebegin "Stopping LutelWall" + /usr/sbin/lutelwall stop + eend $? +} + +restart() { + stop + start +} diff --git a/net-firewall/lutelwall/lutelwall-0.99.ebuild b/net-firewall/lutelwall/lutelwall-0.99.ebuild new file mode 100644 index 000000000000..f6ba5792f84f --- /dev/null +++ b/net-firewall/lutelwall/lutelwall-0.99.ebuild @@ -0,0 +1,33 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +DESCRIPTION="IPTables firewall setup script" +LICENSE="GPL-2" +HOMEPAGE="http://www.lutel.pl/lutelwall/" +SRC_URI="http://www.lutel.pl/wp-content/uploads/${PV}/${P}.tar.gz" +SLOT="0" +KEYWORDS="alpha ~amd64 ~ppc ~sparc x86" + +RDEPEND=" + >=net-firewall/iptables-1.2.6 + >=sys-apps/gawk-3.1 + sys-apps/iproute2 +" + +src_install() { + insinto /etc + doins lutelwall.conf + + dosbin lutelwall + doinitd "${FILESDIR}"/lutelwall + + dodoc FEATURES ChangeLog +} + +pkg_postinst() { + elog "Basic configuration file is /etc/lutelwall.conf" + elog "Adjust it to your needs before using" +} diff --git a/net-firewall/lutelwall/metadata.xml b/net-firewall/lutelwall/metadata.xml new file mode 100644 index 000000000000..8a0d713fe48d --- /dev/null +++ b/net-firewall/lutelwall/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>netmon</herd> +<herd>proxy-maintainers</herd> +<maintainer> + <email>tomek@lutel.pl</email> + <name>Tomek Lutelmowski</name> + <description>LuteWall developer, third party maintainer</description> +</maintainer> +<longdescription> +LutelWall is high-level firewall configuration tool. It uses human-readable and easy +to understand configuration to set up Netfilter in most secure way. Its flexibility +allows firewall admins build from very simple, single-homed firewalls, to most complex +ones - with multiple subnets, DMZ's and traffic redirections. +</longdescription> +</pkgmetadata> diff --git a/net-firewall/metadata.xml b/net-firewall/metadata.xml new file mode 100644 index 000000000000..7ba30053341a --- /dev/null +++ b/net-firewall/metadata.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<catmetadata> + <longdescription lang="en"> + The net-firewall category contains network firewall software. + </longdescription> + <longdescription lang="de"> + Die Kategorie net-firewall enthült Firewall-Software. + </longdescription> + <longdescription lang="es"> + La categoría net-firewall contiene programas relacionados con + cortafuegos de redes. + </longdescription> + <longdescription lang="ja"> + net-firewall カテゴリーにはネットワーク・ファイアウォールの + ソフトウェアが含まれています。 + </longdescription> + <longdescription lang="nl"> + De net-firewall categorie bevat firewall-software. + </longdescription> + <longdescription lang="vi"> + Nhóm net-firewall chứa các phần mềm firewall. + </longdescription> + <longdescription lang="it"> + La categoria net-firewall contiene software per firewall. + </longdescription> + <longdescription lang="pt"> + A categoria net-firewall contém programas de firewall para + redes. + </longdescription> + <longdescription lang="pl"> + Kategoria net-firewall zawiera ściany ogniowe (firewalle). + </longdescription> +</catmetadata> + diff --git a/net-firewall/nfacct/Manifest b/net-firewall/nfacct/Manifest new file mode 100644 index 000000000000..9498245f4d74 --- /dev/null +++ b/net-firewall/nfacct/Manifest @@ -0,0 +1,2 @@ +DIST nfacct-1.0.0.tar.bz2 255640 SHA256 eb7e64c3ee4f1e4b5d508e933dc9dc2f91e14ea3ee5f1926aad76c114d1d2014 SHA512 5ffec413759f065f150b8af622ee61a984546d253a6c95771f3e88433cb85cbfa93a41cbc8bdda66f8a3f19ec20bccce44d38f02c7305bb2bc72dad754fea566 WHIRLPOOL 0b0a62ac2dd9c1c30fd4559a1c19adc76da39709c377cf2537ecef33338dc9174dd0f9a55d50ac55f357a725b867b82c524634ef47cd5c0da97398294ed5f8c8 +DIST nfacct-1.0.1.tar.bz2 257013 SHA256 81ef261616f313372a957431d17c5a0334984f06ceea190cf390479bf043e7c4 SHA512 4d428f51ce3b12382974de3cb7d502f6a18d9c0fd4446071fc2b5e932c44e4b33072202f8b9bd4bdf892a08a64533776bb8e9a0a7c4acc876cfec154f76227a1 WHIRLPOOL ab3983015154109389c831cf4ac8e6d4afb299b3f2d0d9e76ae6e23e716f0fcb00f3317dd0754f144a6650f5c42029d132c875aa7d90687e5f2ac8ca24c476aa diff --git a/net-firewall/nfacct/metadata.xml b/net-firewall/nfacct/metadata.xml new file mode 100644 index 000000000000..78692635ad22 --- /dev/null +++ b/net-firewall/nfacct/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> +</pkgmetadata> diff --git a/net-firewall/nfacct/nfacct-1.0.0.ebuild b/net-firewall/nfacct/nfacct-1.0.0.ebuild new file mode 100644 index 000000000000..643c98abf5fc --- /dev/null +++ b/net-firewall/nfacct/nfacct-1.0.0.ebuild @@ -0,0 +1,23 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit linux-info + +DESCRIPTION="Command line tool to create/retrieve/delete accounting objects in NetFilter" +HOMEPAGE="http://netfilter.org/projects/nfacct" +SRC_URI="http://www.netfilter.org/projects/${PN}/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~arm x86" +IUSE="" + +RDEPEND="net-libs/libmnl + >=net-libs/libnetfilter_acct-1.0.0" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +CONFIG_CHECK="~NETFILTER_NETLINK_ACCT" diff --git a/net-firewall/nfacct/nfacct-1.0.1.ebuild b/net-firewall/nfacct/nfacct-1.0.1.ebuild new file mode 100644 index 000000000000..3a91810edcdc --- /dev/null +++ b/net-firewall/nfacct/nfacct-1.0.1.ebuild @@ -0,0 +1,22 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit linux-info + +DESCRIPTION="Command line tool to create/retrieve/delete accounting objects in NetFilter" +HOMEPAGE="http://netfilter.org/projects/nfacct" +SRC_URI="http://www.netfilter.org/projects/${PN}/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~arm x86" + +RDEPEND="net-libs/libmnl + >=net-libs/libnetfilter_acct-1.0.2" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +CONFIG_CHECK="~NETFILTER_NETLINK_ACCT" diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest new file mode 100644 index 000000000000..a443926b35a8 --- /dev/null +++ b/net-firewall/nftables/Manifest @@ -0,0 +1 @@ +DIST nftables-0.4.tar.bz2 362120 SHA256 f6ca69b75c68915f9f3a3972274ec68354dfbbcfc0b9fc55c813a0525c351d3c SHA512 0932cf987da602285fbf7c7f61328b0d74d687889c2d4a5bd2bd7fe11e8b99433bc5ee53ebbddadf2c90e40acdcb28f6babf07e11feedff815c571c3b782dffc WHIRLPOOL 1604010f260247c2fd98d33ca931eb0be6f38097937983aadfbdf2eb44fd3827212d00e6e6351821ccd8a2696fc696d9e7ec102d447387f930b8fb2afadc22a8 diff --git a/net-firewall/nftables/files/nftables.confd b/net-firewall/nftables/files/nftables.confd new file mode 100644 index 000000000000..e83a4b962061 --- /dev/null +++ b/net-firewall/nftables/files/nftables.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/nftables + +# Location in which nftables initscript will save set rules on +# service shutdown +NFTABLES_SAVE="/var/lib/nftables/rules-save" + +# Options to pass to nft on save +SAVE_OPTIONS="-n" + +# Save state on stopping nftables +SAVE_ON_STOP="yes" + +# If you need to log nftables messages as soon as nftables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init new file mode 100644 index 000000000000..c72639305654 --- /dev/null +++ b/net-firewall/nftables/files/nftables.init @@ -0,0 +1,166 @@ +#!/sbin/runscript +# Copyright 2014 Nicholas Vinson +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="clear list panic save" +extra_started_commands="reload" + +depend() { + need localmount #434774 + before net +} + +checkkernel() { + if ! nft list tables >/dev/null 2>&1; then + eerror "Your kernel lacks nftables support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} + +checkconfig() { + if [ ! -f ${NFTABLES_SAVE} ]; then + eerror "Not starting nftables. First create some rules then run:" + eerror "rc-service nftables save" + return 1 + fi + return 0 +} + +getfamilies() { + local families + for l3f in ip arp ip6 bridge inet; do + if nft list tables ${l3f} > /dev/null 2>&1; then + families="${families}${l3f} " + fi + done + echo ${families} +} + +clearNFT() { + local l3f line table chain + + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + table=$(echo ${line} | sed "s/table[ \t]*//") + nft flush table ${l3f} ${table} + nft list table ${l3f} ${table} | while read l; do + chain=$(echo $l | grep -o 'chain [^[:space:]]\+' |\ + cut -d ' ' -f2) + if [ -n "${chain}" ]; then + nft flush chain ${l3f} ${table} ${chain} + nft delete chain ${l3f} ${table} ${chain} + fi + done + nft delete table ${l3f} ${table} + done + done +} + +addpanictable() { + local l3f=$1 + nft add table ${l3f} panic + nft add chain ${l3f} panic input \{ type filter hook input priority 0\; \} + nft add chain ${l3f} panic output \{ type filter hook output priority 0\; \} + nft add chain ${l3f} panic forward \{ type filter hook forward priority 0\; \} + nft add rule ${l3f} panic input drop + nft add rule ${l3f} panic output drop + nft add rule ${l3f} panic forward drop +} + +start_pre() { + checkkernel || return 1 + checkconfig || return 1 + return 0 +} + +start() { + ebegin "Loading nftables state and starting firewall" + clearNFT + nft -f ${NFTABLES_SAVE} + eend $? +} + +stop() { + if yesno ${SAVE_ON_STOP:-yes}; then + save || return 1 + fi + + ebegin "Stopping firewall" + clearNFT + eend $? +} + +reload() { + checkkernel || return 1 + # checkrules || return 1 + ebegin "Flushing firewall" + clearNFT + + start +} + +clear() { + clearNFT +} + +list() { + local l3f + + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + line=$(echo ${line} | sed "s/table/table ${l3f}/") + echo "$(nft list ${line})" + done + done +} + +save() { + ebegin "Saving nftables state" + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" + checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + + local l3f line tmp_save="${NFTABLES_SAVE}.tmp" + + touch "${tmp_save}" + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + line=$(echo ${line} | sed "s/table/table ${l3f}/") + # The below substitution fixes an issue where nft -n output may not + # always be parsable by nft -f. For example, nft -n might print + # + # ip6 saddr ::1 ip6 daddr ::1 counter packets 0 bytes 0 accept + # + # but nft -f refuses to parse that string with error: + # + # In file included from internal:0:0-0: + # /var/lib/nftables/rules-save:1:1-2: Error: Could not process rule: + # Invalid argument + # table ip6 filter { + # ^^ + echo "$(nft ${SAVE_OPTIONS} list ${line} |\ + sed 's/\(::[0-9a-fA-F]\+\)\([^/]\)/\1\/128\2/g')" >> "${tmp_save}" + done + done + mv "${tmp_save}" "${NFTABLES_SAVE}" +} + +panic() { + checkkernel || return 1 + if service_started ${RC_SVCNAME}; then + rc-service ${RC_SVCNAME} stop + fi + + ebegin "Dropping all packets" + clearNFT + + local l3f + for l3f in $(getfamilies); do + case ${l3f} in + ip) addpanictable ${l3f} ;; + ip6) addpanictable ${l3f} ;; + esac + done +} diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml new file mode 100644 index 000000000000..a25096653fc9 --- /dev/null +++ b/net-firewall/nftables/metadata.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>base-system</herd> +<maintainer> + <email>mrueg@gentoo.org</email> + <name>Manuel Rüger</name> +</maintainer> +</pkgmetadata> diff --git a/net-firewall/nftables/nftables-0.4.ebuild b/net-firewall/nftables/nftables-0.4.ebuild new file mode 100644 index 000000000000..85a0bbb60204 --- /dev/null +++ b/net-firewall/nftables/nftables-0.4.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools linux-info + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://netfilter.org/projects/nftables/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="debug +readline" +SRC_URI="http://netfilter.org/projects/${PN}/files/${P}.tar.bz2" + +RDEPEND="net-libs/libmnl + >=net-libs/libnftnl-1.0.2 + dev-libs/gmp + readline? ( sys-libs/readline )" +DEPEND="${RDEPEND} + >=app-text/docbook2X-0.8.8-r4 + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if kernel_is ge 3 13; then + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + epatch_user + eautoreconf +} + +src_configure() { + econf \ + --sbindir="${EPREFIX}"/sbin \ + $(use_enable debug) \ + $(use_with readline cli) +} + +src_install() { + default + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.init ${PN} + keepdir /var/lib/nftables +} diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest new file mode 100644 index 000000000000..e07d5abfce5e --- /dev/null +++ b/net-firewall/nufw/Manifest @@ -0,0 +1 @@ +DIST nufw-2.2.22.tar.bz2 597491 SHA256 92603813b4138bfd52b5873c68d7c6e43f78885a414067e57bd2c1e8eba66b8c SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee WHIRLPOOL 5e493d2aa2c661dd9766670bb805f98849c82f1962d39ff3692481f7049740cc73455e6aa45b7ca20632b2e254be8bb953f9aebdeb7a46c525578fc7a9d007ba diff --git a/net-firewall/nufw/files/nuauth-conf.d b/net-firewall/nufw/files/nuauth-conf.d new file mode 100644 index 000000000000..1ac750cf49fd --- /dev/null +++ b/net-firewall/nufw/files/nuauth-conf.d @@ -0,0 +1,2 @@ +# configuration file for /etc/init.d/nuauth +NUAUTH_OPTIONS="" diff --git a/net-firewall/nufw/files/nuauth-init.d b/net-firewall/nufw/files/nuauth-init.d new file mode 100644 index 000000000000..21bad8ff132f --- /dev/null +++ b/net-firewall/nufw/files/nuauth-init.d @@ -0,0 +1,27 @@ +#!/sbin/runscript + +depend() { + before net +} + +checkconfig() { + if [ ! -e /etc/nufw/nuauth.conf ]; then + eerror "You need a /etc/nufw/nuauth.conf file to run nuauth" + eerror "There is sample file in /usr/share/doc/nufw-version/" + return 1 + fi +} + +start() { + checkpath -d /run/nuauth + checkconfig || return 1 + ebegin "Starting nuauth" + start-stop-daemon --start --quiet --exec /usr/sbin/nuauth -- -D ${NUAUTH_OPTIONS} + eend $? +} + +stop() { + ebegin "Stopping nuauth" + start-stop-daemon --stop --quiet --pidfile /run/nuauth/nuauth.pid + eend $? +} diff --git a/net-firewall/nufw/files/nufw-2.2.21-fix-gnutls.patch b/net-firewall/nufw/files/nufw-2.2.21-fix-gnutls.patch new file mode 100644 index 000000000000..b5e8048cd051 --- /dev/null +++ b/net-firewall/nufw/files/nufw-2.2.21-fix-gnutls.patch @@ -0,0 +1,23 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -87,6 +87,7 @@ + #AM_CHECK_PATH([libgcrypt], [gcry_md_open],AC_DEFINE([HAVE_LIBRARY_GCRYPT],[1],[Gcrypt lib flag]), check_gcrypt=no,[-L/usr/local/lib]) + #AM_CHECK_PATH(libgnutls], [gnutls_init],AC_DEFINE([HAVE_LIBRARY_GNUTLS],[1],[Gnutls lib flag]), check_gnutls=no) + ++PKG_PROG_PKG_CONFIG + + NEED_LIBGCRYPT_VERSION=1.2.0 + AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_VERSION") +@@ -99,11 +100,7 @@ + fi + + NEED_LIBGNUTLS_VERSION=1.0.16 +-AM_PATH_LIBGNUTLS("$NEED_LIBGNUTLS_VERSION") +-if test "x$LIBGNUTLS_LIBS" = "x"; then +- AC_MSG_ERROR([libgnutls is needed. +- See www.gnu.org/software/gnutls/ .]) +-fi ++PKG_CHECK_MODULES(GNUTLS, gnutls >= $NEED_LIBGNUTLS_VERSION,,exit) + + #Configure database support, depending on user input + AC_ARG_WITH(prelude-log, diff --git a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch new file mode 100644 index 000000000000..f6bcc95e0006 --- /dev/null +++ b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch @@ -0,0 +1,45 @@ +--- a/src/nuauth/auth_srv.h ++++ b/src/nuauth/auth_srv.h +@@ -162,7 +162,7 @@ + #ifdef S_SPLINT_S + # define NUAUTH_PID_FILE "/usr/local/var/run/nuauth/nuauth.pid" + #else +-# define NUAUTH_PID_FILE LOCAL_STATE_DIR "/run/nuauth/nuauth.pid" ++# define NUAUTH_PID_FILE "/run/nuauth/nuauth.pid" + #endif + + /* define the number of threads that will do user check */ +--- a/src/nuauth/command.c ++++ b/src/nuauth/command.c +@@ -26,7 +26,7 @@ + #include <sys/un.h> /* unix socket */ + #include <sys/stat.h> /* fchmod() */ + +-#define SOCKET_FILENAME LOCAL_STATE_DIR "/run/nuauth/nuauth-command.socket" ++#define SOCKET_FILENAME "/run/nuauth/nuauth-command.socket" + + const char* COMMAND_HELP = + "version: display nuauth version\n" +--- a/src/nufw/main.c ++++ b/src/nufw/main.c +@@ -54,7 +54,7 @@ + + /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined + * during compilation/installation) */ +-#define NUFW_PID_FILE LOCAL_STATE_DIR "/run/nufw.pid" ++#define NUFW_PID_FILE "/run/nufw.pid" + + /** + * Stop threads and then wait until threads exit. +--- a/src/nuauth/Makefile.am ++++ b/src/nuauth/Makefile.am +@@ -26,9 +26,6 @@ + + nuauth_LDADD = $(GLIB_LIBS) -lm -lgnutls -lsasl2 -lnufw -L$(top_builddir)/src/include/ + +-install-exec-local: +- install -d "$(DESTDIR)$(localstatedir)/run/nuauth/" +- + nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES) + @rm -f nuauth$(EXEEXT) + $(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD) diff --git a/net-firewall/nufw/files/nufw-conf.d b/net-firewall/nufw/files/nufw-conf.d new file mode 100644 index 000000000000..b2ea527744ec --- /dev/null +++ b/net-firewall/nufw/files/nufw-conf.d @@ -0,0 +1,2 @@ +# configuration file for /etc/init.d/nufw +NUFW_OPTIONS="-k /etc/nufw/nufw.key -c /etc/nufw/nufw.pem -d 127.0.0.1 -p 4129" diff --git a/net-firewall/nufw/files/nufw-init.d b/net-firewall/nufw/files/nufw-init.d new file mode 100644 index 000000000000..6cfcfd793248 --- /dev/null +++ b/net-firewall/nufw/files/nufw-init.d @@ -0,0 +1,17 @@ +#!/sbin/runscript + +depend() { + before net +} + +start() { + ebegin "Starting nufw" + start-stop-daemon --start --quiet --exec /usr/sbin/nufw -- -D ${NUFW_OPTIONS} + eend $? +} + +stop() { + ebegin "Stopping nufw" + start-stop-daemon --stop --quiet --pidfile /run/nufw.pid + eend $? +} diff --git a/net-firewall/nufw/metadata.xml b/net-firewall/nufw/metadata.xml new file mode 100644 index 000000000000..983d41997af1 --- /dev/null +++ b/net-firewall/nufw/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>netmon</herd> +<use> +<flag name='nfconntrack'>Use netfilter_conntrack</flag> +<flag name='nfqueue'>Use NFQUEUE instead of QUEUE</flag> +<flag name='pam_nuauth'>Add support for pam nufw from PAM</flag> +<flag name='plaintext'>Add support for authentication with plaintext files</flag> +</use> +</pkgmetadata> diff --git a/net-firewall/nufw/nufw-2.2.22-r1.ebuild b/net-firewall/nufw/nufw-2.2.22-r1.ebuild new file mode 100644 index 000000000000..6da51fab622e --- /dev/null +++ b/net-firewall/nufw/nufw-2.2.22-r1.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +SSL_CERT_MANDATORY=1 +inherit autotools eutils multilib pam ssl-cert + +DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" +HOMEPAGE="http://www.nufw.org/" +SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 x86" +IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test" + +REQUIRED_USE="pam_nuauth? ( plaintext )" +DEPEND=" + dev-libs/cyrus-sasl + dev-libs/glib:2 + dev-libs/libgcrypt:0 + dev-python/ipy + net-firewall/iptables + net-libs/gnutls + ldap? ( >=net-nds/openldap-2 ) + mysql? ( virtual/mysql ) + nfconntrack? ( net-libs/libnetfilter_conntrack ) + nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) + pam? ( sys-libs/pam ) + pam_nuauth? ( sys-libs/pam ) + postgres? ( dev-db/postgresql[server] ) + prelude? ( dev-libs/libprelude ) +" +RDEPEND=${DEPEND} + +RESTRICT="test" + +src_prepare() { + epatch "${FILESDIR}"/${P}-var-run.patch + sed -i \ + -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ + -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ + conf/nuauth.conf || die + sed -i \ + -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ + src/clients/pam_nufw/Makefile.am || die + eautoreconf +} + +src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable pam_nuauth pam-nufw) \ + $(use_enable static) \ + $(use_with ldap) \ + $(use_with mysql mysql-auth) \ + $(use_with mysql mysql-log) \ + $(use_with nfconntrack) \ + $(use_with nfqueue) \ + $(use_with pam system-auth) \ + $(use_with plaintext plaintext-auth) \ + $(use_with postgres pgsql-log) \ + $(use_with prelude prelude-log) \ + $(use_with syslog syslog-log) \ + $(use_with unicode utf8) \ + --enable-shared \ + --includedir="/usr/include/nufw" \ + --localstatedir="/var" \ + --sysconfdir="/etc/nufw" \ + --with-mark-group \ + --with-user-mark +} + +src_install() { + default + + newinitd "${FILESDIR}"/nufw-init.d nufw + newconfd "${FILESDIR}"/nufw-conf.d nufw + + newinitd "${FILESDIR}"/nuauth-init.d nuauth + newconfd "${FILESDIR}"/nuauth-conf.d nuauth + + insinto /etc/nufw + doins conf/nuauth.conf + + dodoc AUTHORS ChangeLog NEWS README TODO + docinto scripts + dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} + docinto conf + dodoc conf/*.{nufw,schema,conf,dump,xml} + + if use pam; then + pamd_mimic system-auth nufw auth account password session + fi + + prune_libtool_files +} + +pkg_postinst() { + install_cert /etc/nufw/{nufw,nuauth} +} diff --git a/net-firewall/pftop/Manifest b/net-firewall/pftop/Manifest new file mode 100644 index 000000000000..35e33b767c40 --- /dev/null +++ b/net-firewall/pftop/Manifest @@ -0,0 +1,5 @@ +DIST pftop-0.5.tar.gz 24855 SHA256 e5d0fd0d84285a52fd0d1944908d4c3e4f545ec0f0e11e9f9c29ce1536a9d0b7 +DIST pftop-0.7-patches-1.tar.bz2 5403 SHA256 35564dbfc45859fee9d59b90cda510ca642e4a17ef2fdd5a771937a5fcbb96dc SHA512 80ad35cd59d4e4ecc76d72e0973a13af9efcbbbf3a50f1fc8c3756c05ff04fc5db302dfddc0e2ac1a2d5abf8201e1cc3f0246a2df46e053ad2d6b3489ad118b8 WHIRLPOOL 621af8f990617b6af0eea4b3b939857e510d2b755e02718862cc48a15d04b570a523091f0311ac167b795116cbaa9bce6c16a3d3294035f3204c4b060e02e09b +DIST pftop-0.7-patches-2.tar.bz2 10225 SHA256 2bda1d635d30f4bf0b5e1080aca079345e6b2ce01421bf62f60e8a363e0331a2 SHA512 57444d849e21848febe2189413ea01baa9855e05e7cfb491522da8da49ca2b49cc2fc08e3121ef1e34c9f63efbd2c20bd05ab2658514e08e5966bf0d9c3d3ed5 WHIRLPOOL ba39d17605a1d15bb8763f04787399e9456f46fd06d75f7753ab764a6183b3fbb3509d7584e85040cefa352059945b8416b0ef9d50be2e9d02eea15d5f519005 +DIST pftop-0.7-patches-3.tar.bz2 10611 SHA256 56826b18fb4b6559dd3ddec1d53ab7d84988dcb10f5b1abc6539f2f7ffb1ae22 SHA512 7c8f438e8fc1c507313cf9fe69da2b27bdc57e4cf27b8b0d6153fb0c269d417a59ff93cd74987809b131ae2d148b659ca00d93da1346a515b11c1d8bbfc67f1f WHIRLPOOL c4c5f833daa9aef066351dd924e581dfd595d8ee0b987ee5dd5693480eca540ebbb4c603a1ceb4fc87678473ea4790e026b0ad86775187581aa6e285c19fbc4f +DIST pftop-0.7.tar.gz 59765 SHA256 afde859fab77597e4aae1ef6b87f1bb26a5ad8cb2b1d7316a12e5098153492af SHA512 e9be01704adc112bd1f5dc011f7900754d600df6be50e28ee4a937faabe00b627ed4d1565e92560d750e70f5117533c494565f616f3562eae61301642d438713 WHIRLPOOL af50aa66c7eecfa7bdd390f86e0953baac4ccd45652c6fadfbe952b201190fe402b667fb5c262449e503c3aac88916f23e6e2bc219803b5ea823670df85097dc diff --git a/net-firewall/pftop/metadata.xml b/net-firewall/pftop/metadata.xml new file mode 100644 index 000000000000..49ee990318f8 --- /dev/null +++ b/net-firewall/pftop/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>bsd</herd> + <use> + <flag name="altq">Enable altq(4) support — alternate queuing of network packets.</flag> + </use> +</pkgmetadata> diff --git a/net-firewall/pftop/pftop-0.5.ebuild b/net-firewall/pftop/pftop-0.5.ebuild new file mode 100644 index 000000000000..d3013e72d5cf --- /dev/null +++ b/net-firewall/pftop/pftop-0.5.ebuild @@ -0,0 +1,41 @@ +# Copyright 2006-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit bsdmk +DESCRIPTION="Pftop: curses-based utility for real-time display of active states and rule statistics for pf" + +HOMEPAGE="http://www.eee.metu.edu.tr/~canacar/pftop/" + +SRC_URI="http://www.eee.metu.edu.tr/~canacar/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~x86-fbsd" +IUSE="" + +RDEPEND="sys-libs/ncurses" + +src_compile() { + # OS_LEVEL variable refers to the version of pf shipped with OpenBSD. + # On FreeBSD we have to know it. + local OSLEVEL + + case ${CHOST} in + *-openbsd*) + local obsdver=${CHOST/*-openbsd/} + OSLEVEL=${obsdver//.} + ;; + *-freebsd5.[34]) OSLEVEL=35 ;; + *-freebsd6.[012]) OSLEVEL=37 ;; + *) + die "Your OS/Version is not supported (${CHOST}), please report." + ;; + esac + + mkmake LOCALBASE="/usr" CFLAGS="${CFLAGS} -DOS_LEVEL=${OSLEVEL}" || die "pmake failed" +} + +src_install() { + mkinstall DESTDIR=${D} LOCALBASE="/usr" MANDIR="/usr/share/man/man" install || die +} diff --git a/net-firewall/pftop/pftop-0.7-r1.ebuild b/net-firewall/pftop/pftop-0.7-r1.ebuild new file mode 100644 index 000000000000..ac646b2ff19a --- /dev/null +++ b/net-firewall/pftop/pftop-0.7-r1.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 +PATCH_PV=2 + +inherit bsdmk flag-o-matic eutils + +DESCRIPTION="Pftop: curses-based utility for real-time display of active states and rule statistics for pf" +HOMEPAGE="http://www.eee.metu.edu.tr/~canacar/pftop/" +SRC_URI="http://www.eee.metu.edu.tr/~canacar/${P}.tar.gz + mirror://gentoo/${P}-patches-${PATCH_PV}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~x86-fbsd" +IUSE="altq" + +RDEPEND="sys-libs/ncurses" + +src_prepare() { + epatch "${WORKDIR}"/patches/* +} + +src_compile() { + # OS_LEVEL variable refers to the version of pf shipped with OpenBSD. + # On FreeBSD we have to know it. + local OSLEVEL + + case ${CHOST} in + *-openbsd*) + local obsdver=${CHOST/*-openbsd/} + OSLEVEL=${obsdver//.} + ;; + *-freebsd[78]*) OSLEVEL=41 ;; + *-freebsd9*) OSLEVEL=45 ;; + *) + die "Your OS/Version is not supported (${CHOST}), please report." + ;; + esac + append-flags "-DHAVE_SNPRINTF -DHAVE_VSNPRINTF -DOS_LEVEL=${OSLEVEL}" + use altq && append-flags "-DHAVE_ALTQ" + mkmake LOCALBASE="/usr" CFLAGS="${CFLAGS}" || die "pmake failed" +} + +src_install() { + mkinstall DESTDIR="${D}" LOCALBASE="/usr" MANDIR="/usr/share/man/man" \ + NO_MANCOMPRESS= install || die +} diff --git a/net-firewall/pftop/pftop-0.7-r2.ebuild b/net-firewall/pftop/pftop-0.7-r2.ebuild new file mode 100644 index 000000000000..11ed8929df22 --- /dev/null +++ b/net-firewall/pftop/pftop-0.7-r2.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 +PATCH_PV=3 + +inherit bsdmk flag-o-matic eutils + +DESCRIPTION="Pftop: curses-based utility for real-time display of active states and rule statistics for pf" +HOMEPAGE="http://www.eee.metu.edu.tr/~canacar/pftop/" +SRC_URI="http://www.eee.metu.edu.tr/~canacar/${P}.tar.gz + mirror://gentoo/${P}-patches-${PATCH_PV}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~x86-fbsd" +IUSE="altq" + +RDEPEND="sys-libs/ncurses" + +src_prepare() { + epatch "${WORKDIR}"/patches/* +} + +src_compile() { + # OS_LEVEL variable refers to the version of pf shipped with OpenBSD. + # On FreeBSD we have to know it. + local OSLEVEL + + case ${CHOST} in + *-openbsd*) + local obsdver=${CHOST/*-openbsd/} + OSLEVEL=${obsdver//.} + ;; + *-freebsd[78]*) OSLEVEL=41 ;; + *-freebsd9*) OSLEVEL=45 ;; + *) + die "Your OS/Version is not supported (${CHOST}), please report." + ;; + esac + append-flags "-DHAVE_SNPRINTF -DHAVE_VSNPRINTF -DOS_LEVEL=${OSLEVEL}" + use altq && append-flags "-DHAVE_ALTQ" + mkmake LOCALBASE="/usr" CFLAGS="${CFLAGS}" || die "pmake failed" +} + +src_install() { + mkinstall DESTDIR="${D}" LOCALBASE="/usr" MANDIR="/usr/share/man/man" \ + NO_MANCOMPRESS= install || die +} diff --git a/net-firewall/pftop/pftop-0.7.ebuild b/net-firewall/pftop/pftop-0.7.ebuild new file mode 100644 index 000000000000..8ec96bb1c9f8 --- /dev/null +++ b/net-firewall/pftop/pftop-0.7.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +PATCH_PV=1 + +inherit bsdmk flag-o-matic eutils + +DESCRIPTION="Pftop: curses-based utility for real-time display of active states and rule statistics for pf" +HOMEPAGE="http://www.eee.metu.edu.tr/~canacar/pftop/" +SRC_URI="http://www.eee.metu.edu.tr/~canacar/${P}.tar.gz + mirror://gentoo/${P}-patches-${PATCH_PV}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~x86-fbsd" +IUSE="" + +RDEPEND="sys-libs/ncurses" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${WORKDIR}"/patches/* +} + +src_compile() { + # OS_LEVEL variable refers to the version of pf shipped with OpenBSD. + # On FreeBSD we have to know it. + local OSLEVEL + + case ${CHOST} in + *-openbsd*) + local obsdver=${CHOST/*-openbsd/} + OSLEVEL=${obsdver//.} + ;; + *-freebsd5.[34]) OSLEVEL=35 ;; + *-freebsd6.[012]) OSLEVEL=37 ;; + *-freebsd*) OSLEVEL=41 ;; + *) + die "Your OS/Version is not supported (${CHOST}), please report." + ;; + esac + append-flags "-DHAVE_SNPRINTF -DHAVE_VSNPRINTF -DOS_LEVEL=${OSLEVEL}" + mkmake LOCALBASE="/usr" CFLAGS="${CFLAGS}" || die "pmake failed" +} + +src_install() { + mkinstall DESTDIR="${D}" LOCALBASE="/usr" MANDIR="/usr/share/man/man" \ + NO_MANCOMPRESS= install || die +} diff --git a/net-firewall/pglinux/Manifest b/net-firewall/pglinux/Manifest new file mode 100644 index 000000000000..3295409ad296 --- /dev/null +++ b/net-firewall/pglinux/Manifest @@ -0,0 +1,4 @@ +DIST pgl-2.2.1_p20120711.tar.xz 412840 SHA256 cc32046e4ae6b4441b5135a951091c5dc9603a6b89f8f16721f60200a600a434 SHA512 bbde8d990253db97093969aeddc0466e3c0a0c3b008a67f9779ae2a47436be939751522710a69bd7a7d7c299235a60c886f8a36e99ea8bffcfa319d697e0c20f WHIRLPOOL 6abe0f35b647890ea6cff8368060954b2e6fa52ff7d58e5976eecbde495c4e5e7695fe3a025ce357e7b4b68b437a37949046293e50f60e610b9265dca8b6db0f +DIST pgl-2.2.2.tar.gz 590472 SHA256 4794ec5b16f5f901866811826d56091df7b5f6d9703cf97f95d3b15075aadb8e SHA512 bc59276b651d5998f2c4c752fc0575ad482455eb3f98d42bd66d9035f68d26d04273f63287b0ba52d8a5f678ee28f8ac7a2fa3e1b956252edc8318563b85043d WHIRLPOOL 22fa7e498ae0e0ac37bebb9ce5ebac0a6f8209f42f010660586b320f7b23cb310b64749a61b77657b63a69f6755e9eec957bb27cf519e3cde4cbafa15a58e88c +DIST pgl-2.2.3.tar.gz 608243 SHA256 03627b54147894ca26b8a68829732910f15c9d4398fae5e461569b5625b77000 SHA512 51d34c23fc1cbfda047555d3527433d096d00255474b6b9b141eca990a3708aaa335bd1ad35e15ae5f0400802c49043ae5078bd0dcb95377501143c3a4089b6c WHIRLPOOL 867f552d402660968eb780cd6a6710f45d7b023b67ef15b87ff6f8fa44cc64ed15653036ef3a89fd30ea2569509e2d622c84de741bfc3ff615daed0ef86603bb +DIST pgl-2.2.4.tar.gz 608622 SHA256 26e91cb085a9da7faa643f9364192c0e3eeec64ccae56d0bb62de5174e185866 SHA512 d6daad259a904647917388e586d4bd7d6a73b078bf61974a5682b6eec2d8d2abb02760483838f23fefa13ae761b4bd40765ddb13e6d820d0b6e3ee65b0815f58 WHIRLPOOL 59de9ad6a3c95e2f9f553e7c311be948b488825bfe8db7e2fc78610d46d98c0cbef4ce4846a659b01b2a0b6548dfed13dde27c55ffc22cb37418b97cde0c0ca8 diff --git a/net-firewall/pglinux/files/0-pglinux-2.2.2-gentoo-init.patch b/net-firewall/pglinux/files/0-pglinux-2.2.2-gentoo-init.patch new file mode 100644 index 000000000000..f3ae3cf85d17 --- /dev/null +++ b/net-firewall/pglinux/files/0-pglinux-2.2.2-gentoo-init.patch @@ -0,0 +1,61 @@ +diff --git a/pgl/pglcmd/init/pgl.gentoo.in b/pgl/pglcmd/init/pgl.gentoo.in +new file mode 100644 +index 0000000..c94d978 +--- /dev/null ++++ b/pgl/pglcmd/init/pgl.gentoo.in +@@ -0,0 +1,55 @@ ++#!/sbin/runscript ++# Copyright 1999-2012 Gentoo Foundation ++# Distributed under the terms of the GNU General Public License v2 ++ ++description="Daemon script for pglinux" ++extra_commands="reload forcereload update" ++ ++depend() { ++ need net ++} ++ ++PIDFILE=@PID_DIR@/pgld.pid ++PGLCMD=@PGLCMDPATH@ ++ ++start() { ++ ebegin "Starting pglinux daemon" ++ ++ if [ "${RC_CMD}" = "restart" ]; then ++ sleep 3 ++ fi ++ ++ $PGLCMD start ++ eend $? ++} ++ ++stop() { ++ ebegin "Stopping pglinux daemon" ++ $PGLCMD stop_quick ++ eend $? ++} ++ ++status() { ++ ebegin "Checking status of pglinux daemon" ++ $PGLCMD status ++ eend $? ++} ++ ++reload() { ++ ebegin "reload config" ++ $PGLCMD reload ++ eend $? ++} ++ ++forcereload() { ++ ebegin "force config reload" ++ $PGLCMD force-reload ++ eend $? ++} ++ ++update() { ++ ebegin "Force update of lists" ++ $PGLCMD update ++ eend $? ++} ++ diff --git a/net-firewall/pglinux/files/0-pglinux-2.2.2-systemd.patch b/net-firewall/pglinux/files/0-pglinux-2.2.2-systemd.patch new file mode 100644 index 000000000000..0c8d50b10dd0 --- /dev/null +++ b/net-firewall/pglinux/files/0-pglinux-2.2.2-systemd.patch @@ -0,0 +1,42 @@ +commit 5099e4f985db621465f6d5c91ddad877926322c8 +Author: jre <jre-phoenix@users.sourceforge.net> +Date: Thu Feb 14 00:12:00 2013 +0100 + + added systemd file by Pierre Buard, Arch Linux + +diff --git a/pgl/INSTALL b/pgl/INSTALL +index e0225a2..25f668e 100644 +--- a/pgl/INSTALL ++++ b/pgl/INSTALL +@@ -278,9 +278,8 @@ http://forums.phoenixlabs.org/thread-15882-post-120482.html#pid120482 + + ARCH / AUR (Arch User Repo): + ---------------------------- +-PKGBUILD by Gilrain: ++PKGBUILD by Pierre Buard (Gilrain), Arch Linux maintainer + https://aur.archlinux.org/packages.php?ID=51839 +-(Last Updated: Thu, 14 Jun 2012 08:52:59 +0000 for 2.2.0) + + + Gentoo: +diff --git a/pgl/pglcmd/init/service b/pgl/pglcmd/init/service +new file mode 100644 +index 0000000..3f2f747 +--- /dev/null ++++ b/pgl/pglcmd/init/service +@@ -0,0 +1,15 @@ ++[Unit] ++Description=PeerGuardian Linux - an IP Blocker ++Documentation=man:pgld(1) file:///usr/share/doc/pgl/README.blocklists ++After=network.target ++ConditionPathExists=|/etc/pgl/blocklists.list ++ConditionDirectoryNotEmpty=|/usr/lib/pgl ++ ++[Service] ++BusName=org.netfilter.pgl ++ExecStart=/usr/bin/pglcmd start ++ExecStop=/usr/bin/pglcmd stop ++PIDFile=/run/pgld.pid ++ ++[Install] ++WantedBy=multi-user.target diff --git a/net-firewall/pglinux/files/1-pglinux-2.2.2-gentoo-init.patch b/net-firewall/pglinux/files/1-pglinux-2.2.2-gentoo-init.patch new file mode 100644 index 000000000000..63aecf506be2 --- /dev/null +++ b/net-firewall/pglinux/files/1-pglinux-2.2.2-gentoo-init.patch @@ -0,0 +1,20 @@ +commit a63052957b350adcf92e7c23aaad7b71450d8023 +Author: hasufell <julian.ospald@googlemail.com> +Date: Sun Nov 25 13:44:34 2012 +0100 + + fix make dist + + forgot to add pgl.gentoo.in :/ + +diff --git a/pgl/pglcmd/Makefile.am b/pgl/pglcmd/Makefile.am +index 147a66e..896b6bc 100644 +--- a/pgl/pglcmd/Makefile.am ++++ b/pgl/pglcmd/Makefile.am +@@ -118,6 +118,7 @@ EXTRA_DIST = \ + pglcmd.wd.in \ + cron.daily/pglcmd.in \ + init/pgl.in \ ++ init/pgl.gentoo.in \ + networkmanager/20pglcmd.in \ + pglcmd.lib + diff --git a/net-firewall/pglinux/files/1-pglinux-2.2.2-systemd.patch b/net-firewall/pglinux/files/1-pglinux-2.2.2-systemd.patch new file mode 100644 index 000000000000..ebcf3c44717c --- /dev/null +++ b/net-firewall/pglinux/files/1-pglinux-2.2.2-systemd.patch @@ -0,0 +1,144 @@ +commit dad29189eabd8aaee79fefd95bd9f8ff216d3bec +Author: jre <jre-phoenix@users.sourceforge.net> +Date: Sat May 18 10:13:49 2013 +0200 + + integrated the systemd service file + + thanks again ARCH Linux guys, especially Pierre Buard + + 2.) Uninstall +diff --git a/pgl/Makefile.am b/pgl/Makefile.am +index b738fdd..a81c3ee 100644 +--- a/pgl/Makefile.am ++++ b/pgl/Makefile.am +@@ -4,6 +4,10 @@ MASTER_BLOCKLIST_DIR = @MASTER_BLOCKLIST_DIR@ + + ACLOCAL_AMFLAGS = -I m4 + ++# Ensure that make distcheck continues to work ++DISTCHECK_CONFIGURE_FLAGS = \ ++ --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) ++ + SUBDIRS = \ + docs \ + pglcmd \ +diff --git a/pgl/configure.ac b/pgl/configure.ac +index 213baa5..04e43cb 100644 +--- a/pgl/configure.ac ++++ b/pgl/configure.ac +@@ -132,6 +132,17 @@ AC_ARG_WITH([gentoo-init], + + AM_CONDITIONAL(GENTOOINIT, [test "x$gentoo_init" = "xyes"]) + ++# use systemd service file (yes, if user specifies a path) ++# http://www.freedesktop.org/software/systemd/man/daemon.html ++PKG_PROG_PKG_CONFIG ++AC_ARG_WITH([systemdsystemunitdir], ++ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), ++ [], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) ++if test "x$with_systemdsystemunitdir" != xno; then ++ AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) ++fi ++AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ]) ++ + # let user specify iconsdir + AC_ARG_WITH([iconsdir], + [AS_HELP_STRING([--with-iconsdir=DIR], +@@ -311,6 +322,11 @@ else + echo QT-gui....................................... : no + fi + ++if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno; then ++echo systemdsystemunitdir......................... : $systemdsystemunitdir ++else ++echo systemd...................................... : no ++fi + echo + echo ............................................. + echo "Developer debug:" +diff --git a/pgl/pglcmd/Makefile.am b/pgl/pglcmd/Makefile.am +index 896b6bc..132a475 100644 +--- a/pgl/pglcmd/Makefile.am ++++ b/pgl/pglcmd/Makefile.am +@@ -48,6 +48,9 @@ pgllib_DATA = \ + pglcmd.lib \ + pglcmd.main + ++systemdsystemunit_DATA = \ ++ init/pgl.service ++ + # Don't update PATH here anymore, because on user's make it doesn't contain + # [/usr]/sbin + pglcmd.defaults: +@@ -103,6 +106,15 @@ init/pgl: + chmod +x init/pgl + endif + ++init/pgl.service: ++ sed \ ++ -e 's|@data_root_dir@|$(datarootdir)|g' \ ++ -e 's|@CONF_DIR@|$(sysconfdir)|g' \ ++ -e 's|@LIB_DIR@|$(libdir)|g' \ ++ -e 's|@BIN_DIR@|$(bindir)|g' \ ++ -e 's|@PID_DIR@|$(PIDDIR)|g' \ ++ < init/pgl.service.in > init/pgl.service ++ + networkmanager/20pglcmd: + $(do_subst) < networkmanager/20pglcmd.in > networkmanager/20pglcmd + chmod +x networkmanager/20pglcmd +@@ -119,6 +131,7 @@ EXTRA_DIST = \ + cron.daily/pglcmd.in \ + init/pgl.in \ + init/pgl.gentoo.in \ ++ init/pgl.service.in \ + networkmanager/20pglcmd.in \ + pglcmd.lib + +@@ -131,4 +144,5 @@ CLEANFILES = \ + pglcmd.wd \ + cron.daily/pglcmd \ + init/pgl \ ++ init/pgl.service \ + networkmanager/20pglcmd +diff --git a/pgl/pglcmd/init/pgl.service.in b/pgl/pglcmd/init/pgl.service.in +new file mode 100644 +index 0000000..55779bd +--- /dev/null ++++ b/pgl/pglcmd/init/pgl.service.in +@@ -0,0 +1,15 @@ ++[Unit] ++Description=PeerGuardian Linux - an IP Blocker ++Documentation=man:pgld(1) file://@data_root_dir@/doc/pgl/README.blocklists ++After=network.target ++ConditionPathExists=|@CONF_DIR@/pgl/blocklists.list ++ConditionDirectoryNotEmpty=|@LIB_DIR@/pgl ++ ++[Service] ++BusName=org.netfilter.pgl ++ExecStart=@BIN_DIR@/pglcmd start ++ExecStop=@BIN_DIR@/pglcmd stop ++PIDFile=@PID_DIR@/pgld.pid ++ ++[Install] ++WantedBy=multi-user.target +diff --git a/pgl/pglcmd/init/service b/pgl/pglcmd/init/service +deleted file mode 100644 +index 3f2f747..0000000 +--- a/pgl/pglcmd/init/service ++++ /dev/null +@@ -1,15 +0,0 @@ +-[Unit] +-Description=PeerGuardian Linux - an IP Blocker +-Documentation=man:pgld(1) file:///usr/share/doc/pgl/README.blocklists +-After=network.target +-ConditionPathExists=|/etc/pgl/blocklists.list +-ConditionDirectoryNotEmpty=|/usr/lib/pgl +- +-[Service] +-BusName=org.netfilter.pgl +-ExecStart=/usr/bin/pglcmd start +-ExecStop=/usr/bin/pglcmd stop +-PIDFile=/run/pgld.pid +- +-[Install] +-WantedBy=multi-user.target diff --git a/net-firewall/pglinux/files/2-pglinux-2.2.2-systemd.patch b/net-firewall/pglinux/files/2-pglinux-2.2.2-systemd.patch new file mode 100644 index 000000000000..49bde436d947 --- /dev/null +++ b/net-firewall/pglinux/files/2-pglinux-2.2.2-systemd.patch @@ -0,0 +1,34 @@ +commit b1bbab1348f924635daba2739ab0882f7f976957 +Author: jre <jre-phoenix@users.sourceforge.net> +Date: Mon May 20 14:39:29 2013 +0200 + + systemd fixes: don't wait for pgl dbus, but fork instead + + necessary to prevent timeout, because on start pglcmd first downloads + all missing blocklists (may take quite long) and then starts pgld, + which just then registers with dbus + + editorial change + + Thanks again Pierre Buard + +diff --git a/pgl/pglcmd/init/pgl.service.in b/pgl/pglcmd/init/pgl.service.in +index 55779bd..5279404 100644 +--- a/pgl/pglcmd/init/pgl.service.in ++++ b/pgl/pglcmd/init/pgl.service.in +@@ -1,12 +1,13 @@ + [Unit] + Description=PeerGuardian Linux - an IP Blocker +-Documentation=man:pgld(1) file://@data_root_dir@/doc/pgl/README.blocklists ++Documentation=man:pgld(1) ++Documentation=file://@data_root_dir@/doc/pgl/README.blocklists + After=network.target + ConditionPathExists=|@CONF_DIR@/pgl/blocklists.list + ConditionDirectoryNotEmpty=|@LIB_DIR@/pgl + + [Service] +-BusName=org.netfilter.pgl ++Type=forking + ExecStart=@BIN_DIR@/pglcmd start + ExecStop=@BIN_DIR@/pglcmd stop + PIDFile=@PID_DIR@/pgld.pid diff --git a/net-firewall/pglinux/files/3-pglinux-2.2.2-systemd.patch b/net-firewall/pglinux/files/3-pglinux-2.2.2-systemd.patch new file mode 100644 index 000000000000..347c9c836de4 --- /dev/null +++ b/net-firewall/pglinux/files/3-pglinux-2.2.2-systemd.patch @@ -0,0 +1,21 @@ +commit 459f460cfd4a166d5108c3e88c2cad294b32fb74 +Author: jre <jre-phoenix@users.sourceforge.net> +Date: Mon May 20 19:26:25 2013 +0200 + + fix: install systemd file only if configured + +diff --git a/pgl/pglcmd/Makefile.am b/pgl/pglcmd/Makefile.am +index 132a475..c7f34a5 100644 +--- a/pgl/pglcmd/Makefile.am ++++ b/pgl/pglcmd/Makefile.am +@@ -48,8 +48,10 @@ pgllib_DATA = \ + pglcmd.lib \ + pglcmd.main + ++if HAVE_SYSTEMD + systemdsystemunit_DATA = \ + init/pgl.service ++endif + + # Don't update PATH here anymore, because on user's make it doesn't contain + # [/usr]/sbin diff --git a/net-firewall/pglinux/files/4-pglinux-2.2.2-systemd.patch b/net-firewall/pglinux/files/4-pglinux-2.2.2-systemd.patch new file mode 100644 index 000000000000..cc124ebe1ac8 --- /dev/null +++ b/net-firewall/pglinux/files/4-pglinux-2.2.2-systemd.patch @@ -0,0 +1,24 @@ +commit 53ac32c45e0a28bfaf42f32cd9b887ed1414ecae +Author: jre <jre-phoenix@users.sourceforge.net> +Date: Tue May 21 20:21:47 2013 +0200 + + revised systemd targets + + thanks again Pierre Buard + +diff --git a/pgl/pglcmd/init/pgl.service.in b/pgl/pglcmd/init/pgl.service.in +index 5279404..c8809d0 100644 +--- a/pgl/pglcmd/init/pgl.service.in ++++ b/pgl/pglcmd/init/pgl.service.in +@@ -2,9 +2,8 @@ + Description=PeerGuardian Linux - an IP Blocker + Documentation=man:pgld(1) + Documentation=file://@data_root_dir@/doc/pgl/README.blocklists +-After=network.target +-ConditionPathExists=|@CONF_DIR@/pgl/blocklists.list +-ConditionDirectoryNotEmpty=|@LIB_DIR@/pgl ++After=network.target syslog.target ++After=firehol.service firestarter.service firewalld.service ufw.service + + [Service] + Type=forking diff --git a/net-firewall/pglinux/files/5-pglinux-2.2.2-systemd.patch b/net-firewall/pglinux/files/5-pglinux-2.2.2-systemd.patch new file mode 100644 index 000000000000..49fa35a64ed9 --- /dev/null +++ b/net-firewall/pglinux/files/5-pglinux-2.2.2-systemd.patch @@ -0,0 +1,18 @@ +commit fe6a60d6be7c611d0568042e5bdbdd9398f9a7e8 +Author: jre <jre-phoenix@users.sourceforge.net> +Date: Tue Jun 11 22:42:21 2013 +0200 + + add RemainAfterExit to prevent timeout during long blocklist downloads + +diff --git a/pgl/pglcmd/init/pgl.service.in b/pgl/pglcmd/init/pgl.service.in +index c8809d0..64ee040 100644 +--- a/pgl/pglcmd/init/pgl.service.in ++++ b/pgl/pglcmd/init/pgl.service.in +@@ -10,6 +10,7 @@ Type=forking + ExecStart=@BIN_DIR@/pglcmd start + ExecStop=@BIN_DIR@/pglcmd stop + PIDFile=@PID_DIR@/pgld.pid ++RemainAfterExit=yes + + [Install] + WantedBy=multi-user.target diff --git a/net-firewall/pglinux/files/6-pglinux-2.2.2-systemd.patch b/net-firewall/pglinux/files/6-pglinux-2.2.2-systemd.patch new file mode 100644 index 000000000000..b1000cb5d4e8 --- /dev/null +++ b/net-firewall/pglinux/files/6-pglinux-2.2.2-systemd.patch @@ -0,0 +1,87 @@ +commit 6ed523649e296a16494c6b559ef22de04833cddc +Author: hasufell <hasufell@posteo.de> +Date: Mon Sep 23 23:57:48 2013 +0200 + + BUILD: small cleanup to systemd bits + + * don't double check for pkg-config + * use AS_IF + * consistent variable naming + * do not install systemd file when "--with-systemd" is omitted + +diff --git a/pgl/Makefile.am b/pgl/Makefile.am +index a81c3ee..c5dd377 100644 +--- a/pgl/Makefile.am ++++ b/pgl/Makefile.am +@@ -6,7 +6,7 @@ ACLOCAL_AMFLAGS = -I m4 + + # Ensure that make distcheck continues to work + DISTCHECK_CONFIGURE_FLAGS = \ +- --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) ++ --with-systemd=$$dc_install_base/$(SYSTEMDUNITDIR) + + SUBDIRS = \ + docs \ +diff --git a/pgl/configure.ac b/pgl/configure.ac +index 63b443c..dd2086e 100644 +--- a/pgl/configure.ac ++++ b/pgl/configure.ac +@@ -14,9 +14,7 @@ + AC_PROG_CC + AC_PROG_INSTALL + AC_PROG_LIBTOOL +-AC_PATH_PROG([PKGCONFIG], [pkg-config]) +-AS_IF([test "x$PKGCONFIG" = "x"], +- [AC_MSG_ERROR([pkg-config not found!])]) ++PKG_PROG_PKG_CONFIG + + # Checks for header files. + AC_CHECK_HEADERS([arpa/inet.h inttypes.h limits.h netinet/in.h stdlib.h string.h sys/time.h syslog.h unistd.h]) +@@ -134,14 +132,14 @@ + + # use systemd service file (yes, if user specifies a path) + # http://www.freedesktop.org/software/systemd/man/daemon.html +-PKG_PROG_PKG_CONFIG +-AC_ARG_WITH([systemdsystemunitdir], +- AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), +- [], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) +-if test "x$with_systemdsystemunitdir" != xno; then +- AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) +-fi +-AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ]) ++AC_ARG_WITH([systemd], ++ [AS_HELP_STRING([--with-systemd=UNITDIR], [install systemd unit file (into UNITDIR if given)])], ++ [with_systemd="$withval"], ++ [with_systemd="no"]) ++AS_IF([test "x$with_systemd" != xno], ++ [AS_IF([test "$with_systemd" = yes], [with_systemd="`$PKG_CONFIG --variable=systemdsystemunitdir systemd`"])] ++ [AC_SUBST([SYSTEMDUNITDIR], [$with_systemd])]) ++AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$with_systemd" -a "x$with_systemd" != xno ]) + + # let user specify iconsdir + AC_ARG_WITH([iconsdir], +@@ -321,9 +319,9 @@ + else + echo QT-gui....................................... : no + fi +- +-if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno; then +-echo systemdsystemunitdir......................... : $systemdsystemunitdir ++if test -n "$with_systemd" -a "x$with_systemd" != xno; then ++echo systemd ..................................... : yes ++echo systemd unit dir ............................ : $with_systemd + else + echo systemd...................................... : no + fi +diff --git a/pgl/pglcmd/Makefile.am b/pgl/pglcmd/Makefile.am +index c7f34a5..d06871e 100644 +--- a/pgl/pglcmd/Makefile.am ++++ b/pgl/pglcmd/Makefile.am +@@ -51,6 +51,7 @@ pgllib_DATA = \ + if HAVE_SYSTEMD + systemdsystemunit_DATA = \ + init/pgl.service ++systemdsystemunitdir = @SYSTEMDUNITDIR@ + endif + + # Don't update PATH here anymore, because on user's make it doesn't contain diff --git a/net-firewall/pglinux/files/pgl.gentoo.in b/net-firewall/pglinux/files/pgl.gentoo.in new file mode 100644 index 000000000000..c94d9784096e --- /dev/null +++ b/net-firewall/pglinux/files/pgl.gentoo.in @@ -0,0 +1,55 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="Daemon script for pglinux" +extra_commands="reload forcereload update" + +depend() { + need net +} + +PIDFILE=@PID_DIR@/pgld.pid +PGLCMD=@PGLCMDPATH@ + +start() { + ebegin "Starting pglinux daemon" + + if [ "${RC_CMD}" = "restart" ]; then + sleep 3 + fi + + $PGLCMD start + eend $? +} + +stop() { + ebegin "Stopping pglinux daemon" + $PGLCMD stop_quick + eend $? +} + +status() { + ebegin "Checking status of pglinux daemon" + $PGLCMD status + eend $? +} + +reload() { + ebegin "reload config" + $PGLCMD reload + eend $? +} + +forcereload() { + ebegin "force config reload" + $PGLCMD force-reload + eend $? +} + +update() { + ebegin "Force update of lists" + $PGLCMD update + eend $? +} + diff --git a/net-firewall/pglinux/files/pglinux-2.2.2-path-variables.patch b/net-firewall/pglinux/files/pglinux-2.2.2-path-variables.patch new file mode 100644 index 000000000000..2d3693a98536 --- /dev/null +++ b/net-firewall/pglinux/files/pglinux-2.2.2-path-variables.patch @@ -0,0 +1,131 @@ +commit 07b4b464e18c763bf095214a73d0bcfa32c4f933 +Author: hasufell <hasufell@posteo.de> +Date: Sat Sep 7 00:33:42 2013 +0200 + + BUILD: do not expand path variables in configure.ac + + it is bad form and could cause unexpected behavior + +diff --git a/pgl/configure.ac b/pgl/configure.ac +index 213baa5..6160956 100644 +--- a/pgl/configure.ac ++++ b/pgl/configure.ac +@@ -45,21 +45,21 @@ AC_ARG_WITH([initddir], + [AS_HELP_STRING([--with-initddir=DIR], + [path to init script directory (default: sysconfdir/init.d)])], + [INITDDIR="$withval"], +- [INITDDIR="$sysconfdir/init.d"]) ++ [INITDDIR='$(sysconfdir)/init.d']) + + # let user specify LOGDIR + AC_ARG_WITH([logdir], + [AS_HELP_STRING([--with-logdir=DIR], + [path to log directory (default: localstatedir/log/pgl)])], + [LOGDIR="$withval"], +- [LOGDIR="$localstatedir/log/$PACKAGE"]) ++ [LOGDIR='$(localstatedir)/log/'$PACKAGE]) + + # let user specify PIDDIR + AC_ARG_WITH([piddir], + [AS_HELP_STRING([--with-piddir=DIR], + [path to PID directory (default: localstatedir/run)])], + [PIDDIR="$withval"], +- [PIDDIR="$localstatedir/run"]) ++ [PIDDIR='$(localstatedir)/run']) + + # let user specify TMPDIR + AC_ARG_WITH([tmpdir], +@@ -73,21 +73,21 @@ AC_ARG_WITH([blocklists], + [AS_HELP_STRING([--with-blocklists=DIR], + [path to blocklists directory (default: localstatedir/spool/pgl)])], + [BLOCKLISTS_DIR="$withval"], +- [BLOCKLISTS_DIR="$localstatedir/spool/$PACKAGE"]) ++ [BLOCKLISTS_DIR='$(localstatedir)/spool/'$PACKAGE]) + + # let user specify LOCAL_BLOCKLIST_DIR + AC_ARG_WITH([localblocklist], + [AS_HELP_STRING([--with-localblocklist=DIR], + [path to local blocklist directory (default: sysconfdir/pgl/blocklists.local)])], + [LOCAL_BLOCKLIST_DIR="$withval"], +- [LOCAL_BLOCKLIST_DIR="$sysconfdir/$PACKAGE/blocklists.local"]) ++ [LOCAL_BLOCKLIST_DIR='$(sysconfdir)'/$PACKAGE/blocklists.local]) + + # let user specify MASTER_BLOCKLIST_DIR + AC_ARG_WITH([masterblocklist], + [AS_HELP_STRING([--with-masterblocklist=DIR], + [path to master blocklist directory (default: localstatedir/lib/pgl)])], + [MASTER_BLOCKLIST_DIR="$withval"], +- [MASTER_BLOCKLIST_DIR="$localstatedir/lib/$PACKAGE"]) ++ [MASTER_BLOCKLIST_DIR='$(localstatedir)/lib/'$PACKAGE]) + + # let user specify LSB + AC_ARG_WITH([lsb], +@@ -137,7 +137,7 @@ AC_ARG_WITH([iconsdir], + [AS_HELP_STRING([--with-iconsdir=DIR], + [path where icons get installed (default: datadir/pixmaps)])], + [ICONSDIR="$withval"], +- [ICONSDIR="$datadir/pixmaps"]) ++ [ICONSDIR='$(datadir)/pixmaps']) + + + +@@ -147,7 +147,7 @@ AC_ARG_WITH([iconsdir], + # pkg-config module check, generates $1_LIBS and $1_CFLAGS vars + PKG_CHECK_MODULES([libnetfilterqueue],[libnetfilter_queue]) + PGLD_CFLAGS="" +-PGLD_CPPFLAGS="$libnetfilterqueue_CFLAGS -DVERSION=\\\"$VERSION\\\" -DPACKAGE_NAME=\\\"$PACKAGE\\\" -DPIDFILE=\\\"${localstatedir}/run/${PACKAGE}d.pid\\\"" ++PGLD_CPPFLAGS="$libnetfilterqueue_CFLAGS -DVERSION=\\\"$VERSION\\\" -DPACKAGE_NAME=\\\"$PACKAGE\\\"" + PGLD_LDFLAGS="" + PGLD_LIBS="$libnetfilterqueue_LIBS" + +@@ -180,7 +180,7 @@ AS_IF([test "x$enable_dbus" = "xyes"], + [PKG_CHECK_MODULES([DBUS], + [dbus-1])] + [PGLD_CFLAGS="$PGLD_CFLAGS -fPIC"] +- [PGLD_CPPFLAGS="$PGLD_CPPFLAGS $DBUS_CFLAGS -DHAVE_DBUS -DPLUGINDIR=\\\"${libdir}/$PACKAGE\\\""] ++ [PGLD_CPPFLAGS="$PGLD_CPPFLAGS $DBUS_CFLAGS -DHAVE_DBUS"] + [PGLD_LDFLAGS="-Wl,-export-dynamic"] + [PGLD_LIBS="$PGLD_LIBS $DBUS_LIBS -ldl"]) + +@@ -203,7 +203,7 @@ AS_IF([test "x$enable_lowmem" = "xyes"], + ## + # initial QT_flags + QT_CXXFLAGS="" +-QT_CPPFLAGS="-DVERSION=\\\"$VERSION\\\" -DPGLCMDDEFAULTSPATH=\\\"${libdir}/${PACKAGE}/${PACKAGE}cmd.defaults\\\" -D_REENTRANT -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_CORE_LIB -DQT_SHARED" ++QT_CPPFLAGS="-DVERSION=\\\"$VERSION\\\" -D_REENTRANT -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_CORE_LIB -DQT_SHARED" + QT_LDFLAGS="" + QT_LIBS="" + +diff --git a/pgl/pgld/Makefile.am b/pgl/pgld/Makefile.am +index ca7d509..91fc7db 100644 +--- a/pgl/pgld/Makefile.am ++++ b/pgl/pgld/Makefile.am +@@ -1,6 +1,7 @@ + # flags + AM_CFLAGS = @PGLD_CFLAGS@ +-AM_CPPFLAGS = @PGLD_CPPFLAGS@ ++AM_CPPFLAGS = @PGLD_CPPFLAGS@ \ ++ -DPIDFILE=\"$(localstatedir)/run/${PACKAGE}d.pid\" + AM_LDFLAGS = @PGLD_LDFLAGS@ + + # sources for pgld binary +@@ -14,6 +15,7 @@ sbin_PROGRAMS = pgld + + # build dbus library for --enable-dbus + if DBUSMAKE ++AM_CPPFLAGS += -DPLUGINDIR=\"$(libdir)/$(PACKAGE)\" + libdbusdir = $(libdir)/$(PACKAGE_NAME) + libdbus_LTLIBRARIES = libdbus.la + libdbus_la_SOURCES = src/dbus.c src/dbus.h +diff --git a/pgl/pglgui/Makefile.am b/pgl/pglgui/Makefile.am +index 3a1757e..05c2a54 100644 +--- a/pgl/pglgui/Makefile.am ++++ b/pgl/pglgui/Makefile.am +@@ -11,6 +11,7 @@ MOC = @MOC@ + AM_CXXFLAGS = @QT_CXXFLAGS@ + AM_CPPFLAGS = \ + @QT_CPPFLAGS@ \ ++ -DPGLCMDDEFAULTSPATH=\"$(libdir)/$(PACKAGE)/$(PACKAGE)cmd.defaults\" \ + -I./ui + AM_LDFLAGS = @QT_LDFLAGS@ + diff --git a/net-firewall/pglinux/metadata.xml b/net-firewall/pglinux/metadata.xml new file mode 100644 index 000000000000..6e64606e9405 --- /dev/null +++ b/net-firewall/pglinux/metadata.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>hasufell@gentoo.org</email> + <name>Julian Ospald</name> + </maintainer> + <upstream> + <changelog>https://sourceforge.net/news/?group_id=131687</changelog> + <doc lang="en">https://sourceforge.net/projects/peerguardian/support</doc> + <bugs-to>https://sourceforge.net/tracker/?group_id=131687</bugs-to> + <remote-id type="sourceforge">peerguardian</remote-id> + </upstream> + <use> + <flag name="cron">Install cron script</flag> + <flag name="logrotate">Install logrotate.d file</flag> + </use> + <longdescription lang="en"> + PeerGuardian Linux (pgl) is a privacy oriented firewall application. It blocks + connections to and from hosts specified in huge blocklists (thousands or + millions of IP ranges). pgl is based on the Linux kernel netfilter framework + and iptables. + </longdescription> +</pkgmetadata> diff --git a/net-firewall/pglinux/pglinux-2.2.1_p20120711.ebuild b/net-firewall/pglinux/pglinux-2.2.1_p20120711.ebuild new file mode 100644 index 000000000000..662c2c283c94 --- /dev/null +++ b/net-firewall/pglinux/pglinux-2.2.1_p20120711.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit gnome2-utils linux-info + +MY_P="pgl-${PV}" + +DESCRIPTION="Privacy oriented firewall application" +HOMEPAGE="https://sourceforge.net/projects/peerguardian/" +SRC_URI="http://dev.gentoo.org/~hasufell/distfiles/${MY_P}.tar.xz" + +LICENSE="GPL-3" +KEYWORDS="amd64 x86" +SLOT="0" +IUSE="cron dbus logrotate networkmanager qt4 zlib" + +COMMON_DEPEND=" + net-libs/libnetfilter_queue + net-libs/libnfnetlink + dbus? ( sys-apps/dbus ) + zlib? ( sys-libs/zlib ) + qt4? ( sys-auth/polkit-qt[qt4(+)] + dev-qt/qtcore:4 + dev-qt/qtdbus:4 + dev-qt/qtgui:4 + || ( kde-apps/kdesu x11-libs/gksu x11-misc/ktsuss ) + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig + sys-devel/libtool:2" +RDEPEND="${COMMON_DEPEND} + net-firewall/iptables + sys-apps/sysvinit + cron? ( virtual/cron ) + logrotate? ( app-admin/logrotate ) + networkmanager? ( net-misc/networkmanager )" + +REQUIRED_USE="qt4? ( dbus )" + +CONFIG_CHECK="~NETFILTER_NETLINK + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_XTABLES + ~NETFILTER_XT_TARGET_NFQUEUE + ~NETFILTER_XT_MATCH_IPRANGE + ~NETFILTER_XT_MARK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NF_CONNTRACK + ~NF_CONNTRACK_IPV4 + ~NF_DEFRAG_IPV4 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_TARGET_REJECT" + +S=${WORKDIR}/${MY_P} + +src_configure() { + econf \ + --localstatedir=/var \ + --docdir=/usr/share/doc/${PF} \ + $(use_enable logrotate) \ + $(use_enable cron) \ + $(use_enable networkmanager) \ + $(use_enable zlib) \ + $(use_enable dbus) \ + --disable-lowmem \ + --with-iconsdir=/usr/share/icons/hicolor/128x128/apps \ + --with-gentoo-init \ + $(use_with qt4) +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + elog "optional dependencies:" + elog " app-arch/p7zip (needed for blocklists packed as .7z)" + elog " app-arch/unzip (needed for blocklists packed as .zip)" + elog " virtual/mta (needed to send informational (blocklist updates) and" + elog " warning mails (if pglcmd.wd detects a problem.))" + + gnome2_icon_cache_update +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/net-firewall/pglinux/pglinux-2.2.2-r1.ebuild b/net-firewall/pglinux/pglinux-2.2.2-r1.ebuild new file mode 100644 index 000000000000..993efc239889 --- /dev/null +++ b/net-firewall/pglinux/pglinux-2.2.2-r1.ebuild @@ -0,0 +1,106 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools eutils gnome2-utils linux-info systemd + +MY_P="pgl-${PV}" + +DESCRIPTION="Privacy oriented firewall application" +HOMEPAGE="https://sourceforge.net/projects/peerguardian/" +SRC_URI="mirror://sourceforge/peerguardian/${MY_P}.tar.gz" + +LICENSE="GPL-3" +KEYWORDS="~amd64 ~x86" +SLOT="0" +IUSE="cron dbus logrotate networkmanager qt4 zlib" + +COMMON_DEPEND=" + net-libs/libnetfilter_queue + net-libs/libnfnetlink + dbus? ( sys-apps/dbus ) + zlib? ( sys-libs/zlib ) + qt4? ( sys-auth/polkit-qt[qt4(+)] + dev-qt/qtcore:4 + dev-qt/qtdbus:4 + dev-qt/qtgui:4 + || ( kde-apps/kdesu x11-libs/gksu x11-misc/ktsuss ) + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig + sys-devel/libtool:2" +RDEPEND="${COMMON_DEPEND} + net-firewall/iptables + sys-apps/sysvinit + cron? ( virtual/cron ) + logrotate? ( app-admin/logrotate ) + networkmanager? ( net-misc/networkmanager )" + +REQUIRED_USE="qt4? ( dbus )" + +CONFIG_CHECK="~NETFILTER_NETLINK + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_XTABLES + ~NETFILTER_XT_TARGET_NFQUEUE + ~NETFILTER_XT_MATCH_IPRANGE + ~NETFILTER_XT_MARK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NF_CONNTRACK + ~NF_CONNTRACK_IPV4 + ~NF_DEFRAG_IPV4 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_TARGET_REJECT" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + epatch -p2 "${FILESDIR}"/${P}-path-variables.patch \ + "${FILESDIR}"/{0,1}-${P}-gentoo-init.patch \ + "${FILESDIR}"/{0..6}-${P}-systemd.patch + + eautoreconf +} + +src_configure() { + econf \ + --localstatedir=/var \ + --docdir=/usr/share/doc/${PF} \ + $(use_enable logrotate) \ + $(use_enable cron) \ + $(use_enable networkmanager) \ + $(use_enable zlib) \ + $(use_enable dbus) \ + --disable-lowmem \ + --with-iconsdir=/usr/share/icons/hicolor/128x128/apps \ + --with-gentoo-init \ + $(use_with qt4) \ + --with-systemd="$(systemd_get_unitdir)" +} + +src_install() { + default + keepdir /var/{lib,log,spool}/pgl + rm -rf "${ED}"/tmp +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + elog "optional dependencies:" + elog " app-arch/p7zip (needed for blocklists packed as .7z)" + elog " app-arch/unzip (needed for blocklists packed as .zip)" + elog " virtual/mta (needed to send informational (blocklist updates) and" + elog " warning mails (if pglcmd.wd detects a problem.))" + + gnome2_icon_cache_update +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/net-firewall/pglinux/pglinux-2.2.2.ebuild b/net-firewall/pglinux/pglinux-2.2.2.ebuild new file mode 100644 index 000000000000..5b334481664e --- /dev/null +++ b/net-firewall/pglinux/pglinux-2.2.2.ebuild @@ -0,0 +1,101 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit gnome2-utils linux-info + +MY_P="pgl-${PV}" + +DESCRIPTION="Privacy oriented firewall application" +HOMEPAGE="https://sourceforge.net/projects/peerguardian/" +SRC_URI="mirror://sourceforge/peerguardian/${MY_P}.tar.gz" + +LICENSE="GPL-3" +KEYWORDS="amd64 x86" +SLOT="0" +IUSE="cron dbus logrotate networkmanager qt4 zlib" + +COMMON_DEPEND=" + net-libs/libnetfilter_queue + net-libs/libnfnetlink + dbus? ( sys-apps/dbus ) + zlib? ( sys-libs/zlib ) + qt4? ( sys-auth/polkit-qt[qt4(+)] + dev-qt/qtcore:4 + dev-qt/qtdbus:4 + dev-qt/qtgui:4 + || ( kde-apps/kdesu x11-libs/gksu x11-misc/ktsuss ) + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig + sys-devel/libtool:2" +RDEPEND="${COMMON_DEPEND} + net-firewall/iptables + sys-apps/sysvinit + cron? ( virtual/cron ) + logrotate? ( app-admin/logrotate ) + networkmanager? ( net-misc/networkmanager )" + +REQUIRED_USE="qt4? ( dbus )" + +CONFIG_CHECK="~NETFILTER_NETLINK + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_XTABLES + ~NETFILTER_XT_TARGET_NFQUEUE + ~NETFILTER_XT_MATCH_IPRANGE + ~NETFILTER_XT_MARK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NF_CONNTRACK + ~NF_CONNTRACK_IPV4 + ~NF_DEFRAG_IPV4 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_TARGET_REJECT" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + cp "${FILESDIR}"/pgl.gentoo.in "${S}"/pglcmd/init || die "cp failed" +} + +src_configure() { + econf \ + --localstatedir=/var \ + --docdir=/usr/share/doc/${PF} \ + $(use_enable logrotate) \ + $(use_enable cron) \ + $(use_enable networkmanager) \ + $(use_enable zlib) \ + $(use_enable dbus) \ + --disable-lowmem \ + --with-iconsdir=/usr/share/icons/hicolor/128x128/apps \ + --with-gentoo-init \ + $(use_with qt4) +} + +src_install() { + default + keepdir /var/{lib,log,spool}/pgl + rm -rf "${ED}"/tmp +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + elog "optional dependencies:" + elog " app-arch/p7zip (needed for blocklists packed as .7z)" + elog " app-arch/unzip (needed for blocklists packed as .zip)" + elog " virtual/mta (needed to send informational (blocklist updates) and" + elog " warning mails (if pglcmd.wd detects a problem.))" + + gnome2_icon_cache_update +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/net-firewall/pglinux/pglinux-2.2.3.ebuild b/net-firewall/pglinux/pglinux-2.2.3.ebuild new file mode 100644 index 000000000000..280cd890df69 --- /dev/null +++ b/net-firewall/pglinux/pglinux-2.2.3.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils gnome2-utils linux-info systemd + +MY_P="pgl-${PV}" + +DESCRIPTION="Privacy oriented firewall application" +HOMEPAGE="https://sourceforge.net/projects/peerguardian/" +SRC_URI="mirror://sourceforge/peerguardian/${MY_P}.tar.gz" + +LICENSE="GPL-3" +KEYWORDS="~amd64 ~x86" +SLOT="0" +IUSE="cron dbus logrotate networkmanager qt4 zlib" + +COMMON_DEPEND=" + net-libs/libnetfilter_queue + net-libs/libnfnetlink + dbus? ( sys-apps/dbus ) + zlib? ( sys-libs/zlib ) + qt4? ( sys-auth/polkit-qt[qt4(+)] + dev-qt/qtcore:4 + dev-qt/qtdbus:4 + dev-qt/qtgui:4 + || ( kde-apps/kdesu x11-libs/gksu x11-misc/ktsuss ) + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig + sys-devel/libtool:2" +RDEPEND="${COMMON_DEPEND} + net-firewall/iptables + sys-apps/sysvinit + cron? ( virtual/cron ) + logrotate? ( app-admin/logrotate ) + networkmanager? ( net-misc/networkmanager )" + +REQUIRED_USE="qt4? ( dbus )" + +CONFIG_CHECK="~NETFILTER_NETLINK + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_XTABLES + ~NETFILTER_XT_TARGET_NFQUEUE + ~NETFILTER_XT_MATCH_IPRANGE + ~NETFILTER_XT_MARK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NF_CONNTRACK + ~NF_CONNTRACK_IPV4 + ~NF_DEFRAG_IPV4 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_TARGET_REJECT" + +S=${WORKDIR}/${MY_P} + +src_configure() { + econf \ + --localstatedir=/var \ + --docdir=/usr/share/doc/${PF} \ + $(use_enable logrotate) \ + $(use_enable cron) \ + $(use_enable networkmanager) \ + $(use_enable zlib) \ + $(use_enable dbus) \ + --disable-lowmem \ + --with-iconsdir=/usr/share/icons/hicolor/128x128/apps \ + --with-gentoo-init \ + $(use_with qt4) \ + --with-systemd="$(systemd_get_unitdir)" +} + +src_install() { + default + keepdir /var/{lib,log,spool}/pgl + rm -rf "${ED}"/tmp +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + elog "optional dependencies:" + elog " app-arch/p7zip (needed for blocklists packed as .7z)" + elog " app-arch/unzip (needed for blocklists packed as .zip)" + elog " virtual/mta (needed to send informational (blocklist updates) and" + elog " warning mails (if pglcmd.wd detects a problem.))" + + gnome2_icon_cache_update +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/net-firewall/pglinux/pglinux-2.2.4.ebuild b/net-firewall/pglinux/pglinux-2.2.4.ebuild new file mode 100644 index 000000000000..daf6e73bda03 --- /dev/null +++ b/net-firewall/pglinux/pglinux-2.2.4.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils gnome2-utils linux-info systemd + +MY_P="pgl-${PV}" + +DESCRIPTION="Privacy oriented firewall application" +HOMEPAGE="https://sourceforge.net/projects/peerguardian/" +SRC_URI="mirror://sourceforge/peerguardian/${MY_P}.tar.gz" + +LICENSE="GPL-3" +KEYWORDS="amd64 x86" +SLOT="0" +IUSE="cron dbus logrotate networkmanager qt4 zlib" + +COMMON_DEPEND=" + net-libs/libnetfilter_queue + net-libs/libnfnetlink + dbus? ( sys-apps/dbus ) + zlib? ( sys-libs/zlib ) + qt4? ( sys-auth/polkit-qt[qt4(+)] + dev-qt/qtcore:4 + dev-qt/qtdbus:4 + dev-qt/qtgui:4 + || ( kde-apps/kdesu x11-libs/gksu x11-misc/ktsuss ) + )" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig + sys-devel/libtool:2" +RDEPEND="${COMMON_DEPEND} + net-firewall/iptables + sys-apps/sysvinit + cron? ( virtual/cron ) + logrotate? ( app-admin/logrotate ) + networkmanager? ( net-misc/networkmanager )" + +REQUIRED_USE="qt4? ( dbus )" + +CONFIG_CHECK="~NETFILTER_NETLINK + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_XTABLES + ~NETFILTER_XT_TARGET_NFQUEUE + ~NETFILTER_XT_MATCH_IPRANGE + ~NETFILTER_XT_MARK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NF_CONNTRACK + ~NF_CONNTRACK_IPV4 + ~NF_DEFRAG_IPV4 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_TARGET_REJECT" + +S=${WORKDIR}/${MY_P} + +src_configure() { + econf \ + --localstatedir=/var \ + --docdir=/usr/share/doc/${PF} \ + $(use_enable logrotate) \ + $(use_enable cron) \ + $(use_enable networkmanager) \ + $(use_enable zlib) \ + $(use_enable dbus) \ + --disable-lowmem \ + --with-iconsdir=/usr/share/icons/hicolor/128x128/apps \ + --with-gentoo-init \ + $(use_with qt4) \ + --with-systemd="$(systemd_get_unitdir)" +} + +src_install() { + default + keepdir /var/{lib,log,spool}/pgl + rm -rf "${ED%/}"/tmp +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + elog "optional dependencies:" + elog " app-arch/p7zip (needed for blocklists packed as .7z)" + elog " app-arch/unzip (needed for blocklists packed as .zip)" + elog " virtual/mta (needed to send informational (blocklist updates) and" + elog " warning mails (if pglcmd.wd detects a problem.))" + + gnome2_icon_cache_update +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/net-firewall/psad/Manifest b/net-firewall/psad/Manifest new file mode 100644 index 000000000000..79ec3260e7e6 --- /dev/null +++ b/net-firewall/psad/Manifest @@ -0,0 +1,2 @@ +DIST psad-2.2.5.tar.bz2 1243987 SHA256 736d446266227cb65511d792c85224573c95ea4dc3bde3d5c65bc19084f57452 SHA512 195a06420cf821d182a5422705ba2d407fd35f23887430e61925cad0eada7d20e2416eaf6317857a5aec2f1264a280a7e0128cc301f17dcf20cf833a9f0efb6e WHIRLPOOL fac4797e0a399d4f5edf2179c21d37791d184ee1e334b9b8fb2707405afc10ca0c0d4ab43cd274f34cf8ba9453189066b1d46b955d0533fa357e376ef3817f1f +DIST psad-2.4.1.tar.bz2 1361593 SHA256 d86688ed7907724750b501087a92a3417cb5b2dc81e06230d0eb2cdcf676b03e SHA512 e146d9853e265f4bb25b79fff7a0ab6ba2759367890498ea25edaff771df1b30c3a284b18e6fe5ae3f4c91a79f6b8d255bf331921c36a24fb0f4f554fa3cb848 WHIRLPOOL 5ac2b96fd8ec4baa98a0b35465e5c8bbfb3dffd48f2a95e31ef80e176d80e7ed09a5bcf6d945e8bed3d69d9cb21b14857dc56fd24bc5ce01ef9540729fd585d4 diff --git a/net-firewall/psad/files/psad-2.2.4-var-run.patch b/net-firewall/psad/files/psad-2.2.4-var-run.patch new file mode 100644 index 000000000000..78178a43d5e6 --- /dev/null +++ b/net-firewall/psad/files/psad-2.2.4-var-run.patch @@ -0,0 +1,13 @@ +--- a/init-scripts/psad-init.gentoo ++++ b/init-scripts/psad-init.gentoo +@@ -19,6 +19,10 @@ + + start() { + checkconfig || return 1 ++ checkpath -q -d -m 755 -o root:root /run/psad ++ checkpath -q -d -m 755 -o root:root /var/lib/psad ++ checkpath -q -d -m 755 -o root:root /var/log/psad ++ [ -p /var/lib/psad/psadfifo ] || mknod -m 600 /var/lib/psad/psadfifo p + + ebegin "Starting ${SVCNAME}" + start-stop-daemon \ diff --git a/net-firewall/psad/metadata.xml b/net-firewall/psad/metadata.xml new file mode 100644 index 000000000000..03aa50bab7e3 --- /dev/null +++ b/net-firewall/psad/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>netmon</herd> +</pkgmetadata> diff --git a/net-firewall/psad/psad-2.2.5.ebuild b/net-firewall/psad/psad-2.2.5.ebuild new file mode 100644 index 000000000000..2eccd5ad7093 --- /dev/null +++ b/net-firewall/psad/psad-2.2.5.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +#PERL_EXPORT_PHASE_FUNCTIONS=no +inherit eutils perl-module toolchain-funcs + +DESCRIPTION="Port Scanning Attack Detection daemon" +SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2" +HOMEPAGE="http://www.cipherdyne.org/psad" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="alpha amd64 ppc ~sparc x86" + +DEPEND="virtual/perl-ExtUtils-MakeMaker" +RDEPEND=" + dev-perl/Bit-Vector + dev-perl/Date-Calc + dev-perl/NetAddr-IP + dev-perl/Unix-Syslog + net-firewall/iptables + net-misc/whois + virtual/logger + virtual/mailx + virtual/perl-Storable +" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.2.4-var-run.patch + + sed -i \ + -e 's|/usr/bin/gcc|$(CC)|g' \ + -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \ + Makefile || die + # Fix up default paths + sed -i \ + -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \ + psad.conf || die +} + +src_configure() { + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + SRC_PREP="no" perl-module_src_configure + done +} + +src_compile() { + tc-export CC + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_compile + done +} + +src_install() { + newbin pscan psad-pscan + + insinto /usr + dosbin kmsgsd psad psadwatchd + newsbin fwcheck_psad.pl fwcheck_psad + + insinto /etc/psad + doins \ + *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \ + protocols signatures + + newinitd init-scripts/psad-init.gentoo psad + + doman *.8 + + dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README SCAN_LOG + + insinto /etc/psad/snort_rules + doins deps/snort_rules/* + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_install + done +} diff --git a/net-firewall/psad/psad-2.4.1.ebuild b/net-firewall/psad/psad-2.4.1.ebuild new file mode 100644 index 000000000000..dcf0bcd10907 --- /dev/null +++ b/net-firewall/psad/psad-2.4.1.ebuild @@ -0,0 +1,91 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +#PERL_EXPORT_PHASE_FUNCTIONS=no +inherit eutils perl-module toolchain-funcs + +DESCRIPTION="Port Scanning Attack Detection daemon" +SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2" +HOMEPAGE="http://www.cipherdyne.org/psad" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" + +DEPEND="virtual/perl-ExtUtils-MakeMaker" +RDEPEND=" + dev-perl/Bit-Vector + dev-perl/Date-Calc + dev-perl/NetAddr-IP + dev-perl/Unix-Syslog + net-firewall/iptables + net-misc/whois + virtual/logger + virtual/mailx + virtual/perl-Storable +" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.2.4-var-run.patch + + sed -i \ + -e 's|/usr/bin/gcc|$(CC)|g' \ + -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \ + Makefile || die + # Fix up default paths + sed -i \ + -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \ + psad.conf || die +} + +src_configure() { + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + SRC_PREP="no" perl-module_src_configure + done +} + +src_compile() { + tc-export CC + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_compile + done +} + +src_install() { + newbin pscan psad-pscan + + insinto /usr + dosbin kmsgsd psad psadwatchd + newsbin fwcheck_psad.pl fwcheck_psad + + insinto /etc/psad + doins \ + *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \ + protocols signatures + + newinitd init-scripts/psad-init.gentoo psad + + doman *.8 + + dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES FW_HELP README \ + README.SYSLOG SCAN_LOG + + insinto /etc/psad/snort_rules + doins deps/snort_rules/* + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_install + done +} diff --git a/net-firewall/quicktables/Manifest b/net-firewall/quicktables/Manifest new file mode 100644 index 000000000000..ba39b76ccf06 --- /dev/null +++ b/net-firewall/quicktables/Manifest @@ -0,0 +1 @@ +DIST quicktables-2.3.tar.gz 20287 RMD160 107711062ba23d96c62dba6a6bd893b94e9d86d1 SHA1 ac685eb7ad580f6e20f68b8b4e60dee1356d7fb0 SHA256 f96c39dd72227b0056899d635531c3836a64a300183d657a12a5625d435155f6 diff --git a/net-firewall/quicktables/metadata.xml b/net-firewall/quicktables/metadata.xml new file mode 100644 index 000000000000..d9cd2cad66c2 --- /dev/null +++ b/net-firewall/quicktables/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer> +<email>maintainer-needed@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-firewall/quicktables/quicktables-2.3.ebuild b/net-firewall/quicktables/quicktables-2.3.ebuild new file mode 100644 index 000000000000..b0398c5beeab --- /dev/null +++ b/net-firewall/quicktables/quicktables-2.3.ebuild @@ -0,0 +1,19 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +DESCRIPTION="a quick iptables script generator" +HOMEPAGE="http://qtables.radom.org/" +SRC_URI="http://qtables.radom.org/files/${P}.tar.gz" + +LICENSE="GPL-2" +IUSE="" +KEYWORDS="~amd64 ~ppc ~x86" +SLOT="0" + +RDEPEND="net-firewall/iptables" + +src_install() { + dosbin quicktables-2.3 || die + dodoc changes readme todo +} diff --git a/net-firewall/rtsp-conntrack/Manifest b/net-firewall/rtsp-conntrack/Manifest new file mode 100644 index 000000000000..ecb90044c22c --- /dev/null +++ b/net-firewall/rtsp-conntrack/Manifest @@ -0,0 +1 @@ +DIST rtsp-module-3.7.tar.gz 11474 SHA256 a8333924e9553ec25ed0707b8e78637bf055e654a888ff7e40634f356102068a SHA512 480316f41f7e9a2a75b73b3edcbbdc98bf293f013a5549c6829659e601d2d1ec0ac94f7a2519cd6e40d41cbd02cf64f81fe2a371c703c3b0ba36d200fe29a3c1 WHIRLPOOL c76f20fb016a11c036d452998a6892af055247dccb7fa6e35c5c4bd2954fcc2a7b2d1403612d05c19d278ff4222faaaaa31284e81d7c135ed7cac47f2b3c69d3 diff --git a/net-firewall/rtsp-conntrack/metadata.xml b/net-firewall/rtsp-conntrack/metadata.xml new file mode 100644 index 000000000000..b6b8956cde34 --- /dev/null +++ b/net-firewall/rtsp-conntrack/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>pinkbyte@gentoo.org</email> + <name>Sergey Popov</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild new file mode 100644 index 000000000000..5d548286663a --- /dev/null +++ b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils linux-mod versionator + +DESCRIPTION="RTSP conntrack module for Netfilter" +HOMEPAGE="http://mike.it-loops.com/rtsp" +SRC_URI="http://mike.it-loops.com/rtsp/rtsp-module-${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" + +S="${WORKDIR}/rtsp" + +BUILD_TARGETS="all" +MODULE_NAMES=" + nf_conntrack_rtsp(net/netfilter::) + nf_nat_rtsp(net/ipv4/netfilter::)" +MODULESD_NF_CONNTRACK_RTSP_DOCS="README.rst" + +CONFIG_CHECK="NF_CONNTRACK" +WARNING_NF_CONNTRACK="You must enable NF_CONNTRACK in your kernel, otherwise ${PN} would not work" + +BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1" + +pkg_setup() { + linux-mod_pkg_setup + kernel_is -lt $(get_version_components) && die "This version of ${PN} would not work on kernels <= ${PV}" +} + +src_prepare() { + epatch_user +} diff --git a/net-firewall/sanewall/Manifest b/net-firewall/sanewall/Manifest new file mode 100644 index 000000000000..c2fe9fa72022 --- /dev/null +++ b/net-firewall/sanewall/Manifest @@ -0,0 +1 @@ +DIST sanewall-1.1.6.tar.xz 585316 SHA256 c26a339a1ac945aa0ddffbbb92ac4dff07302da8d9de6983832e91e123c4b00e SHA512 73260197b88816e90b15fc244a5940c290ec99c82eb8e50338b4f0f88710900c8cd18920c6f319205e527859c0696da28798428ab04b03c7f355c1d8ba6f7ca0 WHIRLPOOL cf906c539c4d348837fc93e46e7cf3d1d94cadcd111db918c265fa78133b35befd69ea2bdef782a054b035f40130821291b11965c7846220eaf4551237bcfb78 diff --git a/net-firewall/sanewall/files/sanewall.confd b/net-firewall/sanewall/files/sanewall.confd new file mode 100644 index 000000000000..2193b04d49bf --- /dev/null +++ b/net-firewall/sanewall/files/sanewall.confd @@ -0,0 +1,5 @@ +# location of sanewall config +SANEWALL_CONFIG="/etc/sanewall/sanewall.conf" + +# arguments for sanewall +#SANEWALL_OPTS="" diff --git a/net-firewall/sanewall/files/sanewall.initd b/net-firewall/sanewall/files/sanewall.initd new file mode 100644 index 000000000000..665d3868ff4c --- /dev/null +++ b/net-firewall/sanewall/files/sanewall.initd @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +extra_commands="save panic try" +extra_started_commands="reload" + +depend() { + need localmount + after bootmisc + before net + provide firewall +} + +start_pre() { + if [ ! -f ${SANEWALL_CONFIG} ]; then + eerror "Not starting sanewall, missing config file ${SANEWALL_CONFIG}." + return 1 + fi +} + +start() { + ebegin "Starting sanewall" + /usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} start >/dev/null + eend $? +} + +stop() { + ebegin "Stopping sanewall" + /usr/sbin/sanewall ${SANEWALL_OPTS} stop >/dev/null + eend $? +} + +try() { + ebegin "Trying sanewall configuration" + /usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} try + eend $? +} + +status() { + ebegin "Showing sanewall status" + /usr/sbin/sanewall ${SANEWALL_OPTS} status + eend $? +} + +panic() { + ebegin "sanewall panic" + /usr/sbin/sanewall ${SANEWALL_OPTS} panic + eend $? +} + +save() { + ebegin "Saving sanewall configuration" + /usr/sbin/sanewall ${SANEWALL_OPTS} save + eend $? +} diff --git a/net-firewall/sanewall/metadata.xml b/net-firewall/sanewall/metadata.xml new file mode 100644 index 000000000000..ccea844db312 --- /dev/null +++ b/net-firewall/sanewall/metadata.xml @@ -0,0 +1,7 @@ +<?xml version = '1.0' encoding = 'UTF-8'?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/sanewall/sanewall-1.1.6-r1.ebuild b/net-firewall/sanewall/sanewall-1.1.6-r1.ebuild new file mode 100644 index 000000000000..93ebfa5bf2f2 --- /dev/null +++ b/net-firewall/sanewall/sanewall-1.1.6-r1.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit linux-info + +DESCRIPTION="iptables firewall generator (fork of firehol)" +HOMEPAGE="http://www.sanewall.org/" +SRC_URI="http://download.sanewall.org/releases/${PV}/${P}.tar.xz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="app-arch/xz-utils" +RDEPEND="net-firewall/iptables[ipv6] + sys-apps/iproute2[-minimal] + virtual/modutils + || ( + net-misc/wget + net-misc/curl + )" + +pkg_setup() { + local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \ + ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \ + ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \ + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER" + + get_version + if [[ ${KV_PATCH} -ge 25 ]] ; then + CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}" + else + CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}" + fi + linux-info_pkg_setup +} + +src_configure() { + econf --docdir="/usr/share/doc/${PF}" +} + +src_install() { + default + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.initd ${PN} +} + +pkg_postinst() { + # install default configuration if it doesn't exist + if [[ ! -e "${ROOT}"/etc/${PN}/${PN}.conf ]] ; then + einfo "Installing a sample configuration to ${ROOT}/etc/${PN}/${PN}.conf" + cp "${ROOT}"/etc/${PN}/${PN}.conf.example "${ROOT}"/etc/${PN}/${PN}.conf || die + fi +} diff --git a/net-firewall/shapecfg/Manifest b/net-firewall/shapecfg/Manifest new file mode 100644 index 000000000000..953a87b53c5d --- /dev/null +++ b/net-firewall/shapecfg/Manifest @@ -0,0 +1 @@ +DIST shaper.36.tar.gz 671 RMD160 1c7ab11cb7f68070aca4aacb1edc0de812314bfb SHA1 7a8fe9f963c2e5b288fefabab173fcf1877234ff SHA256 33abccecf7628da63e668042b3f6d5ac94df6036f8194d86d233964f15400323 diff --git a/net-firewall/shapecfg/files/README.shaper b/net-firewall/shapecfg/files/README.shaper new file mode 100644 index 000000000000..60c2b4d6afb6 --- /dev/null +++ b/net-firewall/shapecfg/files/README.shaper @@ -0,0 +1,50 @@ + +Traffic Shaper For Linux + +This is the current ALPHA release of the traffic shaper for Linux. It works +within the following limits: + +o Minimum shaping speed is currently about 9600 baud (it can only + shape down to 1 byte per clock tick) + +o Maximum is about 256K, it will go above this but get a bit blocky. + +o If you ifconfig the master device that a shaper is attached to down + then your machine will follow. + +o The shaper must be a module. + + +Setup: + +A shaper device is configured using the shapeconfig program. +Typically you will do something like this + +shapecfg attach shaper0 eth1 +shapecfg speed shaper0 64000 +ifconfig shaper0 myhost netmask 255.255.255.240 broadcast 1.2.3.4.255 up +route add -net some.network netmask a.b.c.d dev shaper0 + +The shaper should have the same IP address as the device it is attached to +for normal use. + +Gotchas: + + The shaper shapes transmitted traffic. It's rather impossible to +shape received traffic except at the end (or a router) transmitting it. + + Gated/routed/rwhod/mrouted all see the shaper as an additional device +and will treat it as such unless patched. Note that for mrouted you can run +mrouted tunnels via a traffic shaper to control bandwidth usage. + + The shaper is device/route based. This makes it very easy to use +with any setup BUT less flexible. You may well want to combine this patch +with Mike McLagan 's patch to allow routes to be +specified by source/destination pairs. + + There is no "borrowing" or "sharing" scheme. This is a simple +traffic limiter. I'd like to implement Van Jacobson and Sally Floyd's CBQ +architecture into Linux one day (maybe in 2.1 sometime) and do this with +style. + + diff --git a/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch b/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch new file mode 100644 index 000000000000..3fb6a36ae50b --- /dev/null +++ b/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch @@ -0,0 +1,15 @@ +--- shaper/shapecfg.c.glibc Tue Sep 29 20:24:02 1998 ++++ shaper/shapecfg.c Tue Sep 29 20:29:27 1998 +@@ -3,9 +3,9 @@ + #include <stdlib.h> + #include <linux/types.h> + #include <netinet/in.h> +-#include <linux/if.h> +-#include <linux/if_shaper.h> +-#include <linux/sockios.h> ++#include <net/if.h> ++#include <net/if_shaper.h> ++#include <sys/ioctl.h> + + void usage(char *name) + { diff --git a/net-firewall/shapecfg/metadata.xml b/net-firewall/shapecfg/metadata.xml new file mode 100644 index 000000000000..d9cd2cad66c2 --- /dev/null +++ b/net-firewall/shapecfg/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer> +<email>maintainer-needed@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-firewall/shapecfg/shapecfg-36.ebuild b/net-firewall/shapecfg/shapecfg-36.ebuild new file mode 100644 index 000000000000..d8be777b2b0e --- /dev/null +++ b/net-firewall/shapecfg/shapecfg-36.ebuild @@ -0,0 +1,35 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils flag-o-matic + +DESCRIPTION="configuration tool for setting traffic bandwidth parameters" +HOMEPAGE="ftp://archive.download.redhat.com/pub/redhat/linux/9/en/os/i386/SRPMS http://sourceforge.net/projects/cbqinit" +SRC_URI="mirror://gentoo/shaper.${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="" + +DEPEND="" + +S=${WORKDIR}/shaper + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/shapercfg-2.0.36-glibc.patch + rm -f Makefile +} + +src_compile() { + append-flags -Wall + emake shapecfg || die +} + +src_install() { + dobin shapecfg || die + dodoc "${FILESDIR}"/README.shaper +} diff --git a/net-firewall/shorewall-core/Manifest b/net-firewall/shorewall-core/Manifest new file mode 100644 index 000000000000..e42704c3edfc --- /dev/null +++ b/net-firewall/shorewall-core/Manifest @@ -0,0 +1,2 @@ +DIST shorewall-core-4.5.21.10.tar.bz2 86185 SHA256 57e4b96ae3258b5150fbb188921845e8843d6b6ccb77d60a10bb984f87951334 SHA512 ad96fd91d5d8eb900b7a2180a37fa1826c7448fd5ff0f94f938e897b2cdf9d7b2a064cb4499fb76107bb8cf8f32c1265a7ff6d5966dae1d1d76a4a61482d6c81 WHIRLPOOL f08ccd4c59bac5f7f1fc8ea1bec853e5286aa1f13ad0b09fd3578d5002266ec210382a73f8a2f8b45dd09dda93cdd695f259ee60803820ed2715dc046ff16e7c +DIST shorewall-core-4.5.21.9.tar.bz2 86021 SHA256 f431edf0109641b7fd7c9568e39917b16f1d776393d58aef328f82bf5ef20656 SHA512 53525a3159e33aefbc39ff59fe300e5da3f51a4c2c363ecb4b56888d87ef48f56b8ec7c4d09668407148898f2704ff60627a90b42203cf48d2e4c3d3c5fd8f41 WHIRLPOOL 032ee33b1e1e3effc1a7b97ad4000b4e9eaf0a1f4d45cffeb252298aaea06444484ccc80b4c5115d59ffb6e2d76e2fac97b2ceb6b2b2c4b7283f4cdd4778a6f6 diff --git a/net-firewall/shorewall-core/files/4.5.21.10-r1/shorewallrc b/net-firewall/shorewall-core/files/4.5.21.10-r1/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall-core/files/4.5.21.10-r1/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall-core/files/4.5.21.9/shorewallrc b/net-firewall/shorewall-core/files/4.5.21.9/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall-core/files/4.5.21.9/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall-core/metadata.xml b/net-firewall/shorewall-core/metadata.xml new file mode 100644 index 000000000000..52ffdde3f9be --- /dev/null +++ b/net-firewall/shorewall-core/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <herd>proxy-maintainers</herd> + <maintainer> + <email>whissi@whissi.de</email> + <name>Thomas D. (Whissi)</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/shorewall-core/shorewall-core-4.5.21.10-r1.ebuild b/net-firewall/shorewall-core/shorewall-core-4.5.21.10-r1.ebuild new file mode 100644 index 000000000000..4e189a5b858b --- /dev/null +++ b/net-firewall/shorewall-core/shorewall-core-4.5.21.10-r1.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils prefix versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="Core libraries of shorewall / shorewall(6)-lite" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI="http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="selinux" + +DEPEND=" + >=dev-lang/perl-5.10 + virtual/perl-Digest-SHA + !<net-firewall/shorewall-4.5.0.1 +" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + >=sys-apps/coreutils-8.20 + selinux? ( >=sec-policy/selinux-shorewall-2.20130424-r2 ) +" + +DOCS=( changelog.txt releasenotes.txt ) + +S=${WORKDIR}/${PN}-${MY_PV} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + epatch_user +} + +src_configure() { + :; +} + +src_install() { + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + default +} + +pkg_postinst() { + if ! has_version sys-apps/net-tools; then + elog "It is recommended to install sys-apps/net-tools which will provide the" + elog "the 'arp' utility which will give you a better 'shorewall-lite dump' output:" + elog "" + elog " # emerge sys-apps/net-tools" + fi +} diff --git a/net-firewall/shorewall-core/shorewall-core-4.5.21.9.ebuild b/net-firewall/shorewall-core/shorewall-core-4.5.21.9.ebuild new file mode 100644 index 000000000000..f313a9316472 --- /dev/null +++ b/net-firewall/shorewall-core/shorewall-core-4.5.21.9.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils prefix versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="Core libraries of shorewall / shorewall(6)-lite" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI="http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +IUSE="selinux" + +DEPEND=" + >=dev-lang/perl-5.10 + virtual/perl-Digest-SHA + !<net-firewall/shorewall-4.5.0.1 +" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + >=sys-apps/coreutils-8.20 + selinux? ( >=sec-policy/selinux-shorewall-2.20130424-r2 ) +" + +DOCS=( changelog.txt releasenotes.txt ) + +S=${WORKDIR}/${PN}-${MY_PV} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + epatch_user +} + +src_configure() { + :; +} + +src_install() { + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + default +} + +pkg_postinst() { + if ! has_version sys-apps/net-tools; then + elog "It is recommended to install sys-apps/net-tools which will provide the" + elog "the 'arp' utility which will give you a better 'shorewall-lite dump' output:" + elog "" + elog " # emerge sys-apps/net-tools" + fi +} diff --git a/net-firewall/shorewall-init/Manifest b/net-firewall/shorewall-init/Manifest new file mode 100644 index 000000000000..bec4a10e313c --- /dev/null +++ b/net-firewall/shorewall-init/Manifest @@ -0,0 +1,2 @@ +DIST shorewall-init-4.5.21.10.tar.bz2 66287 SHA256 53dc29e61d2ed91b7d47f5d4ef51f751567288b2bf0c4459ddbae8dc8259dc32 SHA512 4856816b4f7c5d9015f4c8e65246297ccf927b979050cb955253ef24947938fc31e5aed9b8f6f4a0f5d2ae390a97cf5cd6010639c677befb981ec85234435f6e WHIRLPOOL a5463c06a7c60129f5b969cc28c4c94701d12955192179055deed9e29bb07cab24c4885b8ec279f247fac83b72fa8e39880bceae153ba82c41f7bd4a7cff0740 +DIST shorewall-init-4.5.21.9.tar.bz2 66436 SHA256 53867182aac095777d08830260596eaad8893c64715a27c837ac928546803f20 SHA512 973302b3f74f655b6b284e36caaa02e95ed3e3afabf5f0eae5307381cf95f8e33f3a85696b573e928dad91b121123ab07903954dfb6fa3b57a4759dfa72f93f6 WHIRLPOOL 43f527cbb4b36b725a981076df1a2efd5213058439916d56baf94dc6981b305286e42d7f8d406f8c6e47362cac92a5674975642e8d2535f0cf6e685db9d918c5 diff --git a/net-firewall/shorewall-init/files/4.5.21.10-r1/01_Remove-ipset-functionality.patch b/net-firewall/shorewall-init/files/4.5.21.10-r1/01_Remove-ipset-functionality.patch new file mode 100644 index 000000000000..620e479f92fc --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.10-r1/01_Remove-ipset-functionality.patch @@ -0,0 +1,27 @@ +--- shorewall-init.old 2013-09-08 23:25:36.364924304 +0200 ++++ shorewall-init 2013-09-08 23:29:27.418736392 +0200 +@@ -79,10 +79,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -100,13 +96,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall-init/files/4.5.21.10-r1/README.Gentoo.txt b/net-firewall/shorewall-init/files/4.5.21.10-r1/README.Gentoo.txt new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.10-r1/README.Gentoo.txt @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org diff --git a/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.confd b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.confd new file mode 100644 index 000000000000..4ca0024579f7 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.confd @@ -0,0 +1,9 @@ +# List the Shorewall products that Shorewall-init is to +# initialize (space-separated list). +# +# Sample: PRODUCTS="shorewall shorewall6-lite" +# +PRODUCTS="" + +# Startup options - set verbosity to 0 (minimal reporting) +OPTIONS="-V0" diff --git a/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.initd b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.initd new file mode 100644 index 000000000000..3b574c56386b --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.initd @@ -0,0 +1,196 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" +CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" + +description="Puts Shorewall in a safe state at boot time" +description="${description} prior to bringing up the network." + +required_files="$SHOREWALLRC_FILE" + +depend() { + need localmount + before net + after bootmisc ipset tmpfiles.setup ulogd +} + + +. $SHOREWALLRC_FILE + +checkconfig() { + local PRODUCT= + + if [ -z "${VARLIB}" ]; then + eerror "\"VARLIB\" isn't defined or empty! Please check" \ + "\"${SHOREWALLRC_FILE}\"." + + + return 1 + fi + + if [ -z "${PRODUCTS}" ]; then + eerror "${SVCNAME} isn't configured! Please check" \ + "\"${CONFIG_FILE}\"." + + + return 1 + fi + + for PRODUCT in ${PRODUCTS}; do + if [ ! -x ${SBINDIR}/${PRODUCT} ]; then + eerror "Invalid product \"${PRODUCT}\" specified" \ + "in \"${CONFIG_FILE}\"!" + eerror "Maybe \"${PRODUCT}\" isn't installed?" + + + return 1 + fi + done + + + return 0 +} + +check_firewall_script() { + if [ ! -x ${STATEDIR}/firewall ]; then + if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then + ebegin "Creating \"${STATEDIR}/firewall\"" + ${SBINDIR}/${PRODUCT} compile 1>/dev/null + eend $? + else + eerror "\"${PRODUCT}\" isn't configured!" + eerror "Please go to your 'administrative system'" \ + "and deploy the compiled firewall" \ + "configuration for this system." + + + return 1 + fi + fi + + + return 0 +} + +is_allowed_to_be_executed() { + # This is not a real service. shorewall-init is an intermediate + # script to put your Shorewall-based firewall into a safe state + # at boot time prior to bringing up the network. + # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz + # for more information. + # When your system is up, there is no need to call shorewall-init. + # Please call shorewall{,6,-lite,6-lite} directly. That's the + # reason why we are preventing start, stop or restart here. + + local PRODUCT= + + if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then + # Starting shorewall-init is only allowed at boot time + eerror "This is a boot service, which can only be started" \ + "at boot." + eerror "If you want to get your shorewall-based firewall" \ + "into the same safe boot state again, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} stop" + done + eoutdent + eerror "" + eerror "Yes, \"stop\" and not start." + eerror "" + return 1 + fi + + if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then + # Stopping shorewall-init is only allowed at shutdown + eerror "This is a boot service, which cannot be stopped." + eerror "If you really want to stop your Shorewall-based" \ + "firewall the same way this service would stop" \ + "Shorewall at shutdown, please run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} clear" + done + eoutdent + eerror "" + eerror "Keep in mind that this will clear (=bring down)" \ + "your firewall!" + eerror "" + return 1 + fi + + if [ "${RC_CMD}" = "restart" ]; then + eerror "This is a boot service, which cannot be restarted." + eerror "If you want to restart any of your Shorewall-based" \ + "firewalls, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} restart" + done + eoutdent + eerror "" + return 1 + fi + + + return 0 +} + +set_statedir() { + STATEDIR= + local VARDIR= + + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) + fi + + [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} +} + +start_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +start() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Initializing \"${PRODUCT}\"" + ${STATEDIR}/firewall stop 1>/dev/null + eend $? + done +} + +stop_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +stop() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Clearing \"${PRODUCT}\"" + ${STATEDIR}/firewall clear 1>/dev/null + eend $? + done +} diff --git a/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.systemd b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.systemd new file mode 100644 index 000000000000..e48a729105b8 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewall-init.systemd @@ -0,0 +1,16 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewallrc b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.10-r1/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall-init/files/4.5.21.9/01_Remove-ipset-functionality.patch b/net-firewall/shorewall-init/files/4.5.21.9/01_Remove-ipset-functionality.patch new file mode 100644 index 000000000000..620e479f92fc --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.9/01_Remove-ipset-functionality.patch @@ -0,0 +1,27 @@ +--- shorewall-init.old 2013-09-08 23:25:36.364924304 +0200 ++++ shorewall-init 2013-09-08 23:29:27.418736392 +0200 +@@ -79,10 +79,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -100,13 +96,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall-init/files/4.5.21.9/README.Gentoo.txt b/net-firewall/shorewall-init/files/4.5.21.9/README.Gentoo.txt new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.9/README.Gentoo.txt @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org diff --git a/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.confd b/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.confd new file mode 100644 index 000000000000..4ca0024579f7 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.confd @@ -0,0 +1,9 @@ +# List the Shorewall products that Shorewall-init is to +# initialize (space-separated list). +# +# Sample: PRODUCTS="shorewall shorewall6-lite" +# +PRODUCTS="" + +# Startup options - set verbosity to 0 (minimal reporting) +OPTIONS="-V0" diff --git a/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.initd b/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.initd new file mode 100644 index 000000000000..3b574c56386b --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.initd @@ -0,0 +1,196 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" +CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" + +description="Puts Shorewall in a safe state at boot time" +description="${description} prior to bringing up the network." + +required_files="$SHOREWALLRC_FILE" + +depend() { + need localmount + before net + after bootmisc ipset tmpfiles.setup ulogd +} + + +. $SHOREWALLRC_FILE + +checkconfig() { + local PRODUCT= + + if [ -z "${VARLIB}" ]; then + eerror "\"VARLIB\" isn't defined or empty! Please check" \ + "\"${SHOREWALLRC_FILE}\"." + + + return 1 + fi + + if [ -z "${PRODUCTS}" ]; then + eerror "${SVCNAME} isn't configured! Please check" \ + "\"${CONFIG_FILE}\"." + + + return 1 + fi + + for PRODUCT in ${PRODUCTS}; do + if [ ! -x ${SBINDIR}/${PRODUCT} ]; then + eerror "Invalid product \"${PRODUCT}\" specified" \ + "in \"${CONFIG_FILE}\"!" + eerror "Maybe \"${PRODUCT}\" isn't installed?" + + + return 1 + fi + done + + + return 0 +} + +check_firewall_script() { + if [ ! -x ${STATEDIR}/firewall ]; then + if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then + ebegin "Creating \"${STATEDIR}/firewall\"" + ${SBINDIR}/${PRODUCT} compile 1>/dev/null + eend $? + else + eerror "\"${PRODUCT}\" isn't configured!" + eerror "Please go to your 'administrative system'" \ + "and deploy the compiled firewall" \ + "configuration for this system." + + + return 1 + fi + fi + + + return 0 +} + +is_allowed_to_be_executed() { + # This is not a real service. shorewall-init is an intermediate + # script to put your Shorewall-based firewall into a safe state + # at boot time prior to bringing up the network. + # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz + # for more information. + # When your system is up, there is no need to call shorewall-init. + # Please call shorewall{,6,-lite,6-lite} directly. That's the + # reason why we are preventing start, stop or restart here. + + local PRODUCT= + + if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then + # Starting shorewall-init is only allowed at boot time + eerror "This is a boot service, which can only be started" \ + "at boot." + eerror "If you want to get your shorewall-based firewall" \ + "into the same safe boot state again, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} stop" + done + eoutdent + eerror "" + eerror "Yes, \"stop\" and not start." + eerror "" + return 1 + fi + + if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then + # Stopping shorewall-init is only allowed at shutdown + eerror "This is a boot service, which cannot be stopped." + eerror "If you really want to stop your Shorewall-based" \ + "firewall the same way this service would stop" \ + "Shorewall at shutdown, please run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} clear" + done + eoutdent + eerror "" + eerror "Keep in mind that this will clear (=bring down)" \ + "your firewall!" + eerror "" + return 1 + fi + + if [ "${RC_CMD}" = "restart" ]; then + eerror "This is a boot service, which cannot be restarted." + eerror "If you want to restart any of your Shorewall-based" \ + "firewalls, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} restart" + done + eoutdent + eerror "" + return 1 + fi + + + return 0 +} + +set_statedir() { + STATEDIR= + local VARDIR= + + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) + fi + + [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} +} + +start_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +start() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Initializing \"${PRODUCT}\"" + ${STATEDIR}/firewall stop 1>/dev/null + eend $? + done +} + +stop_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +stop() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Clearing \"${PRODUCT}\"" + ${STATEDIR}/firewall clear 1>/dev/null + eend $? + done +} diff --git a/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.systemd b/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.systemd new file mode 100644 index 000000000000..e48a729105b8 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.9/shorewall-init.systemd @@ -0,0 +1,16 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall-init/files/4.5.21.9/shorewallrc b/net-firewall/shorewall-init/files/4.5.21.9/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall-init/files/4.5.21.9/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall-init/metadata.xml b/net-firewall/shorewall-init/metadata.xml new file mode 100644 index 000000000000..52ffdde3f9be --- /dev/null +++ b/net-firewall/shorewall-init/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <herd>proxy-maintainers</herd> + <maintainer> + <email>whissi@whissi.de</email> + <name>Thomas D. (Whissi)</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/shorewall-init/shorewall-init-4.5.21.10-r1.ebuild b/net-firewall/shorewall-init/shorewall-init-4.5.21.10-r1.ebuild new file mode 100644 index 000000000000..b45250637e2f --- /dev/null +++ b/net-firewall/shorewall-init/shorewall-init-4.5.21.10-r1.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils versionator prefix + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="Component to secure a Shorewall-protected system at boot time prior to bringing up the network" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI="http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="" + +DEPEND=">=sys-apps/coreutils-8.20" +RDEPEND=" + ${DEPEND} + || ( =net-firewall/shorewall-${PVR} =net-firewall/shorewall6-${PVR} =net-firewall/shorewall-lite-${PVR} =net-firewall/shorewall6-lite-${PVR} ) +" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + eprefixify "${S}"/init.gentoo.sh + + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch "${FILESDIR}"/${PVR}/01_Remove-ipset-functionality.patch + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + if [ -d "${D}/etc/logrotate.d" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate folder at all + rm -rf "${D}"/etc/logrotate.d + fi + + if [ -d "${D}/etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need these folder at all + rm -rf "${D}"/etc/NetworkManager + fi + + if [ -f "${D}/usr/share/shorewall-init/ifupdown" ]; then + # This script won't work on Gentoo + rm -rf "${D}"/usr/share/shorewall-init/ifupdown + fi + + dodoc changelog.txt releasenotes.txt "${FILESDIR}"/${PVR}/README.Gentoo.txt +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/conf.d/${PN}" + elog "" + elog "To use ${PN}, please add ${PN} to your boot runlevel:" + elog "" + elog " # rc-update add ${PN} boot" + elog "" + ewarn "Notice:" + ewarn "${PN} is more like a start script than a service." + ewarn "Therefore you cannot start or stop ${PN} at default runlevel." + ewarn "" + ewarn "For more information read ${EPREFIX}/usr/share/doc/${PF}/README.Gentoo.txt.bz2" + fi +} diff --git a/net-firewall/shorewall-init/shorewall-init-4.5.21.9.ebuild b/net-firewall/shorewall-init/shorewall-init-4.5.21.9.ebuild new file mode 100644 index 000000000000..65795dadd495 --- /dev/null +++ b/net-firewall/shorewall-init/shorewall-init-4.5.21.9.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils versionator prefix + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="Component to secure a Shorewall-protected system at boot time prior to bringing up the network" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI="http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +IUSE="" + +DEPEND=">=sys-apps/coreutils-8.20" +RDEPEND=" + ${DEPEND} + || ( =net-firewall/shorewall-${PVR} =net-firewall/shorewall6-${PVR} =net-firewall/shorewall-lite-${PVR} =net-firewall/shorewall6-lite-${PVR} ) +" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + eprefixify "${S}"/init.gentoo.sh + + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch "${FILESDIR}"/${PVR}/01_Remove-ipset-functionality.patch + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + if [ -d "${D}/etc/logrotate.d" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate folder at all + rm -rf "${D}"/etc/logrotate.d + fi + + if [ -d "${D}/etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need these folder at all + rm -rf "${D}"/etc/NetworkManager + fi + + if [ -f "${D}/usr/share/shorewall-init/ifupdown" ]; then + # This script won't work on Gentoo + rm -rf "${D}"/usr/share/shorewall-init/ifupdown + fi + + dodoc changelog.txt releasenotes.txt "${FILESDIR}"/${PVR}/README.Gentoo.txt +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/conf.d/${PN}" + elog "" + elog "To use ${PN}, please add ${PN} to your boot runlevel:" + elog "" + elog " # rc-update add ${PN} boot" + elog "" + ewarn "Notice:" + ewarn "${PN} is more like a start script than a service." + ewarn "Therefore you cannot start or stop ${PN} at default runlevel." + ewarn "" + ewarn "For more information read ${EPREFIX}/usr/share/doc/${PF}/README.Gentoo.txt.bz2" + fi +} diff --git a/net-firewall/shorewall-lite/Manifest b/net-firewall/shorewall-lite/Manifest new file mode 100644 index 000000000000..35c9d0db9d85 --- /dev/null +++ b/net-firewall/shorewall-lite/Manifest @@ -0,0 +1,4 @@ +DIST shorewall-docs-html-4.5.21.10.tar.bz2 4146174 SHA256 cdbc5f3654f7cfb6f0c3b3750a7174df8fa0590dfe34df055300140b3eb13192 SHA512 94852cc094d6a485cacc4023a2819431f1bfd80b8cbcab29981c422fdff9dfee90697ae8a9bda7ded3a8be03db516bdd5f4bcc4b83e7d01bc433a8c88d23731a WHIRLPOOL 6f02d0e3255dd1e31a43193f67f9b957546a6ae574631e61364f81244bee887e7f21c38f412fa21cde77b3d89aaf0e14e43909683db0c9c32edeb455c20b998e +DIST shorewall-docs-html-4.5.21.9.tar.bz2 4146065 SHA256 9056c22b8232d8276cc53a6eb74940bab42a250c670cb5baa42c75cfb89efdef SHA512 48b2c692ba59b7ec74307909e43a95104e212c9b8e21af7f0dd9f3438ac4f24a6fd2bcc6517966681517aef03beaa8faf03efd74406966d97b68cb416be8551b WHIRLPOOL f68cba7ecaf8c541e58d26c157914bff2d90cd9deae30af7323ca69c68d028217133f53e597bf383191aee83fab29203d233b3cd1e75e4cf08d9e17308dc25e4 +DIST shorewall-lite-4.5.21.10.tar.bz2 79456 SHA256 73f2e7101ca7ff296fa3a7be4dec6b6ec3ec562f5c0d746fe6e2355d2b8931e3 SHA512 145c18f7a2859bea9ce265d243a875e83fbbaa2c982f269f1401b73253133d8d48e1060c3b18aefdee09dbc8755fe3e875014dda354f38e90829f0d970b52718 WHIRLPOOL 0d7187d7ede8b01819c241fec61eeef03e17743845188f8e41b3448d814466994b8822e3dc166793d9b5b2b5f4b04dc33bd85664e09771746bc655756790e813 +DIST shorewall-lite-4.5.21.9.tar.bz2 79121 SHA256 af6c039d880581a6eaf7aba9f638ff86e471567b15e16adc607053651d1f50f5 SHA512 fb15881dc4d5fd05c8ca8421ee4a5deb0c9f6fdab955d0fc7dd371bf710706bf6d851bdb8ba00d0d34c1f7f1d2bc2cc39e9e9fe0a6d8b48ed4accc27c011462c WHIRLPOOL 2f8eb61da9b3eafdd184718054d14dfdef39afdf6e3724ee62c0386f12ea3aa3badcf959ee0351f8cdcd744cf4b262e168e5cd6afa677a8674d515541f0f2f80 diff --git a/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.confd b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.initd b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.initd new file mode 100644 index 000000000000..4fdbe607bdf1 --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.initd @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall Lite, more commonly known as "Shorewall Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall-lite status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall-lite" + /sbin/shorewall-lite ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall-lite" + /sbin/shorewall-lite ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall-lite" + /sbin/shorewall-lite status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall-lite ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall-lite rules and setting policy to ACCEPT" + /sbin/shorewall-lite ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall-lite" + /sbin/shorewall-lite ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.systemd b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.systemd new file mode 100644 index 000000000000..a7c932418a9c --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewall-lite.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewallrc b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.10-r1/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.confd b/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.initd b/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.initd new file mode 100644 index 000000000000..4fdbe607bdf1 --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.initd @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall Lite, more commonly known as "Shorewall Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall-lite status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall-lite" + /sbin/shorewall-lite ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall-lite" + /sbin/shorewall-lite ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall-lite" + /sbin/shorewall-lite status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall-lite ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall-lite rules and setting policy to ACCEPT" + /sbin/shorewall-lite ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall-lite" + /sbin/shorewall-lite ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.systemd b/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.systemd new file mode 100644 index 000000000000..a7c932418a9c --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.9/shorewall-lite.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall-lite/files/4.5.21.9/shorewallrc b/net-firewall/shorewall-lite/files/4.5.21.9/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall-lite/files/4.5.21.9/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall-lite/metadata.xml b/net-firewall/shorewall-lite/metadata.xml new file mode 100644 index 000000000000..52ffdde3f9be --- /dev/null +++ b/net-firewall/shorewall-lite/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <herd>proxy-maintainers</herd> + <maintainer> + <email>whissi@whissi.de</email> + <name>Thomas D. (Whissi)</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/shorewall-lite/shorewall-lite-4.5.21.10-r1.ebuild b/net-firewall/shorewall-lite/shorewall-lite-4.5.21.10-r1.ebuild new file mode 100644 index 000000000000..d1dc86eae99a --- /dev/null +++ b/net-firewall/shorewall-lite/shorewall-lite-4.5.21.10-r1.ebuild @@ -0,0 +1,106 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="An iptables-based firewall whose config is handled by a normal Shorewall" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc" + +DEPEND="=net-firewall/shorewall-core-${PVR}" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4" + + local ERROR_CONNTRACK="${PN} requires NF_CONNTRACK support." + + local ERROR_CONNTRACK_IPV4="${PN} requires NF_CONNTRACK_IPV4 support." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + cd "${WORKDIR}/${MY_P_DOCS}" + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (the full version, including the compiler)." + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall-lite-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall-lite/shorewall-lite-4.5.21.9.ebuild b/net-firewall/shorewall-lite/shorewall-lite-4.5.21.9.ebuild new file mode 100644 index 000000000000..c9e35b3278f4 --- /dev/null +++ b/net-firewall/shorewall-lite/shorewall-lite-4.5.21.9.ebuild @@ -0,0 +1,106 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="An iptables-based firewall whose config is handled by a normal Shorewall" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +IUSE="doc" + +DEPEND="=net-firewall/shorewall-core-${PVR}" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4" + + local ERROR_CONNTRACK="${PN} requires NF_CONNTRACK support." + + local ERROR_CONNTRACK_IPV4="${PN} requires NF_CONNTRACK_IPV4 support." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + cd "${WORKDIR}/${MY_P_DOCS}" + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (the full version, including the compiler)." + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall-lite-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest new file mode 100644 index 000000000000..1431e17c8cce --- /dev/null +++ b/net-firewall/shorewall/Manifest @@ -0,0 +1,25 @@ +DIST shorewall-4.5.21.10.tar.bz2 489469 SHA256 961331ba61e5e6dccc106e43685e45f19bf1e155502067c88e18ecf94c2a794f SHA512 bdc673b999c99624c61caa1239ac3a58c4d85743179de05ed5fe947e755fc4b01425da34b67cb5e6db693c62bf25e316517f1473b450a1d76887e69e4e384682 WHIRLPOOL 04a7afd30d79d6360ec325e7df06ffd6e911d938382a4c0c331312ddf6951d6564f5a0452b244095309fe4ce00b1c72838b0ef76e198e137c153a617dc22e8e5 +DIST shorewall-4.5.21.9.tar.bz2 489618 SHA256 a1fc41abcba3181235e217a5da53bb25d11e6cdeef49dde82a0daeb2bb305fc6 SHA512 137eb33f63a25533f90150de5cd246f47e5072f838f8e42b044bd6a620bce767f8cb2b9da995fcfb61e37ab6774ea97819f6f7408f669539917b419262a68496 WHIRLPOOL be464ef64e06b35ff9fdf74e9b6a8c88b8de1aa766ec3bf2a7ccf9b69731ba23dc638047f5ad44f451ab93e093458f8f88d7b16201d61bbdfce40075f9ef25be +DIST shorewall-4.6.10.1.tar.bz2 496061 SHA256 de527474f5bac6bf59678321c604748c48efe28a897d339a2187a45e3efed8ef SHA512 a5ef4783ff04b6faaa2e25d1da57ca3c46860960859dad5cd3b8d3cb252626b1db39c35767b226333f10db7b08b0fb18c0c09cd4eaf14586cb02b1a4259b571d WHIRLPOOL 26ebb72e769d5ca7489f718cabdb1f9cfb78e2acd514329c7036edcafe27f159ffa4cdadeeb1cee43619f748474fcc7a614011147976abb14cf627503a542e3f +DIST shorewall-4.6.11.tar.bz2 496630 SHA256 b504371e94281330fef8e60efcf8fcde0d4898322001930e7c9a11b4aee1599c SHA512 8661c89ad7e632e69206d5f308d2cc9bb150efc8e99fe911c55383c82fab5543915305f72e515e13a2d28917a3afc69088b52ec1dc8d126915516e2db699d40b WHIRLPOOL 5a645e4c25f1641a3a6634fb9b8572cc83e80f110fbf734c7ef724208616e1c94430d6594a675c9650de838d4e9ec2b255d5262b3487c6fbe06743c07966f1b2 +DIST shorewall-4.6.6.2.tar.bz2 485880 SHA256 db41744e6303e031e29be531dbedd4191624c4a70f9e23fa0b450e26953708f4 SHA512 9b37430a51b84e16d6fec3bbe0581ff18d1f8f15defd4d73ac6a13cd68eebe063da129a9b422079a433f5d4b3bcd7c0800d844cb05bf0ef0c41aa36fe57915f2 WHIRLPOOL 09c90c5871c546d8e396bca32e1a2b8b1a7041653330b74930c415bfe2b94ff24ac4c34f38644c6b539495a277410c59c3816f396f86060754bd4247fb622194 +DIST shorewall-core-4.6.10.1.tar.bz2 58247 SHA256 5af804f39f4480685e995080dc8913d4af61af70d5a478dd00bbf0593851b44d SHA512 1028e0bf950aecbc77c6c263ab8351fb8ff90b6077a0d6bf7c0d882559f5d8644ce0f2c6aec6dd3614d90a319277763460909e345e1e004cf8ea1f548e369284 WHIRLPOOL 0a0834eb355e05679b5809a18dd0749c6c06ac3130a9ab375587c7e6134042c01762775ac136f0396c051f4ac4b2f379141d111760929a42da6f00656a96e120 +DIST shorewall-core-4.6.11.tar.bz2 59476 SHA256 7651aee387eb497f71b0645234b0ae39eac906bce1d622475a1fc4401817ceed SHA512 28bfa0900826ec3f70d85257d086eea186a0a49a098b66a6263ed0812877d9552ec13a0e5a535816918e03314236893a869afb3918606a9debcc9b047798fd3d WHIRLPOOL a04ff53322eb8dda8e1cec656be689be60865dbd5b9b6dc885e461da5bfcb0995f2b8576a6dddabea7295337e0d8b37ce05351d7f6dbc0a63b7233f88cc0bd6a +DIST shorewall-core-4.6.6.2.tar.bz2 54127 SHA256 764c8c22f619cdfd61eebd77e9f271a168515d44c4578b85af44921cc1f3b675 SHA512 bab5a8f1bb17a5273a5eadb734ad378a8b617b9a8be47a2a825f941d20c5161c88ce87dae285ebbbdbb21fe18c2e8cc5eff9b1097daef2d8def37c2eced05d6a WHIRLPOOL 8fd70565cfe0c6abc946cb41fc5cb1eca9ccc613fb4898f07b92f878fedd6293bc40e0aaf7c4af11f3e67ba47b341f471d69700e3edc0cc9426b4aad3bf38fb3 +DIST shorewall-docs-html-4.5.21.10.tar.bz2 4146174 SHA256 cdbc5f3654f7cfb6f0c3b3750a7174df8fa0590dfe34df055300140b3eb13192 SHA512 94852cc094d6a485cacc4023a2819431f1bfd80b8cbcab29981c422fdff9dfee90697ae8a9bda7ded3a8be03db516bdd5f4bcc4b83e7d01bc433a8c88d23731a WHIRLPOOL 6f02d0e3255dd1e31a43193f67f9b957546a6ae574631e61364f81244bee887e7f21c38f412fa21cde77b3d89aaf0e14e43909683db0c9c32edeb455c20b998e +DIST shorewall-docs-html-4.5.21.9.tar.bz2 4146065 SHA256 9056c22b8232d8276cc53a6eb74940bab42a250c670cb5baa42c75cfb89efdef SHA512 48b2c692ba59b7ec74307909e43a95104e212c9b8e21af7f0dd9f3438ac4f24a6fd2bcc6517966681517aef03beaa8faf03efd74406966d97b68cb416be8551b WHIRLPOOL f68cba7ecaf8c541e58d26c157914bff2d90cd9deae30af7323ca69c68d028217133f53e597bf383191aee83fab29203d233b3cd1e75e4cf08d9e17308dc25e4 +DIST shorewall-docs-html-4.6.10.1.tar.bz2 4185752 SHA256 eeaec18b7f8663f0b836b76d140d3fad7871075de90f18ccc7b9fbda1538a787 SHA512 1bf1b3f5745d54af3af5f9bb6417c661e2bde8028d699aed4c4fcbe7cf301b8eadfed7be5e9bfdd677659c362d1e757eee13cd1b497a0c6837c179883c33e3a8 WHIRLPOOL 937fc4f76174f615de86eaa08690ebbe42f658154320d3e9972cbb0bcaa461e11fdaf5390f517f5d2f905aa5996ecb7399ca07d1767f647a49d33b1220e8d547 +DIST shorewall-docs-html-4.6.11.tar.bz2 4175307 SHA256 e1f6966d5d06b043eb3b7f91d8b6d87a0f90418ecd173af2e3e817670435bd8c SHA512 85b5efa3f8bd9322fa8f982e0cdcf4e1ccdd99f419b77dce51a39a5f2d6ad02de8d6123437a2f55b5af2467cb59d9cbb8bbbd32195ab1587fc329c6f65173471 WHIRLPOOL 01577073dbbcf8e16f8dae2a2295bd4e60d6b5ce48384ebc8dbb03d0b75cf9b3c72c51dcdfc4934761f021eed85c26e0eeb637853b99af42702f5129be0ce25b +DIST shorewall-docs-html-4.6.6.2.tar.bz2 4178931 SHA256 89c6b3baba42bd3a4d7f67ccfbae395fec4054412bf636ff60a889dc2f5edc57 SHA512 63686a59eb6fe6330b036800dc99758bdfaecc1e67cf95c4dd3cc014db2e96a17a76d8cf92d1f44582990b34b53d062327c850187bc0a83e4d2369ac7e03d032 WHIRLPOOL 31eacfe0c6ea3dac32c24de0c5d01214f3ce4e2b95306e3d6e4165a636a7f6f225fedc741d19fa995c148a2758ec08439da0d5e1cd654483e2e5be4f21a5dfda +DIST shorewall-init-4.6.10.1.tar.bz2 37674 SHA256 c3948dbe48230358eb4d5a370a44b247f4a6e6f28b1c4853be23d9abda79f6ba SHA512 71507a9c27f9a8286f82567f731714fe5a6f5b21f1f3f27f3a3ba9171301361948bef9824a9a45445d65f74039c4dca3ffc83e74a6ffd33783d1528ad581578e WHIRLPOOL 23c886b1015c6430d819d3010b8cdc587d88054f55b8092238438310562affdaead265a40a74dd888d1c939367afafa0ebecfe8946ceb202bab126ca2232cd97 +DIST shorewall-init-4.6.11.tar.bz2 38404 SHA256 025958f609ccfea21229f4a3f76e030f82d4d9b444ccb71e5c82f620c46ca35a SHA512 5b0dd33885825457d94ad2c59cd9b3690d9a5bfad43a8b281ba55537c1e8edc7e1de227ac0bcd22162b54bc31cc606b9db1387f2618739b2ef28292b5b6b8be7 WHIRLPOOL 06b79197b9a61fb7d63c19b7e145e08fd68e9adbbc8c60b224882649f6759848b411f99fd39a7ff9c65b9aafb33b76005c788a16a28498d19cf2622e1bd94336 +DIST shorewall-init-4.6.6.2.tar.bz2 34467 SHA256 361374cd8f52cec0f807e07a7a100da4627595c7c80c2d75d050ccee1a342e67 SHA512 760eb593c53e89622c6efafe8a46f43956aa606853f26c9a5402ca43eabbf1243a2dd3c2d64cc4a1e70da54bd0fb86de31c0f5dc14aefd0540b37745c243fb48 WHIRLPOOL 64953fab35a4a95ece8757b786a301caefbb47bd70821b61c48bfbbb445ebb3f434ca87ac5808bdf691a5469d2e2e3dd47b8857f272267790282ad8bbeb8b3b9 +DIST shorewall-lite-4.6.10.1.tar.bz2 53535 SHA256 9944da74b9496fe29afe6ebab8f4a37cfb24a6a701282231dd6916831e064c38 SHA512 79347ae6c62e8f039efb2a21b10fd33d08831b6595b64fb4806cc5fd812216d295b73c859db775c0c19cd7c8bdfe67f21042db0d0b47ba47ab6b430d1d522659 WHIRLPOOL 593b8872ea0ff95c5847c51c9c3c312329017cbd7e96efcd39bf1a41a32ef3e99a29deb797a4260422d1bfd86ef4ca72b25024b7d2f5e4e17464df1f3f25571a +DIST shorewall-lite-4.6.11.tar.bz2 54339 SHA256 6b939754c685dc2e218ebb1f5bd4d81b1c73df8c99545d83644e5c7fa50dd568 SHA512 5a75a8e03bf48666e04cc2f5ac2a4e352b5624e8adfb1e92de400624691508fe2fe22d6f5a4e48dd412d4011d3ea737d7e0b098c56480daf72fd4801ec98f834 WHIRLPOOL 205387277cb6132c43ff18baad40c3ce6fbd7c483e736fce5f5775febeb68c3cfafbae3162682f1fb05312e48ca15c0851bb538761f6e53b5780070108397aa5 +DIST shorewall-lite-4.6.6.2.tar.bz2 48495 SHA256 6bd25fa1066da5272fa9bcc7a8a6041462eda682895cd000afce354bf42d9ebe SHA512 3c073b7531448c2d704bbdd0a7ad0287948d8969c371954f05a3cc276e6fcaaca907c554f4549c26aff2256d393fcc53221e7a1f93ac058cf519dc55c822104d WHIRLPOOL 1743c799022ab2a5ed1d86155f917120b44963c064d75b4168ea48b4e0b19970ccd1d944eb22eef0ea96f0abf396d60420508bda3f2cc30a33207c2edd12b27d +DIST shorewall6-4.6.10.1.tar.bz2 231553 SHA256 1a2e303e9361fccf393ebfe512cf8d770b522f6b65a0a125a5e4aa0b28dd6e0c SHA512 acb678bd84e68d72f5dafd00d03feedefc8b954f7df9a4e6d57c70647ad2b046f7145c7b5de729d8bf1258a036587a687ee41170add2a50a411675be61de7d3d WHIRLPOOL a3451ff58bc32f4d720f5b8c6db226ac924cf0179084f351b7b35773f011c1b0b5feff2e9544a7b198995d297637e210b80adfb483db198e186b24a1954d2cc1 +DIST shorewall6-4.6.11.tar.bz2 232736 SHA256 1b7a58f97c40c28c4ff8b614a44cc2bc8a8e4a332afa2b5b132e78ec06fef866 SHA512 5ae1a89a980efaf860a32a106a24c98d7543bf4523361b62b568b390a5a515e67d6090523499d2e9bae9421f5a6ceb29460efed8286c41ea67d8912e4fe59ab4 WHIRLPOOL 627d0b4521ce90a3d8ea34c98c1ed9fea84ba7f631c1478c58a3ce52fc538c05116278526d66ccd08e59326467e4bf5eb44ff8e5d74ef47ed4c0492644c0b1e7 +DIST shorewall6-4.6.6.2.tar.bz2 225643 SHA256 b475473eaf9d4a8b4067214f8fa14f1c1d97cdb77c180abd9e22dfdea6b9f637 SHA512 a448e6367459fe06ff2869e45d06a3ff31ce5c7a6766920ad8367e251f8380ccf9cc62333d011f79baa7d3d97efb42fcadf1c6aecce124f2a3b94c15d3454db9 WHIRLPOOL 7f1fc2288983cb779872098362d98c7820164207dcbbcdf63d0fbec4b8fb2190724fde10f071f51ad51ba3f8f10282ecba5ba4f4b976ffa816da39935c336c54 +DIST shorewall6-lite-4.6.10.1.tar.bz2 52669 SHA256 ce19583541f5eb39acad33099af087d030374d467eb64aa4415ac9b18e65c5a8 SHA512 a33ab4b2397864329f35e6352606b13d04fb8ada17777c98d75bc685411bcf9453bf452d3a0b6699c537081483347c542bdfa547d71ca4c0c41967ccd755fd2e WHIRLPOOL ff3ef6e3ad68f69f47e71553061e845ed125735c1c6986180835397c8148386349a0317debf592917ec5ed0734c3af461c5161d9a061c6b8a6ff5c81d52743f0 +DIST shorewall6-lite-4.6.11.tar.bz2 53501 SHA256 fb9a4a42d39e3277c7f49fc09eacb6e347bc08485281c578cacce8429a055a84 SHA512 4010dd36a1cad7fc491272db202914964a1588779645e12fb0dbaa9749c37e1c28b15826ac6b07449609cbf1e77a979a29619c8cf6a9fffbbe6d1f34c843b560 WHIRLPOOL 62554f304364c61dfde283042a81568ffc740c754d7078b462b5cf8cc8a3e7afb072325900e74c99c1efb5586a35c103a190cb618dd82b8d5cb09a1b9d912f02 +DIST shorewall6-lite-4.6.6.2.tar.bz2 47909 SHA256 a7a6de15ea84a0486c9ed92492fcd6f731f2c4ce71f06ce3c59f3abf3780ae86 SHA512 0d5b0fc3d166cfdd58978e1d6b36e2ac19a0d10b5b59bbf2fa62e79040e636d72256b120df14a7d8111dc39d24ac218758feb07c5fb2119aa61e51f78c567597 WHIRLPOOL c02c11ca0f578022daf96b2c594a7f62d042cf875c7c35682eaa2b312416446239c21c9af31f965536761a081015d73ae49b553c7cc08850955378d1cfb76af7 diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch new file mode 100644 index 000000000000..55b8f7039747 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch @@ -0,0 +1,29 @@ +Beginning with 3.14, the address family of the ipset was checked and an +error is generated: + +root@jessie:~# ipset -N foo iphash +root@jessie:~# ip6tables -N foo +root@jessie:~# ip6tables -A foo -m set --match-set foo src +ip6tables v1.4.21: The protocol family of set foo is IPv4, which is not +applicable. + +Try `ip6tables -h' or 'ip6tables --help' for more information. +root@jessie:~# + +This caused the failure. By reversing the order of the terms, an ipv6 +ipset is created (if supported) and the ip6tables command succeeds. + +http://thread.gmane.org/gmane.comp.security.shorewall/31349 + +diff -rupN old/shorewall-4.5.21.10/Perl/Shorewall/Config.pm new/shorewall-4.5.21.10/Perl/Shorewall/Config.pm +--- old/shorewall-4.5.21.10/Perl/Shorewall/Config.pm 2014-05-26 16:47:21.000000000 +0200 ++++ new/shorewall-4.5.21.10/Perl/Shorewall/Config.pm 2014-07-20 18:11:28.186658453 +0200 +@@ -3961,7 +3961,7 @@ sub IPSet_Match() { + if ( $ipset && -x $ipset ) { + qt( "$ipset -X $sillyname" ); + +- if ( qt( "$ipset -N $sillyname iphash" ) || qt( "$ipset -N $sillyname hash:ip family $fam") ) { ++ if ( qt( "$ipset -N $sillyname hash:ip family $fam" ) || qt( "$ipset -N $sillyname iphash" ) ) { + if ( qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src -j ACCEPT" ) ) { + qt1( "$iptables $iptablesw -F $sillyname" ); + $result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 ); diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd new file mode 100644 index 000000000000..898dc319b0c2 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall, more commonly known as "Shorewall", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall" + /sbin/shorewall ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall" + /sbin/shorewall ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall" + /sbin/shorewall status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + /sbin/shorewall ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall" + /sbin/shorewall ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall rules" + /sbin/shorewall ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall configuration" + /sbin/shorewall ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd new file mode 100644 index 000000000000..db278fd54585 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc b/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewall.confd b/net-firewall/shorewall/files/4.5.21.9/shorewall.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewall.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewall.initd b/net-firewall/shorewall/files/4.5.21.9/shorewall.initd new file mode 100644 index 000000000000..898dc319b0c2 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewall.initd @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall, more commonly known as "Shorewall", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall" + /sbin/shorewall ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall" + /sbin/shorewall ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall" + /sbin/shorewall status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + /sbin/shorewall ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall" + /sbin/shorewall ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall rules" + /sbin/shorewall ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall configuration" + /sbin/shorewall ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewall.systemd b/net-firewall/shorewall/files/4.5.21.9/shorewall.systemd new file mode 100644 index 000000000000..db278fd54585 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewall.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewallrc b/net-firewall/shorewall/files/4.5.21.9/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality-r1.patch b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality-r1.patch new file mode 100644 index 000000000000..8b60eb245fc0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality-r1.patch @@ -0,0 +1,28 @@ +diff -rupN old/shorewall-init-4.6.10.1/shorewall-init new/shorewall-init-4.6.10.1/shorewall-init +--- old/shorewall-init-4.6.10.1/shorewall-init 2015-06-09 20:02:00.000000000 +0200 ++++ new/shorewall-init-4.6.10.1/shorewall-init 2015-06-14 17:16:17.396424059 +0200 +@@ -78,10 +78,6 @@ shorewall_start () { + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -99,13 +95,6 @@ shorewall_stop () { + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch new file mode 100644 index 000000000000..620e479f92fc --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch @@ -0,0 +1,27 @@ +--- shorewall-init.old 2013-09-08 23:25:36.364924304 +0200 ++++ shorewall-init 2013-09-08 23:29:27.418736392 +0200 +@@ -79,10 +79,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -100,13 +96,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.confd b/net-firewall/shorewall/files/4.6/shorewall-init.confd new file mode 100644 index 000000000000..1b126be4e8bf --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.confd @@ -0,0 +1,6 @@ +# List the Shorewall products Shorewall-init should +# initialize (space-separated list). +# +# Sample: PRODUCTS="shorewall shorewall6-lite" +# +PRODUCTS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.initd b/net-firewall/shorewall/files/4.6/shorewall-init.initd new file mode 100644 index 000000000000..837d609bb9fd --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.initd @@ -0,0 +1,192 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" +CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" + +description="Puts Shorewall in a safe state at boot time" +description="${description} prior to bringing up the network." + +required_files="$SHOREWALLRC_FILE" + +depend() { + need localmount + before net + after bootmisc ipset tmpfiles.setup ulogd +} + + +. $SHOREWALLRC_FILE + +checkconfig() { + local PRODUCT= + + if [ -z "${VARLIB}" ]; then + eerror "\"VARLIB\" isn't defined or empty! Please check" \ + "\"${SHOREWALLRC_FILE}\"." + + return 1 + fi + + if [ -z "${PRODUCTS}" ]; then + eerror "${SVCNAME} isn't configured! Please check" \ + "\"${CONFIG_FILE}\"." + + return 1 + fi + + for PRODUCT in ${PRODUCTS}; do + if [ ! -x ${SBINDIR}/${PRODUCT} ]; then + eerror "Invalid product \"${PRODUCT}\" specified" \ + "in \"${CONFIG_FILE}\"!" + eerror "Maybe \"${PRODUCT}\" isn't installed?" + + return 1 + fi + done + + return 0 +} + +check_firewall_script() { + if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then + ebegin "Checking \"${STATEDIR}/firewall\"" + ${SBINDIR}/${PRODUCT} compile -c 1>/dev/null + eend $? + fi + + if [ ! -x ${STATEDIR}/firewall ]; then + eerror "\"${PRODUCT}\" isn't configured!" + + if [ ${PRODUCT} = shorewall-lite -o ${PRODUCT} = shorewall6-lite ]; then + eerror "Please go to your 'administrative system'" \ + "and deploy the compiled firewall" \ + "configuration for this system." + fi + + return 1 + fi + + return 0 +} + +is_allowed_to_be_executed() { + # This is not a real service. shorewall-init is an intermediate + # script to put your Shorewall-based firewall into a safe state + # at boot time prior to bringing up the network. + # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz + # for more information. + # When your system is up, there is no need to call shorewall-init. + # Please call shorewall{,6,-lite,6-lite} directly. That's the + # reason why we are preventing start, stop or restart here. + + local PRODUCT= + + if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then + # Starting shorewall-init is only allowed at boot time + eerror "This is a boot service, which can only be started" \ + "at boot." + eerror "If you want to get your shorewall-based firewall" \ + "into the same safe boot state again, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} stop" + done + eoutdent + eerror "" + eerror "Yes, \"stop\" and not start." + eerror "" + return 1 + fi + + if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then + # Stopping shorewall-init is only allowed at shutdown + eerror "This is a boot service, which cannot be stopped." + eerror "If you really want to stop your Shorewall-based" \ + "firewall the same way this service would stop" \ + "Shorewall at shutdown, please run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} clear" + done + eoutdent + eerror "" + eerror "Keep in mind that this will clear (=bring down)" \ + "your firewall!" + eerror "" + return 1 + fi + + if [ "${RC_CMD}" = "restart" ]; then + eerror "This is a boot service, which cannot be restarted." + eerror "If you want to restart any of your Shorewall-based" \ + "firewalls, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} restart" + done + eoutdent + eerror "" + return 1 + fi + + return 0 +} + +set_statedir() { + STATEDIR= + local VARDIR= + + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) + fi + + [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} +} + +start_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +start() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Initializing \"${PRODUCT}\"" + ${STATEDIR}/firewall stop 1>/dev/null + eend $? + done +} + +stop_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +stop() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Clearing \"${PRODUCT}\"" + ${STATEDIR}/firewall clear 1>/dev/null + eend $? + done +} diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.readme b/net-firewall/shorewall/files/4.6/shorewall-init.readme new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.readme @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.systemd b/net-firewall/shorewall/files/4.6/shorewall-init.systemd new file mode 100644 index 000000000000..e98565fce8a1 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network-pre.target +Wants=network-pre.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall-init.systemd-r1 new file mode 100644 index 000000000000..542e2c26223b --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.systemd-r1 @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network-pre.target +Wants=network-pre.target +Conflicts=iptables.service ip6tables.service firewalld.service iptables-restore.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.confd b/net-firewall/shorewall/files/4.6/shorewall-lite.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.initd b/net-firewall/shorewall/files/4.6/shorewall-lite.initd new file mode 100644 index 000000000000..c3375153c44a --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.initd @@ -0,0 +1,74 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall Lite, more commonly known as "Shorewall Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall-lite" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + ebegin "Restarting shorewall-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + ebegin "Clearing all shorewall-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in shorewall-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.systemd b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd new file mode 100644 index 000000000000..5898ccb86c14 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd-r1 new file mode 100644 index 000000000000..b24fca8e33a3 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall.confd b/net-firewall/shorewall/files/4.6/shorewall.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall.initd b/net-firewall/shorewall/files/4.6/shorewall.initd new file mode 100644 index 000000000000..76d7741a1ecd --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.initd @@ -0,0 +1,99 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall, more commonly known as "Shorewall", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + ebegin "Restarting shorewall" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in shorewall" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall.systemd b/net-firewall/shorewall/files/4.6/shorewall.systemd new file mode 100644 index 000000000000..986c3510454a --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall.systemd-r1 new file mode 100644 index 000000000000..209d3f78ee33 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.confd b/net-firewall/shorewall/files/4.6/shorewall6-lite.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.initd b/net-firewall/shorewall/files/4.6/shorewall6-lite.initd new file mode 100644 index 000000000000..527eb5b47a26 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.initd @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6-lite" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd new file mode 100644 index 000000000000..768a84f2ded1 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=ip6tables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd-r1 new file mode 100644 index 000000000000..eda311d1b9c4 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6.confd b/net-firewall/shorewall/files/4.6/shorewall6.confd new file mode 100644 index 000000000000..210eec1b5730 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall6.initd b/net-firewall/shorewall/files/4.6/shorewall6.initd new file mode 100644 index 000000000000..8ed1079db1ed --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.initd @@ -0,0 +1,109 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall6.systemd b/net-firewall/shorewall/files/4.6/shorewall6.systemd new file mode 100644 index 000000000000..6ae4ea589ee8 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=ip6tables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +StandardOutput=syslog +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall6.systemd-r1 new file mode 100644 index 000000000000..64fd43585cf6 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +StandardOutput=syslog +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewallrc b/net-firewall/shorewall/files/4.6/shorewallrc new file mode 100644 index 000000000000..0eef4147c008 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.6 rc file +# +BUILD=gentoo #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=${PREFIX}/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SERVICEDIR=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/metadata.xml b/net-firewall/shorewall/metadata.xml new file mode 100644 index 000000000000..b05083f3a6ea --- /dev/null +++ b/net-firewall/shorewall/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <herd>proxy-maintainers</herd> + <maintainer> + <email>whissi@whissi.de</email> + <name>Thomas D. (Whissi)</name> + </maintainer> + <use> + <flag name="init">Adds the capability to place the firewall in a safe state prior to bringing up the network interfaces</flag> + <flag name="ipv4">Installs everything needed to create a full IPv4 firewall</flag> + <flag name="ipv6">Adds the capability to create a full IPv6 firewall (requires <pkg>net-firewall/shorewall[ipv4]</pkg>)</flag> + <flag name="lite4">Installs everything needed to just *run* an IPv4 compiled firewall script created with <pkg>net-firewall/shorewall[ipv4]</pkg></flag> + <flag name="lite6">Installs everything needed to just *run* an IPv6 compiled firewall script created with <pkg>net-firewall/shorewall[ipv6]</pkg></flag> + </use> +</pkgmetadata> diff --git a/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild b/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild new file mode 100644 index 000000000000..18a2a85decb7 --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc" + +DEPEND=" + >=dev-lang/perl-5.10 + virtual/perl-Digest-SHA + =net-firewall/shorewall-core-${PVR} +" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run ${PN} on the local system." + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run ${PN} on the local system." + + check_extra_config +} + +src_prepare() { + epatch "${FILESDIR}"/${PVR}/shorewall-10-fix-ipset-support-detection.patch + + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + dodoc -r Samples + cd "${WORKDIR}"/${MY_P_DOCS} + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/${PN}/${PN}.conf" + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.5.21.9.ebuild b/net-firewall/shorewall/shorewall-4.5.21.9.ebuild new file mode 100644 index 000000000000..621938142fc6 --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.5.21.9.ebuild @@ -0,0 +1,116 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +IUSE="doc" + +DEPEND=" + >=dev-lang/perl-5.10 + virtual/perl-Digest-SHA + =net-firewall/shorewall-core-${PVR} +" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run ${PN} on the local system." + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run ${PN} on the local system." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + dodoc -r Samples + cd "${WORKDIR}"/${MY_P_DOCS} + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/${PN}/${PN}.conf" + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.6.10.1.ebuild b/net-firewall/shorewall/shorewall-4.6.10.1.ebuild new file mode 100644 index 000000000000..9c4abe3d3a9c --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.6.10.1.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [ -n "${DIGEST}" ]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd-r1 "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd-r1 "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd-r1 "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd-r1 "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd-r1 "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} + epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [ -d "${D}etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + dohtml -r "${S}"/${MY_PN_DOCS} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + fi + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.6.11.ebuild b/net-firewall/shorewall/shorewall-4.6.11.ebuild new file mode 100644 index 000000000000..992829cb5b78 --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.6.11.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [ -n "${DIGEST}" ]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd-r1 "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd-r1 "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd-r1 "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd-r1 "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd-r1 "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} + epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [ -d "${D}etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + dohtml -r "${S}"/${MY_PN_DOCS} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + fi + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.6.6.2.ebuild b/net-firewall/shorewall/shorewall-4.6.6.2.ebuild new file mode 100644 index 000000000000..06be7f76b1cb --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.6.6.2.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [ -n "${DIGEST}" ]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} + epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality.patch + cd "${S}" + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [ -d "${D}etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + dohtml -r "${S}"/${MY_PN_DOCS} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + fi + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi +} diff --git a/net-firewall/shorewall6-lite/Manifest b/net-firewall/shorewall6-lite/Manifest new file mode 100644 index 000000000000..aec4ac1f01d5 --- /dev/null +++ b/net-firewall/shorewall6-lite/Manifest @@ -0,0 +1,4 @@ +DIST shorewall-docs-html-4.5.21.10.tar.bz2 4146174 SHA256 cdbc5f3654f7cfb6f0c3b3750a7174df8fa0590dfe34df055300140b3eb13192 SHA512 94852cc094d6a485cacc4023a2819431f1bfd80b8cbcab29981c422fdff9dfee90697ae8a9bda7ded3a8be03db516bdd5f4bcc4b83e7d01bc433a8c88d23731a WHIRLPOOL 6f02d0e3255dd1e31a43193f67f9b957546a6ae574631e61364f81244bee887e7f21c38f412fa21cde77b3d89aaf0e14e43909683db0c9c32edeb455c20b998e +DIST shorewall-docs-html-4.5.21.9.tar.bz2 4146065 SHA256 9056c22b8232d8276cc53a6eb74940bab42a250c670cb5baa42c75cfb89efdef SHA512 48b2c692ba59b7ec74307909e43a95104e212c9b8e21af7f0dd9f3438ac4f24a6fd2bcc6517966681517aef03beaa8faf03efd74406966d97b68cb416be8551b WHIRLPOOL f68cba7ecaf8c541e58d26c157914bff2d90cd9deae30af7323ca69c68d028217133f53e597bf383191aee83fab29203d233b3cd1e75e4cf08d9e17308dc25e4 +DIST shorewall6-lite-4.5.21.10.tar.bz2 78934 SHA256 5010ab69de54ff615fda10be5e343c09d44eace8ed2dda1c04467524ea3d2cb2 SHA512 c4006d5648e1a6d558fb41fa05a3832fc8a58644a0612423940be820a452f68cfada3a412c28cece9447a182b488e99c371450eb5dc28a7ed3447a04ae868538 WHIRLPOOL ad649b67e76ffcec6d6bf954aae55543b02936f1f9e56c9e156a29fe4a24fab8ef2547272f1503b68db13b0b907e21674fb5d5a170f754287768c8f2e824e869 +DIST shorewall6-lite-4.5.21.9.tar.bz2 78451 SHA256 7e062c2bcc839ee7d84e958cf45c17a6cd00cfa25d5ee12a8644ac2ff73b40bb SHA512 ec62c0564f83090818060bc743b395cc96378b4249b2a68f54bff39012324c31705d7ad3b02564a9f32bcc2f536af38cbddd704fabe0ed4516f894b0218ca56a WHIRLPOOL e44a9e1e209b4540f1c0fae77d5d7eac6809505dc8956156429cd7b745fbd2fee3ef56811ecf681d7a82e138151a2d1425c5bd30593412fd01f5c7aad62665e6 diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.confd b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.initd b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.initd new file mode 100644 index 000000000000..a5436ec9eecc --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.initd @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall6-lite status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + /sbin/shorewall6-lite status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall6-lite ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + /sbin/shorewall6-lite ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.systemd b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.systemd new file mode 100644 index 000000000000..5af21b6c19bd --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewall6-lite.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewallrc b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10-r1/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.confd b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.initd b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.initd new file mode 100644 index 000000000000..a5436ec9eecc --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.initd @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall6-lite status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + /sbin/shorewall6-lite status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall6-lite ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + /sbin/shorewall6-lite ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.systemd b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.systemd new file mode 100644 index 000000000000..5af21b6c19bd --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewall6-lite.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall6-lite/files/4.5.21.10/shorewallrc b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.10/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.confd b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.initd b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.initd new file mode 100644 index 000000000000..a5436ec9eecc --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.initd @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall6-lite status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + /sbin/shorewall6-lite status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall6-lite ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + /sbin/shorewall6-lite ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + /sbin/shorewall6-lite ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.systemd b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.systemd new file mode 100644 index 000000000000..5af21b6c19bd --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewall6-lite.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall6-lite/files/4.5.21.9/shorewallrc b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall6-lite/files/4.5.21.9/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall6-lite/metadata.xml b/net-firewall/shorewall6-lite/metadata.xml new file mode 100644 index 000000000000..52ffdde3f9be --- /dev/null +++ b/net-firewall/shorewall6-lite/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <herd>proxy-maintainers</herd> + <maintainer> + <email>whissi@whissi.de</email> + <name>Thomas D. (Whissi)</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/shorewall6-lite/shorewall6-lite-4.5.21.10-r1.ebuild b/net-firewall/shorewall6-lite/shorewall6-lite-4.5.21.10-r1.ebuild new file mode 100644 index 000000000000..c0d084ae95b9 --- /dev/null +++ b/net-firewall/shorewall6-lite/shorewall6-lite-4.5.21.10-r1.ebuild @@ -0,0 +1,107 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="An iptables-based firewall whose config is handled by a normal Shorewall6" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc" + +DEPEND="=net-firewall/shorewall-core-${PVR}" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[-minimal] + >=dev-perl/Socket6-0.230.0 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV6" + + local ERROR_CONNTRACK="${PN} requires NF_CONNTRACK support." + + local ERROR_CONNTRACK_IPV6="${PN} requires NF_CONNTRACK_IPV6 support." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + cd "${WORKDIR}/${MY_P_DOCS}" + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall6 (the full version, including the compiler)." + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall6-lite-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall6-lite/shorewall6-lite-4.5.21.9.ebuild b/net-firewall/shorewall6-lite/shorewall6-lite-4.5.21.9.ebuild new file mode 100644 index 000000000000..0d4dfaccde67 --- /dev/null +++ b/net-firewall/shorewall6-lite/shorewall6-lite-4.5.21.9.ebuild @@ -0,0 +1,107 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION="An iptables-based firewall whose config is handled by a normal Shorewall6" +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +IUSE="doc" + +DEPEND="=net-firewall/shorewall-core-${PVR}" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[-minimal] + >=dev-perl/Socket6-0.230.0 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV6" + + local ERROR_CONNTRACK="${PN} requires NF_CONNTRACK support." + + local ERROR_CONNTRACK_IPV6="${PN} requires NF_CONNTRACK_IPV6 support." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + cd "${WORKDIR}/${MY_P_DOCS}" + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall6 (the full version, including the compiler)." + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall6-lite-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall6/Manifest b/net-firewall/shorewall6/Manifest new file mode 100644 index 000000000000..781ffb09c99f --- /dev/null +++ b/net-firewall/shorewall6/Manifest @@ -0,0 +1,4 @@ +DIST shorewall-docs-html-4.5.21.10.tar.bz2 4146174 SHA256 cdbc5f3654f7cfb6f0c3b3750a7174df8fa0590dfe34df055300140b3eb13192 SHA512 94852cc094d6a485cacc4023a2819431f1bfd80b8cbcab29981c422fdff9dfee90697ae8a9bda7ded3a8be03db516bdd5f4bcc4b83e7d01bc433a8c88d23731a WHIRLPOOL 6f02d0e3255dd1e31a43193f67f9b957546a6ae574631e61364f81244bee887e7f21c38f412fa21cde77b3d89aaf0e14e43909683db0c9c32edeb455c20b998e +DIST shorewall-docs-html-4.5.21.9.tar.bz2 4146065 SHA256 9056c22b8232d8276cc53a6eb74940bab42a250c670cb5baa42c75cfb89efdef SHA512 48b2c692ba59b7ec74307909e43a95104e212c9b8e21af7f0dd9f3438ac4f24a6fd2bcc6517966681517aef03beaa8faf03efd74406966d97b68cb416be8551b WHIRLPOOL f68cba7ecaf8c541e58d26c157914bff2d90cd9deae30af7323ca69c68d028217133f53e597bf383191aee83fab29203d233b3cd1e75e4cf08d9e17308dc25e4 +DIST shorewall6-4.5.21.10.tar.bz2 252715 SHA256 1932c54f16750840985257abf27d7dc77235eacdb00560be8424ec9357747c62 SHA512 e436e7020213bbd1da688461eeac969d47b862a8f97c870af610c1e6aae9e01c626d5f9e15c2b500257c3ff5ac97fa63722cf99e10deac03fda9bd284baf907a WHIRLPOOL 15f5e07bce8d88c6fae69d05d261ebc107e2a2f340107748427bc6cfcddec7ad26caee61c28ca006d60425c9cfd6e4eaa1b2b59ea6fcb6f8c8ba44c5c00789ba +DIST shorewall6-4.5.21.9.tar.bz2 252533 SHA256 2c4606fffc49b0129ec79142493949d8efe15bdef4f6e1619af32e694cbd5aba SHA512 91be0dd55485d56b33f52a91f315562998e6aaf7f2f5ddcb1882fcda589146132810d0f1d5ae2ab6e6ec1256319084969e1499bdd3f37e5a63e0cc65d5ed77bb WHIRLPOOL 7e129116662c8501fb12b23f9552a01d9ae14501194376026ea43758d1470ee7739ff90e26985c7d1e9e9a8c7db7cfdc26b64943e8e470893f5d38d7ef51509a diff --git a/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.confd b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.initd b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.initd new file mode 100644 index 000000000000..ba4b43f1ddb9 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.initd @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall6 status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + /sbin/shorewall6 ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + /sbin/shorewall6 ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + /sbin/shorewall6 status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall6 ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + /sbin/shorewall6 ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + /sbin/shorewall6 ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + /sbin/shorewall6 ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + /sbin/shorewall6 ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.systemd b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.systemd new file mode 100644 index 000000000000..448226c88736 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewall6.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall6/files/4.5.21.10-r1/shorewallrc b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.10-r1/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall6/files/4.5.21.9/shorewall6.confd b/net-firewall/shorewall6/files/4.5.21.9/shorewall6.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.9/shorewall6.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall6/files/4.5.21.9/shorewall6.initd b/net-firewall/shorewall6/files/4.5.21.9/shorewall6.initd new file mode 100644 index 000000000000..ba4b43f1ddb9 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.9/shorewall6.initd @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall6 status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + /sbin/shorewall6 ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + /sbin/shorewall6 ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + /sbin/shorewall6 status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall6 ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + /sbin/shorewall6 ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + /sbin/shorewall6 ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + /sbin/shorewall6 ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + /sbin/shorewall6 ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall6/files/4.5.21.9/shorewall6.systemd b/net-firewall/shorewall6/files/4.5.21.9/shorewall6.systemd new file mode 100644 index 000000000000..448226c88736 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.9/shorewall6.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall6/files/4.5.21.9/shorewallrc b/net-firewall/shorewall6/files/4.5.21.9/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall6/files/4.5.21.9/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall6/metadata.xml b/net-firewall/shorewall6/metadata.xml new file mode 100644 index 000000000000..52ffdde3f9be --- /dev/null +++ b/net-firewall/shorewall6/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <herd>proxy-maintainers</herd> + <maintainer> + <email>whissi@whissi.de</email> + <name>Thomas D. (Whissi)</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/shorewall6/shorewall6-4.5.21.10-r1.ebuild b/net-firewall/shorewall6/shorewall6-4.5.21.10-r1.ebuild new file mode 100644 index 000000000000..9a42db391e58 --- /dev/null +++ b/net-firewall/shorewall6/shorewall6-4.5.21.10-r1.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall,' +DESCRIPTION+=' IPv6 component' +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc" + +DEPEND="=net-firewall/shorewall-${PVR}" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[-minimal] + >=dev-perl/Socket6-0.230.0 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run ${PN} on the local system." + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run ${PN} on the local system." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + dodoc -r Samples6 + cd "${WORKDIR}"/${MY_P_DOCS} + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/${PN}/${PN}.conf" + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall6-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall6/shorewall6-4.5.21.9.ebuild b/net-firewall/shorewall6/shorewall6-4.5.21.9.ebuild new file mode 100644 index 000000000000..18f2d8c4d570 --- /dev/null +++ b/net-firewall/shorewall6/shorewall6-4.5.21.9.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall,' +DESCRIPTION+=' IPv6 component' +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +IUSE="doc" + +DEPEND="=net-firewall/shorewall-${PVR}" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[-minimal] + >=dev-perl/Socket6-0.230.0 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run ${PN} on the local system." + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run ${PN} on the local system." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + dodoc -r Samples6 + cd "${WORKDIR}"/${MY_P_DOCS} + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/${PN}/${PN}.conf" + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall6-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/ufw-frontends/Manifest b/net-firewall/ufw-frontends/Manifest new file mode 100644 index 000000000000..9957816b8343 --- /dev/null +++ b/net-firewall/ufw-frontends/Manifest @@ -0,0 +1 @@ +DIST ufw-frontends-0.3.2.tar.gz 85472 SHA256 7ff838d1f20a122307ef5e2bc94f6cbb5ea019a1d3d7ec72f7493c5f8c0a7910 SHA512 9f311596a3bad71562ca98acb8bf4d0d55990520cb5373c299dad05d1a1986e791eac984385013a511af4693a9988351ec37d8735ae6748818a9570db416b274 WHIRLPOOL 8b12a19c3338210d388b3d5ed24e22cbb49357d9fa9c768ad7b9ff8bcb6481cf4888048ec4c60266915a69095a90e2ce776a81f92f0f9692d8c2ef3fc4b669ed diff --git a/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy b/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy new file mode 100644 index 000000000000..7410debbc818 --- /dev/null +++ b/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Gentoo</vendor> + <vendor_url>http://www.gentoo.org/</vendor_url> + + <action id="org.gentoo.pkexec.ufw-gtk"> + <message>Authentication is required to run the ufw configuration tool</message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/ufw-gtk</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> + +</policyconfig> diff --git a/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch b/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch new file mode 100644 index 000000000000..f4adb49826ec --- /dev/null +++ b/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch @@ -0,0 +1,61 @@ +From e7bcf87788588c3a38ce18c9a8d69bbe156860e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C5=82awomir=20Nizio?= <slawomir.nizio@sabayon.org> +Date: Mon, 3 Mar 2014 08:31:47 +0100 +Subject: [PATCH] Fix crash when no log in supported location can be found + +This can happen for example on systems that use Journal +from systemd. + +In this case, ufw-gtk exits with a traceback containing: +IOError: [Errno 2] No such file or directory: '/var/log/messages.log' +(this is the last log file tried). + +The patch works around the issue by handling the error +and disabling the widget in the "Events" tab. +--- + gfw/frontend_gtk.py | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/gfw/frontend_gtk.py b/gfw/frontend_gtk.py +index 75ebb33..75dfde0 100644 +--- a/gfw/frontend_gtk.py ++++ b/gfw/frontend_gtk.py +@@ -33,14 +33,21 @@ from gfw.frontend import Frontend + + class Notifier(gfw.event.Notifier): + +- def __init__(self, callback): +- gfw.event.Notifier.__init__(self, callback) ++ def __init__(self, callback, inactive_handler): ++ self._active = False ++ try: ++ gfw.event.Notifier.__init__(self, callback) ++ except IOError: ++ inactive_handler() ++ return ++ self._active = True + self._w = gobject.io_add_watch(self._fd, gobject.IO_IN | gobject.IO_PRI, + self._trigger) + + def __del__(self): +- gfw.event.Notifier.__del__(self) +- gobject.source_remove(self._w) ++ if self._active: ++ gfw.event.Notifier.__del__(self) ++ gobject.source_remove(self._w) + + + class Builder(gtk.Builder): +@@ -90,7 +97,8 @@ class GtkFrontend(Frontend): + data = (timestamp, event, conn['IN'], conn['OUT'], conn['PROTO'], + conn['SRC'], spt, conn['DST'], dpt) + self.ui.events_model.append(data) +- self._notifier = Notifier(callback) ++ self._notifier = Notifier(callback, ++ lambda: self.ui.events_view.set_sensitive(False)) + self.ui.main_window.show_all() + ## FIXME: for the 0.3.0 release, hide the tab for the connections view + page = self.ui.view.get_nth_page(2) +-- +1.9.0 + diff --git a/net-firewall/ufw-frontends/metadata.xml b/net-firewall/ufw-frontends/metadata.xml new file mode 100644 index 000000000000..9558d7412c05 --- /dev/null +++ b/net-firewall/ufw-frontends/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>proxy-maintainers</herd> + <maintainer> + <email>slawomir.nizio@sabayon.org</email> + <name>Sławomir Nizio</name> + </maintainer> + <longdescription lang="en">Currently, UFW provides only a command-line interface (CLI) for user + interaction--the ufw command. This project implements graphical frontends + for UFW using PyGTK and PyQt (the latter in early stage of development).</longdescription> + <upstream> + <remote-id type="google-code">ufw-frontends</remote-id> + </upstream> + <use><flag name="policykit">Use pkexec to gain root privileges</flag></use> + <use><flag name="kde">Use kdesu to gain root privileges (note: the flag has lower priority than "policykit")</flag></use> +</pkgmetadata> diff --git a/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r3.ebuild b/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r3.ebuild new file mode 100644 index 000000000000..f4cb9480cc1d --- /dev/null +++ b/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r3.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) +inherit distutils-r1 + +DESCRIPTION="Provides graphical frontend to ufw" +HOMEPAGE="http://code.google.com/p/ufw-frontends/" +SRC_URI="http://ufw-frontends.googlecode.com/files/${P}.tar.gz" + +# CC-BY-NC-SA-3.0 is for a png file +LICENSE="GPL-3 CC-BY-NC-SA-3.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="kde policykit" + +DEPEND="" +RDEPEND="${DEPEND} + dev-python/pygobject:2[${PYTHON_USEDEP}] + dev-python/pygtk[${PYTHON_USEDEP}] + dev-python/pyinotify[${PYTHON_USEDEP}] + net-firewall/ufw[${PYTHON_USEDEP}] + !policykit? ( + kde? ( kde-apps/kdesu ) ) + policykit? ( sys-auth/polkit ) +" + +python_prepare_all() { + if use policykit; then + sed -i 's/^Exec=su-to-root -X -c/Exec=pkexec/' \ + share/ufw-gtk.desktop || die + elif use kde; then + sed -i 's/^Exec=su-to-root -X -c/Exec=kdesu/' \ + share/ufw-gtk.desktop || die + fi + + # don't try to override run() to install the script + # under /usr/sbin; it does not work with distutils-r1 + # and so it is handled differently (in python_install) + sed -i '/cmdclass=/d' setup.py || die + + # Qt version is unusable + rm gfw/frontend_qt.py || die + distutils-r1_python_prepare_all + + # fix crash when no ufw logs in supported locations can + # be found + epatch "${FILESDIR}/${P}-no-log-crash.patch" +} + +python_install() { + distutils-r1_python_install --install-scripts="/usr/sbin" +} + +python_install_all() { + distutils-r1_python_install_all + + if use policykit; then + insinto /usr/share/polkit-1/actions/ + doins "${FILESDIR}"/org.gentoo.pkexec.ufw-gtk.policy + elif ! use kde; then + rm "${D}usr/share/applications/ufw-gtk.desktop" || die + fi +} diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest new file mode 100644 index 000000000000..6380dd51df0b --- /dev/null +++ b/net-firewall/ufw/Manifest @@ -0,0 +1 @@ +DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829 diff --git a/net-firewall/ufw/files/rsyslog/ufw.logrotate b/net-firewall/ufw/files/rsyslog/ufw.logrotate new file mode 100644 index 000000000000..f88ca8265bea --- /dev/null +++ b/net-firewall/ufw/files/rsyslog/ufw.logrotate @@ -0,0 +1,13 @@ +/var/log/ufw.log +{ + rotate 5 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/rsyslog reload >/dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/syslog-ng/syslog-ng.example b/net-firewall/ufw/files/syslog-ng/syslog-ng.example new file mode 100644 index 000000000000..41f7ce39cef7 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/syslog-ng.example @@ -0,0 +1,13 @@ +# This is an example rule for app-admin/syslog-ng to separate ufw logs +# from /var/log/messages. +# Place those lines before "log" entries in /etc/syslog-ng/syslog-ng.conf. + +filter f_ufw { match("\\[UFW " value("MESSAGE")); }; +destination ufwfile { file("/var/log/ufw.log"); }; +log { + source(src); + filter(f_ufw); + destination(ufwfile); + destination(console_all); + flags(final); +}; diff --git a/net-firewall/ufw/files/syslog-ng/ufw.logrotate b/net-firewall/ufw/files/syslog-ng/ufw.logrotate new file mode 100644 index 000000000000..5080aa1bfa38 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/ufw.logrotate @@ -0,0 +1,12 @@ +# logrotate snippet for ufw +# requires app-admin/syslog-ng +# copy the file into /etc/logrotate.d +/var/log/ufw.log { + missingok + rotate 5 + notifempty + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/ufw-0.31.1-move-path.patch b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch new file mode 100644 index 000000000000..24d00ea68ccd --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch @@ -0,0 +1,177 @@ +diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8 +--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before[6].rules +@@ -41,7 +41,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. It supports the following arguments: + .TP +diff -Naur ufw-0.31.orig/README ufw-0.31/README +--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100 +@@ -58,7 +58,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example. Consult +@@ -72,9 +72,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script ++/usr/share/ufw/ufw-init start script + + + Usage +@@ -149,7 +149,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -247,7 +247,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -290,7 +290,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py +--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100 +@@ -54,7 +54,8 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ # real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -116,7 +117,7 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir +@@ -127,8 +128,14 @@ + self.copy_file('conf/user.rules', user_rules) + self.copy_file('conf/user6.rules', user6_rules) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -199,13 +206,18 @@ + + subprocess.call(["sed", + "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ file]) ++ ++ subprocess.call(["sed", ++ "-i", + "s%#VERSION#%" + ufw_version + "%g", + file]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for file in [ before_rules, after_rules, \ +diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py +--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100 +@@ -22,7 +22,7 @@ + import sys + import time + +-from ufw.common import UFWError, UFWRule, config_dir, state_dir ++from ufw.common import UFWError, UFWRule, config_dir, state_dir, share_dir + from ufw.util import warn, debug, msg, cmd, cmd_pipe + import ufw.backend + +@@ -40,7 +40,7 @@ + files['rules6'] = os.path.join(state_dir, 'user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(state_dir, 'ufw-init') ++ files['init'] = os.path.join(share_dir, 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files) + +diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init +--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100 +@@ -18,8 +18,8 @@ + # + set -e + +-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then +- . "#STATE_PREFIX#/ufw-init-functions" ++if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then ++ . "#SHARE_DIR#/ufw-init-functions" + else + echo "Could not find $s (aborting)" + exit 1 +@@ -56,7 +56,7 @@ + flush_builtins || exit "$?" + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch b/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch new file mode 100644 index 000000000000..2c04284ad50c --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch @@ -0,0 +1,42 @@ +This patch fixes issues during package build with ebuild supporting +installation for Python versions: sed substitutions in common.py and location +of ufw script in Python ABIs which have prefix different than /usr. +Also makes .mo files not to be installed in wrong paths. + +More info about the first issue: +with support for multiple Python versions in the ebuild, seems the +file isn't copied from staging/ to build-*/lib/ufw/ after being +modified. That's why the copy needs to be done "manually" here. +The issue occurs with "setup.py build -b build-XXX" followed by +"setup.py build -b build-XXX install". + +probably related: https://bugs.launchpad.net/ufw/+bug/819600 +--- setup.py ++++ setup.py +@@ -90,6 +90,8 @@ + "-i", + "s%#SHARE_DIR#%" + real_sharedir + "%g", + os.path.join('staging', file)]) ++ self.copy_file(os.path.join('staging', file), ++ os.path.join(self.build_base, "lib", "ufw")) + + # Now byte-compile everything + super(Install, self).run() +@@ -99,7 +101,8 @@ + if self.root != None: + prefix = self.root + real_prefix + +- script = os.path.join(prefix, 'sbin', 'ufw') ++ # PyPy (and Jython?) has different prefix. Without the change the binary would end up in a wrong path. ++ script = os.path.join(self.root, 'usr', 'sbin', 'ufw') + manpage = os.path.join(prefix, 'share', 'man', 'man8', 'ufw.8') + manpage_f = os.path.join(prefix, 'share', 'man', 'man8', \ + 'ufw-framework.8') +@@ -147,7 +150,6 @@ + self.mkpath(i18ndir) + if len(os.listdir('locales/mo')) == 0: + subprocess.call(["make", "mo"]) +- self.copy_tree('locales/mo', i18ndir) + + # Install configuration files + confdir = real_confdir diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch new file mode 100644 index 000000000000..b7eae3595cb5 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch @@ -0,0 +1,46 @@ +diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py +--- ufw-0.32/setup.py 2012-07-06 17:46:29.000000000 +0200 ++++ ufw-0.32.new/setup.py 2012-07-30 15:28:31.874547818 +0200 +@@ -225,41 +225,7 @@ + os.unlink(os.path.join('staging', 'ufw-init')) + os.unlink(os.path.join('staging', 'ufw-init-functions')) + +-iptables_exe = '' +-iptables_dir = '' +- +-for e in ['iptables']: +- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ +- '/usr/local/bin']: +- if e == "iptables": +- if os.path.exists(os.path.join(dir, e)): +- iptables_dir = dir +- iptables_exe = os.path.join(iptables_dir, "iptables") +- print("Found '%s'" % iptables_exe) +- else: +- continue +- +- if iptables_exe != "": +- break +- +- +-if iptables_exe == '': +- print("ERROR: could not find required binary 'iptables'", file=sys.stderr) +- sys.exit(1) +- +-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: +- if not os.path.exists(os.path.join(iptables_dir, e)): +- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) +- sys.exit(1) +- +-(rc, out) = cmd([iptables_exe, '-V']) +-if rc != 0: +- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ +- (iptables_exe)) +-version = re.sub('^v', '', re.split('\s', str(out))[1]) +-print("Found '%s' version '%s'" % (iptables_exe, version)) +-if version < "1.4": +- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) ++iptables_dir = '/sbin' + + setup (name='ufw', + version=ufw_version, diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch new file mode 100644 index 000000000000..dc922435de10 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch @@ -0,0 +1,17 @@ +--- shell-completion/bash ++++ shell-completion/bash +@@ -52,7 +52,6 @@ + echo "numbered verbose" + } + +-have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -83,5 +82,5 @@ + fi + } + +-[ "$have" ] && complete -F _ufw ufw ++complete -F _ufw ufw + diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch new file mode 100644 index 000000000000..991f4c826ece --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch @@ -0,0 +1,15 @@ +--- a/setup.py ++++ b/setup.py +@@ -107,12 +107,6 @@ class Install(_install, object): + for f in [ script, manpage, manpage_f ]: + self.mkpath(os.path.dirname(f)) + +- # update the interpreter to that of the one the user specified for setup +- print("Updating staging/ufw to use %s" % (sys.executable)) +- subprocess.call(["sed", +- "-i", +- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", +- 'staging/ufw']) + self.copy_file('staging/ufw', script) + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) diff --git a/net-firewall/ufw/files/ufw-2.initd b/net-firewall/ufw/files/ufw-2.initd new file mode 100644 index 000000000000..f8f03fa2ffcc --- /dev/null +++ b/net-firewall/ufw/files/ufw-2.initd @@ -0,0 +1,137 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + before net + provide firewall +} + +start() { + ebegin "Starting ufw" + _source_file || { eend $?; return $?; } + + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Avoid "Firewall already started, use 'force-reload'" message that + # appears if `ufw enable' had been run before start(). + if _status_quiet; then + eend 0 + return + fi + + # The ufw_start function does the same: if ufw is disabled using `ufw disable', + # ufw_start would not start ufw and return 0, so let's handle this case. + case $enabled_in_cfg in + 0) + ufw_start + ret=$? + eend $ret "Failed to start ufw." + ;; + 1) + # see /etc/conf.d/<name> + if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then + ret=1 + eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first." + else + ret=0 + eend 0 + fi + ;; + 2) + ret=1 + eend $ret "Failed to start ufw." + ;; + esac + + return $ret +} + +stop() { + ebegin "Stopping ufw" + _source_file || { eend $?; return $?; } + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Same as above (unless --force is passed to ufw_stop). + case $enabled_in_cfg in + 0) + ufw_stop + ret=$? + ;; + 1) + einfo "INFO: ufw is configured to be disabled" + ufw_stop --force + ret=$? + ;; + 2) + ret=1 + ;; + esac + + eend $ret "Failed to stop ufw." + return $ret +} + +_status_quiet() { + # return values: 0 - started, 1 - stopped, 2 - error + # Does not execute _source_file. + local ret + ufw_status > /dev/null + ret=$? + # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions. + case $ret in + 0) return 0 ;; + 3) return 1 ;; + *) return 2 ;; + esac +} + +_source_file() { + local sourced_f="/usr/share/ufw/ufw-init-functions" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 1 + fi + + local _path=$PATH + if ! . "$sourced_f"; then + # PATH can be broken here, fix it... + PATH=$_path + eerror "Error sourcing file $sourced_f" + return 1 + fi + + if [ -z "$PATH" ]; then + PATH=$_path + else + PATH="${PATH}:${_path}" + fi + return 0 +} + +_check_if_enabled_in_cfg() { + # Check if user has enabled the firewall with "ufw enable". + # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error. + + local sourced_f="/etc/ufw/ufw.conf" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 2 + fi + + if ! . "$sourced_f"; then + eerror "Error sourcing file $sourced_f" + return 2 + fi + + if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then + return 0 + else + return 1 + fi +} diff --git a/net-firewall/ufw/files/ufw.confd b/net-firewall/ufw/files/ufw.confd new file mode 100644 index 000000000000..900d3bf67bd4 --- /dev/null +++ b/net-firewall/ufw/files/ufw.confd @@ -0,0 +1,5 @@ +# If equals to "yes", warnings that firewall is disabled +# (using `ufw disable') will be suppressed and the service +# will be considered started. +# Default if unset or another value is "no". +ufw_nonfatal_if_disabled=no diff --git a/net-firewall/ufw/files/ufw.service b/net-firewall/ufw/files/ufw.service new file mode 100644 index 000000000000..9d6972036a05 --- /dev/null +++ b/net-firewall/ufw/files/ufw.service @@ -0,0 +1,15 @@ +[Unit] +Description=Uncomplicated Firewall +DefaultDependencies=no +Before=network.target sysinit.target +After=systemd-sysctl.service +ConditionPathExists=|/etc/ufw/ufw.conf + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/share/ufw/ufw-init start +ExecStop=/usr/share/ufw/ufw-init stop + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml new file mode 100644 index 000000000000..afc7f7197388 --- /dev/null +++ b/net-firewall/ufw/metadata.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>proxy-maintainers</herd> + <maintainer> + <email>slawomir.nizio@sabayon.org</email> + <name>Sławomir Nizio</name> + </maintainer> + <longdescription lang="en"> + The Uncomplicated Firewall (ufw) is a frontend for iptables and is + particularly well-suited for host-based firewalls. It provides a framework + for managing netfilter, as well as an easy to use command-line interface for + manipulating the firewall. +</longdescription> + <upstream> + <remote-id type="launchpad">ufw</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild new file mode 100644 index 000000000000..865dbdb5a07e --- /dev/null +++ b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="http://launchpad.net/ufw" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${P}-shebang.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] \ + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; + then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} diff --git a/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild new file mode 100644 index 000000000000..2d694f6e1b12 --- /dev/null +++ b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="http://launchpad.net/ufw" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ia64 ppc ppc64 sparc ~x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${P}-shebang.patch + # Fix bash completions, bug #526300 + "${FILESDIR}"/${P}-bash-completion.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] \ + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; + then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} diff --git a/net-firewall/xtables-addons/Manifest b/net-firewall/xtables-addons/Manifest new file mode 100644 index 000000000000..6da97030af9b --- /dev/null +++ b/net-firewall/xtables-addons/Manifest @@ -0,0 +1,6 @@ +DIST xtables-addons-1.37.tar.xz 423784 SHA256 2b60a3ae1c71a5b802625b595edceb14ea0be1fb5517e98a9542c5a1157fb7b6 +DIST xtables-addons-1.47.1.tar.xz 323312 SHA256 06535dbefaa7725870750048842b4b53f5a4f8d8b16d5ce61bb4cc28e0b99326 SHA512 4920c9fae1a5b026f48562590b9221d497127197806f52f2eeba269faf8203b3da2e2ab6ff01f273ecac457d19399c42b4d163c18fa405bfe15b54f46478227d WHIRLPOOL 6654fb33c96eb052b94047445682a26f141532c2db5404ec62c29d40741a34ac9138ba1a5de494d7f1b8706a5de425b1188f79fa6195a824d2642ba506f6bdc1 +DIST xtables-addons-2.1.tar.xz 316412 SHA256 1d788bf647d96cfbcc2e61c3a32702cfdde40fea857407d2674731b41ac3ae79 SHA512 df8617f8dbc386e1264063fa1650a18021a199e8d301b7a2133c840f1cd54d348d5b6e46b823a778feb9682d65d898c8d31c0df35ee2b914865b126485973973 WHIRLPOOL d9146f96fb5c166e2944d45b69c929f56fb8104df9599fb9bdc4be83fc6540f26782dd8fd8866a06b7b0531207db7ce41f95439efdb07f0fa5d73a34e2028cd0 +DIST xtables-addons-2.3.tar.xz 316452 SHA256 7ab43981d594131ec8d72d4604c92c25dcf67dd4cae6aabb71113238a27cdff9 SHA512 08d529f0a2fa96ba715d2142934d6568a3c4f0ddb49f06c3c4d4ac200de0a4d2b59a4007302b557ca21014cbacda104e7781df0d5158e5313a673a928453abcc WHIRLPOOL d9929c3ede195ae87fd5b063814f2d27a0ccc772b8cc7eaee7c4d551af58e9f91e4fbbf420c058522563ea9f7ee082e280f124118bee4997763eb35738e3facc +DIST xtables-addons-2.6.tar.xz 313824 SHA256 6f2347df8fdcedfe871fe989e62bb79a729d12b600c057454b21fda8fe9d525b SHA512 e493c7a6e6512f8240d211b4ba5bb9ed705fcef604dca4b2ade717dd45046464087250b4057d9b66c94de92e090c0269e47e2cf665362bfe620b3a942d83d10d WHIRLPOOL f9f06cb1c5c2ca6cdf673ce0c2fabb6c971c3184e4197caf66e983ec5447261f574b10953bce8383f4a24a021bf58d32932a66b55d2e98ada5a15e1b8d3a60a5 +DIST xtables-addons-2.7.tar.xz 320804 SHA256 ce64b607967e576ac4d1f4fd522d0c4d34feada9fd45a54113967a6a2b56a519 SHA512 69c371b8bb5e464a4514dd432027be88a0ad5ab343bbe8c1f3cc2150f86e5a811de7a5d8fee2688499e5e49ac1dc275520eeae9afeeb51ec1cfaacc57892954a WHIRLPOOL 24c441e72764062adea16a32c3b2e9255645d17a7cfeddd1c0839761f003b78abaad2b25de4c1efce8fc62354b5023b91f8468f06ccec6c816ef1b2b02492ffc diff --git a/net-firewall/xtables-addons/metadata.xml b/net-firewall/xtables-addons/metadata.xml new file mode 100644 index 000000000000..66ec30dcd145 --- /dev/null +++ b/net-firewall/xtables-addons/metadata.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>proxy-maintainers</herd> + <maintainer> + <email>andreis.vinogradovs@gmail.com</email> + <name>Andreis Vinogradovs</name> + <description>Co-maintainer, through proxy maintainers</description> + </maintainer> + <maintainer> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <longdescription> +Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains +extensions that were not, or are not yet, accepted in the main kernel/iptables +packages. + +Xtables-addons is different from patch-o-matic in that you do not have to patch +or recompile the kernel, sometimes recompiling iptables is also not needed. But +please see the INSTALL file for the minimum requirements of this package. +</longdescription> + <upstream> + <remote-id type="sourceforge">xtables-addons</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/xtables-addons/xtables-addons-1.37.ebuild b/net-firewall/xtables-addons/xtables-addons-1.37.ebuild new file mode 100644 index 000000000000..7af2055077a0 --- /dev/null +++ b/net-firewall/xtables-addons/xtables-addons-1.37.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" +inherit eutils linux-info linux-mod multilib + +DESCRIPTION="extensions not yet accepted in the main kernel/iptables (patch-o-matic(-ng) successor)" +HOMEPAGE="http://xtables-addons.sourceforge.net/" +SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="modules" + +REQUIRED_USE=" + xtables_addons_ipset4? ( !xtables_addons_ipset6 ) + xtables_addons_ipset6? ( !xtables_addons_ipset4 )" + +MODULES="quota2 psd pknock lscan length2 ipv4options ipset6 ipset4 ipp2p iface gradm geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark echo dnetmap dhcpmac delude checksum chaos account" + +for mod in ${MODULES}; do + IUSE="${IUSE} xtables_addons_${mod}" +done + +DEPEND=">=net-firewall/iptables-1.4.3" + +RDEPEND="${DEPEND} + xtables_addons_ipset4? ( !net-firewall/ipset ) + xtables_addons_ipset6? ( + !net-firewall/ipset + net-libs/libmnl ) + xtables_addons_geoip? ( virtual/perl-Getopt-Long + dev-perl/Text-CSV_XS )" + +DEPEND="${DEPEND} + virtual/linux-sources" + +pkg_setup() { + if use modules; then + get_version + check_modules_supported + CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" + ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" + linux-mod_pkg_setup + + if ! linux_chkconfig_present IPV6; then + SKIP_IPV6_MODULES="ip6table_rawpost ipset6" + ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" + fi + if (use xtables_addons_ipset4 || use xtables_addons_ipset6) && + kernel_is -lt 2 6 35; then + die "${PN} with ipset requires kernel version >= 2.6.35" + fi + kernel_is -lt 2 6 29 && die "${PN} requires kernel version >= 2.6.29" + if use xtables_addons_tee && kernel_is -gt 2 6 35; then + CONFIG_CHECK="NETFILTER_XT_TARGET_TEE" + ERROR_NETFILTER_XT_TARGET_TEE="Please enable TEE target in your kernel." + # SKIP_MODULES in case we need to disable building of everything + # like having this USE disabled + SKIP_MODULES="tee" + ewarn "TEE modules is provided by kernel. Skipping its build..." + fi + fi +} + +# Helper for maintainer: cheks if all possible MODULES are listed. +XA_qa_check() { + local all_modules + all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") + if [[ ${all_modules} != ${MODULES} ]]; then + ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." + ewarn "Please, update MODULES in ebuild." + ewarn "'${all_modules}'" + fi +} + +# Is there any use flag set? +XA_has_something_to_build() { + local mod + for mod in ${MODULES}; do + use xtables_addons_${mod} && return + done + + eerror "All modules are disabled. What do you want me to build?" + eerror "Please, set XTABLES_ADDONS to any combination of" + eerror "${MODULES}" + die "All modules are disabled." +} + +# Parse Kbuid files and generates list of sources +XA_get_module_name() { + [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." + local mod objdir build_mod sources_list + mod=${1} + objdir=${S}/extensions + # Take modules name from mconfig + build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") + # strip .o, = and everything before = and print + sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + + if [[ -d ${S}/extensions/${sources_list} ]]; then + objdir=${S}/extensions/${sources_list} + sources_list=$(sed -n "/^obj-m/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + fi + for mod_src in ${sources_list}; do + has ${mod_src} ${SKIP_IPV6_MODULES} || \ + echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" + done +} + +src_prepare() { + XA_qa_check + XA_has_something_to_build + + local mod module_name + if use modules; then + MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" + fi + for mod in ${MODULES}; do + has ${mod} ${SKIP_MODULES} && continue + if use xtables_addons_${mod}; then + sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die + if use modules; then + for module_name in $(XA_get_module_name ${mod}); do + MODULE_NAMES+=" ${module_name}" + done + fi + else + sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die + fi + done + einfo "${MODULE_NAMES}" # for debugging + + sed -e 's/depmod -a/true/' -i Makefile.in || die + sed -e '/^all-local:/{s: modules::}' \ + -e '/^install-exec-local:/{s: modules_install::}' \ + -i extensions/Makefile.in || die + + use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in +} + +src_configure() { + set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile + econf --prefix="${EPREFIX}/" \ + --libexecdir="${EPREFIX}/$(get_libdir)/" \ + --with-kbuild="${KV_DIR}" +} + +src_compile() { + emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 + use modules && BUILD_TARGETS="modules" linux-mod_src_compile +} + +src_install() { + emake DESTDIR="${D}" install + use modules && linux-mod_src_install + dodoc -r README doc/* + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' +} diff --git a/net-firewall/xtables-addons/xtables-addons-1.47.1.ebuild b/net-firewall/xtables-addons/xtables-addons-1.47.1.ebuild new file mode 100644 index 000000000000..1850b6901a12 --- /dev/null +++ b/net-firewall/xtables-addons/xtables-addons-1.47.1.ebuild @@ -0,0 +1,172 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info linux-mod multilib + +DESCRIPTION="extensions not yet accepted in the main kernel/iptables (patch-o-matic(-ng) successor)" +HOMEPAGE="http://xtables-addons.sourceforge.net/" +SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="modules" + +MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark echo dnetmap dhcpmac delude checksum chaos account" + +for mod in ${MODULES}; do + IUSE="${IUSE} xtables_addons_${mod}" +done + +DEPEND=">=net-firewall/iptables-1.4.5" + +RDEPEND="${DEPEND} + xtables_addons_geoip? ( + app-arch/unzip + dev-perl/Text-CSV_XS + virtual/perl-Getopt-Long + ) +" + +DEPEND="${DEPEND} + virtual/linux-sources" + +SKIP_MODULES="" + +# XA_kernel_check tee "2 6 32" +XA_check4internal_module() { + local mod=${1} + local version=${2} + local kconfigname=${3} + + if use xtables_addons_${mod} && kernel_is -gt ${version}; then + ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." + if ! linux_chkconfig_present ${kconfigname}; then + ewarn "Please enable ${kconfigname} target in your kernel + configuration or disable checksum module in ${PN}." + fi + # SKIP_MODULES in case we need to disable building of everything + # like having this USE disabled + SKIP_MODULES+=" ${mod}" + fi +} + +pkg_setup() { + if use modules; then + get_version + check_modules_supported + CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" + ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" + linux-mod_pkg_setup + + if ! linux_chkconfig_present IPV6; then + SKIP_IPV6_MODULES="ip6table_rawpost" + ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" + fi + kernel_is -lt 2 6 32 && die "${PN} requires kernel version >= 2.6.32" + kernel_is -ge 3 7 && die "${PN} requires kernel version < 3.7" + XA_check4internal_module tee "2 6 35" NETFILTER_XT_TARGET_TEE + XA_check4internal_module checksum "2 6 36" NETFILTER_XT_TARGET_CHECKSUM + fi +} + +# Helper for maintainer: cheks if all possible MODULES are listed. +XA_qa_check() { + local all_modules + all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") + if [[ ${all_modules} != ${MODULES} ]]; then + ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." + ewarn "Please, update MODULES in ebuild." + ewarn "'${all_modules}'" + fi +} + +# Is there any use flag set? +XA_has_something_to_build() { + local mod + for mod in ${MODULES}; do + use xtables_addons_${mod} && return + done + + eerror "All modules are disabled. What do you want me to build?" + eerror "Please, set XTABLES_ADDONS to any combination of" + eerror "${MODULES}" + die "All modules are disabled." +} + +# Parse Kbuid files and generates list of sources +XA_get_module_name() { + [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." + local mod objdir build_mod sources_list + mod=${1} + objdir=${S}/extensions + # Take modules name from mconfig + build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") + # strip .o, = and everything before = and print + sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + + if [[ -d ${S}/extensions/${sources_list} ]]; then + objdir=${S}/extensions/${sources_list} + sources_list=$(sed -n "/^obj-m/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + fi + for mod_src in ${sources_list}; do + has ${mod_src} ${SKIP_IPV6_MODULES} || \ + echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" + done +} + +src_prepare() { + XA_qa_check + XA_has_something_to_build + + local mod module_name + if use modules; then + MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" + fi + for mod in ${MODULES}; do + if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then + sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die + if use modules; then + for module_name in $(XA_get_module_name ${mod}); do + MODULE_NAMES+=" ${module_name}" + done + fi + else + sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die + fi + done + einfo "${MODULE_NAMES}" # for debugging + + sed -e 's/depmod -a/true/' -i Makefile.in || die + sed -e '/^all-local:/{s: modules::}' \ + -e '/^install-exec-local:/{s: modules_install::}' \ + -i extensions/Makefile.in || die + + use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in +} + +src_configure() { + set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile + econf --prefix="${EPREFIX}/" \ + --libexecdir="${EPREFIX}/$(get_libdir)/" \ + --with-kbuild="${KV_DIR}" +} + +src_compile() { + emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 + use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile +} + +src_install() { + emake DESTDIR="${D}" install + use modules && linux-mod_src_install + dodoc -r README doc/* + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' +} diff --git a/net-firewall/xtables-addons/xtables-addons-2.1.ebuild b/net-firewall/xtables-addons/xtables-addons-2.1.ebuild new file mode 100644 index 000000000000..8dd31bcb76cb --- /dev/null +++ b/net-firewall/xtables-addons/xtables-addons-2.1.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info linux-mod multilib + +DESCRIPTION="extensions not yet accepted in the main kernel/iptables (patch-o-matic(-ng) successor)" +HOMEPAGE="http://xtables-addons.sourceforge.net/" +SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="modules" + +MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq steal rawnat logmark ipmark echo dnetmap dhcpmac delude chaos account" + +for mod in ${MODULES}; do + IUSE="${IUSE} xtables_addons_${mod}" +done + +DEPEND=">=net-firewall/iptables-1.4.5" + +RDEPEND="${DEPEND} + xtables_addons_geoip? ( + app-arch/unzip + dev-perl/Text-CSV_XS + virtual/perl-Getopt-Long + ) +" + +DEPEND="${DEPEND} + virtual/linux-sources" + +SKIP_MODULES="" + +# XA_kernel_check tee "2 6 32" +XA_check4internal_module() { + local mod=${1} + local version=${2} + local kconfigname=${3} + + if use xtables_addons_${mod} && kernel_is -gt ${version}; then + ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." + if ! linux_chkconfig_present ${kconfigname}; then + ewarn "Please enable ${kconfigname} target in your kernel + configuration or disable checksum module in ${PN}." + fi + # SKIP_MODULES in case we need to disable building of everything + # like having this USE disabled + SKIP_MODULES+=" ${mod}" + fi +} + +pkg_setup() { + if use modules; then + get_version + check_modules_supported + CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" + ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" + linux-mod_pkg_setup + + if ! linux_chkconfig_present IPV6; then + SKIP_IPV6_MODULES="ip6table_rawpost" + ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" + fi + kernel_is -lt 3 7 && die "${P} requires kernel version >= 3.7, if you have older kernel please use 1.x version instead" + fi +} + +# Helper for maintainer: cheks if all possible MODULES are listed. +XA_qa_check() { + local all_modules + all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") + if [[ ${all_modules} != ${MODULES} ]]; then + ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." + ewarn "Please, update MODULES in ebuild." + ewarn "'${all_modules}'" + fi +} + +# Is there any use flag set? +XA_has_something_to_build() { + local mod + for mod in ${MODULES}; do + use xtables_addons_${mod} && return + done + + eerror "All modules are disabled. What do you want me to build?" + eerror "Please, set XTABLES_ADDONS to any combination of" + eerror "${MODULES}" + die "All modules are disabled." +} + +# Parse Kbuid files and generates list of sources +XA_get_module_name() { + [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." + local mod objdir build_mod sources_list + mod=${1} + objdir=${S}/extensions + # Take modules name from mconfig + build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") + # strip .o, = and everything before = and print + sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + + if [[ -d ${S}/extensions/${sources_list} ]]; then + objdir=${S}/extensions/${sources_list} + sources_list=$(sed -n "/^obj-m/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + fi + for mod_src in ${sources_list}; do + has ${mod_src} ${SKIP_IPV6_MODULES} || \ + echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" + done +} + +src_prepare() { + XA_qa_check + XA_has_something_to_build + + local mod module_name + if use modules; then + MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" + fi + for mod in ${MODULES}; do + if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then + sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die + if use modules; then + for module_name in $(XA_get_module_name ${mod}); do + MODULE_NAMES+=" ${module_name}" + done + fi + else + sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die + fi + done + einfo "${MODULE_NAMES}" # for debugging + + sed -e 's/depmod -a/true/' -i Makefile.in || die + sed -e '/^all-local:/{s: modules::}' \ + -e '/^install-exec-local:/{s: modules_install::}' \ + -i extensions/Makefile.in || die + + use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in +} + +src_configure() { + set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile + econf --prefix="${EPREFIX}/" \ + --libexecdir="${EPREFIX}/$(get_libdir)/" \ + --with-kbuild="${KV_DIR}" +} + +src_compile() { + emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 + use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile +} + +src_install() { + emake DESTDIR="${D}" install + use modules && linux-mod_src_install + dodoc -r README doc/* + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' +} diff --git a/net-firewall/xtables-addons/xtables-addons-2.3.ebuild b/net-firewall/xtables-addons/xtables-addons-2.3.ebuild new file mode 100644 index 000000000000..90f36635298b --- /dev/null +++ b/net-firewall/xtables-addons/xtables-addons-2.3.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info linux-mod multilib + +DESCRIPTION="extensions not yet accepted in the main kernel/iptables (patch-o-matic(-ng) successor)" +HOMEPAGE="http://xtables-addons.sourceforge.net/" +SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="modules" + +MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq steal rawnat logmark ipmark echo dnetmap dhcpmac delude chaos account" + +for mod in ${MODULES}; do + IUSE="${IUSE} xtables_addons_${mod}" +done + +DEPEND=">=net-firewall/iptables-1.4.5" + +RDEPEND="${DEPEND} + xtables_addons_geoip? ( + app-arch/unzip + dev-perl/Text-CSV_XS + virtual/perl-Getopt-Long + ) +" + +DEPEND="${DEPEND} + virtual/linux-sources" + +SKIP_MODULES="" + +# XA_kernel_check tee "2 6 32" +XA_check4internal_module() { + local mod=${1} + local version=${2} + local kconfigname=${3} + + if use xtables_addons_${mod} && kernel_is -gt ${version}; then + ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." + if ! linux_chkconfig_present ${kconfigname}; then + ewarn "Please enable ${kconfigname} target in your kernel + configuration or disable checksum module in ${PN}." + fi + # SKIP_MODULES in case we need to disable building of everything + # like having this USE disabled + SKIP_MODULES+=" ${mod}" + fi +} + +pkg_setup() { + if use modules; then + get_version + check_modules_supported + CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" + ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" + linux-mod_pkg_setup + + if ! linux_chkconfig_present IPV6; then + SKIP_IPV6_MODULES="ip6table_rawpost" + ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" + fi + kernel_is -lt 3 7 && die "${P} requires kernel version >= 3.7, if you have older kernel please use 1.x version instead" + fi +} + +# Helper for maintainer: cheks if all possible MODULES are listed. +XA_qa_check() { + local all_modules + all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") + if [[ ${all_modules} != ${MODULES} ]]; then + ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." + ewarn "Please, update MODULES in ebuild." + ewarn "'${all_modules}'" + fi +} + +# Is there any use flag set? +XA_has_something_to_build() { + local mod + for mod in ${MODULES}; do + use xtables_addons_${mod} && return + done + + eerror "All modules are disabled. What do you want me to build?" + eerror "Please, set XTABLES_ADDONS to any combination of" + eerror "${MODULES}" + die "All modules are disabled." +} + +# Parse Kbuid files and generates list of sources +XA_get_module_name() { + [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." + local mod objdir build_mod sources_list + mod=${1} + objdir=${S}/extensions + # Take modules name from mconfig + build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") + # strip .o, = and everything before = and print + sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + + if [[ -d ${S}/extensions/${sources_list} ]]; then + objdir=${S}/extensions/${sources_list} + sources_list=$(sed -n "/^obj-m/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + fi + for mod_src in ${sources_list}; do + has ${mod_src} ${SKIP_IPV6_MODULES} || \ + echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" + done +} + +src_prepare() { + XA_qa_check + XA_has_something_to_build + + local mod module_name + if use modules; then + MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" + fi + for mod in ${MODULES}; do + if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then + sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die + if use modules; then + for module_name in $(XA_get_module_name ${mod}); do + MODULE_NAMES+=" ${module_name}" + done + fi + else + sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die + fi + done + einfo "${MODULE_NAMES}" # for debugging + + sed -e 's/depmod -a/true/' -i Makefile.in || die + sed -e '/^all-local:/{s: modules::}' \ + -e '/^install-exec-local:/{s: modules_install::}' \ + -i extensions/Makefile.in || die + + use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in +} + +src_configure() { + set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile + econf --prefix="${EPREFIX}/" \ + --libexecdir="${EPREFIX}/$(get_libdir)/" \ + --with-kbuild="${KV_DIR}" +} + +src_compile() { + emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 + use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile +} + +src_install() { + emake DESTDIR="${D}" install + use modules && linux-mod_src_install + dodoc -r README doc/* + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' +} diff --git a/net-firewall/xtables-addons/xtables-addons-2.6.ebuild b/net-firewall/xtables-addons/xtables-addons-2.6.ebuild new file mode 100644 index 000000000000..940e6ebf010f --- /dev/null +++ b/net-firewall/xtables-addons/xtables-addons-2.6.ebuild @@ -0,0 +1,188 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info linux-mod multilib + +DESCRIPTION="extensions not yet accepted in the main kernel/iptables (patch-o-matic(-ng) successor)" +HOMEPAGE="http://xtables-addons.sourceforge.net/" +SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="modules" + +MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq logmark ipmark echo dnetmap dhcpmac delude chaos account" + +for mod in ${MODULES}; do + IUSE="${IUSE} xtables_addons_${mod}" +done + +DEPEND=">=net-firewall/iptables-1.4.5" + +RDEPEND="${DEPEND} + xtables_addons_geoip? ( + app-arch/unzip + dev-perl/Text-CSV_XS + virtual/perl-Getopt-Long + ) +" + +DEPEND="${DEPEND} + virtual/linux-sources" + +SKIP_MODULES="" + +# XA_kernel_check tee "2 6 32" +XA_check4internal_module() { + local mod=${1} + local version=${2} + local kconfigname=${3} + + if use xtables_addons_${mod} && kernel_is -gt ${version}; then + ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." + if ! linux_chkconfig_present ${kconfigname}; then + ewarn "Please enable ${kconfigname} target in your kernel + configuration or disable checksum module in ${PN}." + fi + # SKIP_MODULES in case we need to disable building of everything + # like having this USE disabled + SKIP_MODULES+=" ${mod}" + fi +} + +pkg_setup() { + if use modules; then + get_version + check_modules_supported + CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" + ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" + linux-mod_pkg_setup + + if ! linux_chkconfig_present IPV6; then + SKIP_IPV6_MODULES="ip6table_rawpost" + ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" + fi + kernel_is -lt 3 7 && die "${P} requires kernel version >= 3.7, if you have older kernel please use 1.x version instead" + fi +} + +# Helper for maintainer: cheks if all possible MODULES are listed. +XA_qa_check() { + local all_modules + all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") + if [[ ${all_modules} != ${MODULES} ]]; then + ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." + ewarn "Please, update MODULES in ebuild." + ewarn "'${all_modules}'" + fi +} + +# Is there any use flag set? +XA_has_something_to_build() { + local mod + for mod in ${MODULES}; do + use xtables_addons_${mod} && return + done + + eerror "All modules are disabled. What do you want me to build?" + eerror "Please, set XTABLES_ADDONS to any combination of" + eerror "${MODULES}" + die "All modules are disabled." +} + +# Parse Kbuid files and generates list of sources +XA_get_module_name() { + [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." + local mod objdir build_mod sources_list + mod=${1} + objdir=${S}/extensions + # Take modules name from mconfig + build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") + # strip .o, = and everything before = and print + sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + + if [[ -d ${S}/extensions/${sources_list} ]]; then + objdir=${S}/extensions/${sources_list} + sources_list=$(sed -n "/^obj-m/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + fi + for mod_src in ${sources_list}; do + has ${mod_src} ${SKIP_IPV6_MODULES} || \ + echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" + done +} + +# Die on modules known to fail on certain kernel version. +XA_known_failure() { + local module_name=$1 + local KV_max=$2 + + if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then + eerror + eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above." + eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel." + eerror + die + fi +} + +src_prepare() { + XA_qa_check + XA_has_something_to_build + + # Bug #553630#c0. tarpit fails on linux-4.1 and above. + # Bug #553630#c2. echo fails on linux-4 and above. + XA_known_failure "tarpit" 4.1 + XA_known_failure "echo" 4 + + local mod module_name + if use modules; then + MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" + fi + for mod in ${MODULES}; do + if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then + sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die + if use modules; then + for module_name in $(XA_get_module_name ${mod}); do + MODULE_NAMES+=" ${module_name}" + done + fi + else + sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die + fi + done + einfo "${MODULE_NAMES}" # for debugging + + sed -e 's/depmod -a/true/' -i Makefile.in || die + sed -e '/^all-local:/{s: modules::}' \ + -e '/^install-exec-local:/{s: modules_install::}' \ + -i extensions/Makefile.in || die + + use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in +} + +src_configure() { + set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile + econf --prefix="${EPREFIX}/" \ + --libexecdir="${EPREFIX}/$(get_libdir)/" \ + --with-kbuild="${KV_DIR}" +} + +src_compile() { + emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 + use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile +} + +src_install() { + emake DESTDIR="${D}" install + use modules && linux-mod_src_install + dodoc -r README doc/* + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' +} diff --git a/net-firewall/xtables-addons/xtables-addons-2.7.ebuild b/net-firewall/xtables-addons/xtables-addons-2.7.ebuild new file mode 100644 index 000000000000..936d85ab58a9 --- /dev/null +++ b/net-firewall/xtables-addons/xtables-addons-2.7.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info linux-mod multilib + +DESCRIPTION="extensions not yet accepted in the main kernel/iptables (patch-o-matic(-ng) successor)" +HOMEPAGE="http://xtables-addons.sourceforge.net/" +SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="modules" + +MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq logmark ipmark echo dnetmap dhcpmac delude chaos account" + +for mod in ${MODULES}; do + IUSE="${IUSE} xtables_addons_${mod}" +done + +DEPEND=">=net-firewall/iptables-1.4.5" + +RDEPEND="${DEPEND} + xtables_addons_geoip? ( + app-arch/unzip + dev-perl/Text-CSV_XS + virtual/perl-Getopt-Long + ) +" + +DEPEND="${DEPEND} + virtual/linux-sources" + +SKIP_MODULES="" + +# XA_kernel_check tee "2 6 32" +XA_check4internal_module() { + local mod=${1} + local version=${2} + local kconfigname=${3} + + if use xtables_addons_${mod} && kernel_is -gt ${version}; then + ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." + if ! linux_chkconfig_present ${kconfigname}; then + ewarn "Please enable ${kconfigname} target in your kernel + configuration or disable checksum module in ${PN}." + fi + # SKIP_MODULES in case we need to disable building of everything + # like having this USE disabled + SKIP_MODULES+=" ${mod}" + fi +} + +pkg_setup() { + if use modules; then + get_version + check_modules_supported + CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" + ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" + linux-mod_pkg_setup + + if ! linux_chkconfig_present IPV6; then + SKIP_IPV6_MODULES="ip6table_rawpost" + ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" + fi + kernel_is -lt 3 7 && die "${P} requires kernel version >= 3.7, if you have older kernel please use 1.x version instead" + fi +} + +# Helper for maintainer: cheks if all possible MODULES are listed. +XA_qa_check() { + local all_modules + all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") + if [[ ${all_modules} != ${MODULES} ]]; then + ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." + ewarn "Please, update MODULES in ebuild." + ewarn "'${all_modules}'" + fi +} + +# Is there any use flag set? +XA_has_something_to_build() { + local mod + for mod in ${MODULES}; do + use xtables_addons_${mod} && return + done + + eerror "All modules are disabled. What do you want me to build?" + eerror "Please, set XTABLES_ADDONS to any combination of" + eerror "${MODULES}" + die "All modules are disabled." +} + +# Parse Kbuid files and generates list of sources +XA_get_module_name() { + [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." + local mod objdir build_mod sources_list + mod=${1} + objdir=${S}/extensions + # Take modules name from mconfig + build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") + # strip .o, = and everything before = and print + sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + + if [[ -d ${S}/extensions/${sources_list} ]]; then + objdir=${S}/extensions/${sources_list} + sources_list=$(sed -n "/^obj-m/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + fi + for mod_src in ${sources_list}; do + has ${mod_src} ${SKIP_IPV6_MODULES} || \ + echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" + done +} + +# Die on modules known to fail on certain kernel version. +XA_known_failure() { + local module_name=$1 + local KV_max=$2 + + if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then + eerror + eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above." + eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel." + eerror + die + fi +} + +src_prepare() { + XA_qa_check + XA_has_something_to_build + + # Bug #553630#c2. echo fails on linux-4 and above. + XA_known_failure "echo" 4 + + local mod module_name + if use modules; then + MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" + fi + for mod in ${MODULES}; do + if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then + sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die + if use modules; then + for module_name in $(XA_get_module_name ${mod}); do + MODULE_NAMES+=" ${module_name}" + done + fi + else + sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die + fi + done + einfo "${MODULE_NAMES}" # for debugging + + sed -e 's/depmod -a/true/' -i Makefile.in || die + sed -e '/^all-local:/{s: modules::}' \ + -e '/^install-exec-local:/{s: modules_install::}' \ + -i extensions/Makefile.in || die + + use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in +} + +src_configure() { + set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile + econf --prefix="${EPREFIX}/" \ + --libexecdir="${EPREFIX}/$(get_libdir)/" \ + --with-kbuild="${KV_DIR}" +} + +src_compile() { + emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 + use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile +} + +src_install() { + emake DESTDIR="${D}" install + use modules && linux-mod_src_install + dodoc -r README doc/* + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' +} |