diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-firewall |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-firewall')
233 files changed, 12344 insertions, 0 deletions
diff --git a/net-firewall/arno-iptables-firewall/Manifest b/net-firewall/arno-iptables-firewall/Manifest new file mode 100644 index 000000000000..e0631c966839 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/Manifest @@ -0,0 +1,8 @@ +AUX arno-iptables-firewall 404 SHA256 01f07c4609b02d3efeb3e0f3eb1025ca767efd170d2102a7839776d57aff8470 SHA512 3491c556150ac4c39447f17cb48caa2542c42c632d960f604ccdd475cbec239b8fec8523606c146427e644a929b2c5522f3c21a47712fd67880ac3815d3ab983 WHIRLPOOL d9f5823f7e393eaa3721bdd7b0770225bdbbe68b4d83ffbee21b660502435c9dc714539f6225434814a60797bc6c5955dd5ca524b07b33cd939b404daca5bd2f +DIST arno-iptables-firewall_2.0.1e.tar.gz 126238 SHA256 fa7b865e5d9b8e077cba73b2f28695a2fd691092a0a7f9e1c16ee369fc27fe43 SHA512 244b3bbf08b2d97128908aece487388bb71ced002cc129885144f4eacf9cf6053c9eb1225a1cd33fdefc502f1e6822a85710d35a7884e99cfde35d34f3fd4f70 WHIRLPOOL f6c1b5ade8b4acdcc4c8e90e19a84335c3932d2a58bbba2221a91b7cbd228c4d6072af6e21836314d86ef005780b47c5ce85198219b345116af529178e2133c1 +DIST arno-iptables-firewall_2.0.1f-rc1.tar.gz 129834 SHA256 84f3e96bb85dbcad2916922d537aa0f188df59ece7ea9d9c0f669468938713e0 SHA512 cf7c2f97e74e01be48a8206be3116156740dfd2022df957651b587de1492157363249c067a778209c1e239f53c30426c32e6b1f901949c37ab2b5d690542d620 WHIRLPOOL 969e09b206cf1e132e93151461297fdb3b40ba849b4b4c9ff9e2ef8095526e4e8340b348e2bc97cfe9838b7de3f42cb1acae7c21d6261dcab5392e26ba81afc4 +EBUILD arno-iptables-firewall-2.0.1e.ebuild 2345 SHA256 7e600bd1113962306d859d13783e9c0e1582c99f5c056431e88ce8240abb6d23 SHA512 9392101cb729e11ed1aaa688b96489241cfe4d9e08038b787a6793f292ca9f2c5fe0c03e93f87a6f8c1bac9ef191bb92ca28a41598165762ee9a0ad20263033b WHIRLPOOL fac7ed2a4974003e2febb9fa34540a9017ba90883f4140dccaa8e19a63e920f6a3f20fb931eb08dfbcee275068d69cfac9d432fe86afc47e2538b7a539d0581e +EBUILD arno-iptables-firewall-2.0.1f_rc1.ebuild 2382 SHA256 db684215795e22c26e4fb8325a75e251d1b183eb0f30cccd0ed8d42b9e24453a SHA512 ffa821cda34330f02d5973d40959def681690afcb5c8f0f3352459bf3a35027ff8c1528cda612bef66d9f9b471c121721d47182aca8f5aaeb9333be44a299240 WHIRLPOOL aad21b976f28e9977fb0bb0585370b6fcaf7124aa5290b9f9846a2d574b5d78c890306302bff8d7c781ea0d2081480d80cc0da96f48b06903320d10c3eddf05e +MISC ChangeLog 3738 SHA256 947a905c567c2c50745ac2eb9c378a783c6decbfa4df7786fe7a0cc869d42e76 SHA512 1bbb1d3bae3c2999e1885df3f794ef02b6b0c9202e76c8c332536b1b6cd6fd6154fc16436c640eef27380f8511099820adaab4813b674d006e8b934f3e22bc0b WHIRLPOOL 25603cbad72eb1200824b4ad38d71943b1183bf91b6a630f95960bd635b8ce55edfcbeb315d8f91841879bef51d571aa24dbc179c23cb57aaf903fc0f39e54e8 +MISC ChangeLog-2015 3027 SHA256 03a97849c92cbddd77ca2d61d5692685fd617844d888c5d974262c1333e5e3ac SHA512 135c97f3f8860ba52ac35b2f4d9a3c5101661ca6f9612222747a8f517cb42e190a4ef498835928f85d1b81b3762cbffa4b6ed2f87fc16432a457a1da3a5cdee6 WHIRLPOOL b9594525173419640948b75900726dab052bbff0e10c8e57002a6e98aba5a988921c2d8c11e92e64e7a9a5f030bcf99b2c6f1aaa30d510dd6508abb9afb855d4 +MISC metadata.xml 423 SHA256 42e239edd5085c07bbea7adc06f774a8f94c412410198ebe1bf66828f1ec8737 SHA512 4d3402711020fd7ddecf5eae405bf4f72246347ea887f2f803c317c8b2d94ff830f68cf39e97526522f2d30845d95319e117efd49f06f685c046d0752c67546a WHIRLPOOL 29d07382af50d5fc0cfedcfa7515d899fd2f5b82faaf600c72d97567eae862f9241da364f0e4a738a415db4f5103debfbadd3f0c1ac094ad79563a4999ef3a3d diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild new file mode 100644 index 000000000000..4d1cd0080b77 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1e.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit readme.gentoo systemd + +DESCRIPTION="Arno's iptables firewall script" +HOMEPAGE="http://rocky.eld.leidenuniv.nl" +SRC_URI="http://rocky.eld.leidenuniv.nl/${PN}/${PN}_${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="+plugins" + +# sys-apps/coreutils dependency wrt +# https://bugs.gentoo.org/show_bug.cgi?id=448716 + +DEPEND="" +RDEPEND="net-firewall/iptables + || ( <sys-apps/coreutils-8.20 >sys-apps/coreutils-8.20-r1 ) + sys-apps/iproute2 + plugins? ( net-dns/bind-tools )" + +S="${WORKDIR}/${PN}_${PV}" + +DISABLE_AUTOFORMATTING="yes" +DOC_CONTENTS="You will need to configure /etc/${PN}/firewall.conf +before using this package. To start the script, run: + +/etc/init.d/${PN} start (for OpenRC) +systemctl start ${PN} (for systemd) + +If you want to start this script at boot, run: + +rc-update add ${PN} default (for OpenRC) +systemctl enable ${PN} (for systemd)" + +src_prepare() { + sed -i -e 's:/usr/local/share/:/usr/libexec/:' \ + etc/"${PN}"/firewall.conf || die "Sed failed!" + sed -i -e 's:/usr/local/sbin/:/usr/sbin/:' \ + lib/systemd/system/"${PN}.service" || die "Sed failed!" +} + +src_install() { + insinto /etc/"${PN}" + doins etc/"${PN}"/firewall.conf + doins etc/"${PN}"/custom-rules + + doinitd "${FILESDIR}/${PN}" + systemd_dounit lib/systemd/system/"${PN}.service" + + dobin bin/arno-fwfilter + dosbin bin/"${PN}" + + insinto /usr/libexec/"${PN}" + doins share/"${PN}"/environment + + dodoc CHANGELOG README + readme.gentoo_create_doc + + if use plugins + then + insinto /etc/"${PN}"/plugins + doins etc/"${PN}"/plugins/* + + insinto /usr/libexec/"${PN}"/plugins + doins share/"${PN}"/plugins/*.plugin + + exeinto /usr/libexec/"${PN}"/plugins + doexe share/"${PN}"/plugins/dyndns-host-open-helper + doexe share/"${PN}"/plugins/traffic-accounting-helper + doexe share/"${PN}"/plugins/traffic-accounting-log-rotate + doexe share/"${PN}"/plugins/traffic-accounting-show + + docinto plugins + dodoc share/"${PN}"/plugins/*.CHANGELOG + fi + + doman share/man/man1/arno-fwfilter.1 \ + share/man/man8/"${PN}".8 +} + +pkg_postinst () { + ewarn "When you stop this script, all firewall rules are flushed!" + ewarn "Make sure to not use multiple firewall scripts simultaneously" + ewarn "unless you know what you are doing!" + readme.gentoo_print_elog +} diff --git a/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1f_rc1.ebuild b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1f_rc1.ebuild new file mode 100644 index 000000000000..6ed34cb59a3b --- /dev/null +++ b/net-firewall/arno-iptables-firewall/arno-iptables-firewall-2.0.1f_rc1.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit readme.gentoo systemd versionator + +DESCRIPTION="Arno's iptables firewall script" +HOMEPAGE="http://rocky.eld.leidenuniv.nl" + +MY_PV=$(replace_version_separator 3 -) +SRC_URI="http://rocky.eld.leidenuniv.nl/${PN}/${PN}_${MY_PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+plugins" + +# sys-apps/coreutils dependency wrt +# https://bugs.gentoo.org/show_bug.cgi?id=448716 + +DEPEND="" +RDEPEND="net-firewall/iptables + >sys-apps/coreutils-8.20-r1 + sys-apps/iproute2 + plugins? ( net-dns/bind-tools )" + +S="${WORKDIR}/${PN}_${MY_PV/rc/RC}" + +DISABLE_AUTOFORMATTING="yes" +DOC_CONTENTS="You will need to configure /etc/${PN}/firewall.conf +before using this package. To start the script, run: + +/etc/init.d/${PN} start (for OpenRC) +systemctl start ${PN} (for systemd) + +If you want to start this script at boot, run: + +rc-update add ${PN} default (for OpenRC) +systemctl enable ${PN} (for systemd)" + +src_prepare() { + sed -i -e 's:/usr/local/share/:/usr/libexec/:' \ + etc/"${PN}"/firewall.conf || die "Sed failed!" + sed -i -e 's:/usr/local/sbin/:/usr/sbin/:' \ + lib/systemd/system/"${PN}.service" || die "Sed failed!" +} + +src_install() { + insinto /etc/"${PN}" + doins etc/"${PN}"/firewall.conf + doins etc/"${PN}"/custom-rules + + doinitd "${FILESDIR}/${PN}" + systemd_dounit lib/systemd/system/"${PN}.service" + + dobin bin/arno-fwfilter + dosbin bin/"${PN}" + + insinto /usr/libexec/"${PN}" + doins share/"${PN}"/environment + + dodoc CHANGELOG README + readme.gentoo_create_doc + + if use plugins + then + insinto /etc/"${PN}"/plugins + doins etc/"${PN}"/plugins/* + + insinto /usr/libexec/"${PN}"/plugins + doins share/"${PN}"/plugins/*.plugin + + exeinto /usr/libexec/"${PN}"/plugins + doexe share/"${PN}"/plugins/dyndns-host-open-helper + doexe share/"${PN}"/plugins/traffic-accounting-helper + doexe share/"${PN}"/plugins/traffic-accounting-log-rotate + doexe share/"${PN}"/plugins/traffic-accounting-show + + docinto plugins + dodoc share/"${PN}"/plugins/*.CHANGELOG + fi + + doman share/man/man1/arno-fwfilter.1 \ + share/man/man8/"${PN}".8 +} + +pkg_postinst () { + ewarn "When you stop this script, all firewall rules are flushed!" + ewarn "Make sure to not use multiple firewall scripts simultaneously" + ewarn "unless you know what you are doing!" + readme.gentoo_print_elog +} diff --git a/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall new file mode 100644 index 000000000000..40e32a9d8de0 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/files/arno-iptables-firewall @@ -0,0 +1,27 @@ +#!/sbin/openrc-run +command=/usr/sbin/arno-iptables-firewall +description="Single- & multi-homed firewall script with DSL/ADSL support" + +extra_started_commands="reload" +description_reload="Reload blocked hosts (blackhole) file" + +depend() { + before net + use logger +} + +start() { + ${command} start +} + +stop() { + ${command} stop +} + +restart() { + ${command} restart +} + +reload() { + ${command} force-reload +} diff --git a/net-firewall/arno-iptables-firewall/metadata.xml b/net-firewall/arno-iptables-firewall/metadata.xml new file mode 100644 index 000000000000..46b4fd2b7b23 --- /dev/null +++ b/net-firewall/arno-iptables-firewall/metadata.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>erkiferenc@gmail.com</email> + <name>Ferenc Erki</name> +</maintainer> +<maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> +</maintainer> +<use> + <flag name="plugins">Install optional plugins</flag> +</use> +</pkgmetadata> diff --git a/net-firewall/arptables/Manifest b/net-firewall/arptables/Manifest new file mode 100644 index 000000000000..fe38f4fa663e --- /dev/null +++ b/net-firewall/arptables/Manifest @@ -0,0 +1,11 @@ +AUX arptables-0.0.3.4-arptables_save.patch 893 SHA256 af4559f04a3bbf4f5d40237658871e3cc2f57a6a6ccfdc9d995aa3a0db358770 SHA512 eb0c76d754a5370ab5967e4fcc3544d9dd72f16692c50a399177da57600eb28d4fe9bed5f510b6f23f18db3775433b399b09c679275b93c3fbabc77d81f550b1 WHIRLPOOL 8c19705b95749de2f85b0b6a31677e764162b0ea68ef1f64173009cec642c7a6dcd90507652ab8084d58659ad8815400be55a4f5b419b3e7b0c8ca383fbdc4c7 +AUX arptables-0.0.3.4-ldflags.patch 372 SHA256 76a224ca0c93722f299e5309d708fd69a253edf496c1bfc87be6a55c6d61a55f SHA512 7620d7f16c0a2d25070f32222935db49d2a8fd675612af72b5bea18a6b0db42cf30f4a854f2f5c2f1185e1fd5f7780ddd3e2d7d4eb335ddf24a53318f490bd06 WHIRLPOOL a3fb169227cb73dcf354ef5127e2d26ea50850eb7f9fb610b914954c28a1a1fce12566ff794a30a4b1b44550c26ea1fd9e7a3aee17c41f0e586ee7c445cd1456 +AUX arptables-0.0.3.4-manpage.patch 447 SHA256 b4d9014f2c1619dfb23e7d992b94ca94ff3e7d34a1e044d978a79c0d65e39c25 SHA512 72860d0f7b33e42bdfe1470399391eb64a3d5543b6b071aab1c9c428f7e56e7a0f115d82c1f5a57f5d324a13b1d58a23adc8a656a8c4f1d4a71a5d0810b5802f WHIRLPOOL 9b4c49e63b38f9d123e74957c365023edddd93f22dae181ba379785795f24293f0a827d8df65b089536ec1b65950d87f176b009a78100aeeb4600eb55ebbf153 +AUX arptables-0.0.3.4-type.patch 935 SHA256 70c48ecef90b4509859c8e200f5155a9335325be04b00aadc962c74fe73b3817 SHA512 4e87cac250cf6b23c54bf9d6b09360300e803cbb76ebb30d166525a6a1069b67eddb46e73d21be18926b2222386a5fee4ef249dff2fba9b03e1b40c2e64681ae WHIRLPOOL 0af3a2d1818a0dc0d9c979b93a413b2c3b7476cf742c99059a01f9059822e0d88b6b590a037eeeb980a403b5fd1a31defe5e5583acec0df9dc450269552c1b16 +DIST arptables-v0.0.3-4.tar.gz 44335 SHA256 e529fd465c67d69ad335299a043516e6b38cdcd337a5ed21718413e96073f928 SHA512 a566b6df5c4b22c9c15d22c3801763e640f15b76043123c4ca8db1cc753a20a99b8b7b6dae2f0d9277cc6c49bcb269ba481958bcff3f6a516c7c9d8b553d35b5 WHIRLPOOL a045489531c2eec53cc57b18639291d38fa443a9b4e4539e096fa2afbaaa8585bfa387c4759e0a02d407d76ef0ed87f602b4f847edd49d3be9c1113264e69996 +DIST arptables-v0.0.4.tar.gz 45380 SHA256 277985e29ecd93bd759a58242cad0e02ba9d4a6e1b7795235e3b507661bc0049 SHA512 bd84e93ab5e0a038753aa17dae9e1f48364f2d2b1492dce2edac117e21edd5aa912be7b9e21bf4fb3698031d2f765a75fa067fe10ce20a1c8951ae7efcc5dbbd WHIRLPOOL 6209b2837e22fa1a3ef9d8d090210a8dda7b6199ec58cbdd565e646f24eb499ae4e3d36175e3ed215eb47783f33ae4a02a50e0b7df5aec78a82a6b5e2c7b1660 +EBUILD arptables-0.0.3.4-r2.ebuild 1013 SHA256 bc2e74dd27192a6c73cb9adb49a8cbbe1d4d66c72ea9d282cfd655e63c2d127c SHA512 8855aa2f610f8bdd5931cd0c6a8a78fffc711b49a8eaf34d65a47e4cae6b2a6cd50f94dc727a7cd5e700e56768192811aa42d2e399f17e0f8e1f61b93d37d83d WHIRLPOOL 4f68dff85b1c31a5021e2075bf738b7aa2bc50d53d441cf87f2d86dc72a5e665646d2fc25375d311046dd8bb78ab49326ad8c42526d3a70ef6e97953d6270f82 +EBUILD arptables-0.0.4.ebuild 770 SHA256 a7817f3d182f579c823de6152f5e9a46ed50a0f3af45ec747a1a394fd0ac0893 SHA512 d30b3fe8d8efd0ac7acf386817a472a8f5434d31d818fa2272e550cfedf348bc4b6b734ea537d1716ca1da9ea2eecc8778d049df6fe9573594bb1f0371d24cd2 WHIRLPOOL 6f6ea9fb68860c9c821fea3e1b8f196a5c486e713dae2fa3b8caa79955539b4a3f7f64ac492d3f7e50a8ee962fe57a559f4355b83fc657f294df6fbdb571fbd5 +MISC ChangeLog 2617 SHA256 11dc26f82e0690b27eb457a84a0aa60e25a6c358c826c5d5b401a772360f5a5d SHA512 94fd1e1deea6d9a19c1ed856ee46718abe743360ce0595ea3ca09cba56a06202a0aad6d0c9c6b0b36562143a170c7b4f515a4328a00676c0e979f8bda49da0f5 WHIRLPOOL 5bbf3edea7693537aaa02ca83b334e2cf0733cb28ea82990993cea48827f84f113b8793f3861d8a52c386c80af90cee57886fd5f687101111bf1430dcb5ad89c +MISC ChangeLog-2015 3523 SHA256 05c93ef906e3b5485c2e416fec98c37e2dda8cc392373c2ccdbc912b0b7a78a5 SHA512 ba6f3b72b12b341c66b4c19e36fad78eea446bf43e9d3737eca36543cfa80c75cc8ada52090a9ed64a91bdb439ad7c85f5cb19fb2cf7ef203546457dce3baa75 WHIRLPOOL 1b9ab576b1534481a8bb3fd399d70e8dd5aea6aaecdf69570366497b3f7aad40c87d2756d430acd67fd256da3fbd0bbed4601f44b171b16b2bbc96c4bb253b71 +MISC metadata.xml 335 SHA256 7097ea8c5b1135b54ae115ec813e4baf4aa5b58b3d4a1253a2df8504654e5c22 SHA512 840c9d22c1e29b4ddfd6b230e293766fb4b6d5cefc9a5839765629fa33adbddbaa3157d12be851e458030406af95c8e3356577fd20c0f876b43153e89ae298df WHIRLPOOL 8bfa066aae800d9ebb86159939ee88e977f689d6e4ec2249fe7bbdf5563203f3b709e3fce7e7eb0aba8add9811e4a54be198dc9472b0be47bb6f0a127bfc519a diff --git a/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild b/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild new file mode 100644 index 000000000000..14b31b9b2647 --- /dev/null +++ b/net-firewall/arptables/arptables-0.0.3.4-r2.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="2" +inherit versionator eutils + +MY_P=${PN}-v$(replace_version_separator 3 - ) + +DESCRIPTION="set up, maintain, and inspect the tables of ARP rules in the Linux kernel" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="mirror://sourceforge/ebtables/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc x86" +IUSE="" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + epatch "${FILESDIR}/${P}-ldflags.patch" + epatch "${FILESDIR}/${P}-arptables_save.patch" + epatch "${FILESDIR}/${P}-manpage.patch" + epatch "${FILESDIR}/${P}-type.patch" +} + +src_compile() { + # -O0 does not work and at least -O2 is required, bug #240752 + emake CC="$(tc-getCC)" COPT_FLAGS="-O2 ${CFLAGS//-O0/-O2}" || die "make failed" + sed -ie 's:__EXEC_PATH__:/sbin:g' arptables-save arptables-restore \ + || die "sed failed" +} + +src_install() { + into / + dosbin arptables arptables-restore arptables-save || die + doman arptables.8 || die +} diff --git a/net-firewall/arptables/arptables-0.0.4.ebuild b/net-firewall/arptables/arptables-0.0.4.ebuild new file mode 100644 index 000000000000..23c063983b07 --- /dev/null +++ b/net-firewall/arptables/arptables-0.0.4.ebuild @@ -0,0 +1,32 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit toolchain-funcs + +MY_P="${PN}-v${PV}" + +DESCRIPTION="set up, maintain, and inspect the tables of ARP rules in the Linux kernel" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +S="${WORKDIR}/${MY_P}" + +src_compile() { + # -O0 does not work and at least -O2 is required, bug #240752 + emake CC="$(tc-getCC)" COPT_FLAGS="-O2 ${CFLAGS//-O0/-O2}" + sed -ie 's:__EXEC_PATH__:/sbin:g' arptables-save arptables-restore \ + || die "sed failed" +} + +src_install() { + into / + dosbin arptables arptables-restore arptables-save + doman arptables.8 +} diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch b/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch new file mode 100644 index 000000000000..a1b60b24ea10 --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-arptables_save.patch @@ -0,0 +1,24 @@ +# Don't resolve host names and don't convert '*' interface names to any. +# Remove '*' interface names. + +diff -urNad arptables-0.0.3.3~/arptables-save arptables-0.0.3.3/arptables-save +--- arptables-0.0.3.3~/arptables-save 2009-08-19 14:17:17.000000000 +0200 ++++ arptables-0.0.3.3/arptables-save 2009-08-19 14:19:58.000000000 +0200 +@@ -35,6 +35,8 @@ + # Due to arptables "issues" with displaying device names + # we need to use -v and then do some processing + $line =~ s/\s,\s.*//; ++ $line =~ s/-i\s\*//; ++ $line =~ s/-o\s\*//; + $rules = $rules . "-A $chain $line\n"; + } + +@@ -47,7 +49,7 @@ + # ======================================================== + + unless (-x "$tool") { print "ERROR: Tool $tool isn't executable"; exit -1; }; +-$table =`$tool -t filter -L -v`; ++$table =`$tool -t filter -L -v -n`; + unless ($? == 0) { print $table; exit -1 }; + &process_table($table); + diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch b/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch new file mode 100644 index 000000000000..b5ced69c504b --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-ldflags.patch @@ -0,0 +1,13 @@ +=== modified file 'Makefile' +--- Makefile 2010-09-15 11:51:49 +0000 ++++ Makefile 2010-09-15 11:52:56 +0000 +@@ -31,7 +31,7 @@ + $(CC) $(CFLAGS) -c -o $@ $< + + arptables: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS) +- $(CC) $(CFLAGS) -o $@ $^ ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ + + $(DESTDIR)$(MANDIR)/man8/arptables.8: arptables.8 + mkdir -p $(@D) + diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch b/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch new file mode 100644 index 000000000000..76295b6d9b5c --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-manpage.patch @@ -0,0 +1,12 @@ +diff -urNad arptables-0.0.3.3~/arptables.8 arptables-0.0.3.3/arptables.8 +--- arptables-0.0.3.3~/arptables.8 2007-08-19 15:04:51.000000000 +0200 ++++ arptables-0.0.3.3/arptables.8 2008-05-08 18:56:35.000000000 +0200 +@@ -22,7 +22,7 @@ + .\" + .\" + .SH NAME +-arptables (v.0.0.3-3) \- ARP table administration ++arptables \- ARP table administration + .SH SYNOPSIS + .BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ] + .br diff --git a/net-firewall/arptables/files/arptables-0.0.3.4-type.patch b/net-firewall/arptables/files/arptables-0.0.3.4-type.patch new file mode 100644 index 000000000000..851bf0ee247f --- /dev/null +++ b/net-firewall/arptables/files/arptables-0.0.3.4-type.patch @@ -0,0 +1,17 @@ +# Patch from Jeroen van Wolffelaar <jeroen@wolffelaar.nl> to make +# arptables --proto-type also accept hexadecimal inputs (ethernet protocol +# numbers are often specfied in hex, not decimal), using standard strtol() +# behaviour (hex iff starts with 0x). + +diff -urNad arptables-0.0.3.3~/arptables.c arptables-0.0.3.3/arptables.c +--- arptables-0.0.3.3~/arptables.c 2007-08-19 15:04:51.000000000 +0200 ++++ arptables-0.0.3.3/arptables.c 2008-05-08 19:16:43.000000000 +0200 +@@ -2039,7 +2039,7 @@ + check_inverse(optarg, &invert, &optind, argc); + set_option(&options, OPT_P_TYPE, &fw.arp.invflags, + invert); +- if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 10)) { ++ if (get16_and_mask(argv[optind - 1], &fw.arp.arpro, &fw.arp.arpro_mask, 0)) { + if (strcasecmp(argv[optind-1], "ipv4")) + exit_error(PARAMETER_PROBLEM, "Problem with specified protocol type"); + fw.arp.arpro = htons(0x800); diff --git a/net-firewall/arptables/metadata.xml b/net-firewall/arptables/metadata.xml new file mode 100644 index 000000000000..808e7b5d8e83 --- /dev/null +++ b/net-firewall/arptables/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">ebtables</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/conntrack-tools/Manifest b/net-firewall/conntrack-tools/Manifest new file mode 100644 index 000000000000..b1acd4345ee3 --- /dev/null +++ b/net-firewall/conntrack-tools/Manifest @@ -0,0 +1,11 @@ +AUX conntrackd.confd-r2 441 SHA256 355f91c830f82343a058060e5dd060f72a940471f43c970d46a5ea63c40987c0 SHA512 3d72d56d44094593f6ff1eac421fe6a4f0d20450ce698c175adf1b18a859b1a24c7120fa60431b2a00da62ae3749c4619106c8e93fb8fc763ceefc26a82d2ed2 WHIRLPOOL d583647cca267234ef942a27159203317391c990b997a139c9251b43788fbcc1284d5e6cf8f15570dc4803d7dae7283a8bc6d4c9ffc76a4710b0de784c3a69ad +AUX conntrackd.initd-r3 2238 SHA256 cd271cebad9a0111d091ada71f60118d6e22fd5b0b3c0bf8b5be3aacf5797e48 SHA512 445c19ad42e92136e9dfd6b7885334075e72971b73ff7178c6bf16a31e0c037f17d9d039394fa8002f0ad5182a353f7c803d3f900e8873b671eecca94ced78fe WHIRLPOOL c3700e30e522d90ef8319728c1968d9c5d8726b759558ed4e71569c1f8e1e18d4744781e3f4d268f9bc895a404c9a261ecca46d68bbfee1ed0c1fad8df8eb024 +DIST conntrack-tools-1.4.2.tar.bz2 472074 SHA256 e5c423dc077f9ca8767eaa6cf40446943905711c6a8fe27f9cc1977d4d6aa11e SHA512 1fed742593caf8bbac96a58df8f7e806d1c0f1dfea8fc601d65aa89b4243b1022949a2bf03ab0ca25994a13e50b3b1ee43a31827e0dc4da1399801ddac623d56 WHIRLPOOL 7405e8b812c98c06bdcdbfea983178f5830001cf247b9a63aac6e19e2497b1bf2bdf8c7c6445dad60f5463eff6cc0ea58d14eca2990b2b3b3f54032daca85572 +DIST conntrack-tools-1.4.3.tar.bz2 487111 SHA256 af3ccc60356cfedf941065fdaaf9cd5e51f3df7484f56858af37106feecf3f57 SHA512 be76a0ddb7470249c58ceab72cb94ffc05f5cc6d740a0755c9c782e948b4234eb1da4f7c7df1f14e4125cca9f12f3b4d2dcd444fe011941952aa3eeb13cb72c3 WHIRLPOOL df6a48e64a79f451b31b3d359fe1657fe68cb2c6cfcc16021dc85c506b81f8375acd8b282bde9e5323beed8008fcead7cad11d1cf6fb465240fbaa0933ae1058 +DIST conntrack-tools-1.4.4.tar.bz2 1010504 SHA256 b7caf4fcc4c03575df57d25e5216584d597fd916c891f191dac616ce68bdba6c SHA512 f53bd620bfd4e854e792416527a3090d883c5f00d1d8365e52ce3ba204218dc431490703985d3fdae44decbcddb24ed610bf81a6a99bd7ea01482f95f71df0f5 WHIRLPOOL ba7c6a917e92651c2fbd23f5839bd42c9ee45dfb1bb12a0949e5610fb72ef5d1aceae0d191604574eee789301576c61b2177b9d1cb5e826f657fe2634f3f99b1 +EBUILD conntrack-tools-1.4.2.ebuild 1938 SHA256 da6e262b2f91ee35e2b6f5231499f4460e8019cce9aaeadf67758eed9205b9b5 SHA512 b7bc4438561d199cba668ebc1ef691ea0a7d737cee8beeeed1c703d479d9161da68f6b2125b9555decda6dd9271955f4c146ff002a3c53a5263db9f7a5a95695 WHIRLPOOL 1c02cf2cace3ee2e30e3f1c0627eddd0a28fda75da59c9fab6590ef36f206deb4006cc88dc6b0f04cdc199a11a988147d7debbd25a662a3fcc1860976adb998c +EBUILD conntrack-tools-1.4.3.ebuild 1935 SHA256 d793d340a15d5f993b3d7ba10299bfa22f62ce7073b4f4f7eaade156e0bfc060 SHA512 80fa97972a0dce17a5c08bae77123ac0931115cc3d36414c3cb959fbe9edba6ee33a659fdf5c83a6f4c8dfeef94584059adce56955040c56ae958c00a31ef448 WHIRLPOOL 6f27859600c680bd87e015b408e23da8559d5d476a8aa4c71e57ba296ff1ac0d603499a2b3e05018c37d27b77f51d88792ef4bc7924c4b848cef9ed61b11b5c9 +EBUILD conntrack-tools-1.4.4.ebuild 1900 SHA256 e1a22bf9e2e2f24c7b3a2f3b0ed805dc232bc340a193e0474cc5417839c1a5fa SHA512 1b009478cd4a93a1aedaab452c947c6c76e0d18cbdbdccef72e995bc7217066883c98c7232fe76a9946b87f8dbb595eef33aba5e21230d22a1c9268171896d83 WHIRLPOOL 8721e444e796145e8dcf131c07d3f42ae859670a67afc667366496c6ea4b4be983fe2ec32831ede286c0d1e5b3b721a74ddb6da32bcada6592d8b78153b9d1a9 +MISC ChangeLog 3183 SHA256 c777c2b67199bb522e9b10e54d506d48d74b5c07dbdde24586598cedeee33a70 SHA512 3b0de1360e830cf5c54efc06fdc814d58c79d05a9e709a7b8f5a251e1446cdc3fcc92aee5a11bab29f7a80984f651184b411c4297e7a6322173f484d977eb392 WHIRLPOOL 77625a82d74a7ea07014a8686425acecb20ac0dd184b1b23b0c27f74ea950237531e8d5818ba31e25068ed1bf687492a6a92b79b5f9a1f6af37d609800565b9b +MISC ChangeLog-2015 11264 SHA256 f3873bea101ceea13c3eeadc8aa97feecacb9ffcff9592f703848a314a58c60c SHA512 116e47437dd346ff680bb0a555444115d4aeb23eda0d01c625dee69cfcea6170cf9de2c6a653096e0ddca9f01660b449ce28dd351d20c6ff3a01c11ec75c305a WHIRLPOOL 241401bf7fe4ff1b192273d74650f15ed3ec76c78feacda504def80d48ee7a0d348ef575b89f622c561db160c196e03690a3bad7eb3ee774b09e35b58afb8821 +MISC metadata.xml 481 SHA256 6b661f627a957ab2e3872c728ccad7da40b22879ba97e508494ddc3479ed9879 SHA512 155c9d013b08eac1798c429411aecfc64c7e2f2cf50a3389fc6c30a5805b36bd85b6914f7e7cd4d14cb5d9d8e762db502200fd4b77322ccffd7641fd465a2273 WHIRLPOOL 314fd96d97a7e9527937f5c62e046ed0df7506e69874d32eeb66f27275e02b2f9c53629e3b81a512b82888530b7b1aaadfc57f4767cf2e6aa039318a33e97b86 diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild new file mode 100644 index 000000000000..0e602a00e305 --- /dev/null +++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit autotools eutils linux-info + +DESCRIPTION="Connection tracking userspace tools" +HOMEPAGE="http://conntrack-tools.netfilter.org" +SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa x86" +IUSE="doc" + +RDEPEND=" + >=net-libs/libmnl-1.0.3 + >=net-libs/libnetfilter_conntrack-1.0.4 + >=net-libs/libnetfilter_cthelper-1.0.0 + >=net-libs/libnetfilter_cttimeout-1.0.0 + >=net-libs/libnetfilter_queue-1.0.2 + >=net-libs/libnfnetlink-1.0.1 +" +DEPEND="${RDEPEND} + doc? ( + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + ) + virtual/pkgconfig + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is lt 2 6 18 ; then + die "${PN} requires at least 2.6.18 kernel version" + fi + + #netfilter core team has changed some option names with kernel 2.6.20 + if kernel_is lt 2 6 20 ; then + CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK" + else + CONFIG_CHECK="~NF_CT_NETLINK" + fi + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK + ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS" + + check_extra_config + + linux_config_exists || \ + linux_chkconfig_present "NF_CONNTRACK_IPV4" || \ + linux_chkconfig_present "NF_CONNTRACK_IPV6" || \ + ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \ + "are not set when one at least should be." +} + +src_prepare() { + # bug #474858 + sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed' + + epatch_user + eautoreconf +} + +src_compile() { + default + use doc && emake -C doc/manual +} + +src_install() { + default + + newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd + newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd + + insinto /etc/conntrackd + doins doc/stats/conntrackd.conf + + dodoc -r doc/sync doc/stats AUTHORS TODO + use doc && dohtml doc/manual/${PN}.html +} diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild new file mode 100644 index 000000000000..fccdde6b3e3c --- /dev/null +++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit autotools eutils linux-info + +DESCRIPTION="Connection tracking userspace tools" +HOMEPAGE="http://conntrack-tools.netfilter.org" +SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~x86" +IUSE="doc" + +RDEPEND=" + >=net-libs/libmnl-1.0.3 + >=net-libs/libnetfilter_conntrack-1.0.4 + >=net-libs/libnetfilter_cthelper-1.0.0 + >=net-libs/libnetfilter_cttimeout-1.0.0 + >=net-libs/libnetfilter_queue-1.0.2 + >=net-libs/libnfnetlink-1.0.1 +" +DEPEND="${RDEPEND} + doc? ( + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + ) + virtual/pkgconfig + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is lt 2 6 18 ; then + die "${PN} requires at least 2.6.18 kernel version" + fi + + #netfilter core team has changed some option names with kernel 2.6.20 + if kernel_is lt 2 6 20 ; then + CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK" + else + CONFIG_CHECK="~NF_CT_NETLINK" + fi + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK + ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS" + + check_extra_config + + linux_config_exists || \ + linux_chkconfig_present "NF_CONNTRACK_IPV4" || \ + linux_chkconfig_present "NF_CONNTRACK_IPV6" || \ + ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \ + "are not set when one at least should be." +} + +src_prepare() { + # bug #474858 + sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed' + + epatch_user + eautoreconf +} + +src_compile() { + default + use doc && emake -C doc/manual +} + +src_install() { + default + + newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd + newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd + + insinto /etc/conntrackd + doins doc/stats/conntrackd.conf + + dodoc -r doc/sync doc/stats AUTHORS TODO + use doc && dohtml doc/manual/${PN}.html +} diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild new file mode 100644 index 000000000000..c004861ea7cb --- /dev/null +++ b/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild @@ -0,0 +1,85 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit autotools eutils linux-info + +DESCRIPTION="Connection tracking userspace tools" +HOMEPAGE="http://conntrack-tools.netfilter.org" +SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~hppa ~x86" +IUSE="doc" + +RDEPEND=" + >=net-libs/libmnl-1.0.3 + >=net-libs/libnetfilter_conntrack-1.0.6 + >=net-libs/libnetfilter_cthelper-1.0.0 + >=net-libs/libnetfilter_cttimeout-1.0.0 + >=net-libs/libnetfilter_queue-1.0.2 + >=net-libs/libnfnetlink-1.0.1 +" +DEPEND=" + ${RDEPEND} + doc? ( + app-text/docbook-xml-dtd:4.1.2 + app-text/xmlto + ) + virtual/pkgconfig + sys-devel/bison + sys-devel/flex +" + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is lt 2 6 18 ; then + die "${PN} requires at least 2.6.18 kernel version" + fi + + #netfilter core team has changed some option names with kernel 2.6.20 + if kernel_is lt 2 6 20 ; then + CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK" + else + CONFIG_CHECK="~NF_CT_NETLINK" + fi + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK + ~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS" + + check_extra_config + + linux_config_exists || \ + linux_chkconfig_present "NF_CONNTRACK_IPV4" || \ + linux_chkconfig_present "NF_CONNTRACK_IPV6" || \ + ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \ + "are not set when one at least should be." +} + +src_prepare() { + default + + # bug #474858 + sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die + + eautoreconf +} + +src_compile() { + default + use doc && emake -C doc/manual +} + +src_install() { + default + + newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd + newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd + + insinto /etc/conntrackd + doins doc/stats/conntrackd.conf + + dodoc -r doc/sync doc/stats AUTHORS TODO + use doc && dodoc doc/manual/${PN}.html +} diff --git a/net-firewall/conntrack-tools/files/conntrackd.confd-r2 b/net-firewall/conntrack-tools/files/conntrackd.confd-r2 new file mode 100644 index 000000000000..01c0633809d5 --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrackd.confd-r2 @@ -0,0 +1,14 @@ +# conntrackd config file +# default: /etc/conntrackd/conntrackd.conf +#CONNTRACKD_CFG=/etc/conntrackd/conntrackd.conf + +# conntrackd lockfile (must match the "LockFile" entry +# from the "General" section in the config file) +# default: /run/lock/conntrack.lock +#CONNTRACKD_LOCK=/run/lock/conntrack.lock + +# extra options for conntrackd +#CONNTRACKD_OPTS="" # you must NOT use -C here! + +# depend on a specific network interface +#rc_need="net.eth1" diff --git a/net-firewall/conntrack-tools/files/conntrackd.initd-r3 b/net-firewall/conntrack-tools/files/conntrackd.initd-r3 new file mode 100644 index 000000000000..eddcae97ec3d --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrackd.initd-r3 @@ -0,0 +1,77 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +CONNTRACKD_BIN="/usr/sbin/conntrackd" +CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf} +CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/run/lock/conntrack.lock} + +depend() { + use logger + need net +} + +checkconfig() { + # check for netfilter conntrack kernel support + local nf_ct_available=0 + for k in net.netfilter.nf_conntrack_max \ + net.ipv4.netfilter.ip_conntrack_max \ + net.nf_conntrack_max; do + if sysctl ${k} >/dev/null 2>&1; then + nf_ct_available=1 # sysctl key found + break + fi + done + if [ ${nf_ct_available} -eq 0 ]; then + eerror + eerror "Your kernel is missing netfilter conntrack support!" + eerror "Make sure your kernel was compiled with netfilter conntrack support." + eerror + eerror "If it was compiled as a module you need to ensure the module is being" + eerror "loaded before starting conntrackd." + eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)" + eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module" + eerror "by hand like this, depending on your kernel version:" + eerror + eerror " modprobe nf_conntrack # (for newer kernels)" + eerror " modprobe ip_conntrack # (for older kernels)" + eerror + return 1 + fi + # check for config file + if [ ! -e "${CONNTRACKD_CFG}" ]; then + eerror + eerror "The conntrackd config file (${CONNTRACKD_CFG})" + eerror "is missing!" + eerror + return 1 + fi + # check for leftover lockfile + if [ -f "${CONNTRACKD_LOCK}" ]; then + ewarn + ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})" + ewarn "exists although the service is not marked as started." + ewarn "Will remove the lockfile and start the service in 10s" + ewarn "if not interrupted..." + ewarn + sleep 10 + if ! rm -f "${CONNTRACKD_LOCK}"; then + eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})" + return 1 + fi + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting conntrackd" + start-stop-daemon --start --exec "${CONNTRACKD_BIN}" \ + -- -d -C "${CONNTRACKD_CFG}" ${CONNTRACKD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping conntrackd" + start-stop-daemon --stop --exec "${CONNTRACKD_BIN}" + eend $? +} diff --git a/net-firewall/conntrack-tools/metadata.xml b/net-firewall/conntrack-tools/metadata.xml new file mode 100644 index 000000000000..10198984dfc7 --- /dev/null +++ b/net-firewall/conntrack-tools/metadata.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> + </maintainer> + <longdescription lang="en"> + A set of tools targeted at system administrators. They are conntrack, + the userspace command line interface, and conntrackd, the userspace + daemon. + </longdescription> +</pkgmetadata> diff --git a/net-firewall/dshieldpy/Manifest b/net-firewall/dshieldpy/Manifest new file mode 100644 index 000000000000..17cb91216851 --- /dev/null +++ b/net-firewall/dshieldpy/Manifest @@ -0,0 +1,5 @@ +DIST dshieldpy-3.2.tar.gz 28754 SHA256 c7fe2bcbf250e86af30b5ddc294da0c1508b82f90dfc57c5991c1330c350db8b SHA512 2608fd2ed3ed7b346e2cf063c27ed1cfb012545a1e8315019377642ac504ec0296dfbe5aabef995a2125dd85f28b7f7649b32688227b5a5d62a1ef20aa4c8e70 WHIRLPOOL 2f515ae1a1b851dca411b1ebb1f43703a45eefb2136b71931af22ddf9bc3894f1334ae279808c01ad31b3e16fde1eda93e4945d048067dfd5f8eae56e06d5198 +EBUILD dshieldpy-3.2-r2.ebuild 648 SHA256 cc0eb7adbf56e688ad2d1d5cfb8f4da425d01f20b9050d424ed4f3fece9720cc SHA512 4d39b66a573f3dc3f32d42d304a416e29d40c2bd2cf995c12254a6268520a0f19f40e78e6e94908434658e9c953520aaabde839fe9641639c51e29e57251cd2e WHIRLPOOL 49ed4fd8aee0099c772381b0fa9ad4e7166e6ed11eb22f6775a96a4d1a497f7848d71e6a4c6750eb3d9b7071740f8ef6dcfe81b84613e890e2bc96c405c6ccab +MISC ChangeLog 2958 SHA256 0e878143720d818aa675a4b90b245017ffc55600f2310eacfd4b80b64c6a4a26 SHA512 4ba7250d56699805670546cc1c25fc5271dce6b725b506d38b994e96d6c41fc8a54549013f5c07f7c5c272c60d1c6434d5abdeab2289bd92b601c0b467e94402 WHIRLPOOL 6d0ece9de8962c623894b0a6818ec618bf07957f40cfbf38586bb74ec8a8783c55d9a8ed67a907d646c870097d7c8335c72d4a2053d3b202ae205d4a331c1cc9 +MISC ChangeLog-2015 1341 SHA256 73ebc9222ba40c134b2c5336913b4f954558af9927b9f2cf6e45df9df3232ae9 SHA512 4e6dd3fe0099f53c4b1dceae0efdd34b2214611c2c70caa32b13b72ddf2138478f9700dae42fcf324d33ef8de6f5f96d0a9ed6a547c5c5edb6d33a4084a33522 WHIRLPOOL f8637bc7d3e2ddad6a25abd974f0ae2ace87941397108fd3b7f81ed9d9bd331873edc98bbcb7c0bdb6d3ceab490edbbfcf65174fa6e6fe7477f2fa92a5515720 +MISC metadata.xml 246 SHA256 fa3ac92ffe5e16ad6a893e829c1fe250464454fd9bb6fde6e17f12afe6f5075f SHA512 d7a3f0aba0fdbd2dd974cd86755e143aaa13b6b62f70748d97edf237c6a54d31791e70258bdaba5de897b4ed013c6ca9e07497ac87cba054a7b96904f58c2b49 WHIRLPOOL 6f926c998609cadf3f3344de0b601ad98ee32fb04deae8ccff22ecb6f37cf96436927c2703b62c624d1264b0239144cb5a6df0c5c15908b94572165a4632ac2a diff --git a/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild b/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild new file mode 100644 index 000000000000..99d3957c303c --- /dev/null +++ b/net-firewall/dshieldpy/dshieldpy-3.2-r2.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) + +inherit python-single-r1 + +DESCRIPTION="Python script to submit firewall logs to dshield.org" +HOMEPAGE="http://dshieldpy.sourceforge.net/" +SRC_URI="mirror://sourceforge/dshieldpy/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +DEPEND="${PYTHON_DEPS}" +RDEPEND="${DEPEND}" + +S="${WORKDIR}/DShield.py" + +src_prepare() { + default + python_fix_shebang dshield.py +} + +src_install() { + default + dobin dshield.py + + insinto /etc + doins dshieldpy.conf +} diff --git a/net-firewall/dshieldpy/metadata.xml b/net-firewall/dshieldpy/metadata.xml new file mode 100644 index 000000000000..3e7ed59000d8 --- /dev/null +++ b/net-firewall/dshieldpy/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <upstream> + <remote-id type="sourceforge">dshieldpy</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest new file mode 100644 index 000000000000..e4a9e42b630e --- /dev/null +++ b/net-firewall/ebtables/Manifest @@ -0,0 +1,9 @@ +AUX ebtables-2.0.8.1-ebt-save.diff 1089 SHA256 b4d7022a616152ca439d2b09f14fda8a3ef479b823c2da44eb0e9e22b256be90 SHA512 904cb936ca6fc39dc4fa6e287ef70df9e1dacbd9dc464f839f25213f5525d4020f819dd893b784c5f611f1185c05ffbaa49423afcd6db2ef328950408a07e6a7 WHIRLPOOL df0664bc20dcd36bf640c8c88dea1e7d17b55c686403bceb77f5416b95ce0e2fc3292755e5986822b794628fc31aff25f7dab4d70d742fc93e78bac9fcdea4b2 +AUX ebtables.confd-r1 288 SHA256 c05a6c1ba6add3881068584074681b04bfb2ad43284d7bdd67f47f3da842de58 SHA512 088308eba077fcec35299c8aaad0492024173504a361c2ba7e29dce106888a78c72818a791f3d3655aed3f6df26a3319c42e2b2c54760cdbad036d46b89b97f3 WHIRLPOOL f6353fcc69beff674227544b36c3e2289f094758b02087d57b44fd0a73d7aa47500592404125bd2570ac2fa0da74aa18138e80c292ff5b21ee1ede13fa1125c4 +AUX ebtables.initd-r1 1990 SHA256 15772b575abdcf683b3ee9815a11b0f7f27602d7fe52673124710e310dc95ec6 SHA512 ceceaf33d6f6bfa89a5d81932e3ec76a26d09d67150efd3de587520ea47984f618d4fc55e799c58a2e5e236caec5bd81e2fde31a7e5aa328e629cdabbd29339b WHIRLPOOL e5af9b113da44c7185a8f7eed2004154270ed8d9c2c5908dc60f0329a402f9e50c978702d129699c639a208cbd7e26266c0d3ac2df2062df61b131c018a70aa1 +DIST ebtables-v2.0.10-4.tar.gz 103764 SHA256 dc6f7b484f207dc712bfca81645f45120cb6aee3380e77a1771e9c34a9a4455d SHA512 a6832453812eaede3fcbb5b4cab5902ea1ea752a80a259eed276a01b61e2afaa6cf07d3d023d86a883f9a02505aecc44a1c6e0d27b3a61f341002e4c051cd60a WHIRLPOOL 5a1e0703e3fd5c79e149824e789646d042660081fb8a9f301fa4cc2716e84fbf842216d5b6b4c8c33de3b6949bfbfcaa2eb7293fe7afa71a2305de8f70abd57d +EBUILD ebtables-2.0.10.4-r1.ebuild 1862 SHA256 f65ec8a3a0be9aa651964bfc689ade84c45d6e93edf828f5b8eb230a8885f88d SHA512 faac99bbf5d1459eec691df8675bc5ba6acb304b45bc483eb4fc56554a9e19de5fd20732d4fe199f582b6a947c5d6e6c39166ffe9956b83770add0a6ce661cda WHIRLPOOL 6204d16e30792810e7ebc8fcda0246b9d8b595dfb3d00e7c9510c32927c2225e499d1f2ee2f69976e9d33ccc17225b639d250826e97e58d237e77c1af78a4d4f +EBUILD ebtables-2.0.10.4.ebuild 1691 SHA256 5d70eea6bdfe29cc666dcc6c96fd7c27e812ce6d3cdbb7f2a2dffe00cbf00c48 SHA512 64ee80df88005014d905f48eec20eed0847c3719cdf326d361032042a7b00a06fe6dc9b55d5ff92e702f6adbb25988a1df1735bea9a71f871a3166374f323086 WHIRLPOOL cc8ddd92d4abbd456590cd2e42449845f151e99eb354cd67c0a12b1c1fa5a1c4b2fe9a4473388c63e1a192f2a90e7c8cb3bf3fcdb338e1c8d1bef18273f9c0e0 +MISC ChangeLog 4315 SHA256 9d6fd31bd683f09db2e2b238239b51abbbb72e111380cdffa62b4a1c3eadf365 SHA512 95f6c29a2fd0728228951fe1c9daded4ac680effdf34217ddeec67b74d30f44294efde6e432a5632b2f47edc6358a17f9e64340daf8b68728a128423a7f859f4 WHIRLPOOL c5c860903822372ebe9496b69d12f1fa4f401a312ba3b1607d88c1e20ece947baae43695a304f3c35a48ec448a767e7db7446526c9d9cc18127238a5dcc64df9 +MISC ChangeLog-2015 8943 SHA256 d7edb6a0880d5fcdadd33a672f24af11c9cef96b755cbe3dfaca66da2783ad74 SHA512 53e6543413542132e962f63594585e4f727bca471ba43c4a54ca093e196adf3e47ce9e6a6ad6c70df1348e2f3c5bf636c6826a87a6f23e76771a9e225cccce91 WHIRLPOOL 17140ef1391513e37b4c1e30ec665fd30d7d9a3e564d20ece083960bf7941b6f6ced424287788e1aff1a148914a0c390714630b21b9b49c551df2435a60c615e +MISC metadata.xml 426 SHA256 4af9dfd3040d9bb4be1b873b11cfadd0cda1a68f6b6a9e6acefe9d4dbd84c60c SHA512 77ff48216c32448cf2e2aa580f0b3afd6de7aa9bda2c2379c89f77282c417d385bb8c3d3218cf6d30021e472163bc8f2b450f0e43d944adb336f49fb695ba231 WHIRLPOOL 702803e5ff88215990751ebd4afa5d4b230e723ac50b8b0fea751f9b5cf8f612cfa76fe84c1650009b738de480154b1b1196d8cdfabe58325a9e65e4d338f3c5 diff --git a/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild new file mode 100644 index 000000000000..e115a16fdbdc --- /dev/null +++ b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit versionator eutils toolchain-funcs multilib flag-o-matic + +MY_PV=$(replace_version_separator 3 '-' ) +MY_P=${PN}-v${MY_PV} + +DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" +IUSE="+perl static" + +# The ebtables-save script is written in perl. +RDEPEND="perl? ( dev-lang/perl )" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + if use static; then + ewarn "You've chosen static build which is useful for embedded devices." + ewarn "It has no init script. Make sure that's really what you want." + fi +} + +src_prepare() { + # Enhance ebtables-save to take table names as parameters bug #189315 + epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff" + + sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \ + -e "s,^BINDIR:=.*,BINDIR:=/sbin," \ + -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \ + -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \ + -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile +} + +src_compile() { + # This package uses _init functions to initialise extensions. With + # --as-needed this will not work. + append-ldflags $(no-as-needed) + emake \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + $(use static && echo static) +} + +src_install() { + if ! use static; then + emake DESTDIR="${D}" install + keepdir /var/lib/ebtables/ + newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables + newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables + if ! use perl; then + rm "${ED}"/sbin/ebtables-save || die + fi + else + into / + newsbin static ebtables + insinto /etc + doins ethertypes + fi + dodoc ChangeLog THANKS +} diff --git a/net-firewall/ebtables/ebtables-2.0.10.4.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4.ebuild new file mode 100644 index 000000000000..7aeb41c564a0 --- /dev/null +++ b/net-firewall/ebtables/ebtables-2.0.10.4.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit versionator eutils toolchain-funcs multilib flag-o-matic + +MY_PV=$(replace_version_separator 3 '-' ) +MY_P=${PN}-v${MY_PV} + +DESCRIPTION="Utility that enables basic Ethernet frame filtering on a Linux bridge, MAC NAT and brouting" +HOMEPAGE="http://ebtables.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz" + +KEYWORDS="amd64 ppc x86" +IUSE="static" +LICENSE="GPL-2" +SLOT="0" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + if use static; then + ewarn "You've chosen static build which is useful for embedded devices." + ewarn "It has no init script. Make sure that's really what you want." + fi +} + +src_prepare() { + # Enhance ebtables-save to take table names as parameters bug #189315 + epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff" + + sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \ + -e "s,^BINDIR:=.*,BINDIR:=/sbin," \ + -e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \ + -e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \ + -e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile +} + +src_compile() { + # This package uses _init functions to initialise extensions. With + # --as-needed this will not work. + append-ldflags $(no-as-needed) + emake \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + $(use static && echo static) +} + +src_install() { + if ! use static; then + make DESTDIR="${D}" install + keepdir /var/lib/ebtables/ + newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables + newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables + else + into / + newsbin static ebtables + insinto /etc + doins ethertypes + fi + dodoc ChangeLog THANKS +} diff --git a/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff new file mode 100644 index 000000000000..cdfd823447ed --- /dev/null +++ b/net-firewall/ebtables/files/ebtables-2.0.8.1-ebt-save.diff @@ -0,0 +1,31 @@ +--- ./ebtables-save.orig 2007-09-28 22:50:35.000000000 +0400 ++++ ./ebtables-save 2007-09-28 22:51:22.000000000 +0400 +@@ -12,6 +12,7 @@ + my $cnt = ""; + my $version = "1.0"; + my $table_name; ++my @table_names; + + # ======================================================== + # Process filter table +@@ -49,12 +50,19 @@ + } + # ======================================================== + ++if ($#ARGV + 1 == 0) { ++ @table_names =split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`); ++} ++else { ++ @table_names = @ARGV; ++} ++# ======================================================== + unless (-x $ebtables) { exit -1 }; + print "# Generated by ebtables-save v$version on " . `date`; + if (defined($ENV{'EBTABLES_SAVE_COUNTER'}) && $ENV{'EBTABLES_SAVE_COUNTER'} eq "yes") { + $cnt = "--Lc"; + } +-foreach $table_name (split("\n", `grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//`)) { ++foreach $table_name (@table_names) { + $table =`$ebtables -t $table_name -L $cnt`; + unless ($? == 0) { print $table; exit -1 }; + &process_table($table); diff --git a/net-firewall/ebtables/files/ebtables.confd-r1 b/net-firewall/ebtables/files/ebtables.confd-r1 new file mode 100644 index 000000000000..645b26edae99 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.confd-r1 @@ -0,0 +1,11 @@ +# /etc/conf.d/ebtables + +# Location in which ebtables initscript will save set rules on +# service shutdown +EBTABLES_SAVE="/var/lib/ebtables/rules-save" + +# Options to pass to ebtables-save and ebtables-restore +SAVE_RESTORE_OPTIONS="" + +# Save state on stopping ebtables +SAVE_ON_STOP="yes" diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1 new file mode 100644 index 000000000000..9c78e9b78df0 --- /dev/null +++ b/net-firewall/ebtables/files/ebtables.initd-r1 @@ -0,0 +1,101 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="save panic" +extra_started_commands="reload" + +ebtables_bin="/sbin/ebtables" +ebtables_save=${EBTABLES_SAVE} + +depend() { + before net + use logger +} + +ebtables_tables() { + for table in filter nat broute; do + if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then + echo -n "${table} " + fi + done +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + broute) chains="BROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${ebtables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkconfig() { + if [ ! -f ${ebtables_save} ] ; then + eerror "Not starting ebtables. First create some rules then run:" + eerror "/etc/init.d/ebtables save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ebtables state and starting bridge firewall" + ${ebtables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${ebtables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + ebegin "Stopping bridge firewall" + local a + for a in $(ebtables_tables); do + set_table_policy $a ACCEPT + + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? +} + +reload() { + ebegin "Flushing bridge firewall" + local a + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + done + eend $? + + start +} + +save() { + ebegin "Saving ebtables state" + touch "${ebtables_save}" + chmod 0600 "${ebtables_save}" + ${ebtables_bin}-save $(ebtables_tables) ${SAVE_RESTORE_OPTIONS} > "${ebtables_save}" + eend $? +} + +panic() { + service_started ebtables && svc_stop + + local a + ebegin "Dropping all packets forwarded on bridges" + for a in $(ebtables_tables); do + ${ebtables_bin} -t $a -F + ${ebtables_bin} -t $a -X + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/ebtables/metadata.xml b/net-firewall/ebtables/metadata.xml new file mode 100644 index 000000000000..16ad142c1527 --- /dev/null +++ b/net-firewall/ebtables/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> + </maintainer> + <use> + <flag name="perl">Install the ebtables-save script which uses perl</flag> + </use> + <upstream> + <remote-id type="sourceforge">ebtables</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ferm/Manifest b/net-firewall/ferm/Manifest new file mode 100644 index 000000000000..ad2c3466ca2d --- /dev/null +++ b/net-firewall/ferm/Manifest @@ -0,0 +1,7 @@ +DIST ferm-2.4.1.tar.xz 71324 SHA256 8a6f7d5beeac07c574bef7a6f938ef543c08aaa0b9980830b9dafb11cae468bb SHA512 beea4b8dd04e00662ef380442f8249c2d2dadf6d35b90e415038df807c8d08295d2575efbf3265f48f5e92afa174135a9c662f74d52545dd3e1c55a1436aa5bb WHIRLPOOL d2d115112a538ef39160fd0906d6abb9b3deb2f4a70adf77f4e84170f8d355063c8806d3587175dc5cba0c0a429fdcb713ab7ce4d57cd5a5f6683721fc5276ad +DIST ferm-2.4.tar.gz 128776 SHA256 1293d56d6e9d3e3a389c54919fee5a4323ce81fc8b25eee8f3296a858410d470 SHA512 0b36b95a5ebb4cd306f9ab84ea12ce16c15d56ecc70c895261c74310f2474946ec1e73d63e7cda5becbfa875091c1362c715226776793c5b6ed179bf543ab27e WHIRLPOOL d4a2a10b6bc3b1b18ddcc1d3b0250f6054329ae8a6a727daf89dde7f9ba851c10b98ff9cc334f9357ea4cb932f821b6ecfd2e117cdd29b7b685afa724e9df6e8 +EBUILD ferm-2.4.1.ebuild 802 SHA256 3abae932479294d28381b9bf8485306bb792aa0212d4c983d176d685e122168d SHA512 814fa6ac687ac32a5c9398417bde1a91e6d1f5bb35ac1c0ed0e3c4ecd457f076aff97edf0cc8ccae40d4a1804dee85be9c73c21716b65001d38782c98a5eb505 WHIRLPOOL 6888373b13f38d6c704886563fb65b3864ae9f4f9a2caf4d2a12b5cd0fc042b918cdda47f170b6cde82b016fe033774287f1535cd8948d145be45d7a26d14507 +EBUILD ferm-2.4.ebuild 760 SHA256 4b4569001392f0c3a27fbfd7dbae6b014a67635cc0cf001febf645d973e4d9c7 SHA512 b27bc01b9c69a416f26b9a4282e8d8602de4f3a2b2b596f5a675bddb6e85d7ed00a9c92fb0572dcd411fbfdda61db070b83de3b5e4846a70cb0e56ed350a1364 WHIRLPOOL f7cbc450be2c0657ec851f93ecb56856b1bf114736d2465dedcafcff085e7e5a2227247ea1853a621ca513ec0a9bcf5d7b43785965941a73773e5572b1e8b2cd +MISC ChangeLog 2867 SHA256 228e39bb17908a927d28b88aeacefb31b9120f7fc086236fa16882688bb20d1a SHA512 2f799f80703f2fbe8925718576035182a90de1dbe51c870a649df5f127ab762e714b2f15b9047c33360a86cc60e2fd58f28b224694ce77818ac51c83768c212a WHIRLPOOL 0d5f6562b20bcf8274645c9324bb01752a03bf2c8d287eb5f5a3a66ed004038cb8d2bc10adabc16b3da53421f9562ae13b69452b0ce483cf5fd8f2aba7873734 +MISC ChangeLog-2015 5454 SHA256 83c31d771891c23695a95116cb42a6e1ecbf63ecb376bc5cf83fa6cddb6c5850 SHA512 0bea19a295ca2d6d1ddbe8d441903b4dd4c3fd8543e79efb63fc9e4b003a6d1ae209e98eab50ce824e0a64a9b846b4ec755e6b882854f155d1c201deb7c7a7a8 WHIRLPOOL 5737472df9e17927e8c18a1eaf880c39243d7abfb5e34d086e8fed69a4409d9653bba7e15445e8ecb702f0a15e200c05a72d2c19260641aeef0d7a6349083e42 +MISC metadata.xml 450 SHA256 181e06e4402cd887cf07afb4db116a17275faebc521afcaabb39f63baf463983 SHA512 23ffc755aba9f3ce1acb92f3de86ec1f788bd868227b7ace77b3b7accfe891036da7e3e87254fc0bd693d7777e4c932b663e0b1118a8804b0ac2d63624a4ecac WHIRLPOOL 41139286c5c1c166b2c97de6830025da24e758cc2f0b55f202a33cb2c73aa60ad02c7535e55f212e9bf1bece60e0bb7742eaecd1986a06bdc7acc216bb1a2b38 diff --git a/net-firewall/ferm/ferm-2.4.1.ebuild b/net-firewall/ferm/ferm-2.4.1.ebuild new file mode 100644 index 000000000000..339938cb9200 --- /dev/null +++ b/net-firewall/ferm/ferm-2.4.1.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd versionator + +MY_PV=$(get_version_component_range 1-2) + +DESCRIPTION="Command line util for managing firewall rules" +HOMEPAGE="http://ferm.foo-projects.org/" +SRC_URI="http://ferm.foo-projects.org/download/${MY_PV}/${P}.tar.xz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" + +# does not install any perl libs +RDEPEND="dev-lang/perl:* + net-firewall/iptables + virtual/perl-File-Spec" + +DOCS=( AUTHORS NEWS README.rst TODO doc/ferm.txt examples/ ) +HTML_DOCS=( doc/ferm.html ) + +src_install() { + dosbin src/{,import-}ferm + systemd_dounit ferm.service + + einstalldocs + doman doc/*.1 +} + +pkg_postinst() { + elog "See ${EROOT}usr/share/doc/${PF}/examples for sample configs" +} diff --git a/net-firewall/ferm/ferm-2.4.ebuild b/net-firewall/ferm/ferm-2.4.ebuild new file mode 100644 index 000000000000..0bc4883a5218 --- /dev/null +++ b/net-firewall/ferm/ferm-2.4.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd + +DESCRIPTION="Command line util for managing firewall rules" +HOMEPAGE="http://ferm.foo-projects.org/" +SRC_URI="http://ferm.foo-projects.org/download/${PV}/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="amd64 ppc x86" + +# does not install any perl libs +RDEPEND="dev-lang/perl:* + net-firewall/iptables + virtual/perl-File-Spec" + +DOCS=( AUTHORS NEWS README TODO doc/ferm.txt examples/ ) +HTML_DOCS=( doc/ferm.html ) + +src_compile() { :; } + +src_install() { + dosbin src/{,import-}ferm + systemd_dounit ferm.service + + einstalldocs + doman doc/*.1 +} + +pkg_postinst() { + elog "See ${EROOT}usr/share/doc/${PF}/examples for sample configs" +} diff --git a/net-firewall/ferm/metadata.xml b/net-firewall/ferm/metadata.xml new file mode 100644 index 000000000000..7d002d1d6794 --- /dev/null +++ b/net-firewall/ferm/metadata.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>hydrapolic@gmail.com</email> + <name>Tomáš Mózes</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <upstream> + <remote-id type="github">MaxKellermann/ferm</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest new file mode 100644 index 000000000000..94c968ea4600 --- /dev/null +++ b/net-firewall/firehol/Manifest @@ -0,0 +1,12 @@ +AUX firehol.conf.d 70 SHA256 0e6bae0a5329d6b527cf0ae7183acf04f0f08f5a931bf5e82a789053faed4e3c SHA512 e6b21b493526770bf5619d09b63f8e6cf7f94fb8059fc8ff2d1f19776cab1320218e103d73219534817464314430faca4e437644befa5330610d948c2ade1a35 WHIRLPOOL f5a4db182e7f04200686a4ab2c2fd76929fed12ba2c7cf36461a5e01ece9d2eaac3caaf98def21dd0a7be4902220f51a82f0281ef0eef3724efc88af4cea4643 +AUX firehol.initrd 1144 SHA256 416bb94a338be8940a68787173e2ab539337685f767b2cbd24094d4b026f5528 SHA512 c582e5f3ebdaf7a8f68c137936bf52600bef2d5f7dc4443db6fbc6eac16ad367d69cb936ad2c1bc6e0f6aa3fcaeac7efd8c40f056fa6ea9a7d876ca3c07767ac WHIRLPOOL 7559ccecd5dab2b61efeaec761c8943ecae9a949ecc4bf447210f99d7f2bb8d1b947447b0297c6222d41df34bf31ddb6ea9405f4d73e7e517b6939566d87a16e +AUX fireqos.conf.d 65 SHA256 c18e2f224ac8e33971c632d7492ed3142059e8fce370713cf72df35cbd0a3b6a SHA512 4dd394f3d896d8bf782cf1157f5bf420ca0e9b2c6238986f3fb17630ec0e12bfcad4ffc6fe2258a7d257e157fed11e01aef26965f3d97c78643c6467639a822c WHIRLPOOL 05cded3032f1db543e1b35eb84963ebadb59a72d3b4cffcf00c31b18346a85795f21bc836eb461688152c8abcd0a221ec46d47dac5302c692c9bb3d67e835d14 +AUX fireqos.initrd 832 SHA256 862aa8fedbe2f52c9eab0d8c9d99cfa9947c8486b88951d3aa45cb4bb0230904 SHA512 87e5b8cff3a6c76780c5bf370e8f628c8e45aa2347d06e68aef65229b7b5f4a2770156019380e892991259145af55be7a84a2b55164530ec34e966baacd666cc WHIRLPOOL 74cbb50553afa56e1d3f34d01bcbdc2ceadf643aaa400ab5daca2f08dca1b26cc09357a386b46cedcec1e2866d72c76616e4a2ec2fa3fcc67bb1aff2957a3cbf +DIST firehol-3.1.3.tar.xz 1476220 SHA256 4693d7238d411ffcaacd1febf7231a9e69657e8b198f1b0726429bdb258372e7 SHA512 6c75b57650d918cfc485f6eb01d69694acd5c7b487a10a566fc26b8d5e0cd6a6a9a09bd8d3219bf4e78aa4fe47f83e5ac399107a07770b787e1ccba3078c5f3f WHIRLPOOL b14628fe4e9f7d0b45231a0720b4142dfd41edadd5bafd74650c8af2c67b5a535b8c32e03c696a06332455b18b18900c063a7cdbeb7582c15b409a83cfea83b7 +DIST firehol-3.1.4.tar.xz 1481320 SHA256 a73c26bb81dfa4c476b7b02c3e71c34715c044c496feea56551614a195b93d7e SHA512 1a17b6e810274b346f66788c4c4736421583e6a4ed76df7a1d7f46dcb99e434460998c05755c8342941413d23c02e2ca0d0bf2123cb555a6c7513d24983a13ed WHIRLPOOL b551cd98641a3ae74a06d29080c70451ee7bd2174f0658ed91c55d42691c4f07d7c248ed63d208c6ef7084294726482ab1d398a79fddeec88865b7308ee10cff +EBUILD firehol-3.1.3-r1.ebuild 1376 SHA256 473e4f994d6746a9792b496796286cb61ce43998077ac714f8993ed3f2ff2dc2 SHA512 3e928126a612dcb3f4c8d44d3cda9756c51126e98c25d1b3d3f76e6c58360cefb5724e45c4e5f2e76e7e568e5ee561d7fe63d7576297367602ecd1908a86db00 WHIRLPOOL 86cec765a811b729f6194e5388c2d8e285a8415f59c99f5e77da2b12f328bbb0d319faf9907df94c0ab5dd77d33e90f0907d42919a9dc821d80309bc443e30e7 +EBUILD firehol-3.1.3.ebuild 1323 SHA256 73b685c027bd7eeb20595d13fa9927af531033fd60b760a2904f7ae8520ff474 SHA512 866ebfc4863d115a9b15e184b317ecdbc9a4d13fc58264b105cd0c744e3568a7cb09a42522c6f2399e5293f8ec2d2ef80b1cfb5bbf2fefc16d564437c7e47144 WHIRLPOOL db5c95da19751e0d00c66ff90454294fa41370c68dc518c20a1b121fd97c79878328ddfab6fa1d147683bf2e5e1d5214a2c9fc6d2a5a5bec7a3c602b9bf65ffc +EBUILD firehol-3.1.4.ebuild 1376 SHA256 473e4f994d6746a9792b496796286cb61ce43998077ac714f8993ed3f2ff2dc2 SHA512 3e928126a612dcb3f4c8d44d3cda9756c51126e98c25d1b3d3f76e6c58360cefb5724e45c4e5f2e76e7e568e5ee561d7fe63d7576297367602ecd1908a86db00 WHIRLPOOL 86cec765a811b729f6194e5388c2d8e285a8415f59c99f5e77da2b12f328bbb0d319faf9907df94c0ab5dd77d33e90f0907d42919a9dc821d80309bc443e30e7 +MISC ChangeLog 5800 SHA256 791075b6f542798b75d4e42bc83a719f46b561de3faaee47851f0e50beba06b6 SHA512 ac475315fbbb8838f29dcf1894793839382b1df1ce24baf0cc4b9fe59803a7a638071350d83b386ecb6b675b6358eec96f12d502950ddea3c5c062561fa52467 WHIRLPOOL 447717c44fa98a680725b00fffcd4093c53e3f6b7bd39344cc6699e56d669d1971f52b4f0cc20e0135dcd2bd46f8d9b55dd0060635109066c9577891c5073cf1 +MISC ChangeLog-2015 10363 SHA256 41530e59b1061e57eeb5482eef585fd484f02ca92833ebcb65c83d1bb3ec566d SHA512 52b17320e2c886a1bc971d56b4666ccc3f7b6bc1048b971e0d98bf4d5bab58f0b6cb8aae99ad05eeaf37b3b0d06905259fd1b616204e4a159a628db4f5bf3380 WHIRLPOOL 55cc0533caf9924584d2d0b82038c94ec961c68c4871a2295cedfb8bb2e505edd205ed3a45974e26e25b19f84806cd7cbbfdff7ccd1eb060e69d11183c47a526 +MISC metadata.xml 434 SHA256 d0a81e31c09376f8bf9dd8e76642a84a0bf32b907c31d44dd4aba2c4063fb9a8 SHA512 9ab3275ada67cf2da92f07d9a332f098330caa81b0a7f5d17a321a03cf6b441e029efab9a8f3eaaff7d7181eb503721aa954c14e0a7982e4f35e16c8eaa57898 WHIRLPOOL aa8f5537377068edc1fe1c424a8f80fdb3c8f41788eca8515794df75b76402a0981238f309225be7b82e28a66901e0fe0bc836977ad8d19a736dd1f1106986a1 diff --git a/net-firewall/firehol/files/firehol.conf.d b/net-firewall/firehol/files/firehol.conf.d new file mode 100644 index 000000000000..c8b06e0eaf09 --- /dev/null +++ b/net-firewall/firehol/files/firehol.conf.d @@ -0,0 +1,2 @@ +#Locate of FireHOL conf file +FIREHOL_CONF="/etc/firehol/firehol.conf" diff --git a/net-firewall/firehol/files/firehol.initrd b/net-firewall/firehol/files/firehol.initrd new file mode 100644 index 000000000000..05fc3a2f11c0 --- /dev/null +++ b/net-firewall/firehol/files/firehol.initrd @@ -0,0 +1,66 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="save panic try" +extra_started_commands="reload" + +depend() { + need localmount + after bootmisc + before net + provide firewall +} + +checkrules() { + if [ ! -f ${FIREHOL_CONF} ]; then + eerror "Not starting FireHOL. Create ${FIREHOL_CONF}" + eerror "and fill it with some rules." + eerror "man firehol.conf for more info." + return 1 + fi +} + +start() { + checkrules || return 1 + ebegin "Starting FireHOL" + /usr/sbin/firehol ${FIREHOL_CONF} start > /dev/null + eend $? +} + +stop() { + ebegin "Stopping FireHOL" + /usr/sbin/firehol stop > /dev/null + eend $? +} + +restart() { + ebegin "Restarting Firewall" + svc_stop; + svc_start; + eend $? +} + +try() { + ebegin "Trying FireHOL configuration" + /usr/sbin/firehol ${FIREHOL_CONF} try + eend $? +} + +status() { + ebegin "Showing FireHOL status" + /usr/sbin/firehol status + eend $? +} + +panic() { + ebegin "FireHOL PANIC" + /usr/sbin/firehol panic + eend $? +} + +save() { + ebegin "Saving FireHOL configuration" + /usr/sbin/firehol save + eend $? +} diff --git a/net-firewall/firehol/files/fireqos.conf.d b/net-firewall/firehol/files/fireqos.conf.d new file mode 100644 index 000000000000..55fa2e037e01 --- /dev/null +++ b/net-firewall/firehol/files/fireqos.conf.d @@ -0,0 +1,2 @@ +#Locate of FireQOS conf file +FIREQOS="/etc/firehol/fireqos.conf" diff --git a/net-firewall/firehol/files/fireqos.initrd b/net-firewall/firehol/files/fireqos.initrd new file mode 100644 index 000000000000..628cc9d3c4a1 --- /dev/null +++ b/net-firewall/firehol/files/fireqos.initrd @@ -0,0 +1,44 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need localmount + after bootmisc + before net +} + +checkrules() { + if [ ! -f ${FIREQOS_CONF} ]; then + eerror "Not starting FireQOS. Create ${FIREQOS_CONF}" + eerror "and fill it with some rules." + eerror "man fireqos.conf for more info." + return 1 + fi +} + +start() { + checkrules || return 1 + ebegin "Starting FireQOS" + /usr/sbin/fireqos start ${FIREQOS_CONF} -- ${FIREQOS_EXTRA_ARGS} > /dev/null + eend $? +} + +stop() { + ebegin "Stopping FireQOS" + /usr/sbin/fireqos stop > /dev/null + eend $? +} + +restart() { + ebegin "Restarting FireQOS" + svc_stop; + svc_start; + eend $? +} + +status() { + ebegin "Showing FireQOS status" + /usr/sbin/fireqos status + eend $? +} diff --git a/net-firewall/firehol/firehol-3.1.3-r1.ebuild b/net-firewall/firehol/firehol-3.1.3-r1.ebuild new file mode 100644 index 000000000000..f95d2d08acfd --- /dev/null +++ b/net-firewall/firehol/firehol-3.1.3-r1.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol" +SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +IUSE="doc ipv6 ipset" +KEYWORDS="~amd64 ~arm ~ppc" + +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal,ipv6?] + net-misc/iputils[ipv6?] + net-misc/iprange + net-analyzer/traceroute + virtual/modutils + app-arch/gzip + ipset? ( + net-firewall/ipset + )" +DEPEND="${RDEPEND}" + +pkg_setup() { + local KCONFIG_OPTS=" \ + ~IP_NF_FILTER \ + ~IP_NF_IPTABLES \ + ~IP_NF_MANGLE \ + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REDIRECT \ + ~IP_NF_TARGET_REJECT \ + ~NETFILTER_XT_MATCH_LIMIT \ + ~NETFILTER_XT_MATCH_OWNER \ + ~NETFILTER_XT_MATCH_STATE \ + ~NF_CONNTRACK \ + ~NF_CONNTRACK_IPV4 \ + ~NF_CONNTRACK_MARK \ + ~NF_NAT \ + ~NF_NAT_FTP \ + ~NF_NAT_IRC \ + " + linux-info_pkg_setup +} + +src_configure() { + econf \ + --disable-vnetbuild \ + $(use_enable ipset update-ipsets) \ + $(use_enable doc) \ + $(use_enable ipv6) +} + +src_install() { + default + + newconfd "${FILESDIR}"/firehol.conf.d firehol + newinitd "${FILESDIR}"/firehol.initrd firehol + newconfd "${FILESDIR}"/fireqos.conf.d fireqos + newinitd "${FILESDIR}"/fireqos.initrd fireqos +} diff --git a/net-firewall/firehol/firehol-3.1.3.ebuild b/net-firewall/firehol/firehol-3.1.3.ebuild new file mode 100644 index 000000000000..dec6cac43afb --- /dev/null +++ b/net-firewall/firehol/firehol-3.1.3.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol" +SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +IUSE="doc ipv6" +KEYWORDS="amd64 arm ppc" + +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal,ipv6?] + net-misc/iputils[ipv6?] + net-misc/iprange + net-analyzer/traceroute + virtual/modutils + app-arch/gzip" +DEPEND="${RDEPEND}" + +pkg_setup() { + local KCONFIG_OPTS=" \ + ~IP_NF_FILTER \ + ~IP_NF_IPTABLES \ + ~IP_NF_MANGLE \ + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REDIRECT \ + ~IP_NF_TARGET_REJECT \ + ~NETFILTER_XT_MATCH_LIMIT \ + ~NETFILTER_XT_MATCH_OWNER \ + ~NETFILTER_XT_MATCH_STATE \ + ~NF_CONNTRACK \ + ~NF_CONNTRACK_IPV4 \ + ~NF_CONNTRACK_MARK \ + ~NF_NAT \ + ~NF_NAT_FTP \ + ~NF_NAT_IRC \ + " + linux-info_pkg_setup +} + +src_configure() { + econf \ + --disable-vnetbuild \ + --disable-update-ipsets \ + $(use_enable doc) \ + $(use_enable ipv6) +} + +src_install() { + default + + newconfd "${FILESDIR}"/firehol.conf.d firehol + newinitd "${FILESDIR}"/firehol.initrd firehol + newconfd "${FILESDIR}"/fireqos.conf.d fireqos + newinitd "${FILESDIR}"/fireqos.initrd fireqos +} diff --git a/net-firewall/firehol/firehol-3.1.4.ebuild b/net-firewall/firehol/firehol-3.1.4.ebuild new file mode 100644 index 000000000000..f95d2d08acfd --- /dev/null +++ b/net-firewall/firehol/firehol-3.1.4.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit linux-info + +DESCRIPTION="iptables firewall generator" +HOMEPAGE="https://firehol.org/ https://github.com/firehol/firehol" +SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +IUSE="doc ipv6 ipset" +KEYWORDS="~amd64 ~arm ~ppc" + +RDEPEND="net-firewall/iptables + sys-apps/iproute2[-minimal,ipv6?] + net-misc/iputils[ipv6?] + net-misc/iprange + net-analyzer/traceroute + virtual/modutils + app-arch/gzip + ipset? ( + net-firewall/ipset + )" +DEPEND="${RDEPEND}" + +pkg_setup() { + local KCONFIG_OPTS=" \ + ~IP_NF_FILTER \ + ~IP_NF_IPTABLES \ + ~IP_NF_MANGLE \ + ~IP_NF_TARGET_MASQUERADE + ~IP_NF_TARGET_REDIRECT \ + ~IP_NF_TARGET_REJECT \ + ~NETFILTER_XT_MATCH_LIMIT \ + ~NETFILTER_XT_MATCH_OWNER \ + ~NETFILTER_XT_MATCH_STATE \ + ~NF_CONNTRACK \ + ~NF_CONNTRACK_IPV4 \ + ~NF_CONNTRACK_MARK \ + ~NF_NAT \ + ~NF_NAT_FTP \ + ~NF_NAT_IRC \ + " + linux-info_pkg_setup +} + +src_configure() { + econf \ + --disable-vnetbuild \ + $(use_enable ipset update-ipsets) \ + $(use_enable doc) \ + $(use_enable ipv6) +} + +src_install() { + default + + newconfd "${FILESDIR}"/firehol.conf.d firehol + newinitd "${FILESDIR}"/firehol.initrd firehol + newconfd "${FILESDIR}"/fireqos.conf.d fireqos + newinitd "${FILESDIR}"/fireqos.initrd fireqos +} diff --git a/net-firewall/firehol/metadata.xml b/net-firewall/firehol/metadata.xml new file mode 100644 index 000000000000..1e8e9bca98d8 --- /dev/null +++ b/net-firewall/firehol/metadata.xml @@ -0,0 +1,16 @@ +<?xml version='1.0' encoding='UTF-8'?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>alonbl@gentoo.org</email> + </maintainer> + <upstream> + <remote-id type="sourceforge">firehol</remote-id> + <remote-id type="github">firehol/firehol</remote-id> + </upstream> + <use> + <flag name="ipset"> + Use <pkg>net-firewall/ipset</pkg>. + </flag> + </use> +</pkgmetadata> diff --git a/net-firewall/firewalld/Manifest b/net-firewall/firewalld/Manifest new file mode 100644 index 000000000000..9d2b36d07c19 --- /dev/null +++ b/net-firewall/firewalld/Manifest @@ -0,0 +1,6 @@ +AUX firewalld.init 272 SHA256 4717ba9b5d137493528d9f334e829d507eb3e9cf052abc6653dea1c2fc583f56 SHA512 ed71564d92f4235bb1209cf1141e28f825e4b0e3d84e7214456399e1ac0a787c02d06fecd38eaa7643b4c571b90bfe2e3c93d9826ea448ebd480c0794b62265d WHIRLPOOL 2de2499925ce7aecd946066ab32c10fd55f1a84e1945b3dd90b05a21e624ff13f2a318d44062f88c825f1142f20a085df555d3aa02cc379b9760d0803902bf64 +DIST firewalld-0.4.3.3.tar.bz2 679617 SHA256 e57d851e4f1aa65927e055d3e73b7a29a5ae37de51671ce1885e030fe6e0b6d4 SHA512 21cb91b9545263f6da4a6ff218c939b610c7fe5dba2ad509803673d9c01cf6fecb4ab32bacf1a04e3d579fd9699a03760475285f824a6641902037c81ad2243a WHIRLPOOL 89077aefa28752e51472510bc5080c61e1f6051062efd4aaac08c8a60879b1c3d00db9d9ad7c33d8a49d8868fb9796c0bf945c869a470380f9e2ab017c45ab41 +EBUILD firewalld-0.4.3.3.ebuild 2876 SHA256 f4ef1608f614dce96336373681d666efe866149863a90bac678df28ce33f87f8 SHA512 25fc5a1e8b70a5a8d38eec24adb924aeb9b7e349dcc4fcc595abbbdb4ea3b47d7e684e8b07e3c85d3b33e027d1f6388ba14bff91c8a3a883fd8311eb9d3f4ea2 WHIRLPOOL 0525c8779bcf22ffee817ec76e05f326a34998bae1afcac0d38aa19fcef4fcae5fc186d4dfcb6560b6b066af08c5fa15633fddf1edd553b820195d8411df3498 +MISC ChangeLog 5943 SHA256 45282f3a33ec109c7f8a41a0550fe22e7b210d3be5d516e78da80c00ab0311b1 SHA512 7e74e02cc7261f651f3fd44d7f59cf4f7b93d47aaf395aa3cb1b18fb8be1ea0a31044ad42d07411cd198b612703ca5d1bcc92febfd0a207fc6a3c592aca3f339 WHIRLPOOL f3d63f89b0723f21e0142207375cdbe19da9e14511a0e9c87a962b63603b309624ec98ab90e6395f2184cca19f56d46963c3213c0e4eff6a639aa89aeabb3fca +MISC ChangeLog-2015 3590 SHA256 97c414c1cc466497b0e6503d877594b3bc158292cfa9cfba5fc9627e97eb3e07 SHA512 4ed53b8c1e1091f1a7995348d394666ff99d51973674006ef2efd5897ed3712039d3a3ab928a9afb2726964904eb2dcde7d13a69a00b3b79b1a400c726792069 WHIRLPOOL 68237672f48ac14952a7c65aa35e46ed21c9adefecba6f3ced6582da7aebec93249a3a956661490af00cc93cddd2af681e5cc1c7836a48954382de8aef43a2ee +MISC metadata.xml 365 SHA256 dece091972015561e750838735cb37eb11035ba4adf25afb7866156cb596d522 SHA512 b317c52dc7ab211183555f45d1b84786f9aede73f3b59eee54aa696b4e358e42dd7c30044e89931c2362f3a11c5180f1136f7631bf19c1fe02e29d68bea4c5a6 WHIRLPOOL a431a89d5f00a7f37a7510df409fff6e291747a5dac5dec1883757a94a4f2f6a3aa529a04c7566eba2f61c1c42c7c6d8e9e07d8a04fd6dd736c0ce7fc57ef6a8 diff --git a/net-firewall/firewalld/files/firewalld.init b/net-firewall/firewalld/files/firewalld.init new file mode 100644 index 000000000000..2618338e9f81 --- /dev/null +++ b/net-firewall/firewalld/files/firewalld.init @@ -0,0 +1,12 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="FirewallD" +command=/usr/sbin/firewalld +pidfile=/var/run/firewalld.pid + +depend() { + need dbus + provide iptables ip6tables ebtables +} diff --git a/net-firewall/firewalld/firewalld-0.4.3.3.ebuild b/net-firewall/firewalld/firewalld-0.4.3.3.ebuild new file mode 100644 index 000000000000..e270b3f02b37 --- /dev/null +++ b/net-firewall/firewalld/firewalld-0.4.3.3.ebuild @@ -0,0 +1,108 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) +#BACKPORTS= + +inherit autotools eutils gnome2-utils python-r1 systemd multilib bash-completion-r1 + +DESCRIPTION="A firewall daemon with D-BUS interface providing a dynamic firewall" +HOMEPAGE="http://www.firewalld.org/" +SRC_URI="https://fedorahosted.org/released/${PN}/${P}.tar.bz2 + ${BACKPORTS:+https://dev.gentoo.org/~cardoe/distfiles/${P}-${BACKPORTS}.tar.xz}" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="amd64 ~arm64 x86" +IUSE="gui" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND="${PYTHON_DEPS} + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/decorator[${PYTHON_USEDEP}] + >=dev-python/python-slip-0.2.7[dbus,${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}] + net-firewall/ebtables + net-firewall/iptables[ipv6] + net-firewall/ipset + || ( >=sys-apps/openrc-0.11.5 sys-apps/systemd ) + gui? ( + x11-libs/gtk+:3 + dev-python/PyQt4[${PYTHON_USEDEP}] + )" +DEPEND="${RDEPEND} + dev-libs/glib:2 + >=dev-util/intltool-0.35 + sys-devel/gettext" + +src_prepare() { + [[ -n ${BACKPORTS} ]] && \ + EPATCH_FORCE=yes EPATCH_SUFFIX="patch" EPATCH_SOURCE="${S}/patches" \ + epatch + + epatch_user + eautoreconf +} + +src_configure() { + python_setup + + econf \ + --enable-systemd \ + --with-iptables="${EPREFIX}/sbin/iptables" \ + --with-ip6tables="${EPREFIX}/sbin/ip6tables" \ + --with-iptables_restore="${EPREFIX}/sbin/iptables-restore" \ + --with-ip6tables_restore="${EPREFIX}/sbin/ip6tables-restore" \ + --with-ebtables="${EPREFIX}/sbin/ebtables" \ + --with-ebtables_restore="${EPREFIX}/sbin/ebtables-restore" \ + "$(systemd_with_unitdir 'systemd-unitdir')" \ + --with-bashcompletiondir="$(get_bashcompdir)" +} + +src_install() { + # manually split up the installation to avoid "file already exists" errors + emake -C config DESTDIR="${D}" install + emake -C po DESTDIR="${D}" install + emake -C shell-completion DESTDIR="${D}" install + emake -C doc DESTDIR="${D}" install + + install_python() { + emake -C src DESTDIR="${D}" pythondir="$(python_get_sitedir)" install + python_optimize + } + python_foreach_impl install_python + + python_replicate_script "${D}"/usr/bin/firewall-{offline-cmd,cmd,applet,config} + python_replicate_script "${D}/usr/sbin/firewalld" + + # Get rid of junk + rm -rf "${D}/etc/rc.d/" + rm -rf "${D}/etc/sysconfig/" + + # For non-gui installs we need to remove GUI bits + if ! use gui; then + rm -rf "${D}/etc/xdg/autostart" + rm -f "${D}/usr/bin/firewall-applet" + rm -f "${D}/usr/bin/firewall-config" + rm -rf "${D}/usr/share/applications" + rm -rf "${D}/usr/share/icons" + fi + + newinitd "${FILESDIR}"/firewalld.init firewalld +} + +pkg_preinst() { + gnome2_icon_savelist + gnome2_schemas_savelist +} + +pkg_postinst() { + gnome2_icon_cache_update + gnome2_schemas_update +} + +pkg_postrm() { + gnome2_icon_cache_update + gnome2_schemas_update +} diff --git a/net-firewall/firewalld/metadata.xml b/net-firewall/firewalld/metadata.xml new file mode 100644 index 000000000000..1d49811fa2be --- /dev/null +++ b/net-firewall/firewalld/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>virtualization@gentoo.org</email> + <name>Gentoo Virtualization Project</name> + </maintainer> + <use> + <flag name="gui">Builds and installs GUI configurator and GTK+ applet</flag> + </use> +</pkgmetadata> diff --git a/net-firewall/fwanalog/Manifest b/net-firewall/fwanalog/Manifest new file mode 100644 index 000000000000..d6c07de1bef3 --- /dev/null +++ b/net-firewall/fwanalog/Manifest @@ -0,0 +1,5 @@ +DIST fwanalog-0.6.4.tar.gz 128787 SHA256 8ddc4c7ec16e59a27691e25fdd1f266838230ee08c3495fa289db0e7fc008e13 SHA512 953ca03c070e82370dc2a993c19113b4a92f89be6a0d77edbbcb722420c9fc28d3f4bb454441c3e82f36eb27584ff88090beab18c095051a2e8ef7bc28b52da2 WHIRLPOOL 3b274f44788e411ddec0256e47f735de94cc2eadb66ab4f295986417cf3f4b525c0c35f40f83f5e5dec6179ea44d26cc61c8f74db5fc47d6b56f6eab174d9fa9 +EBUILD fwanalog-0.6.4.ebuild 948 SHA256 5be3a565604a4d82d9b27ac56d4aef7999cabf2f13ff25dcc0af9ec52abc0085 SHA512 c04512d5400a56344bdd54015bd35e219ccfce5af7c0f166fbf11a737eecaffa85ae5bfded021f92f90e02cfe0bc941e3ff00b8c97318c6cfea73519dc8a2bea WHIRLPOOL 0e6e061ae7ea1f2578fa6aa866c82520f04909d1e932f58ab0e2abf52bd51b4cb85a76d7213916b5a6e9041ec13137e30c699bdd4e270787ac732b401d480def +MISC ChangeLog 2529 SHA256 df03c1cc3b576747489d3071dbba853d64f603f9cb916cc573b7e096d341e342 SHA512 4c7875c16def8999c70b51bf116d6c49b8d9688e81639099d32a05843b006d65a5c050b25323d3036f52b53105f40d30314048da54a759f686ec463beda19273 WHIRLPOOL f32f2a08590967602acaaea9292da90ad150c27628305bb29a23e68d49ab63b288803fabdd8b53f4e9ec2157c15fe44936fcb451418a4eff5fa772336b1edd73 +MISC ChangeLog-2015 2145 SHA256 13f4a003c863277739222e59e23c97891116df42b72f08fce2d797af256e919b SHA512 122d13e5d0c8cdb151fb03400f281da4cb471fe5fed3fa2a4787afb24bc11ed43bd1dd76d9728039832461705a6e9b4eb0d32c11a749dd5a8f04eb1fc3dbaa7b WHIRLPOOL c41b5a5069021d9e9072ea9d9ba2b80ee8ad3d62025d159f1ca83cfbd177e9f92a05ec59423c76aec32fb5f0792acd00012dfcb5bf93d8796e7273871b38723e +MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968 diff --git a/net-firewall/fwanalog/fwanalog-0.6.4.ebuild b/net-firewall/fwanalog/fwanalog-0.6.4.ebuild new file mode 100644 index 000000000000..4f74bd138155 --- /dev/null +++ b/net-firewall/fwanalog/fwanalog-0.6.4.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +DESCRIPTION="Script to parse firewall logs and analyze them with Analog" +HOMEPAGE="http://tud.at/programm/fwanalog/" +SRC_URI="http://tud.at/programm/fwanalog/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 x86 ppc sparc" +IUSE="" + +DEPEND="" # this is just a bash script +RDEPEND="app-shells/bash + sys-apps/grep + virtual/awk + sys-apps/sed + app-arch/gzip + sys-apps/diffutils + dev-lang/perl + >=app-admin/analog-5.31" + +src_install() { + insinto /etc/fwanalog + + insopts -m0700 ; doins fwanalog.sh + + insopts -m0600 + doins fwanalog-dom.tab fwanalog.lng services.conf + doins fwanalog.analog.conf fwanalog.analog.conf.local + newins fwanalog.opts.linux24 fwanalog.opts + + dosed "s/\"zegrep\"/\"egrep\"/" /etc/fwanalog/fwanalog.opts + + dodoc CONTRIBUTORS ChangeLog README + docinto support ; dodoc support/* + docinto langfiles ; dodoc langfiles/* +} diff --git a/net-firewall/fwanalog/metadata.xml b/net-firewall/fwanalog/metadata.xml new file mode 100644 index 000000000000..6f49eba8f496 --- /dev/null +++ b/net-firewall/fwanalog/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> +</pkgmetadata> diff --git a/net-firewall/fwbuilder/Manifest b/net-firewall/fwbuilder/Manifest new file mode 100644 index 000000000000..047c615b1d47 --- /dev/null +++ b/net-firewall/fwbuilder/Manifest @@ -0,0 +1,12 @@ +AUX fwbuilder-5.0.0.3568-ldflags.patch 469 SHA256 65f549a65b7b7c605c5a2872baac20ba80c90a2e01c8525fd2e88884798f80cc SHA512 3047ad8ecd868eca28a58b9c124f2c05f7bdc68c08da7017896a13cf77c9ed9d033e227d9c520973174d3551334af26319b31491a4264062be94dd04cd97f372 WHIRLPOOL 4d4dbbaf585efa308ef6b03663606cbad05773cef6073cc3097a785c8616cd873fcc9357c4e770c8269b20442b304fd30994483504b0b09ead58f4792ca72f16 +AUX fwbuilder-5.0.1.3592-gcc47.patch 321 SHA256 c15eac3235980e7bf4824abcf3a1583a7c3053fc7376e44022237e9cf64a07f1 SHA512 13800468ef7958fe811b42833b101d221a5126f13f3191c8d84c8cd7da3e02163e522bf7c87a5c739ef6ab935ab80798e947c2b81fc90168881eec502dd861a8 WHIRLPOOL 1fe6a03dc4377a78be01eb6bc173fdaa84b5e5556184bd339ac79a0230ebfe6c5c049b0e93b48633cdd5ea9126517d34b13cac49b46d5e2160899c9f0515f0e7 +AUX fwbuilder-5.0.1.3592-stdc-format-macros.patch 1684 SHA256 6bb4ac02615247a7102021126eae788e67f9242c11e0b865a27ba2efd33f278f SHA512 ec13849e07683ce6ebc0098f1eae803a232fdde692e46c591a3a7c9cf0fb22d28d9de6ff773051089ce75a7dd55cbab63063f0391f6f9960b631c21ec4ca38ef WHIRLPOOL 7871e586a5646bf021a8820435b49ddfe3e43584870b8a9edfdfdd45e41e65c6ca44510ab2d5193976685172ce5c43e05c4207d0726fa16cd0b93487c5020b57 +DIST fwbuilder-5.0.1.3592.tar.gz 6733502 SHA256 22120de712844b5d89a3f2924964c16cc86f96f2156ace7c3f551bd0d713c94b SHA512 aac34c97963819f0dca4a6bfa63987df45cdd6905164b49ae6f6a423f044fc52aeb09b15b2fc294e1aa3da97d3d31e75bdf9a690e383f579a2fb40ef656f4885 WHIRLPOOL 436e5f8c802e6b25c588f3296ac0cbce89aa818c53871296615980aee6b71b84a64a44808f7d2390ee73b11e83b2acc88d94c7b236df5caf83788d735276211f +DIST fwbuilder-5.3.6.tar.gz 7325429 SHA256 672c2870c3a2ce1eb504a97d17ea9a8eb6dd61ec314cf79b9488b48a356cdfa6 SHA512 70f6888d09c89a624ea35f119c1e00d5a7e57d993d8658fd164e35bce073503bf66f3c9e05ffa1b49ab9371cf219825d22a41c31604c63de5290dd64845e06af WHIRLPOOL a559061861447bff1657857c5a9f551e4eb0315fdea99199025d9cdaae3b1163cb69f97c36517bbe39998b0a9a97026d9737485b5a01144cd8296c502830e9b6 +DIST fwbuilder-5.3.7.tar.gz 7332419 SHA256 aba1ed8f690e9e4659c0e981120ea68da7ee327d6cf81260d51329351addf91e SHA512 d6504ddab17e80cb332f005b6bbb16c15a7b4735361733f0e0437cb94059a5c9039e563be6e0e8d328954db2416b2c0bdbb8afa36cd946f61e7c7edaee47453b WHIRLPOOL 0191f0f812b494bae9d4c00cc4a26315f32c378e5395270f56cd4e3d7d0c189d67ec154c28d9aaeecee0b0304c1bb5cf61db2a738b32b189ee53f306849fdfa9 +EBUILD fwbuilder-5.0.1.3592-r1.ebuild 1142 SHA256 c5591b2d4db80a2a283ce6732582777dc8dca6aef173bcaae5172a4b1d721a41 SHA512 eae8e3fe6343d4fc1ecd0295d7f64775cc7b7d347c16d4b4cac2a1fa30ef1d2d4516715b154725dd6b7aea3f07b2ce99d54634613d50887774fac0372e3ebce4 WHIRLPOOL b8a371a5cd7ef013a2206635964658698767c71c5a8ba2ab1883efa414117c8a918e2ff08549cc62093ad28d2f9a84da50780b1f6ac87bae7e998fd9779905af +EBUILD fwbuilder-5.3.6.ebuild 966 SHA256 ba0e0ee1066dbe39c91e5dc47789d0390e591b1e5305b7c582ce6b9cf5500aeb SHA512 e5c78f3f4d71ad9ecd769f63272b4f8c3e4649cd16d88322ff79f3e5af684587b8ecadbc92ed1f07bd2133e829329f0ea9106b60d41d223043b6db3baeacf526 WHIRLPOOL a6d0899efe7c82f0ce26aa66555c47ed5eafb40803de42bdaf41f94ab49795b29708a8977e46d64d9e165451ed4ba87367e7fef5821d59e45bfee8ba6dce11e0 +EBUILD fwbuilder-5.3.7.ebuild 1499 SHA256 c65f7ca39fa398bb4671c02b8ad26c38c218d09aa105c0506cf2bf4ebdaa18c8 SHA512 f95d657e018e8953ca17b938765e708e8a2d6794beed4b1f6762a941760aaac6e856cda46a63e1098399c3d4ff0de25809864327f255607a4e5ffcd9dba075ee WHIRLPOOL 43e222433ffe39798dd946d8ce7296775099044f92bdbcbaec9bdbe5e06b2f00dc74600e3641dc8fa2c5e6f9d7bfb20222a8d0efc64e484f630b3bd3e940d855 +MISC ChangeLog 3454 SHA256 edd6317fa6b92bc90f320c51e0b2bba0617aec82ff52f2444fd9876bab9e7e57 SHA512 3386a82d715bf5dcd56860c38775314b507aa50fae7f1685b5ab218f43dde472788bb9af5e76b3eee321d4c8caa166512cc7f13823eb5b5d6bc883b560ff974c WHIRLPOOL e22425660892c5377a21da86a3238ec32c17f9d022feeff42cac203dada06a0f2dcffe0444e043a77c90b7e45ba1c6c0bdc41a35b68bde01ce59c6edb75de3d7 +MISC ChangeLog-2015 20862 SHA256 4248e5ae2e28c214f0489e2bfcf39ef1a26fbc4fea15daea88682aad89bc5c8c SHA512 c5f9ea9c313070a938c90b831e392a4dbf7c98a740c3194046000e92f5dbc68f3f57162af9bb6da7ef21c8cf703914cf88ff1b60b135d53c7abd0bf997611a59 WHIRLPOOL eddd51338384dfca5fd75caf5e81c9f33e573cdb1ff529ca707749bb7843968730c6acce5f261e248ae2ddf6e11e181ef9ea38c62e07bed12366c938166b1623 +MISC metadata.xml 520 SHA256 5134ca480376f531890da4894056865392fef4168ad642e8f5619420c9d524ac SHA512 deda312a012b6b7e342fa3b37d53a6c6fc2b5de129121314856ea659dad92cf3e7b17923f2942bc606deab719907a26e9908c35d087596291b05c0f2e1645e62 WHIRLPOOL 51ab38cfd8ebfce202f1b4a34b76b8d4eb804b68d5a27ebd8b77ca7281d73b058115997299bdd0722feada2b5a0ad83a0a60c1e87a32d3e4429090b2e8c4a06d diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch new file mode 100644 index 000000000000..d9df8429d390 --- /dev/null +++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.0.3568-ldflags.patch @@ -0,0 +1,11 @@ +diff -Naurp fwbuilder-5.0.0.3568.orig//qmake.inc.in fwbuilder-5.0.0.3568//qmake.inc.in +--- fwbuilder-5.0.0.3568.orig//qmake.inc.in 2011-07-25 19:27:44.000000000 -0400 ++++ fwbuilder-5.0.0.3568//qmake.inc.in 2011-08-19 17:00:41.259985388 -0400 +@@ -39,6 +39,7 @@ unix { + QMAKE_CFLAGS_RELEASE += -Wno-unused-parameter + QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter + QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter ++ QMAKE_LFLAGS = @LDFLAGS@ + + !macx { + diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch new file mode 100644 index 000000000000..7849e2b6da95 --- /dev/null +++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-gcc47.patch @@ -0,0 +1,11 @@ +--- a/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-06-04 15:02:55.909203733 -0400 ++++ b/src/libfwbuilder/src/fwbuilder/ThreadTools.h 2012-06-04 15:04:54.079198998 -0400 +@@ -31,7 +31,7 @@ + + #include <time.h> //for time_t definition + #include <pthread.h> +- ++#include <unistd.h> + #include <string> + #include <queue> + diff --git a/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch new file mode 100644 index 000000000000..3658c10a3eec --- /dev/null +++ b/net-firewall/fwbuilder/files/fwbuilder-5.0.1.3592-stdc-format-macros.patch @@ -0,0 +1,51 @@ +From: Vadim Kurland <vadim@slot.vk.crocodile.org> +Date: Tue, 14 Feb 2012 04:59:26 +0000 (-0800) +Subject: fix for SF bug #3468802. Define macro __STDC_FORMAT_MACROS. This still +X-Git-Url: http://fwbuilder.git.sourceforge.net/git/gitweb.cgi?p=fwbuilder%2Ffwbuilder;a=commitdiff_plain;h=f97a1b50ba51be5fa31cc54dba829a9e77609160;hp=15565ade5dc843e5fefe83568a023c37256c3c3c + +fix for SF bug #3468802. Define macro __STDC_FORMAT_MACROS. This still +needs to be tested on all build machines. +--- + +diff --git a/qmake.inc.in b/qmake.inc.in +index 6bf27e0..3e31fd6 100644 +--- a/qmake.inc.in ++++ b/qmake.inc.in +@@ -67,6 +67,9 @@ unix { + + CONFIG += warn_on + ++ QMAKE_CXXFLAGS_DEBUG += -D__STDC_FORMAT_MACROS ++ QMAKE_CXXFLAGS_RELEASE += -D__STDC_FORMAT_MACROS ++ + } + } + +diff --git a/src/libfwbuilder/qmake.inc.in b/src/libfwbuilder/qmake.inc.in +index b4f15bb..a8114cf 100644 +--- a/src/libfwbuilder/qmake.inc.in ++++ b/src/libfwbuilder/qmake.inc.in +@@ -34,6 +34,9 @@ unix { + QMAKE_CXXFLAGS_DEBUG += -Wno-unused-parameter @CXXFLAGS@ + QMAKE_CXXFLAGS_RELEASE += -Wno-unused-parameter @CXXFLAGS@ + ++ QMAKE_CXXFLAGS_DEBUG += -D__STDC_FORMAT_MACROS ++ QMAKE_CXXFLAGS_RELEASE += -D__STDC_FORMAT_MACROS ++ + exec_prefix = @EXEC_PREFIX@ + DESTDIR = + +diff --git a/src/libfwbuilder/src/fwbuilder/uint128.h b/src/libfwbuilder/src/fwbuilder/uint128.h +index 0a2e7a4..b00ab47 100644 +--- a/src/libfwbuilder/src/fwbuilder/uint128.h ++++ b/src/libfwbuilder/src/fwbuilder/uint128.h +@@ -36,7 +36,7 @@ + + #include <stdio.h> + +-#define __STDC_FORMAT_MACROS ++// #define __STDC_FORMAT_MACROS + #include <inttypes.h> // for sprintf formats for "long long" + + // convinience macro + diff --git a/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild b/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild new file mode 100644 index 000000000000..beadb373cea3 --- /dev/null +++ b/net-firewall/fwbuilder/fwbuilder-5.0.1.3592-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit eutils base qt4-r2 multilib autotools + +DESCRIPTION="A firewall GUI" +HOMEPAGE="http://www.fwbuilder.org/" +SRC_URI="mirror://sourceforge/fwbuilder/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc ppc64 x86" +IUSE="" + +DEPEND=">=dev-qt/qtgui-4.3:4 + dev-libs/openssl + dev-libs/elfutils" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.0.3568-ldflags.patch" + "${FILESDIR}/${PN}-5.0.1.3592-gcc47.patch" +) + +src_prepare() { + # Fix a compile bug that affects some x86_64 platforms. + # Addressed in the upcoming 5.0.2.3596 release. + # Closes #395151. + epatch "${FILESDIR}/${P}-stdc-format-macros.patch" + + qt4-r2_src_prepare + sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die #398743 + eautoreconf +} + +src_configure() { + eqmake4 + # portage handles ccache/distcc itself + econf --without-{ccache,distcc} +} + +src_install() { + emake INSTALL_ROOT="${D}" install +} + +pkg_postinst() { + validate_desktop_entries + + elog "You need to emerge sys-apps/iproute2 on the machine" + elog "that will run the firewall script." +} diff --git a/net-firewall/fwbuilder/fwbuilder-5.3.6.ebuild b/net-firewall/fwbuilder/fwbuilder-5.3.6.ebuild new file mode 100644 index 000000000000..9ae8b3f7a8a1 --- /dev/null +++ b/net-firewall/fwbuilder/fwbuilder-5.3.6.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit qmake-utils autotools + +DESCRIPTION="A firewall GUI" +HOMEPAGE="http://www.fwbuilder.org/" +SRC_URI="https://github.com/UNINETT/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" +IUSE="libressl" + +DEPEND=" + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + dev-libs/elfutils + >=dev-qt/qtgui-5.5.1-r1:5" +RDEPEND="${DEPEND}" + +src_prepare() { + eapply_user + sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die #398743 + mv configure.in configure.ac || die #426262 + eautoreconf +} + +src_configure() { + eqmake5 + # portage handles ccache/distcc itself + econf --without-{ccache,distcc} +} + +src_install() { + emake INSTALL_ROOT="${D}" install +} + +pkg_postinst() { + validate_desktop_entries + + elog "You need to emerge sys-apps/iproute2" + elog "in order to run the firewall script." +} diff --git a/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild b/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild new file mode 100644 index 000000000000..a3fb5b1aeb90 --- /dev/null +++ b/net-firewall/fwbuilder/fwbuilder-5.3.7.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit autotools gnome2-utils qmake-utils + +DESCRIPTION="A firewall GUI" +HOMEPAGE="http://www.fwbuilder.org/" +SRC_URI="https://github.com/fwbuilder/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" +IUSE="" + +DEPEND=" + dev-libs/libxml2 + dev-libs/libxslt + dev-qt/qtcore:5 + dev-qt/qtgui:5 + dev-qt/qtnetwork:5 + dev-qt/qtprintsupport:5 + dev-qt/qtwidgets:5 + sys-libs/zlib +" +RDEPEND="${DEPEND}" + +src_prepare() { + eapply_user + + # bug 398743 + sed -i -e '/dnl.*AM_INIT_AUTOMAKE/d' configure.in || die + + # we need to run qmake ourselves using eqmake5 in src_configure to + # ensure we respect CC, *FLAGS, etc. + sed -i -e "/runqmake.sh/d" configure.in || die + + # bug 426262 + mv configure.in configure.ac || die + + # don't install yet another copy of the GPL + sed -i -e '/COPYING/d' doc/doc.pro || die + + eautoreconf +} + +src_configure() { + econf \ + --without-{ccache,distcc} # portage handles ccache/distcc itself + --with-docdir="/usr/share/doc/${PF}" + --with-qmake="$(qt5_get_bindir)/qmake" # use fully-qualified qmake, bug #599466 + + # yes, we really do need to run both econf and eqmake5... + eqmake5 +} + +src_install() { + emake INSTALL_ROOT="${D}" install +} + +pkg_postinst() { + gnome2_icon_cache_update + + elog "You need to install sys-apps/iproute2" + elog "in order to run the firewall script." +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/net-firewall/fwbuilder/metadata.xml b/net-firewall/fwbuilder/metadata.xml new file mode 100644 index 000000000000..797459b851a1 --- /dev/null +++ b/net-firewall/fwbuilder/metadata.xml @@ -0,0 +1,16 @@ +<?xml version='1.0' encoding='UTF-8'?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>kevin.bauman80@gmail.com</email> + <name>Kevin Bauman</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Gentoo Proxy Maintainers Project</name> + </maintainer> + <upstream> + <remote-id type="github">UNINETT/fwbuilder</remote-id> + <remote-id type="sourceforge">fwbuilder</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/fwipsec/Manifest b/net-firewall/fwipsec/Manifest new file mode 100644 index 000000000000..aced74fe01e8 --- /dev/null +++ b/net-firewall/fwipsec/Manifest @@ -0,0 +1,5 @@ +DIST fwipsec-0.4.2.tar.bz2 13114 SHA256 8fa4204c968198a3ea40c8b5efa20c77258be4c912d11d16c1a4c51f712d9aa4 SHA512 752af6b937f6b08b3613f50c789911dd09b1648c57b9ab613fe98922c9f38043a1cee9b45a94f02b51031f3ef4feefc29f192beafec4506202925f71f8e82d0d WHIRLPOOL 122b325b72e2e1f14ac8abd8554c85dd438cfe3ca2410b7ec1339678c8eeb81347bf22af2d055f867caa83ee913c9d42272f70f20595ee17a696a72331c068c8 +EBUILD fwipsec-0.4.2-r1.ebuild 637 SHA256 dd0fccdfd085206f4a9aee3493af3d0e5b6cf91ef43084c104c6dd7b6ac7f842 SHA512 5e6656ce5e61b0e93107608c60e46ce9fe7f81725077a3ae2244ae6bdce6b2a4a9e842da471cba1ca027c59c8d10f8a1adfb0f44ea9a8a9d455605d899bda7fa WHIRLPOOL 0713a68f5b737816eceef109143f430a4e3e32e7f8a59cf09bdd9dfe7d57f99378124b5efc9698c6e34f17127ddbadc7f77a395fdda4414555e7fb62feac7325 +MISC ChangeLog 3078 SHA256 46a7773e6b754b86cfd111f436b20c4010b86caf46afbd5a82f31d4b6e9b0a03 SHA512 52eef5a800d679d157027ce6a23b1f96e0f3c883d5c9a55a03267178ced5cc7e5cb1f0028975d267c55320a50af7123d68aabeab976b9fc895597b1d85ef7f6f WHIRLPOOL f3dba66771dedd179706085a14fbc9c7928dfcfdd2845b5ed2bb7815f961d890ce186b243356a2a983fc83635ed8d1eabb41bfc9c240b15108616cb5d1b0c761 +MISC ChangeLog-2015 2015 SHA256 985dfda277f8b0dc10c3f568d9a9b5db5322e10be80c5c9a32785a3b25ed40b0 SHA512 68de5b091483d0e182a502beb8df89932ea7de4b59bf83f1305d1108e183d64e28b20338e141620db0a431380e273701b0d35d058dbaac03b40867147eda4500 WHIRLPOOL 58de840c7bded5dc4e0adf836a6b9250520dca5183cacfc7420c0b3e276b6a0da74891b35208be5ffc24059adb26df7fc272b19b7e765f11e0cf253f1e24b01d +MISC metadata.xml 244 SHA256 6012db09dee7d632ca0c0baf1e637cabf3b9c6b68e830e841a124c479f460878 SHA512 b7e666d8c442cf743a0945509197a8ade888c22a0b6f175af937185df2649c05bbbd95e3bff0c33da81bf393899d7b8552fbd27d42dd18572119d5e61f1410e3 WHIRLPOOL 187addb64af741d850e09c34c7f4f0ec55e213612d3647a88a47bb1b35edcc27d92c60ab6d019c9565f159c0aef4b3c1e3af04b5ec6c97d83559983732560010 diff --git a/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild b/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild new file mode 100644 index 000000000000..3dec312a3916 --- /dev/null +++ b/net-firewall/fwipsec/fwipsec-0.4.2-r1.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +S=${WORKDIR}/${PN} +DESCRIPTION="Firewall scripts that control iptables, FreeS/WAN, and squid" +HOMEPAGE="http://fwipsec.sourceforge.net/" +SRC_URI="mirror://gentoo/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +IUSE="" +KEYWORDS="alpha amd64 ~hppa ia64 ~mips ~ppc ~sparc x86" + +DEPEND=">=net-firewall/iptables-1.2.7 + sys-apps/iproute2" + +src_install() { + exeinto /etc/fwipsec + doexe fwipsec.* + doinitd fwipsec + + dodoc LICENSE DOCS/README* + doman DOCS/*.5 +} + +pkg_postinst() { + elog "Edit /etc/fwipsec/fwipsec.defs to set your base rules." +} diff --git a/net-firewall/fwipsec/metadata.xml b/net-firewall/fwipsec/metadata.xml new file mode 100644 index 000000000000..30534ef172e2 --- /dev/null +++ b/net-firewall/fwipsec/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <upstream> + <remote-id type="sourceforge">fwipsec</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/fwknop/Manifest b/net-firewall/fwknop/Manifest new file mode 100644 index 000000000000..cce67c03a143 --- /dev/null +++ b/net-firewall/fwknop/Manifest @@ -0,0 +1,9 @@ +AUX fwknopd.confd 475 SHA256 818366d8012cf50771ab427bcf645de697e7d05e4bb80d5eb2f98291e071d510 SHA512 a23e42ca59f2d86b0ff1456773419d9b075bdae83fcd307d506dd9e282b58d24c6f6c50ea3418d5cce07a447f32f0089f747516e8f108b7e3c03944ea59a6412 WHIRLPOOL 79a7efe36d88bd4d313a342aa75bcb2a02acbb954c46947c5b9470277cabdd5c1cc66ccae5eb0b4e6a8002b5b0fde7ee4c069d160e2e19f2de8d48b3875a9382 +AUX fwknopd.init 2706 SHA256 ace9569324d049a226d09c91373644c0181e7f714eebd5bacd13c04e2d5fa093 SHA512 6e58cb40bd2c69b624fa5bb320f79e6befd91bc39e4aa66ec0b2a2a014b9342377ea919b364cf52cfda76b924d5d497a79b0d66f2e0c7339894b75bfa9e165fa WHIRLPOOL 7ffa1eb97bc2bace6e4d40d180bd3087db236947dfbc551b133c4f1cff3ec5fbe891ba9b8a7aebca824637cfcd5f5c7aba043ae3be8eace02368411f829f6d81 +AUX fwknopd.service 235 SHA256 c88fbe0588731a5dea7d358680d5625876d36b6732ac51d8812390affc8d79b9 SHA512 890bbba586183275cbd3b420a9c0d609ff3eca0fd239b4af97e2730e2790f317fc114f51d60107ba4fbddd2cabb60c70d8b615e2a75bb80cf27d352c894a1c6d WHIRLPOOL 1389d12053c0a0904e661065095ee6d3102ae2fe2934814aabce7e282b7fc512e80c01a53cc9d74c78c861f95b738c47148dc1446e3f3271187c04da42ee3a3a +AUX fwknopd.tmpfiles.conf 31 SHA256 ba9eed2ec8f4230ab2070865a829e0da290761e93a0979212481c974314e77b7 SHA512 73b56a42c7728c9dabd82cd81bd6ffa1b948fe80fa67feee348ad65f957f1f2ea53c6b5d74fa2784ea75c45c2c27b5d989da4a618f3a4cf67914c927e04b74ae WHIRLPOOL 06466f7d6a70edc7a7a02b0c492e37143aab3735b7d294ea88a1371e4bf9ed70b47e871cdd293e9e879e7e40783bfaba90f6aa81580ac1a785f3e275ba21399a +DIST fwknop-2.6.9.tar.gz 3043542 SHA256 0a8de8d3e2073ad08f5834d39def6c33fd035809cfddbea252174e7dc06a5a51 SHA512 4706560d44c911c8604059d88dded9c1b8c333399d90ec7dc366c0fba96c79680bdbf1b8b5e76cc34aaf3a1e58fff80db8f5f20c96d57481bdb476a9b99f4d1b WHIRLPOOL e9ac76f39f8991af4a56f85f50f2ea982a7d043cfb17c824cbaf3ebd18e34630b86abdf198e9e91239c4acf67db56539a9dee00ee379ec39314adb5bc233344c +EBUILD fwknop-2.6.9-r1.ebuild 3691 SHA256 e40b1f14afcb70bf39d8cd91b29a1bf87175dbf251002f17267c33092264d941 SHA512 ee6a6065e916cf745dfa9e8903166ab0de571138720134568349767f9f63ea0b00d5991a2b29206279f17d0e2968fb573195d3191c89bd0d1b2ca34c21a18473 WHIRLPOOL c44e1adcde5cb0a221a1a0c8ecb43472f060aaafa6328f962a708a04d306fe5e5f3f29e7f2e6e637392ebc7179f12e887fad92256661839b8afd5026af71514c +MISC ChangeLog 8140 SHA256 35c7b993e77213cd8fd5ab04ce14e1ad1559e94eb2548c935410e5f7109194ca SHA512 13f15847d75607dd3592693264b86be4895e9776ef4a1d6447feb2ab76733740b1126d36a355c8d6e388e7fa671a67c1bd2b168b074933a6f9ed430f7d86612f WHIRLPOOL f10627e102edab784c3ca2a830e028e7a7e71b4e2b4c3c09b58344ffd24362e1e398bc6d9d90d474f011cf81f41a6536c6ef2dd68222fe18bbb43a67fa1d8d0f +MISC ChangeLog-2015 1964 SHA256 9ae9b87ddd19f9aa29b820260929906c94dca2b6b05dab5a88b4f33c29e1fe89 SHA512 f8e8d28aa3c3bf6e8cb9dd9706188e0b54e254ccc66144bfd3e43268410bf2fe1540a5a0ba9a0afd7804e7c43adc7077002d805bbac269a3d6f1132168d3313b WHIRLPOOL a41b48ea32db7becb4bd5af50baea40a69d51fe3594bab79197653e01c0465868b1342c8456d6179cd09ba7de6ff62592983c256724f05c923530afbc447d9fc +MISC metadata.xml 1217 SHA256 79101e3c34af737f9399fa485ceb72efa82bf9bc6dca1e2ba51097c7eb9d92de SHA512 5f6c53eedff6224d8c282d4c8d1ecde4efaa975ecb7ed330ab2ccd01a9584f9ed71f5cca74fc4ad6d6aa241b2c95b8cb091546538ae64577ba61bbbd3b652954 WHIRLPOOL c85f4250fb47f7958f400fef75c601fd0c4058086ce88cff7adad20d638b7d3f95ab6bbbb1bc5704662c413e0fb32b0c49bd1520bd1acc5a6aa57a0b26ee5db0 diff --git a/net-firewall/fwknop/files/fwknopd.confd b/net-firewall/fwknop/files/fwknopd.confd new file mode 100644 index 000000000000..63bcd01dd82f --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.confd @@ -0,0 +1,21 @@ +# /etc/conf.d/fwknopd: config file for /etc/init.d/fwknopd + +# Path to the fwknopd config directory (needs to be an absolute path). + +FWKNOPD_CONFDIR="/etc/fwknop" + + +# Additional options to pass to fwknopd. +# Refer to the fwknopd(8) manpage for more information. + +#FWKNOPD_OPTS="" + + +# Pid file to use (needs to be an absolute path). + +#FWKNOPD_PIDFILE="/run/fwknop/fwknopd.pid" + + +# Path to the fwknopd binary (needs to be an absolute path). + +#FWKNOPD_BINARY="/usr/sbin/fwknopd" diff --git a/net-firewall/fwknop/files/fwknopd.init b/net-firewall/fwknop/files/fwknopd.init new file mode 100644 index 000000000000..dda1bf03156e --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.init @@ -0,0 +1,91 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="checkconfig" +extra_started_commands="reload" + +: ${FWKNOPD_BINARY:=/usr/sbin/fwknopd} +: ${FWKNOPD_CONFDIR:=/etc/fwknop} +: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf} +: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid} + +depend() { + after iptables ip6tables ebtables firewall + use logger + if [ "${rc_need+set}" = "set" ]; then + : # Do nothing, the user has explicitly set rc_need + elif [ -f "${FWKNOPD_CONFIG}" ]; then + local x warn_intf + for x in $(awk '/^[[:blank:]]*PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do + warn_intf="${warn_intf} ${x}" + done + if [ -n "${warn_intf}" ]; then + need net + ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!" + ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME}," + ewarn "where FOO is the following interface(s):" + ewarn "${warn_intf}" + else + # If PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0 + if ! grep -q '^[[:blank:]]*PCAP_FILE' "${FWKNOPD_CONFIG}"; then + need net + ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf," + ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0." + ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}." + fi + fi + fi +} + +checkconfig() { + if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then + eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd" + eerror "Example is located at /etc/fwknop/fwknopd.conf.example" + return 1 + fi + + if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then + eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd" + eerror "Example is located at /etc/fwknop/access.conf.example" + return 1 + fi + + [ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \ + && FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}" + + [ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \ + && FWKNOPD_OPTS="${FWKNOPD_OPTS} \ + --config=${FWKNOPD_CONFDIR}/fwknopd.conf \ + --access-file=${FWKNOPD_CONFDIR}/access.conf" + + return 0 +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start \ + --exec ${FWKNOPD_BINARY} --pidfile ${FWKNOPD_PIDFILE} \ + -- ${FWKNOPD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ]; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --pidfile ${FWKNOPD_PIDFILE} + eend $? +} + +reload() { + checkconfig || return 1 + + ebegin "Reloading ${SVCNAME} configuration" + start-stop-daemon --signal HUP --pidfile ${FWKNOPD_PIDFILE} + eend $? +} diff --git a/net-firewall/fwknop/files/fwknopd.service b/net-firewall/fwknop/files/fwknopd.service new file mode 100644 index 000000000000..d2e8c3125200 --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.service @@ -0,0 +1,12 @@ +[Unit] +Description=Firewall Knock Operator Daemon +After=network-online.target + +[Service] +Type=forking +PIDFile=/run/fwknop/fwknopd.pid +ExecStart=/usr/sbin/fwknopd +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/fwknop/files/fwknopd.tmpfiles.conf b/net-firewall/fwknop/files/fwknopd.tmpfiles.conf new file mode 100644 index 000000000000..b7cb3856b056 --- /dev/null +++ b/net-firewall/fwknop/files/fwknopd.tmpfiles.conf @@ -0,0 +1 @@ +d /run/fwknop 0700 root root - diff --git a/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild b/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild new file mode 100644 index 000000000000..5c86df5bfb0c --- /dev/null +++ b/net-firewall/fwknop/fwknop-2.6.9-r1.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +# Python extension supports only Python 2. +# See https://github.com/mrash/fwknop/issues/167 +PYTHON_COMPAT=( python2_7 ) +DISTUTILS_OPTIONAL=1 + +inherit autotools distutils-r1 eutils linux-info readme.gentoo-r1 systemd + +DESCRIPTION="Single Packet Authorization and Port Knocking application" +HOMEPAGE="https://www.cipherdyne.org/fwknop/ https://github.com/mrash/fwknop" +SRC_URI="https://github.com/mrash/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+client extras firewalld gdbm gpg +iptables nfqueue python +server udp-server" + +DEPEND=" + client? ( net-misc/wget[ssl] ) + firewalld? ( net-firewall/firewalld[${PYTHON_USEDEP}] ) + gdbm? ( sys-libs/gdbm ) + gpg? ( + app-crypt/gpgme + dev-libs/libassuan + dev-libs/libgpg-error + ) + iptables? ( net-firewall/iptables ) + nfqueue? ( net-libs/libnetfilter_queue ) + python? ( ${PYTHON_DEPS} ) + server? ( !nfqueue? ( !udp-server? ( net-libs/libpcap ) ) ) +" +RDEPEND="${DEPEND}" + +REQUIRED_USE=" + nfqueue? ( server ) + python? ( ${PYTHON_REQUIRED_USE} ) + server? ( ^^ ( firewalld iptables ) ) + udp-server? ( server ) +" + +DOCS=( AUTHORS ChangeLog README.md ) + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=" +Example configuration files were installed to '${EPREFIX}/etc/fwknopd/'. +Please edit them to suit your needs and then remove the .example suffix. + +fwknopd supports several backends: firewalld, iptables, ipfw, pf, ipf. +You can set the desired backend via FIREWALL_EXE option in fwknopd.conf +instead of the default one chosen at compile time. +" + +src_prepare() { + default_src_prepare + + # Install example configs with .example suffix. + if use server; then + sed -i -e 's|conf;|conf.example;|g' Makefile.am || die + fi + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --localstatedir="${EPREFIX}/run" + $(use_enable client) + $(use_enable !gdbm file-cache) + $(use_enable nfqueue nfq-capture) + $(use_enable server) + $(use_enable udp-server) + $(use_with gpg gpgme) + ) + use firewalld && myeconfargs+=(--with-firewalld="${EPREFIX}/usr/sbin/firewalld") + use iptables && myeconfargs+=(--with-iptables="${EPREFIX}/sbin/iptables") + + econf "${myeconfargs[@]}" +} + +src_compile() { + default_src_compile + + if use python; then + cd python || die + distutils-r1_src_compile + fi +} + +src_install() { + default_src_install + prune_libtool_files --modules + + if use extras; then + dodoc extras/apparmor/usr.sbin.fwknopd + dodoc extras/console-qr/console-qr.sh + dodoc extras/fwknop-launcher/* + fi + + if use server; then + newinitd "${FILESDIR}/fwknopd.init" fwknopd + newconfd "${FILESDIR}/fwknopd.confd" fwknopd + systemd_dounit extras/systemd/fwknopd.service + systemd_newtmpfilesd extras/systemd/fwknopd.tmpfiles.conf fwknopd.conf + readme.gentoo_create_doc + fi + + if use python; then + # Redefine DOCS, otherwise distutils-r1 eclass interferes. + local DOCS=() + cd python || die + distutils-r1_src_install + fi +} + +pkg_postinst() { + if use server; then + readme.gentoo_print_elog + + if ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_MATCH_COMMENT; then + echo + ewarn "fwknopd daemon relies on the 'comment' match in order to expire" + ewarn "created firewall rules, which is an important security feature." + ewarn "Please enable NETFILTER_XT_MATCH_COMMENT support in your kernel." + echo + fi + if use nfqueue && \ + ! linux_config_exists || ! linux_chkconfig_present NETFILTER_XT_TARGET_NFQUEUE; then + echo + ewarn "fwknopd daemon relies on the 'NFQUEUE' target for NFQUEUE mode." + ewarn "Please enable NETFILTER_XT_TARGET_NFQUEUE support in your kernel." + echo + fi + fi +} diff --git a/net-firewall/fwknop/metadata.xml b/net-firewall/fwknop/metadata.xml new file mode 100644 index 000000000000..3f95120e273b --- /dev/null +++ b/net-firewall/fwknop/metadata.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>itumaykin+gentoo@gmail.com</email> + <name>Coacher</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <flag name="client">Build fwknop client</flag> + <flag name="extras">Install utility scripts and AppArmor policy for fwknopd</flag> + <flag name="firewalld">Use <pkg>net-firewall/firewalld</pkg> as the default server backend</flag> + <flag name="gdbm">Use <pkg>sys-libs/gdbm</pkg> to store fwknopd digest cache</flag> + <flag name="gpg">Enable GPG support via <pkg>app-crypt/gpgme</pkg></flag> + <flag name="iptables">Use <pkg>net-firewall/iptables</pkg> as the default server backend</flag> + <flag name="nfqueue">Enable UDP-only NFQUEUE server mode (no <pkg>net-libs/libpcap</pkg> dependency)</flag> + <flag name="server">Build fwknopd server</flag> + <flag name="udp-server">Enable UDP-only server mode (no <pkg>net-libs/libpcap</pkg> dependency)</flag> + </use> + <upstream> + <remote-id type="github">mrash/fwknop</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/gshield/Manifest b/net-firewall/gshield/Manifest new file mode 100644 index 000000000000..4340ae74222f --- /dev/null +++ b/net-firewall/gshield/Manifest @@ -0,0 +1,6 @@ +AUX gshield.init 533 SHA256 160e3c9c29052643621c377be3a8450f36dce9971717b14154f32c4ce97ad3d2 SHA512 d046f8a0c4da46bdea94ef45ce472a8c0c68688421a06c7254a2f5e861b0c4884215ec860af7440a0e42a3fcdc93828a95ebd99acee4951850e6c94f2d2a5796 WHIRLPOOL de7527ac542ed73bfdfc7d3c82425f7c0c4e48c5180b59b37370bc925f9b32eff7e4e0a75a959af62a0e1c1259dc2906df319f657c574aaa0a0fa92e67afe6df +DIST gShield-2.8.tgz 47346 SHA256 19b04059ac4a6ad28f8653d804376779a83516ba4e0b5b041fe45d422ef68b85 SHA512 f91ef18267817e3296c795b3f1629dad9ade269e12aba7f95d39b7ae39aaf76dc15e0046747281dc44859241a18b2ce7ac03e276984aee11af15e28cf80f736c WHIRLPOOL 3e834f39be912d039112971c57e62ca2b645afc33672bdb140f77b4c2cb16227b07f82fd2983dddb492381d798c4f7567d6b1fe61ad0f67554968c937c7d5e2b +EBUILD gshield-2.8-r4.ebuild 1159 SHA256 f81321155b6b558c580bc470a4c8421e4fe3b817d47defde81a26c60ab2e0b1c SHA512 393375f184c49f9773ed82b2638de608920c70e1fb58116dbea23b99984ea65af2099293b2f74fe8705a31f923bd7a376bd12c5f677f4c72027940f1d8ee26e2 WHIRLPOOL 476ddbc59f5e2382f10441b354f6da4382e6d5302dbdd6dd53b673e023481a406f6a92f670ccdf1f2dfd53d270bcafd5c20adbd9124e8efc7cbbd3dcb8b7acb3 +MISC ChangeLog 2583 SHA256 1fb1343f40aa51c221ffb8c54c07309336feb4891e783ee904f294758e4e3dd1 SHA512 6932aabfb6e0e3801ebc9fea57aea8f7a398611227cc4d2f568a136c3c186b93647281fe56f09a649ae0ddd3f1c5a88605246a452fe2a0d7fdd0bfa3c9c0793e WHIRLPOOL a8e3e040044b15a6b4d3cdbd64e5265244a1266657d24c95b70986b13fcb4d9b6e051e466b7e96afa7d09d7071fb8158b956601b43641975a401c0306f35d17c +MISC ChangeLog-2015 2596 SHA256 e3391ffea238bcc003784b1e800afea0d2f16a1b889b594639446bc50224b255 SHA512 b45819dabcb48ca7da7f0f3c7e5f2bd8d26985254166ba539a52ac4f89b163f82189ac8a3608c5532c86808968e87a970fa07eaa139204e70be320329cbf03a4 WHIRLPOOL ed465c30e441bd72583c29f033f94b5b517280b29790cd03d69e06de0222bb467b643906f6cbcc612149af41265fe982d7205257ee41c9559d3a41fc7589591e +MISC metadata.xml 276 SHA256 d15d6b6bd9ffc8a642c7469d01788ba9158efb4ca27fcf3324d9e52d1b70ec93 SHA512 f0e6c6bc89659e01e157d9bf30d0a2f3fd2d71bc26c8d12489c4a44fc5237159946e25b46e7295ab4676aea63559194977a0b1e76aced31d81cf6387dd0f4250 WHIRLPOOL 26b9e81575f613b751f76234013c30a8da84a1c0dd75c12b8df32706ee753691bbc889a2dec5001cc8c4b05c47aca49ed9fabbb5a6fefed74aaa86d6c3f56cee diff --git a/net-firewall/gshield/files/gshield.init b/net-firewall/gshield/files/gshield.init new file mode 100644 index 000000000000..243c0ccc8946 --- /dev/null +++ b/net-firewall/gshield/files/gshield.init @@ -0,0 +1,26 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need logger net +} + +start() { + ebegin "Loading gShield network firewall" + /usr/share/gshield/gShield.rc start > /dev/null + # check that it loaded + iptables -L DMZ > /dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Unloading gShield network firewall" + /usr/share/gshield/gShield.rc stop > /dev/null + # check that it unloaded + if iptables -L DMZ > /dev/null 2>&1 ; then + eend 1 + else + eend 0; + fi +} diff --git a/net-firewall/gshield/gshield-2.8-r4.ebuild b/net-firewall/gshield/gshield-2.8-r4.ebuild new file mode 100644 index 000000000000..f136566e21fa --- /dev/null +++ b/net-firewall/gshield/gshield-2.8-r4.ebuild @@ -0,0 +1,46 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +DESCRIPTION="iptables firewall configuration system" +HOMEPAGE="http://muse.linuxmafia.org/gshield.html" +SRC_URI="ftp://muse.linuxmafia.org/pub/gShield/v2/gShield-${PV}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc x86" + +RDEPEND=" + net-dns/bind-tools + net-firewall/iptables + virtual/logger +" + +S=${WORKDIR}/gShield-${PV} + +src_install() { + # install config files + dodir /etc/gshield + cp -pPR * "${D}"/etc/gshield || die + dosym gshield /etc/firewall + + # get rid of docs from config + rm -r "${D}"/etc/gshield/{Changelog,INSTALL,LICENSE,docs} || die + + # move non-config stuff out of config, but make symlinks + dodir /usr/share/gshield/routables + for q in gShield-version gShield.rc tools sourced routables/routable.rules + do + mv "${D}"/etc/gshield/$q "${D}"/usr/share/gshield/$q || die + dosym /usr/share/gshield/$q /etc/gshield/$q + done + chmod -R u+rwX "${D}"/etc/gshield || die + + # install init script + newinitd "${FILESDIR}"/gshield.init gshield + chmod -R u+rwx "${D}"/etc/init.d/gshield || die + + # install docs + dodoc Changelog docs/* +} diff --git a/net-firewall/gshield/metadata.xml b/net-firewall/gshield/metadata.xml new file mode 100644 index 000000000000..74c2baebb4ec --- /dev/null +++ b/net-firewall/gshield/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> +</maintainer> +</pkgmetadata> diff --git a/net-firewall/ipkungfu/Manifest b/net-firewall/ipkungfu/Manifest new file mode 100644 index 000000000000..d750497c4f2c --- /dev/null +++ b/net-firewall/ipkungfu/Manifest @@ -0,0 +1,10 @@ +AUX ipkungfu.init 379 SHA256 c9a24aed68188837938278df6edbd2f22c4557123c1d6d044d11a35e82964952 SHA512 612a42d7841e6ea72b4b9d4e77734cb38d65f38b0364c15234172fc5cc37d4382d51b4d35f08432e2badca6f8833c6d347c930f6a14295a373f0760226ce5c5d WHIRLPOOL cd945a67ee782a6ed5bc601bc37a17e1417d24166c0e0281580e1209b42de653fc2b57178af9679ed401082b028595d10a83d6c23693fbdf8c9b151bea3fbc2d +AUX ipkungfu_noiseless.patch 752 SHA256 e114e8107b7c5279d90ddd93f5eb356e182b9c67f503b3a3083a5c7f44edc2bd SHA512 990dd6ef61e3e1645a8e09ee6ae43e90ad46a13c7855d97414dd942007a1a4de69c8c31d26973d7606a852b85e0322648ebe1713e7a51df76040f2df92c0c3b6 WHIRLPOOL 12b7b90a46c0785360bb4226dc8250f27fee0307cc1df6d4cf6d69a4959631a9eaa9b70836b61878d1bece39b8c0ade97edbdadeed26b74f992386836ea90db1 +AUX nat_ftp.patch 262 SHA256 a727743f1fe5a9a5133c942f3f86080d8165a07f4d4faec3a5338d7bdb25253e SHA512 4b8747bdd63fdd04d7fc3b3b9bd9437bbaae7b479aa3e1d5c3f9183c9f3228f9946bcb83e24871fad57557e439c752f458f8ad1496dfcc2f6a0ca3295ab62930 WHIRLPOOL a48a985d0a9be9d9008f234d01143e780b52d63fe3e1525fe9c1dae4f3738f6192dc09c3069501657a2f0dadc65486b7f3a86ade09b519562adeca5863ab2acd +DIST ipkungfu-0.5.2.tgz 35985 SHA256 6543815384f1935631121fba833b5988ca6e88ff19646a561d0315b29f2f5ef8 SHA512 9aaef341b85a0788d65dd6d341a94319cb8083a57f06645c5ad938dabccd53abbb590e8eddd3a9172f9b226780cc9e6e1f906da668f6a80c3a6fb0a9be081046 WHIRLPOOL 5d47bae5c88f5343c51ed52c33fd890b65626db8e29841fb1af067ff1a48538c118e99d65474c431cf8445cdaa2a1f2eec3e32eef56d6ca3ef54aa2953884944 +DIST ipkungfu-0.6.1.tar.bz2 104516 SHA256 a1b19c588ecc9584c37e7578c869842f9ceb97b5fd8320abe5b4bd98c136fa76 SHA512 bc1df9894d36d40f5394cbaef6f7cc9f95a8eaaf45a03d1c3a809bc5a7a5ae685c8cf6a27363ab83f6f817a0d44277b28de8bd40230d29c5700dda1d52e231b7 WHIRLPOOL 032ed7e8fb128226a6415ad734b65d383265708c1109f139ea042391a3fd29d39207425a1ae662aa8dbc8051ba9d6380ba6ee6c30de0675d914c80318d88b7a5 +EBUILD ipkungfu-0.5.2-r2.ebuild 1322 SHA256 cbd3e8a3d1c3446efcb7bfff37918d21cc5e3bfdcc3f9c0c40487874f562b4e1 SHA512 1b1c1783d8083ff9a9304693e283d7a2c345a48eb1627ef51d0676cb9a26fd41abac91ca5b5b61c12549a402bdd6a5eadb73a32c50c66ab74edd6c814bce5c2d WHIRLPOOL 0b64672ddd3261f697c50df0fd4d44797638195e972a06a268a52a96fefbf02edbcee86f31ef156f5c9eee0f72c265e2546ce8337e0d2e51898998c69320c656 +EBUILD ipkungfu-0.6.1-r1.ebuild 1163 SHA256 199d6d605ba7eee7674d107bb720a819f6f2aff3d974cd0dbf4a5bfe05c6da45 SHA512 134f266e8e3b1b3436e3b0976182505e5c2bb2ac9f1387714642691793cd66bcfbee57b8daa9151bfeb1b385a23818deca7c9f420628bfab3062e6acb7682aed WHIRLPOOL 7c626d6064e100ae00b719eb47d5564cda0a9b8a4a2691d5c50690d0f2a6d6dacb7e3e40d3c10bbf6d186a97dbe3906b8480bbbcc832d832a33c0927ef19b120 +MISC ChangeLog 3166 SHA256 748845d0160bc761c10093d216572333cb72917d8c0f4ee5868f4eec1454f7b7 SHA512 673f94df74be2f0a13571a43a4f1ddc9913089401b87c356169fbb2ec90c99a81a66383d805c8421136b275d2cdbf5566ca516bdde5bdccf76f084beaa37e69e WHIRLPOOL 6f7def9a076aa694227c2fd1c0f58a867312ff45823163a91d119acde052722cf6b937b56c49eb58135cf3011cc7f27b705ef6616e81ba8aacaed00c1a83f1d9 +MISC ChangeLog-2015 2865 SHA256 73bcbb6bca1b64ef7d43a49175de91513ec123f94e240bdfadcb139e17cc7513 SHA512 aa3df788f01727837efdea748667d960dd2fa78c3d5b8dcef859d019fe78388a56ce96060147bff15a7610ad226685662012aa8335e46134f78b2067006767ff WHIRLPOOL d73c12a0243e7e61f0b486e9fabbb8f5ef801e1e51cc2f488cbca1dfd42785416218b24fcbcbc4b586bb7ce618d2c0938cdeabd129deb4639cab922d72a3cc7d +MISC metadata.xml 262 SHA256 f408140b4b8086290e0264f35df3b73e1900f853a1ddc8ac490db642c2c4a6e9 SHA512 586abd31f3353b9225ef45186aa03c1fe24affc9937c796344c6025368e33ac62871ee003852e3272d39b2bf75fe2b8e4b9f56970f3c076268d19963bf71a6a0 WHIRLPOOL d854d0b073426f8ec83258944dcd1e62680c544e7cccfa121ea78eebc2b59df492e8b86a664d015eab82e4ca822176901d538ef638ccd61987d755a2aff3b8bb diff --git a/net-firewall/ipkungfu/files/ipkungfu.init b/net-firewall/ipkungfu/files/ipkungfu.init new file mode 100644 index 000000000000..a3eeafc5b813 --- /dev/null +++ b/net-firewall/ipkungfu/files/ipkungfu.init @@ -0,0 +1,19 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need logger net +} + +start () { + ebegin "Starting ipkungfu" + /usr/sbin/ipkungfu --init + eend $? "Failed to start ipkungfu" +} + +stop() { + ebegin "Stopping ipkungfu" + /usr/sbin/ipkungfu --disable > /dev/null + eend $? "Failed to stop ipkungfu" +} diff --git a/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch b/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch new file mode 100644 index 000000000000..eed657f2dada --- /dev/null +++ b/net-firewall/ipkungfu/files/ipkungfu_noiseless.patch @@ -0,0 +1,24 @@ +diff -ru ipkungfu-0.6.1.orig/ipkungfu.in ipkungfu-0.6.1/ipkungfu.in +--- ipkungfu-0.6.1.orig/ipkungfu.in 2007-01-22 04:47:04.000000000 +0100 ++++ ipkungfu-0.6.1/ipkungfu.in 2007-07-04 12:49:23.000000000 +0200 +@@ -753,11 +753,15 @@ + fi + + function delTestChain { +-# {{{ Flush and delete test chains +- $IPTABLES -t filter -F SYSTEST +- $IPTABLES -t filter -X SYSTEST +- $IPTABLES -t mangle -F SYSTEST +- $IPTABLES -t mangle -X SYSTEST ++# {{{ Flush and delete test chains, if exist ++ if $IPTABLES -t filter -L SYSTEST > /dev/null 2>&1 ; then ++ $IPTABLES -t filter -F SYSTEST ++ $IPTABLES -t filter -X SYSTEST ++ fi ++ if $IPTABLES -t mangle -L SYSTEST > /dev/null 2>&1 ; then ++ $IPTABLES -t mangle -F SYSTEST ++ $IPTABLES -t mangle -X SYSTEST ++ fi + # }}} + } + diff --git a/net-firewall/ipkungfu/files/nat_ftp.patch b/net-firewall/ipkungfu/files/nat_ftp.patch new file mode 100644 index 000000000000..db919c5565e1 --- /dev/null +++ b/net-firewall/ipkungfu/files/nat_ftp.patch @@ -0,0 +1,11 @@ +--- ipkungfu 2003-10-03 13:05:59.000000000 -0400 ++++ ipkungfu 2004-02-09 16:34:37.000000000 -0500 +@@ -138,7 +138,7 @@ + if [ $INIT != 1 ] ; then + echo "Loading FTP NAT module..." + fi +- $MODPROBE ip_nat_irc ++ $MODPROBE ip_nat_ftp + fi + fi + } diff --git a/net-firewall/ipkungfu/ipkungfu-0.5.2-r2.ebuild b/net-firewall/ipkungfu/ipkungfu-0.5.2-r2.ebuild new file mode 100644 index 000000000000..f6cd5f2bcd6f --- /dev/null +++ b/net-firewall/ipkungfu/ipkungfu-0.5.2-r2.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +inherit eutils + +DESCRIPTION="A nice iptables firewall script" +HOMEPAGE="http://www.linuxkungfu.org/" +SRC_URI="http://www.linuxkungfu.org/ipkungfu/${P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc x86" +IUSE="" + +DEPEND="net-firewall/iptables" +RDEPEND="${DEPEND} + virtual/logger" + +src_unpack() { + unpack ${A} + + # Patch ipkungfu to load the right module for ip_nat_ftp + # Fixes bug #42443. Thanks to George L. Emigh <george@georgelemigh.com> + cd "${WORKDIR}"/${P} && epatch "${FILESDIR}"/nat_ftp.patch + + # man page comes bzip2'd, so bunzip2 it. + cd "${WORKDIR}"/${P}/files + bunzip2 ipkungfu.8.bz2 +} + +src_install() { + + # Package comes with a hard coded shell script, so here we + # replicate what they did, but so it's compatible with portage. + + # Install shell script executable + dosbin ipkungfu + + # Install Gentoo init script + newinitd "${FILESDIR}"/ipkungfu.init ipkungfu + + # Install config files into /etc + dodir /etc/ipkungfu + insinto /etc/ipkungfu + doins files/*.conf + + # Install man page + doman files/ipkungfu.8 + + # Install documentation + dodoc COPYRIGHT Changelog FAQ INSTALL README gpl.txt +} + +pkg_postinst() { + einfo "Be sure to edit the config files" + einfo "in /etc/ipkungfu before running" +} diff --git a/net-firewall/ipkungfu/ipkungfu-0.6.1-r1.ebuild b/net-firewall/ipkungfu/ipkungfu-0.6.1-r1.ebuild new file mode 100644 index 000000000000..94f6785c0b8e --- /dev/null +++ b/net-firewall/ipkungfu/ipkungfu-0.6.1-r1.ebuild @@ -0,0 +1,46 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +DESCRIPTION="A nice iptables firewall script" +HOMEPAGE="http://www.linuxkungfu.org/" +SRC_URI="http://www.linuxkungfu.org/ipkungfu/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="" + +DEPEND="net-firewall/iptables" +RDEPEND="${DEPEND} + virtual/logger" + +src_prepare() { + eapply "${FILESDIR}/ipkungfu_noiseless.patch" + eapply_user +} + +src_install() { + default + + # Install configuration files + emake DESTDIR="${D}" install-config + + # Install Gentoo init script + newinitd "${FILESDIR}"/ipkungfu.init ipkungfu +} + +pkg_postinst() { + # Remove the cache dir so ipkungfu won't fail when running for + # the first time, in case 0.6.0 was installed before. + rm -rf /etc/ipkungfu/cache + + einfo "Be sure, before running ipkungfu, to edit the config files in:" + einfo "/etc/ipkungfu/" + einfo + einfo "Also, be sure to run ipkungfu prior to rebooting," + einfo "especially if you you're updating from <0.6.0 to >=0.6.0." + einfo "There are some significant configuration changes on this" + einfo "release covered by the ipkungfu script." +} diff --git a/net-firewall/ipkungfu/metadata.xml b/net-firewall/ipkungfu/metadata.xml new file mode 100644 index 000000000000..5dc048e2ff1d --- /dev/null +++ b/net-firewall/ipkungfu/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <longdescription lang="en"> + ipkungfu is a nice iptables firewall script + </longdescription> +</pkgmetadata> diff --git a/net-firewall/ipset/Manifest b/net-firewall/ipset/Manifest new file mode 100644 index 000000000000..71e280d5517b --- /dev/null +++ b/net-firewall/ipset/Manifest @@ -0,0 +1,29 @@ +AUX ipset.confd 588 SHA256 a4203705531190ba1793dfe18e0cad03cae624918fdd9845d79c6aef27ad6ee7 SHA512 93e01873c3fb8ff5f4f78e04118a666a650e604a1ba2908309faab08aa140e0ca7a2e24fc5114a9e809d3dbe81e801fc9ad59d53e174014cae1f23719a2a8e3e WHIRLPOOL a1ff1c60d761de759ca9c624784698dfb18e461eb2eb817eadbeeadf0706f8af07d1dc36c495435f338c6aa099a2b974e4c9c10179a4fc98eb11c15dc8fcc23b +AUX ipset.initd-r2 1342 SHA256 15dc2018baf45fb5bb6778815545730039ab6a0e3d07b9fe1b2afa70fa51c58c SHA512 0de7ca42ebc8edcc3463bd532cdddaba000aa91f92173ebc5b4bf7b4b182602ce586f40726fc8cd0156b55e25bcec96372b84aae2e655b15013bcd861757e4f4 WHIRLPOOL 017a867e9bf9e0284b997a5ba188d74f9e672a7fe5ad54f3c4284ded0655a99edaafef71b39f9c24e140e93e1f1e4428fe58a86acdc37d1b6bfce48234903f9f +AUX ipset.initd-r3 2985 SHA256 78d8c31c00d746552db9fdee77effd508c20389d1ee229e9ebd1f4b8d1273e6e SHA512 254b09865fad6d8d88af77a7264d14dc341946e768b4f85fbe66e01dc4de0a3fae55f93b03c9cdc350779d5bb05710682acb5b9eb687b4cc6eeefb98933bdaac WHIRLPOOL 792030567faeaed77196a4f9c87df9ba36bfe9848bc33049e2e63cf2dbaa4a405626152e2a74901a7bc969b4db09ec0aa3fa68489adf738ba14de7d013af9594 +AUX ipset.initd-r4 3005 SHA256 431663ee4a0d1ae8f8574edce310f9fe2e9c9c649fb89f4081362bc523143a5e SHA512 1d5e0a56811bbd11193712bf6ab165ce43426cd46cefe17e06598e905ff3a4902f4eca723b40ba3962fa344fdefb0a5df6b6d70b7b8fb40b376441975634a211 WHIRLPOOL 061dcfe62f6465ec16219bde3065023446c35775a3e6c35fd342b67d19cadc29ddcff460a88286f66d292c9412a07aa94b6807d1f1a3a9573cce266ad7cd5d55 +DIST ipset-6.15.tar.bz2 432771 SHA256 6f60a472bc2ef7b1c864be6472de65365c90e264dfadf28da48c2361393d8fd1 SHA512 f72329bb8610717ccdddbfaf7b7774e717a34d71fdb7f9c7eac97e3d1b314915500c88137b6e229411df99c86d2228bef447f26c116bc2cf992cfb60ab1422d3 WHIRLPOOL 868ee3cd722c2d86c273aca8f3ca7695e8ef5d00d30111ef0f2bf972a119211008d8cadec1760b43b4f0efb24690f20a2cf5f0fdbbb0700cf66e5660d363ab2a +DIST ipset-6.16.1.tar.bz2 433347 SHA256 cb5b02deab8521946fd473b77c40f00452b76fed621f0eee76746c74e89e4c3c SHA512 e54d32932875a9d06acba598280de9e83529f36326cbaaeb05d38b985bc40d276dc46e37eae3d1d4c1afcdd69b3074678512349ebd964b6189ca1c6871efe304 WHIRLPOOL ff2276446c7dbb4005de236b73bf9879ead8273f3ec014883160b779f6c089eaf7d4c4dce06233ef357f0a8b5376754b158eec29187ae5f5f7bb52bfd2d8ae3c +DIST ipset-6.16.tar.bz2 433118 SHA256 bc3ea05cfbacd43aebff6668825453d0a626edd5d3495a8670103ab895fba464 SHA512 34ef44af76f3609035ae1bdacb7586f2288ee66701ed8a1a5a0632fb23b5f651fe02b070e0f0f1b0ebae6cab02b3f827cc7e67f740cf77f51ba494c25dcc47dd WHIRLPOOL 3b3c2172626530145401bd813c39114f31bf3546ebe0af6e168ed32ade102c158f3bc5f4690ee8bf0540415adc35929da5d8ca8e4e1c2ec83bf631849a24b8a7 +DIST ipset-6.17.tar.bz2 448076 SHA256 7987bb8de1b0490b32084ab72165ae53038e497a96ab9940920280d8068629b0 SHA512 668f173b7ddd8a18af2730205e2e2c38610aa9fd191af52f91080e903bcd8e1f38e8e3a7fd57077decb00fd0556df89c3315c91eaffaa6977f2caf2a3300b175 WHIRLPOOL 1d08c841d87c7a5ca355857ac823ee696922b867690e9066c631414615c98f3cf3e59c6dd8d9f556170eef90a029260c7d41dc1e3f47811ede2190c5d0298e8b +DIST ipset-6.19.tar.bz2 465927 SHA256 058e7950efdf8b9539ab79eb145de7be60d6cb7b92c0c011edda37e70135024c SHA512 9e9fdccd8ae34ad56c5fc6da03060b39b3acc9a53154acf7e82df3f2c1545b2bdcc7b5b9b4f6ddd6ee3e8582e81b1fa51fae37cb4f46948c053d5153bdca6f39 WHIRLPOOL 31472a732781598c8d99ee562766492c225e359b8153ff68a7769d8fa86f41cac9749eda08e4e3922a6ada5a815192109104b42c59ba3079530f6c0b0169613c +DIST ipset-6.20.1.tar.bz2 500898 SHA256 356cac020438cd0871acbfc4cb119b8296030f0bb4661ad0d44bbc115ccbce92 SHA512 3fda3a71c18c8d5f9567038fc72f95abec81b4c789fbca7f7b9c032b15000cfbd2829f11a07f2f9ad2afcff54d6851923caff0917b2ead73756673a6b3667565 WHIRLPOOL f31cd533d286238e63f38aecbf281d428d75e856b393f61db5f6622d0dc0cd0a6de7aa4d3eaa2831e1da7dd0846e95c22f92b3a586cf3918cee074360a4caff3 +DIST ipset-6.21.1.tar.bz2 510013 SHA256 cf46c9c35a15aa0f2e0fbab0422586757bd82386c8ad3864936e6cffbd74a331 SHA512 c2ffb2eafc780e15370fd48841f4323c39e8fef1893216c8bc0b8aa8d143f9daf078c6e261e4558243004fe9612ce1d5ca4cca16f8b3f324f4194700c1b0accb WHIRLPOOL 230ebb4756891283980f5b7f67c0c64772b1527b8e8c0b6cdd2714de450b3f6c2a75d961d44563e440edd1399bdee8cce820fe59f46c28355a6f053ad6b1c37b +DIST ipset-6.24.tar.bz2 518811 SHA256 3071fc283f00a6472b5b352ef57f9825c9face70dda5b0d8715f8d43d0e995d0 SHA512 107bf492030dc4e8e4c2a939e46a715f58458126bfb636dae993e5bf31151d33c2a41b89eb5cca85b71d95b3e36debf97cdfc72c568f351091df17159003d6c6 WHIRLPOOL d34e8d5d197be85cf00ea6a5dbfeb7c52b5d42d9e78299620928e69ba1fbbe124cb16b9f5f2e05d1213b2b7a29a2bed2c1edac2f15ee3c83d8dc19eb3afcc112 +DIST ipset-6.29.tar.bz2 542735 SHA256 6af58b21c8b475b1058e02529ea9f15b4b727dbc13dc9cbddf89941b0103880e SHA512 ce62c72c4cea1b52f069602a90fbffe9bcb12bf70f5b42d93cacb48e4b5d1192a13b18be45391c66a65421f41968e73416e16af25ae6ef19ba92bdbb2cd45ff3 WHIRLPOOL 8e6642d180b5e682bb121ffc249638da27650f97bc3b1e8aef75996d7c626eb447c9324b9cf68e25773cef73720e6281c7a16bf3ba96433ab77ef6f437be3999 +DIST ipset-6.30.tar.bz2 544054 SHA256 65bfa43fec3d51a6b4012f3d7e4b93a748df9b71b6cd6c53adbec8083e804a31 SHA512 6299a6905fbbcc2dd7c2f07862af184fd3b63b586f7bf3af2de5a0cc692f4ec6ef57db64c3435c1acedd6c293570602dca8cfedcb197a00ec18517ced92dc903 WHIRLPOOL d7721b40c5a1556928778fe8adec6c792d0f281737b61680ab414e4aa11691dc2f9c0bf0e56ec8873f4263011e836963d1ab2e273b206b7a0a98adc2ea3d5468 +DIST ipset-6.32.tar.bz2 544635 SHA256 d9cbb49a4ae9e32d7808a604f1a37f359f9fc9064c210c4c5f35d629d49fb9fe SHA512 7b0f5e7ef1a777ab70872aa52f658ff9516cb5de4c67c56d7f596eb88db03467d39b10ffc098441b4bfa4bb21a15f3c5f7f7f825300ce8efbacd767369ad43c7 WHIRLPOOL a87a94f617b269cfcdb3dbf1516d1902b027f82fdec8b1e1d7586c83e1582256f61383be70c7bc5c96959bd0677d290db6a114d03dd2b83108f418a7f843dc99 +EBUILD ipset-6.15.ebuild 3234 SHA256 7d5b60e417a6161c1f23dc4ffe37249a00118b597fb30f1da07ff38c5a35d5bf SHA512 6ff43aa71c0db6bd657335ee29578a9f243cec4e0f1e92183380e619e2cae72801fbba56f109465aeb15fdb513bf7e20f6eb908dd5610b11eb5850b1658864cc WHIRLPOOL ea3b226388f573c60cf2884ae5ecb52d4035f017681ea205647bee926305a1e2c8975381e7f021f9649b3a52bc433c1b591dc72d145795b0ad728e09db8b48ff +EBUILD ipset-6.16.1.ebuild 3209 SHA256 154b2af5f88fdf0b113e067b5f4915f0a021801ee0968d5c26e4829dac0a4a94 SHA512 f920cbccf52b57fc82b51687145d7e5866ba8e3e96db0a61b7838a3f1e38f4909447f9c9cc6a1caf518467200b043db35ec7d4a61bf91b683e4b5832edc280ea WHIRLPOOL 9941bf8ad948777a130da79aa83ae4dd0141f10a6a90bc998f871dc19cf9d12ef834d19498b764cc0cbcc1da0d9da00fe2fb174ac6d2d57119fb5a22f84a8a8f +EBUILD ipset-6.16.ebuild 3209 SHA256 154b2af5f88fdf0b113e067b5f4915f0a021801ee0968d5c26e4829dac0a4a94 SHA512 f920cbccf52b57fc82b51687145d7e5866ba8e3e96db0a61b7838a3f1e38f4909447f9c9cc6a1caf518467200b043db35ec7d4a61bf91b683e4b5832edc280ea WHIRLPOOL 9941bf8ad948777a130da79aa83ae4dd0141f10a6a90bc998f871dc19cf9d12ef834d19498b764cc0cbcc1da0d9da00fe2fb174ac6d2d57119fb5a22f84a8a8f +EBUILD ipset-6.17.ebuild 3207 SHA256 abf1dfd2a254c641a34ca39d227efc81cfa24993371c5c9f53e17e2787ed8ad0 SHA512 22de0e3a9879176f7ac54f7bedf52699f3ac109f1fadc999411372de9118fb4c0f045fafc256ae07a909dd6946af04fca1c6b412ef7fcddf61a358fe1c61f888 WHIRLPOOL 2a264d6e74024b20fce3f92d4bd69d62863f99ddfa1ad25045f90c2f07c9e0177003a29c932592c3c3498dfdd15da63613bf007267a2b29da67987285daba58e +EBUILD ipset-6.19.ebuild 3209 SHA256 154b2af5f88fdf0b113e067b5f4915f0a021801ee0968d5c26e4829dac0a4a94 SHA512 f920cbccf52b57fc82b51687145d7e5866ba8e3e96db0a61b7838a3f1e38f4909447f9c9cc6a1caf518467200b043db35ec7d4a61bf91b683e4b5832edc280ea WHIRLPOOL 9941bf8ad948777a130da79aa83ae4dd0141f10a6a90bc998f871dc19cf9d12ef834d19498b764cc0cbcc1da0d9da00fe2fb174ac6d2d57119fb5a22f84a8a8f +EBUILD ipset-6.20.1.ebuild 3423 SHA256 6900475b6a6a1e3a1a66d55eb574bbe0d93456c1faa7856a9cfbcbcb798da3cc SHA512 8eca0e5209f03e7b69374b568ef9db4c79267b689de95e0089c39dbd77510ad61eb400a58c16b6c4905e2ab945e799bd940f51feda0588192bad7b72a2f3cd3c WHIRLPOOL d6c73ed70a93ea091ce33e86042cb710b5128d365eb76abf646327512166b10bf1dbf4b9ca3b0096547f74feee9f6cb94f883239696f58a1c1e34c932eb88f88 +EBUILD ipset-6.21.1.ebuild 3424 SHA256 3a6b8b62fe216ee7dec1577a05a0ce30baa4c0a82c5a9157d85289e06e74cbc7 SHA512 4fb0e425af02f7080275c155f7f3b04cec7179e663664accb118f7c4c0cc6415487546a03934773b7e1df0090bfcf422a335f5c7f415b389d78e51f0f7ba6227 WHIRLPOOL e4e00d322e0d13e664f90512d4cf7d1b011cccce8b2405652b27ed41c1b1ff43430eb99ce6e33eff886709b15b9edb541c02f52b5f3921980330c16bec1cdacd +EBUILD ipset-6.24.ebuild 2963 SHA256 fb91f18a7d4fd218523af476a8f1a166fa73133f3be931371bdac31f253337d0 SHA512 1ee2bc5442dc5c10bb29b53984a7cd84bafc9618a61fdb633bf435e65c06e77cb0036a6752a3e8078b0b31a848843ad6961a607d147c09eb945d63efd2d56978 WHIRLPOOL 955aab838c43c723febf4cccbb1177d1dcda18db071595f7675e6f467ce73c692a79aa8656b0a4d5e409cbc35f1b9cd85b69bde97ee2969df0f06ae6fbebde4d +EBUILD ipset-6.29.ebuild 2961 SHA256 14ba10b0bb9f715466e2040ed95e88ffab3eb6571c84d571a9ef29725dadd9a9 SHA512 c11c5a7b9c56b00d1ae60328d31c6415238b680329d2d1b7be591cd0d6c383029fe07e4305e6bb6e2780205bc4525c2f39bb106a6d3a8c542cf4ea8c00839ccd WHIRLPOOL 16872bdedc995113b2de12de45a13e172ccdee8c345a439ff8938aeb7d2fe08cef4521687fd01ffc37e10aec016402c0fe5dc1ac0e28d4d6a3dbb80e09c035c6 +EBUILD ipset-6.30.ebuild 2888 SHA256 452ea909dbae7e471557089df633f3ec05ca9736d2d14f952a691ba4503c61f5 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd WHIRLPOOL 57c840c60113427a0a48f785a596841b0c64aefd6205e26d3cb4417118975433f9608d888571a8ed8e4a351d8158048692a6eccb9251e94551efd772e8ed2d48 +EBUILD ipset-6.32.ebuild 2888 SHA256 452ea909dbae7e471557089df633f3ec05ca9736d2d14f952a691ba4503c61f5 SHA512 abd9526b8b6576ed497a8679a903b34fe7330343b91c925bebb2be9a2efaea32472384ed3a6b74cb7b59ddcac5bd865594690597492c78853895f2afc5197efd WHIRLPOOL 57c840c60113427a0a48f785a596841b0c64aefd6205e26d3cb4417118975433f9608d888571a8ed8e4a351d8158048692a6eccb9251e94551efd772e8ed2d48 +MISC ChangeLog 3403 SHA256 d9b2e40acbe8a994282ab13ec91d59ee8a34c5c8676f7916c6f12be01c38b954 SHA512 48025aab367377691b05ca7cc02498e7e4f242c15fbb8314a6ba09f4a93f0f917c8c6a8273efc0fa2571942fe506672bc44cf4fb444eead88c6477a35ac4b4bd WHIRLPOOL 64f8412d7634471daabd72a61dd53bbfeaf9243a4db35764680330ad01307e3ad66cfd314b7eda557caf8535e372331edf7c96119282776742ab1e2d0c52d2c9 +MISC ChangeLog-2015 13758 SHA256 27fcbac08b65bff92d005acff99837b659b9d5b4e35b8caff074bc806c391944 SHA512 16a2bb6094b0934630108bb336838887457672f74c374316ff5450ee8af8e94432661d85c879b233f16ce751fc3d2abf86888d920d588bbfefbb7b1504f8fba1 WHIRLPOOL d2f52c40acc89740fd22475cd55c92062dc749601fb02cc813d82ac1b8369c33df8f4d0a26d1505ef78715ca7c3f08e491cbcf673be8e7b8ac4a813c203e198a +MISC metadata.xml 216 SHA256 f7475919f28a8a93ec8bd025c8f8bbab918f66d0d1737420c876f0480308fe6a SHA512 e881b59fe49746eb25ad66c258b41aba501e4eb563129093a3898ea970a20506e7898f7c355cfcf99605234962bf2c77c1309c258b9a2b84ee4302ccb71c9dbd WHIRLPOOL 163285b60aa93e00993af659dc1e29a9eb245bd3415dd5ec75b284250596165f469028102b72fa0c344834443a44c1bbcf6272fe6a3f5211f721fc96e1c6ec16 diff --git a/net-firewall/ipset/files/ipset.confd b/net-firewall/ipset/files/ipset.confd new file mode 100644 index 000000000000..9fe42e9c75c5 --- /dev/null +++ b/net-firewall/ipset/files/ipset.confd @@ -0,0 +1,16 @@ +# /etc/conf.d/ipset + +# Location in which ipset initscript will save set rules on +# service shutdown +IPSET_SAVE="/var/lib/ipset/rules-save" + +# Save state on stopping ipset +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/ipset/files/ipset.initd-r2 b/net-firewall/ipset/files/ipset.initd-r2 new file mode 100644 index 000000000000..86c580cfe086 --- /dev/null +++ b/net-firewall/ipset/files/ipset.initd-r2 @@ -0,0 +1,59 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="save" + +IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} + +depend() { + before iptables ip6tables +} + +checkconfig() { + if [ ! -f "${IPSET_SAVE}" ] ; then + eerror "Not starting ${SVCNAME}. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ipset session" + ipset restore < "${IPSET_SAVE}" + eend $? +} + +stop() { + # check if there are any references to current sets + + if ! ipset list | gawk ' + ($1 == "References:") { refcnt += $2 } + ($1 == "Type:" && $2 == "list:set") { set = 1 } + (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } + (set && $1 == "Members:") {scan = 1} + END { if ((refcnt - setcnt) > 0) exit 1 } + '; then + eerror "ipset is in use, can't stop" + return 1 + fi + + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Removing kernel IP sets" + ipset flush + ipset destroy + eend $? +} + +save() { + ebegin "Saving ipset session" + touch "${IPSET_SAVE}" + chmod 0600 "${IPSET_SAVE}" + ipset save > "${IPSET_SAVE}" + eend $? +} diff --git a/net-firewall/ipset/files/ipset.initd-r3 b/net-firewall/ipset/files/ipset.initd-r3 new file mode 100644 index 000000000000..85556edd1c39 --- /dev/null +++ b/net-firewall/ipset/files/ipset.initd-r3 @@ -0,0 +1,95 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="save" +extra_started_commands="reload" + +IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} + +depend() { + before iptables ip6tables +} + +checkconfig() { + if [ ! -f "${IPSET_SAVE}" ] ; then + eerror "Not starting ${SVCNAME}. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ipset session" + ipset restore < "${IPSET_SAVE}" + eend $? +} + +stop() { + # check if there are any references to current sets + + if ! ipset list | gawk ' + ($1 == "References:") { refcnt += $2 } + ($1 == "Type:" && $2 == "list:set") { set = 1 } + (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } + (set && $1 == "Members:") {scan = 1} + END { if ((refcnt - setcnt) > 0) exit 1 } + '; then + eerror "ipset is in use, can't stop" + return 1 + fi + + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Removing kernel IP sets" + ipset flush + ipset destroy + eend $? +} + +reload() { + ebegin "Reloading ipsets" + + # Loading sets from a save file is only additive (there is no + # automatic flushing or replacing). And, we can not remove sets + # that are currently used in existing iptables rules. + # + # Instead, we create new temp sets for any set that is already + # in use, and then atomically swap them into place. + # + # XXX: This does not clean out previously used ipsets that are + # not in the new saved policy--it can't, because they may still + # be referenced in the current iptables rules. + + # Build a list of all currently used sets (if any). + running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}') + running_ipset_list="${running_ipset_list% }" + # Build a regular expression that matches those set names. + running_ipset_list_regex="${running_ipset_list// /|}" + + # Load up sets from the save file, but rename any set that already + # exists to a temporary name that we will swap later. + if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then + eend $? "Failed to load new ipsets" + fi + + # Now for every set name that currently exists, atomically swap it + # with the temporary new one we created, and then destroy the old set. + for ipset_name in ${running_ipset_list} ; do + ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name" + ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp" + done + eend 0 +} + +save() { + ebegin "Saving ipset session" + touch "${IPSET_SAVE}" + chmod 0600 "${IPSET_SAVE}" + ipset save > "${IPSET_SAVE}" + eend $? +} diff --git a/net-firewall/ipset/files/ipset.initd-r4 b/net-firewall/ipset/files/ipset.initd-r4 new file mode 100644 index 000000000000..08edfcbcf859 --- /dev/null +++ b/net-firewall/ipset/files/ipset.initd-r4 @@ -0,0 +1,95 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="save" +extra_started_commands="reload" + +IPSET_SAVE=${IPSET_SAVE:-/var/lib/ipset/rules-save} + +depend() { + before iptables ip6tables +} + +checkconfig() { + if [ ! -f "${IPSET_SAVE}" ] ; then + eerror "Not starting ${SVCNAME}. First create some rules then run:" + eerror "/etc/init.d/${SVCNAME} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ipset session" + ipset restore < "${IPSET_SAVE}" + eend $? +} + +stop() { + # check if there are any references to current sets + + if ! ipset list | gawk ' + ($1 == "References:") { refcnt += $2 } + ($1 == "Type:" && $2 == "list:set") { set = 1 } + (scan) { if ($0 != "") setcnt++; else { scan = 0; set = 0 } } + (set && $1 == "Members:") {scan = 1} + END { if ((refcnt - setcnt) > 0) exit 1 } + '; then + eerror "ipset is in use, can't stop" + return 1 + fi + + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + + ebegin "Removing kernel IP sets" + ipset flush + ipset destroy + eend $? +} + +reload() { + ebegin "Reloading ipsets" + + # Loading sets from a save file is only additive (there is no + # automatic flushing or replacing). And, we can not remove sets + # that are currently used in existing iptables rules. + # + # Instead, we create new temp sets for any set that is already + # in use, and then atomically swap them into place. + # + # XXX: This does not clean out previously used ipsets that are + # not in the new saved policy--it can't, because they may still + # be referenced in the current iptables rules. + + # Build a list of all currently used sets (if any). + running_ipset_list=$(ipset save | gawk '/^create/{printf "%s ",$2}') + running_ipset_list="${running_ipset_list% }" + # Build a regular expression that matches those set names. + running_ipset_list_regex="$(echo "$running_ipset_list" | tr -s ' ' '|' )" + + # Load up sets from the save file, but rename any set that already + # exists to a temporary name that we will swap later. + if ! cat ${IPSET_SAVE} | sed -r "s/^(create|add) (${running_ipset_list_regex}) /\1 \2_atomic_temp /" | ipset restore ; then + eend $? "Failed to load new ipsets" + fi + + # Now for every set name that currently exists, atomically swap it + # with the temporary new one we created, and then destroy the old set. + for ipset_name in ${running_ipset_list} ; do + ipset swap ${ipset_name} ${ipset_name}_atomic_temp || eend $? "Failed to swap in new ipset $ipset_name" + ipset destroy ${ipset_name}_atomic_temp || eend $? "Failed to delete obsolete ipset ${ipset_name}_atomic_temp" + done + eend 0 +} + +save() { + ebegin "Saving ipset session" + touch "${IPSET_SAVE}" + chmod 0600 "${IPSET_SAVE}" + ipset save > "${IPSET_SAVE}" + eend $? +} diff --git a/net-firewall/ipset/ipset-6.15.ebuild b/net-firewall/ipset/ipset-6.15.ebuild new file mode 100644 index 000000000000..fda7f2ff30db --- /dev/null +++ b/net-firewall/ipset/ipset-6.15.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" \ + --disable-silent-rules +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.16.1.ebuild b/net-firewall/ipset/ipset-6.16.1.ebuild new file mode 100644 index 000000000000..735cbce7981a --- /dev/null +++ b/net-firewall/ipset/ipset-6.16.1.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.16.ebuild b/net-firewall/ipset/ipset-6.16.ebuild new file mode 100644 index 000000000000..735cbce7981a --- /dev/null +++ b/net-firewall/ipset/ipset-6.16.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.17.ebuild b/net-firewall/ipset/ipset-6.17.ebuild new file mode 100644 index 000000000000..e841595369ff --- /dev/null +++ b/net-firewall/ipset/ipset-6.17.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.19.ebuild b/net-firewall/ipset/ipset-6.19.ebuild new file mode 100644 index 000000000000..735cbce7981a --- /dev/null +++ b/net-firewall/ipset/ipset-6.19.ebuild @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="modules" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net,net{port,iface}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r2 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.20.1.ebuild b/net-firewall/ipset/ipset-6.20.1.ebuild new file mode 100644 index 000000000000..6bd830949e02 --- /dev/null +++ b/net-firewall/ipset/ipset-6.20.1.ebuild @@ -0,0 +1,113 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r3 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.21.1.ebuild b/net-firewall/ipset/ipset-6.21.1.ebuild new file mode 100644 index 000000000000..70888cbc868d --- /dev/null +++ b/net-firewall/ipset/ipset-6.21.1.ebuild @@ -0,0 +1,113 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +MODULES_OPTIONAL_USE=modules +inherit autotools linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +check_header_patch() { + if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then + eerror "Sorry, but you have to patch kernel sources with the following patch:" + eerror " # cd ${KV_DIR}" + eerror " # patch -i ${S}/netlink.patch -p1" + eerror "You should recompile and run new kernel to avoid runtime errors." + die "Unpatched kernel" + fi +} + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_prepare() { + [[ ${build_modules} -eq 1 ]] && check_header_patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r3 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.24.ebuild b/net-firewall/ipset/ipset-6.24.ebuild new file mode 100644 index 000000000000..0795c0f13b41 --- /dev/null +++ b/net-firewall/ipset/ipset-6.24.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +MODULES_OPTIONAL_USE=modules +inherit linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r3 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.29.ebuild b/net-firewall/ipset/ipset-6.29.ebuild new file mode 100644 index 000000000000..bdac66a1547a --- /dev/null +++ b/net-firewall/ipset/ipset-6.29.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +MODULES_OPTIONAL_USE=modules +inherit linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~arm64 ~ppc x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + kernel_is -lt 2 6 35 && die "${PN} requires kernel greater then 2.6.35." + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.30.ebuild b/net-firewall/ipset/ipset-6.30.ebuild new file mode 100644 index 000000000000..292b40eb05d7 --- /dev/null +++ b/net-firewall/ipset/ipset-6.30.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +MODULES_OPTIONAL_USE=modules +inherit linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/ipset-6.32.ebuild b/net-firewall/ipset/ipset-6.32.ebuild new file mode 100644 index 000000000000..292b40eb05d7 --- /dev/null +++ b/net-firewall/ipset/ipset-6.32.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +MODULES_OPTIONAL_USE=modules +inherit linux-info linux-mod + +DESCRIPTION="IPset tool for iptables, successor to ippool" +HOMEPAGE="http://ipset.netfilter.org/" +SRC_URI="http://ipset.netfilter.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc ~x86" + +RDEPEND=">=net-firewall/iptables-1.4.7 + net-libs/libmnl" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog INSTALL README UPGRADE ) + +# configurable from outside, e.g. /etc/portage/make.conf +IP_NF_SET_MAX=${IP_NF_SET_MAX:-256} + +BUILD_TARGETS="modules" +MODULE_NAMES_ARG="kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/ipset" +MODULE_NAMES="xt_set(kernel/net/netfilter/ipset/:${S}/kernel/net/netfilter/)" +for i in ip_set{,_bitmap_{ip{,mac},port},_hash_{ip{,port{,ip,net}},net{,port{,net},iface,net}},_list_set}; do + MODULE_NAMES+=" ${i}(${MODULE_NAMES_ARG})" +done + +pkg_setup() { + get_version + CONFIG_CHECK="NETFILTER" + ERROR_NETFILTER="ipset requires NETFILTER support in your kernel." + # It does still build without NET_NS, but it may be needed in future. + #CONFIG_CHECK="${CONFIG_CHECK} NET_NS" + #ERROR_NET_NS="ipset requires NET_NS (network namespace) support in your kernel." + + build_modules=0 + if use modules; then + if linux_config_src_exists && linux_chkconfig_builtin "MODULES" ; then + if linux_chkconfig_present "IP_NF_SET" || \ + linux_chkconfig_present "IP_SET"; then #274577 + eerror "There is IP{,_NF}_SET or NETFILTER_XT_SET support in your kernel." + eerror "Please either build ipset with modules USE flag disabled" + eerror "or rebuild kernel without IP_SET support and make sure" + eerror "there is NO kernel ip_set* modules in /lib/modules/<your_kernel>/... ." + die "USE=modules and in-kernel ipset support detected." + else + einfo "Modular kernel detected. Gonna build kernel modules..." + build_modules=1 + fi + else + eerror "Nonmodular kernel detected, but USE=modules. Either build" + eerror "modular kernel (without IP_SET) or disable USE=modules" + die "Nonmodular kernel detected, will not build kernel modules" + fi + fi + [[ ${build_modules} -eq 1 ]] && linux-mod_pkg_setup +} + +src_configure() { + econf \ + $(use_with modules kmod) \ + --disable-static \ + --with-maxsets=${IP_NF_SET_MAX} \ + --libdir="${EPREFIX}/$(get_libdir)" \ + --with-ksource="${KV_DIR}" \ + --with-kbuild="${KV_OUT_DIR}" +} + +src_compile() { + einfo "Building userspace" + emake + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Building kernel modules" + set_arch_to_kernel + emake modules + fi +} + +src_install() { + einfo "Installing userspace" + default + prune_libtool_files + + newinitd "${FILESDIR}"/ipset.initd-r4 ${PN} + newconfd "${FILESDIR}"/ipset.confd ${PN} + keepdir /var/lib/ipset + + if [[ ${build_modules} -eq 1 ]]; then + einfo "Installing kernel modules" + linux-mod_src_install + fi +} diff --git a/net-firewall/ipset/metadata.xml b/net-firewall/ipset/metadata.xml new file mode 100644 index 000000000000..79d462e85571 --- /dev/null +++ b/net-firewall/ipset/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>robbat2@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-firewall/ipt_netflow/Manifest b/net-firewall/ipt_netflow/Manifest new file mode 100644 index 000000000000..bfed314208fd --- /dev/null +++ b/net-firewall/ipt_netflow/Manifest @@ -0,0 +1,10 @@ +AUX ipt_netflow-2.0-configure.patch 276 SHA256 cf24753f0075b8015b8832799d993fcc1671ab001033f40f7d0ee12ba469de50 SHA512 cb7b1a690a69eb68ce57d1b216324de3114c01a6bc2ca7e29fece702be62a0f903e6946426c49a8fcd08295466524eb464127655a8742507f999a318319cd3d0 WHIRLPOOL ca45617b098c4e57756b5aeacef9c638444c12cbbd3dea38de457fca9be89592e854c3b9bd70d36250dce4becee28fee94ecd321c857786dc93e92ff5316ab16 +AUX ipt_netflow-2.2-linux-4.10.patch 4343 SHA256 c9874b75e050e0172deb12d0e6c1f981a3c869585e13be7b08d6094a16ff9e42 SHA512 077787f9bc8981064c4a9489487a0079877000f58d4ce789b7aaf7819cabacd1b12e4a527174662bd17c1303631282254e2215f06f02f08e41327a7dbbc13f13 WHIRLPOOL 48c949953be76d096946c02ff0b77c60f2e6f04f287c297ee4494077b8f5192312352ad1b23a89779d635933a6e8203ba316ab296f6566d3bc43fd71ceed7ff9 +AUX ipt_netflow-2.2-linux-4.13.patch 2403 SHA256 96354f3907a1d8d0d590436a3f9fa8ee6829489bcc9b7a46ab8e74f31b704370 SHA512 38b2657a42607cd86f36089cb1c26b609d29f1c6aca75ed38000baa69a58b75568ee7194e5d1692004c59ad8087fc4cb183ee61ed34ab52e557a3f0a330d2b6a WHIRLPOOL 270f2369a693c49a7b1bbe9ba14eb674b8a15648e16d59a9b8b33a295cc87ca9bc1b38599756b7bc680ffe7ea54108c3b3aec938228e520864b039df130507e0 +AUX ipt_netflow-2.2-linux-4.6.patch 2098 SHA256 c795cf2cbba8c502ca8d1aa27c3138f382b728c58351d60c50fd538f17f27644 SHA512 319b1a013e8d32854ecfbc207aa7197e2ef39bc2688ece952814d3092e9110aa3cf134c56f3b9f671c7856465814905a4d1f888f8dab3b40f0be09202c6f1a64 WHIRLPOOL 475c5779f97e2a1611120e38f475bd7acb6855ba647bb9e78057288dca84950aae88ddc2f85ae4e6a48a99cb94fd0978ade5e87e11b9b60200cf12c4df895b6c +DIST ipt-netflow-2.2.tgz 96697 SHA256 81be0a334f74894756d022aee2c87b36c89a7aeca6ff1c91ef6b4f3458793198 SHA512 a406ab9bd18616414d8c99f427382a075bdb8000d8c40959f5b6d6e577d7eb4dfc7f8b773664a516ec2228d15590f21c3fbd6aa3d4302f6cdf03810e1702af74 WHIRLPOOL e9c5f13a3efa346b75ec47ceb033e83099744fa90d575d62135225a88f0093b1de556354d972772f13e7ea895659cd58e6e9a3c08817f62fd902336cc8771928 +EBUILD ipt_netflow-2.2-r1.ebuild 2290 SHA256 6d5179df6ba5fc7b1cf416f99a935ecffbe5a9c87e390232da3378b19bd103d0 SHA512 ff5991046c7a4f575071721f456a88de1f410cdc1ccd0a6b73d5e4a607a25bcb17ed8c1c475f5b3dabb43e00c57f3f9ccd3a8f230f550e8d61b622adee69cf4f WHIRLPOOL a8782221335da2d2249e1a1e165b6a2ef3829c7591f932bdca376fae7848a8eaa8032b4cd6e3adc22e35fbc35b8534714aa16d31562c8451a6cf8c787ffc27e0 +EBUILD ipt_netflow-2.2-r2.ebuild 2511 SHA256 cf8734703821b4b1d0f65b8dfb746e8dcd9c93ce0bcb5b57e2269ddee53d7fae SHA512 f7ffbb8345bd9febdda8895c3424bb3cb8c85b214cbe8b14f0be4bfddd9d2fb9ae04652dcb9dbb54d37337a5e3d44b233bdc95c772244580ed7b4cf4e0cc079c WHIRLPOOL cbd5f3354abfa17711f7d768d645598b8fb09c68fc843a07a7248d4bd1a58607babd41908fae9ed14f10919df69b8a05395336322055e4c1b959725593a224a0 +MISC ChangeLog 4149 SHA256 907012df44868b22ece920cad4dccb3aa44482ad4749468fabd28547cc493d99 SHA512 f7f9c87d99cfae607dadd88df531ca283df898f0c093a4928f5d441d6347a773803311ae325c4a058f5812676efb02f995283abeb88fe832e03792602c56e583 WHIRLPOOL d981cc10fe6884988dfe0e580ad0adf26eb1479435c8789e77232a66e605803b9ddc582c9930b1b2a08a9260dbb613da83c4f477328f5407710c036f0a2cb633 +MISC ChangeLog-2015 5139 SHA256 4bc227582ff7a604a701289ac3cd6a7e9b347025f3838732b59d213d60e70aa3 SHA512 6d5d0f39352fafccd77b878f37342461e21b94b8834f6bab0018328781e7dbf726ef537064eadf9c60baa4ec2e69562f7f6e741b379574821d24544dc9005626 WHIRLPOOL 67bd74db5f3303682bb771982c45586bdab9cb55feb6b0b04f0e1a7fab9e6c29ae0317a1100dd9235b2662f25e899ee1f656281ee56ade3f57c65523e7ab416b +MISC metadata.xml 561 SHA256 7a00db53aae4ab7395ec5fe44907703f00c61ec92995dfb3de6e5ee1b5fc0576 SHA512 6cd4feab99315acfcf34f34fccd9ecb6b00b23efecef622cc638902a4ec62240f3d9f87d1f349a84ec7c4985a90f8632ffcfa9f403b42c26ce9d923ca9e01bc5 WHIRLPOOL 62ecc05c510e0fdf9e235c5dc45be32f8028b1834595d7121e79a48d64535589d479a02c08d50f5f5cc934b188f9c7b4dfc55e73428d0a121cb825347297a32e diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch new file mode 100644 index 000000000000..f6b3a005ba21 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.0-configure.patch @@ -0,0 +1,10 @@ +--- a/configure ++++ b/configure +@@ -421,7 +421,6 @@ + iptables_find_version #IPTVER + iptables_try_pkgconfig #try to configure from pkg-config + iptables_find_src #IPTSRC +-iptables_src_version #check that IPTSRC match to IPTVER + iptables_inc #IPTINC + iptables_modules #IPTLIB + diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch new file mode 100644 index 000000000000..7e8f62840a91 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.10.patch @@ -0,0 +1,137 @@ +commit 5d71c94c400d91633f6d3c3be9e785bb23d4ca1a +Author: ABC <abc@telekom.ru> +Date: Sun Mar 5 11:27:39 2017 +0300 + + Compilation compatibility with kernel 4.10. + + Fixes #70. + Resolves incompatibilities introduced by + 2456e855354415bfaeb7badaa14e11b3e02c8466 and + 613dbd95723aee7abd16860745691b6c7bda20dc for kernel 4.10. + +diff --git a/compat.h b/compat.h +index 3f27977..47176ef 100644 +--- a/compat.h ++++ b/compat.h +@@ -600,4 +600,29 @@ out: + # define __GNUC_PREREQ(maj, min) 0 + #endif + ++/* ktime is not union anymore, since 2456e855354415bfaeb7badaa14e11b3e02c8466 */ ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0) ++# define first_tv64 first.tv64 ++# define last_tv64 last.tv64 ++#else ++# define first_tv64 first ++# define last_tv64 last ++#endif ++ ++/* Offset changes made in 613dbd95723aee7abd16860745691b6c7bda20dc */ ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) && LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0) ++static inline u_int8_t xt_family(const struct xt_action_param *par) ++{ ++ return par->family; ++} ++static inline const struct net_device *xt_in(const struct xt_action_param *par) ++{ ++ return par->in; ++} ++static inline const struct net_device *xt_out(const struct xt_action_param *par) ++{ ++ return par->out; ++} ++#endif ++ + #endif /* COMPAT_NETFLOW_H */ +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index 781b284..0d1ac55 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -3863,10 +3863,10 @@ static void netflow_export_stats(void) + t.pkts_selected += st->pkts_selected; + t.pkts_observed += st->pkts_observed; + #endif +- t.drop.first.tv64 = min_not_zero(t.drop.first.tv64, st->drop.first.tv64); +- t.drop.last.tv64 = max(t.drop.last.tv64, st->drop.last.tv64); +- t.lost.first.tv64 = min_not_zero(t.lost.first.tv64, st->lost.first.tv64); +- t.lost.last.tv64 = max(t.lost.last.tv64, st->lost.last.tv64); ++ t.drop.first_tv64 = min_not_zero(t.drop.first_tv64, st->drop.first_tv64); ++ t.drop.last_tv64 = max(t.drop.last_tv64, st->drop.last_tv64); ++ t.lost.first_tv64 = min_not_zero(t.lost.first_tv64, st->lost.first_tv64); ++ t.lost.last_tv64 = max(t.lost.last_tv64, st->lost.last_tv64); + } + + export_stat_st(OTPL_MPSTAT, &t); +@@ -4781,8 +4781,8 @@ static unsigned int netflow_target( + const void *targinfo + # endif + #else /* since 2.6.28 */ +-# define if_in par->in +-# define if_out par->out ++# define if_in xt_in(par) ++# define if_out xt_out(par) + # if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35) + const struct xt_target_param *par + # else +@@ -4809,7 +4809,7 @@ static unsigned int netflow_target( + #ifdef ENABLE_DIRECTION + const int hooknum = par->hooknum; + #endif +- const int family = par->family; ++ const int family = xt_family(par); + #endif + struct ipt_netflow_tuple tuple; + struct ipt_netflow *nf; +diff --git a/ipt_NETFLOW.h b/ipt_NETFLOW.h +index eb00e94..3ee44a8 100644 +--- a/ipt_NETFLOW.h ++++ b/ipt_NETFLOW.h +@@ -414,7 +414,7 @@ struct netflow_aggr_p { + #define NETFLOW_STAT_TS(count) \ + do { \ + ktime_t kts = ktime_get_real(); \ +- if (!(__get_cpu_var(ipt_netflow_stat)).count.first.tv64) \ ++ if (!(__get_cpu_var(ipt_netflow_stat)).count.first_tv64) \ + __get_cpu_var(ipt_netflow_stat).count.first = kts; \ + __get_cpu_var(ipt_netflow_stat).count.last = kts; \ + } while (0); +commit 5dec6355f151a5c9fa4393c43388b22d9c720fae +Author: ABC <abc@telekom.ru> +Date: Tue Mar 14 21:55:29 2017 +0300 + + More compatibility with kernel 4.10. + + Thanks to cREoz @ gitnub. Resolves #70 once more. + +diff --git a/compat.h b/compat.h +index 47176ef..867e7f2 100644 +--- a/compat.h ++++ b/compat.h +@@ -623,6 +623,10 @@ static inline const struct net_device *xt_out(const struct xt_action_param *par) + { + return par->out; + } ++static inline unsigned int xt_hooknum(const struct xt_action_param *par) ++{ ++ return par->hooknum; ++} + #endif + + #endif /* COMPAT_NETFLOW_H */ +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index 0d1ac55..6d3122e 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -4806,9 +4806,9 @@ static unsigned int netflow_target( + #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28) + const int family = target->family; + #else +-#ifdef ENABLE_DIRECTION +- const int hooknum = par->hooknum; +-#endif ++# ifdef ENABLE_DIRECTION ++ const int hooknum = xt_hooknum(par); ++# endif + const int family = xt_family(par); + #endif + struct ipt_netflow_tuple tuple; diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch new file mode 100644 index 000000000000..10e8b552afb4 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.13.patch @@ -0,0 +1,63 @@ +commit 53a556cb4a705f4eae2bcb49552b6427b231378a +Author: ABC <abc@telekom.ru> +Date: Mon Aug 14 22:55:25 2017 +0300 + + Compatibility with kernel 4.13. + + Offset patch torvalds/linux@14afee4b6092fde451ee17604e5f5c89da33e71e + +diff --git a/compat.h b/compat.h +index 061eb57..275ff58 100644 +--- a/compat.h ++++ b/compat.h +@@ -636,4 +636,10 @@ static inline unsigned int xt_hooknum(const struct xt_action_param *par) + # define SK_CAN_REUSE 1 + #endif + ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,13,0) ++# define compat_refcount_read atomic_read ++#else ++# define compat_refcount_read refcount_read ++#endif ++ + #endif /* COMPAT_NETFLOW_H */ +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index 494ea74..9365325 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -622,7 +622,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v) + + seq_printf(seq, " %u %u %u\n", + sk->sk_sndbuf, +- atomic_read(&sk->sk_wmem_alloc), ++ compat_refcount_read(&sk->sk_wmem_alloc), + wmem_peak); + } else + seq_printf(seq, " 0 0 %u\n", wmem_peak); +@@ -864,7 +864,7 @@ static int nf_seq_show(struct seq_file *seq, void *v) + seq_printf(seq, ", sndbuf %u, filled %u, peak %u;" + " err: sndbuf reached %u, connect %u, cberr %u, other %u\n", + sk->sk_sndbuf, +- atomic_read(&sk->sk_wmem_alloc), ++ compat_refcount_read(&sk->sk_wmem_alloc), + atomic_read(&usock->wmem_peak), + usock->err_full, + usock->err_connect, +@@ -2031,7 +2031,7 @@ static void netflow_sendmsg(void *buffer, const int len) + printk(KERN_INFO "netflow_sendmsg: sendmsg(%d, %d) [%u %u]\n", + snum, + len, +- atomic_read(&usock->sock->sk->sk_wmem_alloc), ++ compat_refcount_read(&usock->sock->sk->sk_wmem_alloc), + usock->sock->sk->sk_sndbuf); + ret = kernel_sendmsg(usock->sock, &msg, &iov, 1, (size_t)len); + if (ret < 0) { +@@ -2054,7 +2054,7 @@ static void netflow_sendmsg(void *buffer, const int len) + printk(KERN_ERR "ipt_NETFLOW: sendmsg[%d] error %d: data loss %llu pkt, %llu bytes%s\n", + snum, ret, pdu_packets, pdu_traf, suggestion); + } else { +- unsigned int wmem = atomic_read(&usock->sock->sk->sk_wmem_alloc); ++ unsigned int wmem = compat_refcount_read(&usock->sock->sk->sk_wmem_alloc); + if (wmem > atomic_read(&usock->wmem_peak)) + atomic_set(&usock->wmem_peak, wmem); + NETFLOW_STAT_INC(exported_pkt); diff --git a/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch new file mode 100644 index 000000000000..bd9bedd3d998 --- /dev/null +++ b/net-firewall/ipt_netflow/files/ipt_netflow-2.2-linux-4.6.patch @@ -0,0 +1,61 @@ +commit c16ffc6cb679b3377a0d4a30a6bbcf5e2f3d0214 +Author: ABC <abc@telekom.ru> +Date: Sun May 22 22:07:14 2016 +0300 + + Support ETHTOOL_xLINKSETTINGS API (new in linux 4.6). + + Thus, making support for 4.6 kernels. + Reference to linux commit: + https://github.com/torvalds/linux/commit/3f1ac7a700d + + Fixes #56, thanks karel-un. + +diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c +index 067fd50..d27eea2 100644 +--- a/ipt_NETFLOW.c ++++ b/ipt_NETFLOW.c +@@ -3904,7 +3904,13 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d + { + struct ethtool_drvinfo info = { 0 }; + const struct ethtool_ops *ops = dev->ethtool_ops; ++#ifndef ETHTOOL_GLINKSETTINGS + struct ethtool_cmd ecmd; ++#define _KSETTINGS(x, y) (x) ++#else ++ struct ethtool_link_ksettings ekmd; ++#define _KSETTINGS(x, y) (y) ++#endif + int len = size; + int n; + +@@ -3933,11 +3939,11 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d + /* only get_settings for running devices to not trigger link negotiation */ + if (dev->flags & IFF_UP && + dev->flags & IFF_RUNNING && +- !__ethtool_get_settings(dev, &ecmd)) { ++ !_KSETTINGS(__ethtool_get_settings(dev, &ecmd), __ethtool_get_link_ksettings(dev, &ekmd))) { + char *s, *p; + + /* append basic parameters: speed and port */ +- switch (ethtool_cmd_speed(&ecmd)) { ++ switch (_KSETTINGS(ethtool_cmd_speed(&ecmd), ekmd.base.speed)) { + case SPEED_10000: s = "10Gb"; break; + case SPEED_2500: s = "2.5Gb"; break; + case SPEED_1000: s = "1Gb"; break; +@@ -3945,7 +3951,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d + case SPEED_10: s = "10Mb"; break; + default: s = ""; + } +- switch (ecmd.port) { ++ switch (_KSETTINGS(ecmd.port, ekmd.base.port)) { + case PORT_TP: p = "tp"; break; + case PORT_AUI: p = "aui"; break; + case PORT_MII: p = "mii"; break; +@@ -3964,6 +3970,7 @@ ret: + ops->complete(dev); + return size - len; + } ++#undef _KSETTINGS + + static const unsigned short netdev_type[] = + {ARPHRD_NETROM, ARPHRD_ETHER, ARPHRD_AX25, diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild new file mode 100644 index 000000000000..f82263fe40cd --- /dev/null +++ b/net-firewall/ipt_netflow/ipt_netflow-2.2-r1.ebuild @@ -0,0 +1,96 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +MY_PN="${PN/_/-}" +MY_P="${MY_PN}-${PV}" +inherit linux-info linux-mod toolchain-funcs + +DESCRIPTION="Netflow iptables module" +HOMEPAGE="https://sourceforge.net/projects/ipt-netflow" +SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" + +IUSE="debug snmp" + +RDEPEND=" + net-firewall/iptables + snmp? ( net-analyzer/net-snmp ) +" +DEPEND="${RDEPEND} + virtual/linux-sources + virtual/pkgconfig +" + +# set S before MODULE_NAMES +S="${WORKDIR}/${MY_P}" + +pkg_setup() { + BUILD_TARGETS="all" + MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})" + IPT_LIB="/usr/$(get_libdir)/xtables" + local CONFIG_CHECK="~IP_NF_IPTABLES" + use debug && CONFIG_CHECK+=" ~DEBUG_FS" + linux-mod_pkg_setup +} + +src_prepare() { + sed -i \ + -e 's:make -C:$(MAKE) -C:g' \ + -e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \ + -e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' \ + Makefile.in || die + + # Checking for directory is enough + sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die + + # bug #455984 + eapply "${FILESDIR}/${PN}-2.0-configure.patch" + + # Compatibility with kernel 4.6 + eapply "${FILESDIR}/${P}-linux-4.6.patch" + + # Compatibility with kernel 4.10, bug #617484 + eapply "${FILESDIR}/${P}-linux-4.10.patch" + + # Compatibility with kernel 4.13, bug #630446 + eapply "${FILESDIR}/${P}-linux-4.13.patch" + + eapply_user +} + +do_conf() { + echo ./configure $* + ./configure $* ${EXTRA_ECONF} || die 'configure failed' +} + +src_configure() { + local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)" + # this configure script is not based on autotools + # ipt-src need to be defined, see bug #455984 + do_conf \ + --disable-dkms \ + --ipt-lib="${IPT_LIB}" \ + --ipt-src="/usr/" \ + --ipt-ver="${IPT_VERSION}" \ + --kdir="${KV_DIR}" \ + --kver="${KV_FULL}" \ + $(use debug && echo '--enable-debugfs') \ + $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent') +} + +src_compile() { + emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all +} + +src_install() { + linux-mod_src_install + exeinto "${IPT_LIB}" + doexe libipt_NETFLOW.so + use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall + doheader ipt_NETFLOW.h + dodoc README* +} diff --git a/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild b/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild new file mode 100644 index 000000000000..c2ed5f6f4274 --- /dev/null +++ b/net-firewall/ipt_netflow/ipt_netflow-2.2-r2.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +MY_PN="${PN/_/-}" +MY_P="${MY_PN}-${PV}" +inherit linux-info linux-mod toolchain-funcs + +DESCRIPTION="Netflow iptables module" +HOMEPAGE="https://sourceforge.net/projects/ipt-netflow" +SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +IUSE="debug natevents snmp" + +RDEPEND=" + net-firewall/iptables + snmp? ( net-analyzer/net-snmp ) +" +DEPEND="${RDEPEND} + virtual/linux-sources + virtual/pkgconfig +" + +# set S before MODULE_NAMES +S="${WORKDIR}/${MY_P}" + +pkg_setup() { + BUILD_TARGETS="all" + MODULE_NAMES="ipt_NETFLOW(ipt_netflow:${S})" + IPT_LIB="/usr/$(get_libdir)/xtables" + local CONFIG_CHECK="~IP_NF_IPTABLES" + use debug && CONFIG_CHECK+=" ~DEBUG_FS" + use natevents && CONFIG_CHECK+=" NF_CONNTRACK_EVENTS NF_NAT_NEEDED" + linux-mod_pkg_setup +} + +src_prepare() { + sed -i \ + -e 's:make -C:$(MAKE) -C:g' \ + -e 's:gcc -O2:$(CC) $(CFLAGS) $(LDFLAGS):' \ + -e 's:gcc:$(CC) $(CFLAGS) $(LDFLAGS):' \ + Makefile.in || die + + # Checking for directory is enough + sed -i -e 's:-s /etc/snmp/snmpd.conf:-d /etc/snmp:' configure || die + + # bug #455984 + eapply "${FILESDIR}/${PN}-2.0-configure.patch" + + # Compatibility with kernel 4.6 + eapply "${FILESDIR}/${P}-linux-4.6.patch" + + # Compatibility with kernel 4.10, bug #617484 + eapply "${FILESDIR}/${P}-linux-4.10.patch" + + # Compatibility with kernel 4.13, bug #630446 + eapply "${FILESDIR}/${P}-linux-4.13.patch" + + eapply_user +} + +do_conf() { + echo ./configure $* + ./configure $* ${EXTRA_ECONF} || die 'configure failed' +} + +src_configure() { + local IPT_VERSION="$($(tc-getPKG_CONFIG) --modversion xtables)" + # this configure script is not based on autotools + # ipt-src need to be defined, see bug #455984 + do_conf \ + --disable-dkms \ + --enable-aggregation \ + --enable-direction \ + --enable-macaddress \ + --enable-vlan \ + --ipt-lib="${IPT_LIB}" \ + --ipt-src="/usr/" \ + --ipt-ver="${IPT_VERSION}" \ + --kdir="${KV_DIR}" \ + --kver="${KV_FULL}" \ + $(use debug && echo '--enable-debugfs') \ + $(use natevents && echo '--enable-natevents') \ + $(use snmp && echo '--enable-snmp-rules' || echo '--disable-snmp-agent') +} + +src_compile() { + emake ARCH="$(tc-arch-kernel)" CC="$(tc-getCC)" all +} + +src_install() { + linux-mod_src_install + exeinto "${IPT_LIB}" + doexe libipt_NETFLOW.so + use snmp && emake DESTDIR="${D}" SNMPTGSO="/usr/$(get_libdir)/snmp/dlmod/snmp_NETFLOW.so" sinstall + doheader ipt_NETFLOW.h + dodoc README* +} diff --git a/net-firewall/ipt_netflow/metadata.xml b/net-firewall/ipt_netflow/metadata.xml new file mode 100644 index 000000000000..76cfd5175511 --- /dev/null +++ b/net-firewall/ipt_netflow/metadata.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>pinkbyte@gentoo.org</email> + <name>Sergey Popov</name> + </maintainer> + <maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> + </maintainer> + <use> + <flag name="natevents">Netflow NAT translation events (NEL) support</flag> + </use> + <upstream> + <remote-id type="sourceforge">ipt-netflow</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest new file mode 100644 index 000000000000..c5d061fca356 --- /dev/null +++ b/net-firewall/iptables/Manifest @@ -0,0 +1,22 @@ +AUX ip6tables-1.4.13.confd 690 SHA256 2938fe4206514d9868047bd8f888a699fa2097ca69edab176453436d4259abaa SHA512 8de9a5de4061bef217fbc07577688a8110f1116af7f3b936dfd18100a6a7a47ec6e70c456b24cf3432fb4f2034b741a487fe6af8d9740f174d51c6eb16945c6e WHIRLPOOL f2f4903812b5b97d5bdf9cb28f0bcb6f8c866f197b46a9128530721a8d9db1cdcedffe2512c9235391a67f494c2daf1266d7bc8a6185949756437221c3861a10 +AUX iptables-1.4.13-r1.init 2766 SHA256 2c9dcf73db7740350d41504633671e95287a349838acd5faa6d3b27418c9d6d0 SHA512 9b74344043f48ce2a4691f09199cfa752bd7ee360d912d412fe1cf51de54821b0d082c9585a11b84020454f9759af78ff097d7dfc8f5148ef9e987e6d990edde WHIRLPOOL dbd6af2c45e8e894bb03e818ef43695626fc0228530e5c7ba066e440be3c12bd54e873d31805a1053bd34c4341dda6c64b3eff2e94b51767ad2d0d390ef5a377 +AUX iptables-1.4.13.confd 687 SHA256 7e2341211ca14997b7a8a1f930f94db855291af597c568f680f80031c20d45b6 SHA512 bd67d53e997ea65755148ba071fe6e3856d6e604b9167c666900721bc3dc24f63d395bc33a1a34ae50f95e72760da630db1a8d35afc81ec5973e60ba5343dc70 WHIRLPOOL 111b809b3122b04cce8ac0e551cfcdec7fde1ad563e1001bbbb3dbb4cae0ddf13851ece1024e13fb26aab2fe306dfc4fd9e59ab5a10127b301bc7a65ec20486b +AUX iptables-1.4.21-configure.patch 1066 SHA256 73454c278b48fae5debcdb72ada8f2d60a36b5134cb1052b1a332b83169cbdc0 SHA512 45445d1460072ed19ba617be983be82094fdd0535a25de4f6159173de4a08be9bee9da13c7aeea419291beb92402ca25efba3a0e269510e221f7eacc8bcd5176 WHIRLPOOL 55c56c9e0711409c54b8635dc9b480be885c852b60ac336a32b3a48586c85ba5b7b9a0b4d2d427f7d646dfdc4d49c9fe6957ed39eac5cdd7de3526249f99e6ed +AUX iptables-1.4.21-static-connlabel-config.patch 2195 SHA256 e03de480a940b0ac386bba2ec681f724ba39f5e53153398e061f2d74ae491c49 SHA512 d838773bf2db9f97548d2f7eaab0ce3205265a7ec8b274df479fcecb474ba09ed061abae50534c0379a1290479c2e94927595eca0f4570b27744ec165348b6b1 WHIRLPOOL c1b79bb8e9a915d27940b443c564d0d00ccbd31728b8519bd18a6957ca7085c19dd09592d94a4aecee48102303a000130eba85710ad1de1533ef783ef1c28811 +AUX iptables.init 2787 SHA256 5b644ff18c49f81983e75be40f52bd15606b5ec668f1c478406c18c6c4c9a528 SHA512 317c71bee98f5b1bbfd17ea961e5e268532c2320fc865b7876f7cc4e02a66b6a012fc336f8880045a83e101f161197c0a1d106220af6240407cebafbf38022db WHIRLPOOL 7b5b790b4f3d228b99523a250d11e0b53380f3cd69d7f845d77373d1ca31106974b5c728a6c6dd247ae135b8c0a92ca021cac7fd0459e13f9ade01a20a404a60 +AUX systemd/ip6tables-restore.service 398 SHA256 611fb01a539f421a06d443ac5bec4ee412699021bb8f99bcc52056b825b72baa SHA512 4df4f73b14e123c463003656631d1affa431f722c9f598cdde6a63a531432aa3f97635b32c59aa2e1ddc4b45f500169c88da1c055fccac6c8ce89db23d015a7a WHIRLPOOL eabe0338f58a300ea53c15e09e35f8c1eb10ac9574213fbe30aff75eb350eaa676f0c927a14e24e7b2eaad6b69124645ff0df995204e65f2a23f0bc00d5d2e1c +AUX systemd/ip6tables-store.service 243 SHA256 ce93fc2ba81f7693877479ddc75cdec94627c302a140bd27ff30656fad78e72b SHA512 7cee224f91d4c8348606ba176d0d689749a59229958cfdf4e75451d77271363e7cff71dbb7e30dbc4a5a837363a72d70d6960d2dfb218f3ad16456ae109cba10 WHIRLPOOL d84687a142843fa9cd930171e817652afb22b950214349ca156ba6da174312989973d17fed04cd129c18d4d6fbd5ad3124b9afa0d105d128333248c90fdb4ca6 +AUX systemd/ip6tables.service 133 SHA256 1b8d342ffdf471ef25e365dacf106e1899b438dad4bf9154cfad2d5217c3a019 SHA512 f871e694a8c666a59840c4c7ae1f355dc47f481501b3472601b65460c1d6e163a7e33f7a6c42a84ac33131ddb96170b316e83507a43f1ede54d61446f81950dc WHIRLPOOL 24140e7398cfa494210b8d3b773bdca5ee1abbbdb29c2921e84ff025848e26844b5c20fadefa9b961ce14564ce8daa9b8e9f197b7d7ec70c26bb6609b74b10d0 +AUX systemd/iptables-restore.service 394 SHA256 611debe959039341f2ee93c276290046365622e4a168c98a9f39684bee9565de SHA512 f0d042b487beaaa0dab0884ccb12c1cb63f9f5949b58187dcd4fcdb28a5b9874fd7b9cc8c14862f8a311a6e4016e2472edc51a776904c9940e1280da7dd3c01b WHIRLPOOL 8fc540b450347ea78e56d03591be2d22bbccadbe65dfe021c23231f9efcda3405d5555a6d5b93f38fbf5cc16855d397da104a873a5dd0fa01270d3b542f9403d +AUX systemd/iptables-store.service 240 SHA256 14965fd0f3cd4285e77ea1e3d9975a818b0d64fb0026b925d8434896b2cbf839 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e WHIRLPOOL e3a5b77b2c19ad8445a21cc9c8680c2d632d968483357221fac1c309275bd17aa25c05cf23188d5ae644d5b1266c64b3dd5fe8fbdec9f2a439a212c3d1c767db +AUX systemd/iptables.service 130 SHA256 c404c54c98521817aca75b96774a24684e0c7ed2fc8de2ced78f4ae4d8a6b99d SHA512 87114ccc7eb079d1ed43d77be35cf4c91702ca960883a4bbca5dfcf74aa6f086e44f4a4251441ac3a277c93eb10e7482157caf2d62bbf2a7f5327947ede25bef WHIRLPOOL 844296866dfe2fe6b1207c99d2f938f4c87a37592e95576f9504fe056fe82fc29878b9aa1a204fa31d6711fbe7ba5cd48f7a639e4839bbe366e6220246a0d3c3 +DIST iptables-1.4.21.tar.bz2 547439 SHA256 52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0 SHA512 dd4baccdb080284d8620e6ed59beafc2677813f3e099051764b07f8e394f6d94ca11861b181f3cce7c55c66de64c1e2add13dc1a0b64e24050cd9fb7aea0689b WHIRLPOOL 475541d1b2b7fe4ee8fa3b537274ef082aab8bfd262201ee14cd53577dfac6f591445cc6d64ed93b226a4b71d54ae1b9ab4cbb378b5440861a585f770f0db200 +DIST iptables-1.6.0.tar.bz2 608288 SHA256 4bb72a0a0b18b5a9e79e87631ddc4084528e5df236bc7624472dcaa8480f1c60 SHA512 60360910db76e3265fb7b6456a55b91708263bde9c4e5b9cadf3832d2e2a9db3e6cb60c82e278ea0672618bd5c9566c374e00d19d35a2e8f330116c3ab6aaf51 WHIRLPOOL e5ab2398b0650883d31ea144777a6b00904a4e02434f0420037aa54cfc5e47359b95604e945ae3a1abbf3037c37aea2143d3a5457a500e12f1c1139b11655015 +DIST iptables-1.6.1.tar.bz2 620890 SHA256 0fc2d7bd5d7be11311726466789d4c65fb4c8e096c9182b56ce97440864f0cf5 SHA512 12280db6e6ef8e68da2537e9da59fc601790fd02b1ba38a37c90dbb56272018329dccb8be995f96ecd5d94fafa6043204f3e8f8ee96531685d9e3c55359d2ee8 WHIRLPOOL e34fffbad8a5aea278cdfd11f042e2318862f8e6045a94a2eff35e6cb233ec62d030d83838613338ca2d928f6982cebf9665d039ba61218399139745c9cb08f9 +EBUILD iptables-1.4.21-r1.ebuild 2440 SHA256 175cacc8552ae92ca05b938d706acdb345ee488081972e1d5d666ef532a5a012 SHA512 b8cc233407d3cdec4ac916c61f7dcacd0ab23ca344205d48be9ab1a6be52275e595c1a64ba48b0e2e122d6ad762b8ae73883cb3c98c646e0d2ec233a8ccc8155 WHIRLPOOL b292ce7fcdf1a68d553bfd258c7d9f6a7cb3c47aab86f82b94fe4d97ad0fbc704adbfe9371f0db5202fbf6ff3fc249e07ff37804ff934ff64078b9ec9bf789e4 +EBUILD iptables-1.4.21-r4.ebuild 2973 SHA256 c7a60f6ae50344f860a0780c3ed960dfc29a0e9d4bf438aa3533607ec9fdb4bc SHA512 a8ac1de33f16d4d5b2b21aa145ec33a05dae62ba045d269a84e5f58539900d23d39b9a923dab9a1b61514009a263ecacb50563eeb0b6e4e1b3ba673d76fb0594 WHIRLPOOL 0d081a592b28ddffc501767b1478a631bd934f780748b6b53b2746cae499b8b829fd6aad9c0ac9afa11efd777cdc201b22d1fb46978cb5ec1a286415fff913a0 +EBUILD iptables-1.6.0-r1.ebuild 3097 SHA256 c5f6f3b579f8b39325b5aa9c3232f6ecf692385989d5e440a91f6ce91d19c2c5 SHA512 8c30729a0c00a78a53960034748016717210c977fca971efbb68fb5c188c4ba9fbcffb4c0c84396ccfcb0f0045c8ece8f2b7e213d61c05b6cd5b8701cfbbfbdc WHIRLPOOL 9d758ffe70b7b578c0f67041feb398ab83c6f46adde72cf0c1c5d590aac5ef550aa4c81bf00ca49c3fcd6c174efa343806fc1bd07b242f5076a5cfcb88a76ecf +EBUILD iptables-1.6.1-r1.ebuild 3105 SHA256 a8e2244d7cc4bf08f52cfd8893d75db34edbb8d28ce9a12309352690ae3277c4 SHA512 8e8ecf87f5535d562922f2c57988947f81e804c8d094d20fe7a90c0ff3288c8b1fe43a4d5123ec226f9930709487ed9745f5d1081e2c63a2001635dfdcc5bccd WHIRLPOOL 65242c872dd2c2a7165388f27ebd4b18386571024b430eed034391125c1f046369d3314f204626a7abc0e29d3076fa8b9040d5c26e96aa9b8942d592462248a9 +MISC ChangeLog 9263 SHA256 a7cd952f78c9b527ae0dbc5ec3d654ceb7f74143003be019abb1f3809b08e08b SHA512 078ec1b34dbe48e83ea9ab618198b8c702f81ee3085cbf67ca203b64fbe414f2dfef5b6e89710e073178afda31e001f83ff572cb2236fbd260c753aaab92785c WHIRLPOOL b9b6c738e050c27eb9ae144762d4efcbac9adeecd162981d3db7c68cbace6827b1aada551d50220949e28da9074d6747ebe043ebec52a3a13e0cb6ce30c570e7 +MISC ChangeLog-2015 53266 SHA256 899937b46b0928ec409e58139647df2d10a1641c8d3e325b69307b4219d562b8 SHA512 904982cacd86d993475dfc7e078a66e5390b788ee29fc4b4f57401396420fdff076d35aefceb1b34814876e4acc0746faa23348152ed2acd62b0753cda938900 WHIRLPOOL 7e1ba68e5f9b5c8e75924c10c8fc54c2441450a2ebe7a0ed05f035e5932ef5447aacd29193219025e6a33984247935feb25bf041c8caab9df74dbda77345f38d +MISC metadata.xml 1450 SHA256 12a59ccb10431b7760a10a4421f05fd3763eb14c91d27239f04d9bcacec548ab SHA512 3cd157fddc3a2aeca4ba563509b021ae52f02e23a721488eaf47b2aa701e6fee5ab8432603ca9999e6854b4d8a69950cf1a156104ee5db35f9232302326601f1 WHIRLPOOL 4d48988fd6ec8b53a643206c939789a773ab59253506c4659b83f7d563bd558924845dd04bb03702dff160cc49f72a319fa68b7e1e49988022270eeac7cfe82c diff --git a/net-firewall/iptables/files/ip6tables-1.4.13.confd b/net-firewall/iptables/files/ip6tables-1.4.13.confd new file mode 100644 index 000000000000..3bb36989d37e --- /dev/null +++ b/net-firewall/iptables/files/ip6tables-1.4.13.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/ip6tables + +# Location in which iptables initscript will save set rules on +# service shutdown +IP6TABLES_SAVE="/var/lib/ip6tables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/iptables/files/iptables-1.4.13-r1.init b/net-firewall/iptables/files/iptables-1.4.13-r1.init new file mode 100644 index 000000000000..b410b4ff52bf --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.13-r1.init @@ -0,0 +1,129 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="check save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +case ${iptables_name} in +iptables|ip6tables) ;; +*) iptables_name="iptables" ;; +esac + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + need localmount #434774 + before net +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + checkrules || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + done + eend $? + + start +} + +checkrules() { + ebegin "Checking rules" + ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +check() { + # Short name for users of init.d script. + checkrules +} + +save() { + ebegin "Saving ${iptables_name} state" + checkpath -q -d "$(dirname "${iptables_save}")" + checkpath -q -m 0600 -f "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -F -t $a + ${iptables_bin} -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/iptables/files/iptables-1.4.13.confd b/net-firewall/iptables/files/iptables-1.4.13.confd new file mode 100644 index 000000000000..7225374c3a8a --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.13.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/iptables + +# Location in which iptables initscript will save set rules on +# service shutdown +IPTABLES_SAVE="/var/lib/iptables/rules-save" + +# Options to pass to iptables-save and iptables-restore +SAVE_RESTORE_OPTIONS="-c" + +# Save state on stopping iptables +SAVE_ON_STOP="yes" + +# If you need to log iptables messages as soon as iptables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/iptables/files/iptables-1.4.21-configure.patch b/net-firewall/iptables/files/iptables-1.4.21-configure.patch new file mode 100644 index 000000000000..e827885f1688 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.21-configure.patch @@ -0,0 +1,34 @@ +https://bugs.gentoo.org/557586 + +From b24e59fba39120bfdb9e521bbd0af8f33a60466e Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sat, 15 Aug 2015 14:12:39 -0400 +Subject: [PATCH] configure: fix 3rd arg w/AC_ARG_ENABLE + +The 3rd arg is used when --{enable,disable}-foo are passed in, not when +the feature is enabled. Use the existing $enableval instead. + +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/configure ++++ b/configure +@@ -11898,14 +11898,14 @@ fi + + # Check whether --enable-bpf-compiler was given. + if test "${enable_bpf_compiler+set}" = set; then : +- enableval=$enable_bpf_compiler; enable_bpfc="yes" ++ enableval=$enable_bpf_compiler; enable_bpfc="$enableval" + else + enable_bpfc="no" + fi + + # Check whether --enable-nfsynproxy was given. + if test "${enable_nfsynproxy+set}" = set; then : +- enableval=$enable_nfsynproxy; enable_nfsynproxy="yes" ++ enableval=$enable_nfsynproxy; enable_nfsynproxy="$enableval" + else + enable_nfsynproxy="no" + fi diff --git a/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch new file mode 100644 index 000000000000..a4183d6d4025 --- /dev/null +++ b/net-firewall/iptables/files/iptables-1.4.21-static-connlabel-config.patch @@ -0,0 +1,77 @@ +https://bugs.gentoo.org/558234 +http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e + +From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw@strlen.de> +Date: Fri, 5 Sep 2014 20:45:56 +0200 +Subject: [PATCH] extensions: libxt_connlabel: do not open config file from + _init hook + +else, static builds will print this for every iptables invocation, +even 'iptables -L'. Delay open until we need to translate a mapping. + +Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com> +Signed-off-by: Florian Westphal <fw@strlen.de> +--- + extensions/libxt_connlabel.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c +index c84a167..1f83095 100644 +--- a/extensions/libxt_connlabel.c ++++ b/extensions/libxt_connlabel.c +@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = { + XTOPT_TABLEEND, + }; + ++/* cannot do this via _init, else static builds might spew error message ++ * for every iptables invocation. ++ */ ++static void connlabel_open(void) ++{ ++ if (map) ++ return; ++ ++ map = nfct_labelmap_new(NULL); ++ if (!map && errno) ++ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n", ++ strerror(errno)); ++} ++ + static void connlabel_mt_parse(struct xt_option_call *cb) + { + struct xt_connlabel_mtinfo *info = cb->data; + int tmp; + ++ connlabel_open(); + xtables_option_parse(cb); + + switch (cb->entry->id) { +@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb) + + static const char *connlabel_get_name(int b) + { +- const char *name = nfct_labelmap_get_name(map, b); ++ const char *name; ++ ++ connlabel_open(); ++ ++ name = nfct_labelmap_get_name(map, b); + if (name && strcmp(name, "")) + return name; + return NULL; +@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = { + + void _init(void) + { +- map = nfct_labelmap_new(NULL); +- if (!map) { +- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n", +- connlabel_mt_reg.name, strerror(errno)); +- return; +- } + xtables_register_match(&connlabel_mt_reg); + } +-- +2.4.4 + diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init new file mode 100755 index 000000000000..10394c6f09cf --- /dev/null +++ b/net-firewall/iptables/files/iptables.init @@ -0,0 +1,129 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="check save panic" +extra_started_commands="reload" + +iptables_name=${SVCNAME} +case ${iptables_name} in +iptables|ip6tables) ;; +*) iptables_name="iptables" ;; +esac + +iptables_bin="/sbin/${iptables_name}" +case ${iptables_name} in + iptables) iptables_proc="/proc/net/ip_tables_names" + iptables_save=${IPTABLES_SAVE};; + ip6tables) iptables_proc="/proc/net/ip6_tables_names" + iptables_save=${IP6TABLES_SAVE};; +esac + +depend() { + need localmount #434774 + before net +} + +set_table_policy() { + local chains table=$1 policy=$2 + case ${table} in + nat) chains="PREROUTING POSTROUTING OUTPUT";; + mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";; + filter) chains="INPUT FORWARD OUTPUT";; + *) chains="";; + esac + local chain + for chain in ${chains} ; do + ${iptables_bin} -w -t ${table} -P ${chain} ${policy} + done +} + +checkkernel() { + if [ ! -e ${iptables_proc} ] ; then + eerror "Your kernel lacks ${iptables_name} support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} +checkconfig() { + if [ ! -f ${iptables_save} ] ; then + eerror "Not starting ${iptables_name}. First create some rules then run:" + eerror "/etc/init.d/${iptables_name} save" + return 1 + fi + return 0 +} + +start() { + checkconfig || return 1 + ebegin "Loading ${iptables_name} state and starting firewall" + ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +stop() { + if [ "${SAVE_ON_STOP}" = "yes" ] ; then + save || return 1 + fi + checkkernel || return 1 + ebegin "Stopping firewall" + local a + for a in $(cat ${iptables_proc}) ; do + set_table_policy $a ACCEPT + + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a + done + eend $? +} + +reload() { + checkkernel || return 1 + checkrules || return 1 + ebegin "Flushing firewall" + local a + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a + done + eend $? + + start +} + +checkrules() { + ebegin "Checking rules" + ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +check() { + # Short name for users of init.d script. + checkrules +} + +save() { + ebegin "Saving ${iptables_name} state" + checkpath -q -d "$(dirname "${iptables_save}")" + checkpath -q -m 0600 -f "${iptables_save}" + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" + eend $? +} + +panic() { + checkkernel || return 1 + if service_started ${iptables_name}; then + rc-service ${iptables_name} stop + fi + + local a + ebegin "Dropping all packets" + for a in $(cat ${iptables_proc}) ; do + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a + + set_table_policy $a DROP + done + eend $? +} diff --git a/net-firewall/iptables/files/systemd/ip6tables-restore.service b/net-firewall/iptables/files/systemd/ip6tables-restore.service new file mode 100644 index 000000000000..c149e92ba900 --- /dev/null +++ b/net-firewall/iptables/files/systemd/ip6tables-restore.service @@ -0,0 +1,14 @@ +[Unit] +Description=Restore ip6tables firewall rules +# if both are queued for some reason, don't store before restoring :) +Before=ip6tables-store.service +# sounds reasonable to have firewall up before any of the services go up +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=/sbin/ip6tables-restore /var/lib/ip6tables/rules-save + +[Install] +WantedBy=basic.target diff --git a/net-firewall/iptables/files/systemd/ip6tables-store.service b/net-firewall/iptables/files/systemd/ip6tables-store.service new file mode 100644 index 000000000000..9975378353d3 --- /dev/null +++ b/net-firewall/iptables/files/systemd/ip6tables-store.service @@ -0,0 +1,11 @@ +[Unit] +Description=Store ip6tables firewall rules +Before=shutdown.target +DefaultDependencies=No + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "/sbin/ip6tables-save --counters > /var/lib/ip6tables/rules-save" + +[Install] +WantedBy=shutdown.target diff --git a/net-firewall/iptables/files/systemd/ip6tables.service b/net-firewall/iptables/files/systemd/ip6tables.service new file mode 100644 index 000000000000..0a6d7fa1c8ab --- /dev/null +++ b/net-firewall/iptables/files/systemd/ip6tables.service @@ -0,0 +1,6 @@ +[Unit] +Description=Store and restore ip6tables firewall rules + +[Install] +Also=ip6tables-store.service +Also=ip6tables-restore.service diff --git a/net-firewall/iptables/files/systemd/iptables-restore.service b/net-firewall/iptables/files/systemd/iptables-restore.service new file mode 100644 index 000000000000..2474ee3ec419 --- /dev/null +++ b/net-firewall/iptables/files/systemd/iptables-restore.service @@ -0,0 +1,14 @@ +[Unit] +Description=Restore iptables firewall rules +# if both are queued for some reason, don't store before restoring :) +Before=iptables-store.service +# sounds reasonable to have firewall up before any of the services go up +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save + +[Install] +WantedBy=basic.target diff --git a/net-firewall/iptables/files/systemd/iptables-store.service b/net-firewall/iptables/files/systemd/iptables-store.service new file mode 100644 index 000000000000..aa16e75e9ccf --- /dev/null +++ b/net-firewall/iptables/files/systemd/iptables-store.service @@ -0,0 +1,11 @@ +[Unit] +Description=Store iptables firewall rules +Before=shutdown.target +DefaultDependencies=No + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save" + +[Install] +WantedBy=shutdown.target diff --git a/net-firewall/iptables/files/systemd/iptables.service b/net-firewall/iptables/files/systemd/iptables.service new file mode 100644 index 000000000000..3643a3e31034 --- /dev/null +++ b/net-firewall/iptables/files/systemd/iptables.service @@ -0,0 +1,6 @@ +[Unit] +Description=Store and restore iptables firewall rules + +[Install] +Also=iptables-store.service +Also=iptables-restore.service diff --git a/net-firewall/iptables/iptables-1.4.21-r1.ebuild b/net-firewall/iptables/iptables-1.4.21-r1.ebuild new file mode 100644 index 000000000000..05b4e957ca31 --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.21-r1.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib systemd toolchain-funcs autotools + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +IUSE="conntrack ipv6 netlink static-libs" + +RDEPEND=" + conntrack? ( net-libs/libnetfilter_conntrack ) + netlink? ( net-libs/libnfnetlink ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}-1.4.13-r1.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables-1.4.13-r1.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-1.4.21-r4.ebuild b/net-firewall/iptables/iptables-1.4.21-r4.ebuild new file mode 100644 index 000000000000..b873bc7ffcfa --- /dev/null +++ b/net-firewall/iptables/iptables-1.4.21-r4.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +# Subslot tracks libxtables as that's the one other packages generally link +# against and iptables changes. Will have to revisit if other sonames change. +SLOT="0/10" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="conntrack ipv6 netlink pcap static-libs" + +RDEPEND=" + conntrack? ( net-libs/libnetfilter_conntrack ) + netlink? ( net-libs/libnfnetlink ) + pcap? ( net-libs/libpcap ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + epatch "${FILESDIR}"/${P}-configure.patch #557586 + epatch "${FILESDIR}"/${P}-static-connlabel-config.patch #558234 + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable pcap bpf-compiler) \ + $(use_enable pcap nfsynproxy) \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables{,-{re,}store}.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables{,-{re,}store}.service + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-1.6.0-r1.ebuild b/net-firewall/iptables/iptables-1.6.0-r1.ebuild new file mode 100644 index 000000000000..11aff3774610 --- /dev/null +++ b/net-firewall/iptables/iptables-1.6.0-r1.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +# Subslot tracks libxtables as that's the one other packages generally link +# against and iptables changes. Will have to revisit if other sonames change. +SLOT="0/11" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="conntrack ipv6 netlink nftables pcap static-libs" + +RDEPEND=" + conntrack? ( net-libs/libnetfilter_conntrack ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0 + >=net-libs/libnftnl-1.0.5 + ) + pcap? ( net-libs/libpcap ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig + nftables? ( + sys-devel/flex + virtual/yacc + ) +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable nftables) \ + $(use_enable pcap bpf-compiler) \ + $(use_enable pcap nfsynproxy) \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + # Deal with parallel build errors. + use nftables && emake -C iptables xtables-config-parser.h + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/iptables-1.6.1-r1.ebuild b/net-firewall/iptables/iptables-1.6.1-r1.ebuild new file mode 100644 index 000000000000..4132b8a76807 --- /dev/null +++ b/net-firewall/iptables/iptables-1.6.1-r1.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +# Force users doing their own patches to install their own tools +AUTOTOOLS_AUTO_DEPEND=no + +inherit eutils multilib systemd toolchain-funcs autotools flag-o-matic + +DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://www.netfilter.org/projects/iptables/" +SRC_URI="http://www.netfilter.org/projects/iptables/files/${P}.tar.bz2" + +LICENSE="GPL-2" +# Subslot tracks libxtables as that's the one other packages generally link +# against and iptables changes. Will have to revisit if other sonames change. +SLOT="0/12" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="conntrack ipv6 netlink nftables pcap static-libs" + +RDEPEND=" + conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 ) + netlink? ( net-libs/libnfnetlink ) + nftables? ( + >=net-libs/libmnl-1.0 + >=net-libs/libnftnl-1.0.5 + ) + pcap? ( net-libs/libpcap ) +" +DEPEND="${RDEPEND} + virtual/os-headers + virtual/pkgconfig + nftables? ( + sys-devel/flex + virtual/yacc + ) +" + +src_prepare() { + # use the saner headers from the kernel + rm -f include/linux/{kernel,types}.h + + # Only run autotools if user patched something + epatch_user && eautoreconf || elibtoolize +} + +src_configure() { + # Some libs use $(AR) rather than libtool to build #444282 + tc-export AR + + # Hack around struct mismatches between userland & kernel for some ABIs. #472388 + use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct + + sed -i \ + -e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \ + -e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \ + configure || die + + econf \ + --sbindir="${EPREFIX}/sbin" \ + --libexecdir="${EPREFIX}/$(get_libdir)" \ + --enable-devel \ + --enable-shared \ + $(use_enable nftables) \ + $(use_enable pcap bpf-compiler) \ + $(use_enable pcap nfsynproxy) \ + $(use_enable static-libs static) \ + $(use_enable ipv6) +} + +src_compile() { + # Deal with parallel build errors. + use nftables && emake -C iptables xtables-config-parser.h + emake V=1 +} + +src_install() { + default + dodoc INCOMPATIBILITIES iptables/iptables.xslt + + # all the iptables binaries are in /sbin, so might as well + # put these small files in with them + into / + dosbin iptables/iptables-apply + dosym iptables-apply /sbin/ip6tables-apply + doman iptables/iptables-apply.8 + + insinto /usr/include + doins include/iptables.h $(use ipv6 && echo include/ip6tables.h) + insinto /usr/include/iptables + doins include/iptables/internal.h + + keepdir /var/lib/iptables + newinitd "${FILESDIR}"/${PN}.init iptables + newconfd "${FILESDIR}"/${PN}-1.4.13.confd iptables + if use ipv6 ; then + keepdir /var/lib/ip6tables + newinitd "${FILESDIR}"/iptables.init ip6tables + newconfd "${FILESDIR}"/ip6tables-1.4.13.confd ip6tables + fi + + systemd_dounit "${FILESDIR}"/systemd/iptables-{re,}store.service + if use ipv6 ; then + systemd_dounit "${FILESDIR}"/systemd/ip6tables-{re,}store.service + fi + + # Move important libs to /lib #332175 + gen_usr_ldscript -a ip{4,6}tc iptc xtables + + prune_libtool_files +} diff --git a/net-firewall/iptables/metadata.xml b/net-firewall/iptables/metadata.xml new file mode 100644 index 000000000000..92f454ba7f63 --- /dev/null +++ b/net-firewall/iptables/metadata.xml @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> +</maintainer> +<use> + <flag name="conntrack">Build against <pkg>net-libs/libnetfilter_conntrack</pkg> when enables the connlabel matcher</flag> + <flag name="netlink">Build against libnfnetlink which enables the nfnl_osf util</flag> + <flag name="nftables">Support nftables kernel interface</flag> + <flag name="pcap">Build against <pkg>net-libs/libpcap</pkg> which enables the nfbpf_compile util</flag> +</use> +<longdescription> + iptables is the userspace command line program used to set up, maintain, and + inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a + part of packet filtering framework which allows the stateless and stateful + packet filtering, all kinds of network address and port translation, and is a + flexible and extensible infrastructure with multiple layers of API's for 3rd + party extensions. The iptables package also includes ip6tables. ip6tables is + used for configuring the IPv6 packet filter. + + Note that some extensions (e.g. imq and l7filter) are not included into + official kernel sources so you have to patch the sources before installation. +</longdescription> +<upstream> + <remote-id type="cpe">cpe:/a:netfilter_core_team:iptables</remote-id> +</upstream> +</pkgmetadata> diff --git a/net-firewall/itval/Manifest b/net-firewall/itval/Manifest new file mode 100644 index 000000000000..650c004ab03c --- /dev/null +++ b/net-firewall/itval/Manifest @@ -0,0 +1,5 @@ +DIST ITVal-20121104.tar.bz2 71398 SHA256 dba3bcd2876b28fad4baedfd39a4d8ddd658d128e50c6f53253d321a082dcf42 SHA512 145f464154d0c88e6c43a16a6ea59f3f6f525612c99032bd5acb934975d46568a40b25996a92d63d190afbe2f129010fb7cdb843dced9eae4ec925b97ee17eca WHIRLPOOL 6c4ebb99b496988749559e83d6170e2f7c211cb9afe7e079a2591f11e01fc679dee5e94b030291bc76995f760b1ad3f056a5a64b110757f93e9d3e3cdbe8bdd2 +EBUILD itval-1.2_p20121104.ebuild 691 SHA256 55c96e63b9fa4627abc10c60d3f432ee44b0c824d13b73a415b30c539098e6ba SHA512 6bb6448aaba54292ea29ab788bb5b5da15b09f6b431c3933f98f574005e9ede3fc7bc939253692d42a3194b1a723e5813799ef837be673508bd5a84d8e163324 WHIRLPOOL f215ec26994eeb76f16c3393c718c3c9bf02903e95022d347a3b5c81415d85abcbdd0d9ac18127d0432759c3522bcccf734d4591e329fb47d62d4fc5079edf19 +MISC ChangeLog 3047 SHA256 822ab751e5ed63f1f83440ff74db39b2b1a1d1b51dca6a87cc2ec2aae560ec21 SHA512 162b80d73e51d098ef2f0f7fbd00e31a17db85a7aa0994dba7f3e9d054b47e3f5729a0db34e9f8d968616c3e66afbf7a07ba803a1dc790dc1bb310f099ad892d WHIRLPOOL e3c51c1a0a0ccb2e29c46938e2813765827461070def5296b2c0e2f38586b516fffebe668443e39ef9940b319ed6bda02281b88e5957f4431ffee7480da7d16b +MISC ChangeLog-2015 1492 SHA256 a59c5e0b7f8ff8f59ed446e41b475371b565bfa02c4b79195614651e31427c32 SHA512 e7d5254e7b6b07d16b311b1363c250e0f599d814613e77be247705807248b3ae82d896c2480388ac000f6359ef9dea2dca91b9469fd82267063a637f298dad45 WHIRLPOOL a27998d4693746cebb3341b297110e1720211dc9d2fcb9c9744b9b3ae482d40583351954187af77f7a0bd5d7fdc1390afb8b84f847b4fd253c62e9c943d8b07a +MISC metadata.xml 355 SHA256 ea7daee2322b0b45364a4c9f2cf30291048048d0aa947410fd540ce8bd766330 SHA512 5d2237882022cc28ffcf8f5bf3fc1884d7b18bda49ffb6b3b7ae878e0e47e4b775e268601a031e0aecaeae5b1067a61efb3e061f966150bf20189e3a60eb2df5 WHIRLPOOL 0d078699898759fe86b144ad54fb7eb2d5b1539102d5e55b87ed1156c68f05c892b59b2356f0e751b8d2d6cbd014e3868fc195ffed655f9ab07309ac0abcdaf5 diff --git a/net-firewall/itval/itval-1.2_p20121104.ebuild b/net-firewall/itval/itval-1.2_p20121104.ebuild new file mode 100644 index 000000000000..4f5b701647f9 --- /dev/null +++ b/net-firewall/itval/itval-1.2_p20121104.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +CMAKE_IN_SOURCE_BUILD=1 +inherit cmake-utils versionator + +MY_PN="ITVal" +MY_PV="$(get_version_component_range 3)" +MY_PV="${MY_PV/p/}" +MY_P="${MY_PN}-${MY_PV}" + +DESCRIPTION="Iptables policy testing and validation tool" +HOMEPAGE="http://itval.sourceforge.net" +SRC_URI="https://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" + +RDEPEND="dev-libs/fddl" +DEPEND=" + sys-devel/flex + sys-devel/bison + ${RDEPEND} +" + +S=${WORKDIR}/${MY_P} + +DOCS=( AUTHORS ChangeLog README RELEASE ) + +src_install() { + default + doman man/ITVal.n +} diff --git a/net-firewall/itval/metadata.xml b/net-firewall/itval/metadata.xml new file mode 100644 index 000000000000..162f7b1d9361 --- /dev/null +++ b/net-firewall/itval/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">itval</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/lutelwall/Manifest b/net-firewall/lutelwall/Manifest new file mode 100644 index 000000000000..1b6a5af16ce4 --- /dev/null +++ b/net-firewall/lutelwall/Manifest @@ -0,0 +1,6 @@ +AUX lutelwall 354 SHA256 d47332b38da25e66abec501c8e4c4db3c9368f8d0b932d3747140aa8609ee932 SHA512 43b9c9ba93d65767bfc1d6a36ee4acb98a3d671784d021a0cf501390b79d9d38c0913b63c693098941868fc65c17a1625f087e679a0fcbb9a3adf5f6009be4e1 WHIRLPOOL 1594eff24c514705fa47dd4843a14e5460f513b28a5b77c714f8ef60757a2cef5772ff71dd0965c97c27f5fa0878fd9be29a3a085b58b9cad291ef8b6b0187f9 +DIST lutelwall-0.99.tar.gz 29209 SHA256 92ab7ab320cbefd694cd5ba3799e6143244402eac65ffcd4b52528bc31d1a1f8 SHA512 8812048c9e4ec3beff2214ed3ceb2d980d769ada686a934af22baec76a3670e51ddb171097adbfb78c63ce9bc25554b1da93ec8c86f59457277fd4651cf1068c WHIRLPOOL 842979556cecab887f9f050d5d92e0539c608023a694608d82e77a7d338ca6a6d8fc842dee49aa2def49dfeebc82faf23b12108e0363ec881395ced8279bdb76 +EBUILD lutelwall-0.99.ebuild 674 SHA256 acc9738f379d87d8203b2795bd4e784158e0106a076fcefe1beab8c0d5a44a57 SHA512 2df911e9bd0bca04b6d0ea6dac3834b70fd556e41c2f25286f601bee2eb3408de700110710ba1e12e3b53001cdab381b3c3955e47abd59fc61e938c8030ff936 WHIRLPOOL 4b5fa375eb53af61780c34d51aa693fe8e703c66252469580357516bba243263452421028401c6296df6393ee839757debdfa43da513bd9072b33c5b22bbfdf6 +MISC ChangeLog 2579 SHA256 9440b124ced474d7a6af35c7d792be89ecb84db701c1b7620e10f11ab015b14b SHA512 2f1d90cf31e9e938ee13cbd8d19921aef285e62e6abffde8febf51e4c16ae296496b2ea62aef35a1f9538357a6ed6de59c2522c62ba81b4446427cbda2f8b35b WHIRLPOOL 8f88efd4ffb10355153b8e4edded40b9eff0977409f0cac2f5f67971266180af166f64f99cd8377aa2b5b7f2b7d194417dbfb7e9d6ab1e4556d59e41874e82b9 +MISC ChangeLog-2015 2623 SHA256 2d992d61f6b01de0cccfd302bd55f5adb4f6abb1fe5ba4d1f949dadf5472ea15 SHA512 3736f59a7d1353b51c88a4332a97cce60c67a75497f9a308b04780bcf2970e92408c490e057d40adf3dfc79c000f94516b85ea7703e425779276a592c13d83d2 WHIRLPOOL 8c11412efc8a339c978ee665f9867a7a26e08e2d7ccb936b9ff5238a7dde22ce7223877bf20ef834cff74eff94a42829d036b490e2d98cdfb7670116aa08dbfe +MISC metadata.xml 948 SHA256 02350889fceb7f9f3df508af31f99f8f26d2b42531f75b005c35ba83b921734f SHA512 353b8d5c30ddb2ef9c03a85fb548b7881d5b89f0e25ce730a8c12d77105b67f8e20bd071e34ec16fa5585d7c3a052b85cf1a9fc877784e9e6c6ec83514619f35 WHIRLPOOL 273b874b3f4bd9a3fc31bb27682e4e2fecb6c48d54c4e883fe905da10be7db3141911e5cccc30bfcfb51a4f2296af948efd52fa29fe469810e89b88acfe6ceaa diff --git a/net-firewall/lutelwall/files/lutelwall b/net-firewall/lutelwall/files/lutelwall new file mode 100644 index 000000000000..e99b3923a975 --- /dev/null +++ b/net-firewall/lutelwall/files/lutelwall @@ -0,0 +1,25 @@ +#!/sbin/openrc-run +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later + +depend() { + need net + use logger +} + +start() { + ebegin "Starting LutelWall" + /usr/sbin/lutelwall start + eend $? +} + +stop() { + ebegin "Stopping LutelWall" + /usr/sbin/lutelwall stop + eend $? +} + +restart() { + stop + start +} diff --git a/net-firewall/lutelwall/lutelwall-0.99.ebuild b/net-firewall/lutelwall/lutelwall-0.99.ebuild new file mode 100644 index 000000000000..05eb0624495b --- /dev/null +++ b/net-firewall/lutelwall/lutelwall-0.99.ebuild @@ -0,0 +1,32 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +DESCRIPTION="IPTables firewall setup script" +LICENSE="GPL-2" +HOMEPAGE="http://www.lutel.pl/lutelwall/" +SRC_URI="http://www.lutel.pl/wp-content/uploads/${PV}/${P}.tar.gz" +SLOT="0" +KEYWORDS="alpha ~amd64 ~ppc ~sparc x86" + +RDEPEND=" + >=net-firewall/iptables-1.2.6 + >=sys-apps/gawk-3.1 + sys-apps/iproute2 +" + +src_install() { + insinto /etc + doins lutelwall.conf + + dosbin lutelwall + doinitd "${FILESDIR}"/lutelwall + + dodoc FEATURES ChangeLog +} + +pkg_postinst() { + elog "Basic configuration file is /etc/lutelwall.conf" + elog "Adjust it to your needs before using" +} diff --git a/net-firewall/lutelwall/metadata.xml b/net-firewall/lutelwall/metadata.xml new file mode 100644 index 000000000000..6f69603521f1 --- /dev/null +++ b/net-firewall/lutelwall/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>tomek@lutel.pl</email> + <name>Tomek Lutelmowski</name> + <description>LuteWall developer, third party maintainer</description> +</maintainer> +<maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> +</maintainer> +<maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> +</maintainer> +<longdescription> +LutelWall is high-level firewall configuration tool. It uses human-readable and easy +to understand configuration to set up Netfilter in most secure way. Its flexibility +allows firewall admins build from very simple, single-homed firewalls, to most complex +ones - with multiple subnets, DMZ's and traffic redirections. +</longdescription> +</pkgmetadata> diff --git a/net-firewall/metadata.xml b/net-firewall/metadata.xml new file mode 100644 index 000000000000..7ba30053341a --- /dev/null +++ b/net-firewall/metadata.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<catmetadata> + <longdescription lang="en"> + The net-firewall category contains network firewall software. + </longdescription> + <longdescription lang="de"> + Die Kategorie net-firewall enthült Firewall-Software. + </longdescription> + <longdescription lang="es"> + La categoría net-firewall contiene programas relacionados con + cortafuegos de redes. + </longdescription> + <longdescription lang="ja"> + net-firewall カテゴリーにはネットワーク・ファイアウォールの + ソフトウェアが含まれています。 + </longdescription> + <longdescription lang="nl"> + De net-firewall categorie bevat firewall-software. + </longdescription> + <longdescription lang="vi"> + Nhóm net-firewall chứa các phần mềm firewall. + </longdescription> + <longdescription lang="it"> + La categoria net-firewall contiene software per firewall. + </longdescription> + <longdescription lang="pt"> + A categoria net-firewall contém programas de firewall para + redes. + </longdescription> + <longdescription lang="pl"> + Kategoria net-firewall zawiera ściany ogniowe (firewalle). + </longdescription> +</catmetadata> + diff --git a/net-firewall/nfacct/Manifest b/net-firewall/nfacct/Manifest new file mode 100644 index 000000000000..5bf71a4fbf1d --- /dev/null +++ b/net-firewall/nfacct/Manifest @@ -0,0 +1,7 @@ +DIST nfacct-1.0.1.tar.bz2 257013 SHA256 81ef261616f313372a957431d17c5a0334984f06ceea190cf390479bf043e7c4 SHA512 4d428f51ce3b12382974de3cb7d502f6a18d9c0fd4446071fc2b5e932c44e4b33072202f8b9bd4bdf892a08a64533776bb8e9a0a7c4acc876cfec154f76227a1 WHIRLPOOL ab3983015154109389c831cf4ac8e6d4afb299b3f2d0d9e76ae6e23e716f0fcb00f3317dd0754f144a6650f5c42029d132c875aa7d90687e5f2ac8ca24c476aa +DIST nfacct-1.0.2.tar.bz2 265449 SHA256 ecff2218754be318bce3c3a5d1775bab93bf4168b2c4aac465785de5655fbd69 SHA512 2d7a76a51ffb10601e67ceda2ce055e63a8da802a682aab3c96cfa38e1d9d0d7ae7fa204d17d555303216e2ceeb0965d6b25387634725cf35e0a7109d84b47b3 WHIRLPOOL 7ecc6a446b5a8cd920d7f29347cac340a7af2262fd52af8174d360df7eceadd424c157ad45e6008f2fa4c83d099eb198c733c472603de3ee27cc5d710e1d3300 +EBUILD nfacct-1.0.1.ebuild 537 SHA256 d421ab178c586c55424b62c29c5c65d725a457622a3dfbbaf2d52cf9f7a00e26 SHA512 0cf95c17506d5d8362ea879cf668773a93f48486fc72fdd02fe805b1b51449ebf24fc51b1226cadaef97723ba982f64d9a39554f96ceb665068ac1861b75bd8d WHIRLPOOL e02763cfad148a3d815c669374e2ceb7ccb62f0ad60fe3807c2f0342b6cfd63a0850dd8df2f48807b429b295d4ffec8be805fb9fe35cca7faf4d6d95f0f3e9a8 +EBUILD nfacct-1.0.2.ebuild 520 SHA256 d5e1d5425d2015e2df0941a9a0b8560371ab244ff4c995f500c9c8a0e22bb68e SHA512 dc77221c25764c913908b3b7693d1b74a075627c2c43ddbd900198c2db99e0579782534444f86a91709e5b6393d0ab0425373e66ad310fb9177afb7c3ebb3f27 WHIRLPOOL 2368fa267a2648d19c447eae054dc95024a1982399c78f6a6e51bed4b25f7d86316a886b3dccfb31dcb14b1ddd473f55dd136eea6fde6be1856af6ec2d562dd3 +MISC ChangeLog 2878 SHA256 242721f18b7862d2f6f8117835389005607113a84f333894c512d2347bb0e941 SHA512 ebc50f1386242f2178d70abaa86cb76272ba9c83a3ada32008f3308bc3cf15d6e690e11b6d88104f313fa0868d1c071091be5d0487c29bf8e71720c9d817d3a6 WHIRLPOOL e93fc6470c715e35206c5b50abd633db5ff8cb9c34bf7634c990bc0f3086930a91a4c25163bafe0017f3e0afb5f3ec7d05e51eaeda47054b5ec8e73d8f00f8fe +MISC ChangeLog-2015 1242 SHA256 c473adb0143526f48bd13c64f052a0e6f41f1b87320aa606e91479a3710a86d5 SHA512 24c61b9590516f04f39768ccd6684a23fecf712e0f154b64735237598fd16aa365aee92ccdd049dc5f6a021ff6fd6279f8e7baa2bdef71cc50abf2d9724ba951 WHIRLPOOL 17efae2e33cfce9b5d2ecd2af97042dcb2dc185ee87f73ed7fdb37fb115b622ced606d07a16629ace65f283d7a088a635afafb38ede0d3278c5a418c30cadbd6 +MISC metadata.xml 280 SHA256 b04c5b9d91f6c4d6e36583488fd032751034d1e035085609c9bdf7677cf1e83f SHA512 8b56802e5524808b11ab857779ce04fb2d07cae87376f67490178601a9aecf7ad9f95743709b46048a425598d4cf8dcf01ef78cc97009d78e26a7728453150ef WHIRLPOOL 6f3756b9ac748acccb6ac5a4de133cf93988e8c904f606376fecbb6a21ce038e86437fecca43b2521538da2570d33ff1a6a1e0cab290a3d71a9b4f2734f16328 diff --git a/net-firewall/nfacct/metadata.xml b/net-firewall/nfacct/metadata.xml new file mode 100644 index 000000000000..2c2a7923cfc8 --- /dev/null +++ b/net-firewall/nfacct/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/nfacct/nfacct-1.0.1.ebuild b/net-firewall/nfacct/nfacct-1.0.1.ebuild new file mode 100644 index 000000000000..32b690bfce00 --- /dev/null +++ b/net-firewall/nfacct/nfacct-1.0.1.ebuild @@ -0,0 +1,21 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit linux-info + +DESCRIPTION="Command line tool to create/retrieve/delete accounting objects in NetFilter" +HOMEPAGE="http://netfilter.org/projects/nfacct" +SRC_URI="http://www.netfilter.org/projects/${PN}/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~arm x86" + +RDEPEND="net-libs/libmnl + >=net-libs/libnetfilter_acct-1.0.2" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +CONFIG_CHECK="~NETFILTER_NETLINK_ACCT" diff --git a/net-firewall/nfacct/nfacct-1.0.2.ebuild b/net-firewall/nfacct/nfacct-1.0.2.ebuild new file mode 100644 index 000000000000..3aeca55ee035 --- /dev/null +++ b/net-firewall/nfacct/nfacct-1.0.2.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit linux-info + +DESCRIPTION="Command line tool to create/retrieve/delete accounting objects in NetFilter" +HOMEPAGE="http://www.netfilter.org/projects/nfacct" +SRC_URI="${HOMEPAGE}/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" + +RDEPEND=" + net-libs/libmnl + >=net-libs/libnetfilter_acct-1.0.3 +" +DEPEND=" + ${RDEPEND} + virtual/pkgconfig +" + +CONFIG_CHECK="~NETFILTER_NETLINK_ACCT" diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest new file mode 100644 index 000000000000..f24534c17483 --- /dev/null +++ b/net-firewall/nftables/Manifest @@ -0,0 +1,13 @@ +AUX libexec/nftables.sh 3643 SHA256 8f8ca76bc1f77d09b1198e144479cd8cf7f50cf787317522ac6c1978ca9b7e6b SHA512 efc9b4f9520c78b6248f16bd5708669872e8abf949f6f4b81182f331f8532dfeaae2df648e8878e9b5cbd66c0259daab71035ea922754807654b2b3bc86b4352 WHIRLPOOL d3ea74671d3686af9e70a22bf727b9f64ab735cd63270ca283013fc1ba0cad6750ca82127e968f028b65dfe905aeb6275b4e9c295a43f5c8dfe2a7b815a66c44 +AUX nftables-0.5-pdf-doc.patch 1663 SHA256 c55698efb6f40085f1037b12706ca5ab8ba551b8af3902b16ac2cbfc922607c2 SHA512 1925ba300068155ec38ed0631eea0bab1e17ac0b4b454b6f5bf6548961b0264dfd9c9be27e697b8fd7db1827cc670a132c3a716d0874535e29ddb696d1a3eedc WHIRLPOOL c8ea06f6dbbc8c2e4acfaf9ec082647b1ae4288c818d48b47e0b2f5c0cbc7bc6b924b93981b1dd6991923375ffa66a1733988a66ec001d87114962824ee4907f +AUX nftables-0.6-null-payload-desc-fix.patch 411 SHA256 28bcb66a4d46cb1cb20376f38efb2d95d92983a1417cb500a4351870524c3bfe SHA512 034bfa338ef52b722df8441ab981f45c4eeb88c0d65aa4fcdbee1d17df93c7c3239786351632ccadada08ecae796d366b994bd3c20f576a853885517d4de6116 WHIRLPOOL d0b0ab1051bcdbc734f44fa361781babebfb052daf783bb0e0268d2c3d25f962d4e6f13bf141fcfe46701127c46f104b1740fc48e84266326e9a20553945bcc8 +AUX nftables.confd 655 SHA256 d5e3077345dfea02849a70aea220396322a10c3808f0303b988119adbc56fdbd SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144 WHIRLPOOL e39d13f996e620aa82714cb18e4f57624faa302f2259a44cc065804edf95fe07a314f744d17a76be6941c3771da6b233a19ae5b6b2f63783847121c63339197f +AUX nftables.init 3069 SHA256 be1f1628305b5989ef9de2b95aa4e6201f067eb1f32cd92bba6db6f27f4f325f SHA512 ca761be0440945b21d5b002468baffb3299d0a3ac244aa895734dfdfaf442e7a73b757bcda99d958582064411d1b80b2cbcb4eb532bb219b4df407c9ed892661 WHIRLPOOL 95aebd414c91f3a1e31e241c3d5b83bc998ff5e516c3b6d14b45c0e8bbbb39aba8435f602bc21f7591ef0f6aa71fd01ceb7f08cdab731723478b2a9fb7640c2a +AUX systemd/nftables-restore.service 394 SHA256 ec9ca69ca916e0739de2eb229c8fee2a65a551a97886c4c0a69c35776f3f1c95 SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0 WHIRLPOOL 67eb5b72e81ca66ba079ffd3b574fd21d3ac3cb9fc3d4a3986b1b5543e4059adbdb633b432fa1bb71208a48b4e2eda425d1a09e4b853b7c555d48e8da2b92ded +DIST nftables-0.6.tar.gz 252523 SHA256 85dd7fa4e741c0be02efddbc57b5d300e1147f09ec6f81d0399110f96dc958f0 SHA512 17f3b94687865e077dc082cf61b29ab2854fd1ffe18212a8d424f2876aef8db9780dd4d06dca8e6d093498151d47bab73e40e1f54062a83a23a3cbe75f27e921 WHIRLPOOL d15eaf81426d73bea28752f96727d291120120fb2aaa994d421d900974eb45062957435e077664fb916780f636ed9b61889dbec8b627d5d309512bae96f02874 +DIST nftables-0.7.tar.gz 292652 SHA256 192c9d92ee0c56eded599d1c54b0d68f4d9b0286f3d908579f0b9271aeba432f SHA512 6032720abf3af8a6dc0b4f507c6ae970447f504d59db4a34b2e0eea3c59962bc69d9ebfaa4e26a117747eb9d0224716a9709b96551b5479d914d7498f26ed43a WHIRLPOOL a999e85370bd9241daf015849ecdf5955f87a2d65f5525a6e75e9eda1bb87e1a84123c42e95f16c4469873a682409fea2ccc65a3af84a107b62d8c2a5727343d +EBUILD nftables-0.6-r4.ebuild 2116 SHA256 81001d2c20ee1ca27bf40f397be44d2e830d9fdd48d4ea4b6aa7495d45b8db7b SHA512 4c1a3420d9d228ff1925d91ee0bdd285995b7d06b59453863e5b5fef12813c6f58d8487a10c880c313a328be79e69b49147f0a5c73e07554d665ff24ffe1f265 WHIRLPOOL 3486ed76af507f4a49e8a203d7bf4544b244319c803e272db2b59fb6d7aa53900f8b9e8146de99b2dce41372cf9cd6d03075fbd4577c5b38ba642a2f628c18c8 +EBUILD nftables-0.7.ebuild 2002 SHA256 c909b988d5ddde8cf9365667b8bd5d27314be4bb9a972ce651bc416d6739c33f SHA512 0b6efeee42b09b861a27fb11cf02b2096f5e66f8e80f92d8ed97bfeeabb8fe532b068761ffbadf7603cc6095ddd81abe313dd6f581b0719239411f740a0131bf WHIRLPOOL 2bee002b52161664bdd17ae47558b8a723ec603ab0c3c19454685a2511cd9e62d543db7007c0f64eeb35fef20a5b7edf119e8dfb8be852c2368861a95920ee29 +MISC ChangeLog 9200 SHA256 2dab66ea101a22a52b3f2cee4afbfa6dbb2545da809a22cbb10ef9341e08f25e SHA512 cf2cf5c185447f5adaf7f1c7be119f1d13e009f450e2e632234b23b132fb478defda597f09ce492aa7f1c846d2c34f2cf7e6f87b450e7713a843e21a09480e79 WHIRLPOOL 25f4c0eb5d2b5d4492636b6c4c5892e68ed6be83b8d8606785c2c583c91d9429dca75014c196d3f991e78b8e97968b526c83d0bc9277b3ab8c8fd919f1592bf3 +MISC ChangeLog-2015 1919 SHA256 36e610e38e898312082803dcc832cf1b808ff8f450e89f73610c8517cea6e045 SHA512 bb7cff250e90ba78e9e47692ddf126056d5d2b50cce7c3442de3b129ff00272e8b0ae2181f4898f424aac506783e4f978a5f2f1228827d3583402396a518e03b WHIRLPOOL b045fb1f27d640ad01b2fa3b28ba12df8d540b6b86657205d3a3bae303da17ccc5f09f441405579f662360200d98e45724b8f3cd579d55d21d82734545f9d98d +MISC metadata.xml 372 SHA256 e9f3e17475668a443f853ade5d6032a2e6f44726dcc5175c2500a29e21d61910 SHA512 13f7b219a6a043a047b4be99f69cadf76b2a0c20800c1622f08dc9626ebc1115db79a3866fb19c1c00a98b66a692b42d42c2c3e66da654ff83e44d193da8a511 WHIRLPOOL b5a3ea672559d759343b4fb7e501871a485a68f66fbc9e1d7cb94bb11e5c236f253677e75c566a8d6282a87ce87a1109a38f5857b9cf2ffa0832e8dd52af0251 diff --git a/net-firewall/nftables/files/libexec/nftables.sh b/net-firewall/nftables/files/libexec/nftables.sh new file mode 100755 index 000000000000..cc55f8566000 --- /dev/null +++ b/net-firewall/nftables/files/libexec/nftables.sh @@ -0,0 +1,149 @@ +#! /bin/sh + +main() { + local NFTABLES_SAVE=${2:-'/var/lib/nftables/rules-save'} + local retval + case "$1" in + "clear") + if ! use_legacy; then + nft flush ruleset + else + clear_legacy + fi + retval=$? + ;; + "list") + if ! use_legacy; then + nft list ruleset + else + list_legacy + fi + retval=$? + ;; + "load") + nft -f ${NFTABLES_SAVE} + retval=$? + ;; + "store") + local tmp_save="${NFTABLES_SAVE}.tmp" + if ! use_legacy; then + nft ${SAVE_OPTIONS} list ruleset > ${tmp_save} + else + save_legacy ${tmp_save} + fi + retval=$? + if [ ${retval} ]; then + mv ${tmp_save} ${NFTABLES_SAVE} + fi + ;; + esac + return ${retval} +} + +clear_legacy() { + local l3f line table chain first_line + + first_line=1 + if manualwalk; then + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + table=$(echo ${line} | sed "s/table[ \t]*//") + deletetable ${l3f} ${table} + done + done + else + nft list tables | while read line; do + l3f=$(echo ${line} | cut -d ' ' -f2) + table=$(echo ${line} | cut -d ' ' -f3) + deletetable ${l3f} ${table} + done + fi +} + +list_legacy() { + local l3f + + if manualwalk; then + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + line=$(echo ${line} | sed "s/table/table ${l3f}/") + echo "$(nft list ${line})" + done + done + else + nft list tables | while read line; do + echo "$(nft list ${line})" + done + fi +} + +save_legacy() { + tmp_save=$1 + touch "${tmp_save}" + if manualwalk; then + for l3f in $(getfamilies); do + nft list tables ${l3f} | while read line; do + line=$(echo ${line} | sed "s/table/table ${l3f}/") + nft ${SAVE_OPTIONS} list ${line} >> ${tmp_save} + done + done + else + nft list tables | while read line; do + nft ${SAVE_OPTIONS} list ${line} >> "${tmp_save}" + done + fi +} + +use_legacy() { + local major_ver minor_ver + + major_ver=$(uname -r | cut -d '.' -f1) + minor_ver=$(uname -r | cut -d '.' -f2) + + [ $major_ver -ge 4 -o $major_ver -eq 3 -a $minor_ver -ge 18 ] && return 1 + return 0 +} + +CHECK_TABLE_NAME="GENTOO_CHECK_TABLE" + +getfamilies() { + local l3f families + + for l3f in ip arp ip6 bridge inet; do + if nft create table ${l3f} ${CHECK_TABLE_NAME} > /dev/null 2>&1; then + families="${families}${l3f} " + nft delete table ${l3f} ${CHECK_TABLE_NAME} + fi + done + echo ${families} +} + +manualwalk() { + local result l3f=`getfamilies | cut -d ' ' -f1` + + nft create table ${l3f} ${CHECK_TABLE_NAME} + nft list tables | read line + if [ $(echo $line | wc -w) -lt 3 ]; then + result=0 + fi + result=1 + nft delete table ${l3f} ${CHECK_TABLE_NAME} + + return $result +} + +deletetable() { + # family is $1 + # table name is $2 + nft flush table $1 $2 + nft list table $1 $2 | while read l; do + chain=$(echo $l | grep -o 'chain [^[:space:]]\+' | cut -d ' ' -f2) + if [ -n "${chain}" ]; then + nft flush chain $1 $2 ${chain} + nft delete chain $1 $2 ${chain} + fi + done + nft delete table $1 $2 +} + +main "$@" diff --git a/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch b/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch new file mode 100644 index 000000000000..d09faa3ddd9f --- /dev/null +++ b/net-firewall/nftables/files/nftables-0.5-pdf-doc.patch @@ -0,0 +1,52 @@ +Update configure script to include option to enable and disable PDF man page +generation. + +--- a/configure.ac ++++ b/configure.ac +@@ -27,10 +27,16 @@ + AC_CONFIG_HEADER([config.h]) + + AC_DEFINE([_GNU_SOURCE], [], [Enable various GNU extensions]) + AC_DEFINE([_STDC_FORMAT_MACROS], [], [printf-style format macros]) + ++AC_ARG_ENABLE([pdf-doc], ++ AS_HELP_STRING([--disable-pdf-doc], [Disable PDF documentation]), ++ AS_IF([test "x$enable_pdf_doc" = "xno"], [enable_pdf_doc=no], ++ [enable_pdf_doc=yes]), [enable_pdf_doc=yes]) ++AM_CONDITIONAL([BUILD_PDF], [test "x$enable_pdf_doc" == "xyes" ]) ++ + AC_ARG_ENABLE([debug], + AS_HELP_STRING([--enable-debug], [Disable debugging]), + AS_IF([test "x$enable_debug" = "xno"], [with_debug=no], [with_debug=yes]), + [with_debug=yes]) + AC_SUBST(with_debug) +@@ -61,15 +67,15 @@ + )] + ) + AC_SUBST(DB2MAN) + AM_CONDITIONAL([BUILD_MAN], [test -n "$DB2MAN"]) + +-AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no]) +-AS_IF([test "$DBLATEX" == "no"], +- [AC_MSG_WARN([dblatex not found, no PDF manpages will be built])] +-) +-AM_CONDITIONAL([BUILD_PDF], [test "$DBLATEX" == "found"]) ++AM_COND_IF([BUILD_PDF], [ ++ AC_CHECK_PROG(DBLATEX, [dblatex], [found], [no]) ++ AS_IF([test "$DBLATEX" == "no"], ++ [AC_MSG_ERROR([dblatex not found])]) ++]) + + # Checks for libraries. + PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3]) + PKG_CHECK_MODULES([LIBNFTNL], [libnftnl >= 1.0.5]) + +@@ -134,6 +140,7 @@ + + echo " + nft configuration: + cli support: ${with_cli} + enable debugging: ${with_debug} +- use mini-gmp: ${with_mini_gmp}" ++ use mini-gmp: ${with_mini_gmp} ++ enable pdf documentation: ${enable_pdf_doc}" diff --git a/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch new file mode 100644 index 000000000000..3ea59e7aa490 --- /dev/null +++ b/net-firewall/nftables/files/nftables-0.6-null-payload-desc-fix.patch @@ -0,0 +1,14 @@ +diff --git a/src/payload.c b/src/payload.c +index ac0e917..9ba980a 100644 +--- a/src/payload.c ++++ b/src/payload.c +@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx, + base = ctx->protocol[left->payload.base].desc; + desc = proto_find_upper(base, proto); + ++ if (!desc) ++ return; ++ + assert(desc->base <= PROTO_BASE_MAX); + if (desc->base == base->base) { + assert(base->length > 0); diff --git a/net-firewall/nftables/files/nftables.confd b/net-firewall/nftables/files/nftables.confd new file mode 100644 index 000000000000..e83a4b962061 --- /dev/null +++ b/net-firewall/nftables/files/nftables.confd @@ -0,0 +1,19 @@ +# /etc/conf.d/nftables + +# Location in which nftables initscript will save set rules on +# service shutdown +NFTABLES_SAVE="/var/lib/nftables/rules-save" + +# Options to pass to nft on save +SAVE_OPTIONS="-n" + +# Save state on stopping nftables +SAVE_ON_STOP="yes" + +# If you need to log nftables messages as soon as nftables starts, +# AND your logger does NOT depend on the network, then you may wish +# to uncomment the next line. +# If your logger depends on the network, and you uncomment this line +# you will create an unresolvable circular dependency during startup. +# After commenting or uncommenting this line, you must run 'rc-update -u'. +#rc_use="logger" diff --git a/net-firewall/nftables/files/nftables.init b/net-firewall/nftables/files/nftables.init new file mode 100644 index 000000000000..cf4ab8b5f44b --- /dev/null +++ b/net-firewall/nftables/files/nftables.init @@ -0,0 +1,124 @@ +#!/sbin/openrc-run +# Copyright 2014-2017 Nicholas Vinson +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="clear list panic save" +extra_started_commands="reload" +depend() { + need localmount #434774 + before net +} + +start_pre() { + checkkernel || return 1 + checkconfig || return 1 + return 0 +} + +clear() { + /usr/libexec/nftables/nftables.sh clear || return 1 + return 0 +} + +list() { + /usr/libexec/nftables/nftables.sh list || return 1 + return 0 +} + +panic() { + checkkernel || return 1 + if service_started ${RC_SVCNAME}; then + rc-service ${RC_SVCNAME} stop + fi + + ebegin "Dropping all packets" + clear + if nft create table ip filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi + if nft create table ip6 filter >/dev/null 2>&1; then + nft -f /dev/stdin <<-EOF + table ip6 filter { + chain input { + type filter hook input priority 0; + drop + } + chain forward { + type filter hook forward priority 0; + drop + } + chain output { + type filter hook output priority 0; + drop + } + } + EOF + fi +} + +reload() { + checkkernel || return 1 + ebegin "Flushing firewall" + clear + start +} + +save() { + ebegin "Saving nftables state" + checkpath -q -d "$(dirname "${NFTABLES_SAVE}")" + checkpath -q -m 0600 -f "${NFTABLES_SAVE}" + export SAVE_OPTIONS + /usr/libexec/nftables/nftables.sh store ${NFTABLES_SAVE} + return $? +} + +start() { + ebegin "Loading nftables state and starting firewall" + clear + /usr/libexec/nftables/nftables.sh load ${NFTABLES_SAVE} + eend $? +} + +stop() { + if yesno ${SAVE_ON_STOP:-yes}; then + save || return 1 + fi + + ebegin "Stopping firewall" + clear + eend $? +} + +checkconfig() { + if [ ! -f ${NFTABLES_SAVE} ]; then + eerror "Not starting nftables. First create some rules then run:" + eerror "rc-service nftables save" + return 1 + fi + return 0 +} + +checkkernel() { + if ! nft list tables >/dev/null 2>&1; then + eerror "Your kernel lacks nftables support, please load" + eerror "appropriate modules and try again." + return 1 + fi + return 0 +} diff --git a/net-firewall/nftables/files/systemd/nftables-restore.service b/net-firewall/nftables/files/systemd/nftables-restore.service new file mode 100644 index 000000000000..4b68b0a5b09e --- /dev/null +++ b/net-firewall/nftables/files/systemd/nftables-restore.service @@ -0,0 +1,14 @@ +[Unit] +Description=Store and restore nftables firewall rules +ConditionPathExists=/var/lib/nftables/rules-save +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/nftables/nftables.sh load /var/lib/nftables/rules-save +ExecStop=/usr/libexec/nftables/nftables.sh store /var/lib/nftables/rules-save + +[Install] +WantedBy=basic.target diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml new file mode 100644 index 000000000000..c3018163bf38 --- /dev/null +++ b/net-firewall/nftables/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> + </maintainer> + <maintainer type="person"> + <email>prometheanfire@gentoo.org</email> + <name>Matthew Thode</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/nftables/nftables-0.6-r4.ebuild b/net-firewall/nftables/nftables-0.6-r4.ebuild new file mode 100644 index 000000000000..be9f30bcfbe3 --- /dev/null +++ b/net-firewall/nftables/nftables-0.6-r4.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools linux-info systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://netfilter.org/projects/nftables/" +SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="debug doc gmp +readline xml" + +RDEPEND=">=net-libs/libmnl-1.0.3 + gmp? ( dev-libs/gmp:0= ) + readline? ( sys-libs/readline:0= ) + >=net-libs/libnftnl-1.0.6[xml(-)?] + " +DEPEND="${RDEPEND} + >=app-text/docbook2X-0.8.8-r4 + doc? ( >=app-text/dblatex-0.3.7 ) + sys-devel/bison + sys-devel/flex + virtual/pkgconfig" + +S="${WORKDIR}/v${PV}" + +PATCHES=( + "${FILESDIR}/${PN}-0.5-pdf-doc.patch" + "${FILESDIR}/${P}-null-payload-desc-fix.patch" +) + +pkg_setup() { + if kernel_is ge 3 13; then + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf \ + --sbindir="${EPREFIX}"/sbin \ + $(use_enable doc pdf-doc) \ + $(use_enable debug) \ + $(use_with readline cli) \ + $(use_with !gmp mini_gmp) +} + +src_install() { + default + + dodir /usr/libexec/${PN} + exeinto /usr/libexec/${PN} + doexe "${FILESDIR}"/libexec/${PN}.sh + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.init ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + systemd_enable_service basic.target ${PN}-restore.service +} + +pkg_postinst() { + local save_file + save_file="${EROOT%/}/var/lib/nftables/rules-save" + + elog "In order for the nftables-restore systemd service to start, " + elog "the file, ${save_file}, must exist. To create this " + elog "file run the following command: " + elog "" + elog " touch '${save_file}'" + elog "" + elog "Afterwards, the nftables-restore service should be manually started " + elog "to ensure firewall changes are stored on system shutdown. The " + elog "systemd service will function normally thereafter." +} diff --git a/net-firewall/nftables/nftables-0.7.ebuild b/net-firewall/nftables/nftables-0.7.ebuild new file mode 100644 index 000000000000..30376495f198 --- /dev/null +++ b/net-firewall/nftables/nftables-0.7.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools linux-info systemd + +DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools" +HOMEPAGE="http://netfilter.org/projects/nftables/" +SRC_URI="http://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="debug doc gmp +readline" + +RDEPEND=">=net-libs/libmnl-1.0.3 + gmp? ( dev-libs/gmp:0= ) + readline? ( sys-libs/readline:0= ) + >=net-libs/libnftnl-1.0.7" + +DEPEND="${RDEPEND} + >=app-text/docbook2X-0.8.8-r4 + doc? ( >=app-text/dblatex-0.3.7 ) + sys-devel/bison + sys-devel/flex + virtual/pkgconfig" + +S="${WORKDIR}/v${PV}" + +pkg_setup() { + if kernel_is ge 3 13; then + CONFIG_CHECK="~NF_TABLES" + linux-info_pkg_setup + else + eerror "This package requires kernel version 3.13 or newer to work properly." + fi +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf \ + --sbindir="${EPREFIX}"/sbin \ + $(use_enable doc pdf-doc) \ + $(use_enable debug) \ + $(use_with readline cli) \ + $(use_with !gmp mini_gmp) +} + +src_install() { + default + + dodir /usr/libexec/${PN} + exeinto /usr/libexec/${PN} + doexe "${FILESDIR}"/libexec/${PN}.sh + + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.init ${PN} + keepdir /var/lib/nftables + + systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service + systemd_enable_service basic.target ${PN}-restore.service +} + +pkg_postinst() { + local save_file + save_file="${EROOT%/}/var/lib/nftables/rules-save" + + elog "In order for the nftables-restore systemd service to start, " + elog "the file, ${save_file}, must exist. To create this " + elog "file run the following command: " + elog "" + elog " touch '${save_file}'" + elog "" + elog "Afterwards, the nftables-restore service should be manually started " + elog "to ensure firewall changes are stored on system shutdown. The " + elog "systemd service will function normally thereafter." +} diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest new file mode 100644 index 000000000000..58d6afec99c9 --- /dev/null +++ b/net-firewall/nufw/Manifest @@ -0,0 +1,12 @@ +AUX nuauth-conf.d 62 SHA256 0ab7686ef414e37fb1cae532134ffda6958f0a492fcdc4e28245f70b7366ec2c SHA512 2304d60917eab68c8268205d006dddbacfc68c876ee6a36d90f5f21eceb6f5ba6b9bc82a3173b55dde825df44dee766e300848936f0629e650730f16112f2558 WHIRLPOOL 6f43825a5dc5c6a6720b04f5cebc8aca11487a9f4bc4db05a37c78985731e1c67cf87f48448164c5a5bd330c8b6f39b781d61e6a84e15ba6369aea55e26eb6ef +AUX nuauth-init.d 545 SHA256 19e59c030ea314a46d3651622e08b2f23c24326990a5aeb90997df104827cc78 SHA512 f46646466cd33f09c27d4621d249b21b50362c802db059ffe57b80c4f97a3c50aa5d6a89fc2866caf57f2d9a4d4a6726ccf37be84185488f2e165aded29350a8 WHIRLPOOL 63fdd1c60277d5598797a3a533c347a6e53a4e777e3cda07531ace6d16dc43859aa1bf03ac7b22e1caab7a73d9af0c7e1e7a11242de53d1ccc21d1ab25fceb7c +AUX nufw-2.2.22-gnutls-3.4.patch 3240 SHA256 faa93c5058d8b34dac575e8f0cd6ebf37a5c3cda793cab6087df935f43356bb6 SHA512 b0d426c2e42f49565c5520c63ea5501103ca131d339a356f0dee3eac065bd069b6e5366dee617f26e5d88ed38d60e91bdcb661da080ba5a70b5a4e8aadfe402b WHIRLPOOL 26d15f70cec65cb04edb6e8ecd1846017dee52a9ab6b20218c09c0a2b77a98722b5dd3a8eb51c4d1e41eafdc524c281b70dbb7d5946d3aac76ea247f8c1ee73c +AUX nufw-2.2.22-var-run.patch 1438 SHA256 e68591a7b780ff514d7f5a66c8ee12e299d58fd96777491488960d75d61cb5f1 SHA512 f299a373e67f910fd816037fb916d1c116a98b6a8d1487e0e9e4c35713839d7f6f7189b31390a9616bb0cf77bcc2abb9077d9dc60c8b83571aa07291981c3383 WHIRLPOOL 131550c94e02c2650e01fd9f89437c968b6cd9a67f2f1d1bc09ccf202f71942d8475043f49b286fddeb71e63ec453924bb0acf157cef83634d1ac7acb9aaea9b +AUX nufw-conf.d 122 SHA256 65df231f179c64d007efc1bb3dc09b6220af8c2793eb7fc11dc29e2631e687e8 SHA512 df48fc1843bf07e7ccfacd647caafc43752fdfa76da09a89d9ec0d76b79746c60c70f68c004c7e37899f195ae63adefc7d1c1b2c7b41da27911eb4cdc54212fb WHIRLPOOL a710ca94b0d942f8976b6a6fd5bf9fa971466581c439729357254b590dcd8b20dd4b62a5d59afacccf5e3fd4be9d044f34ff604e16998ef8cb32cdfd865e0bb9 +AUX nufw-init.d 273 SHA256 ce62222003235455cb9b4ba33d1fac953dd2a07eea5e78f382ea06bf4e03edcf SHA512 7f8b16532ae74b6aae8a9c7ef4a7509b66253f03a47c8ee521163a35db525e8c25b091289e10337307906a27e0aba558bd2a28dc0b91cbc09ce17ba78002d0e1 WHIRLPOOL 43549b3dbd47e61424bd4f4061963594d0c51e959d41b73b21d0a07bf9c69b21a77353fa0b896b7bae3d9b35fa9701fc451a06c3f89488276c7fb81e6f4617c3 +DIST nufw-2.2.22.tar.bz2 597491 SHA256 92603813b4138bfd52b5873c68d7c6e43f78885a414067e57bd2c1e8eba66b8c SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee WHIRLPOOL 5e493d2aa2c661dd9766670bb805f98849c82f1962d39ff3692481f7049740cc73455e6aa45b7ca20632b2e254be8bb953f9aebdeb7a46c525578fc7a9d007ba +EBUILD nufw-2.2.22-r1.ebuild 2631 SHA256 cb904b423f3067f05a23c70546e61d46625e925d481f9c733fc88b851fc390cd SHA512 45e1cbc6deb24861633753cc268090bb4e21f6cd85aed8f1abae2f6aec1d7523dd1ce92043d60cb4229894577b9f0d34fad4ecbf2b5e7dffd7461a3f0b700bb0 WHIRLPOOL 9d3c1a40984ea8c2c10ad4531136070f6aecd0eff675d8eddbbe62616996b6e2f9c7650682179a89d2637e33c6b5902698d393320b60d1ba177397ce4cec7645 +EBUILD nufw-2.2.22-r2.ebuild 2642 SHA256 a3313d764b08261ab253a5c58546f7840de6bbc889cdf62c80ac900a36bb810b SHA512 8afdeab8d1794994a3f398ea4a741369752c52346cd1693978fc48f98b3798b180bea2fa66a7f94614e23067171742e3a3f10e4cb4edef3fa742825b867560fd WHIRLPOOL 14baded768af8ee708c20e15e0cfe846cb17d7eb65572bf27015854a00ef938b69e04f5cc4be932531f3b9891880af36e0f25cbbbca3d8b41086775d590298c0 +MISC ChangeLog 3133 SHA256 8c3e7753db2103309a989787111a8910d212c223c74aead0bb20957c0a1ddf71 SHA512 7fbb5a01a741fa8acdecf3adfb80f7981bd60dbf3068c47a7bdae04479526d7120916e77bdfeaffa6357a0e8016ab4f6dd846febb715370f461d342ec5f8151a WHIRLPOOL ce1f2919df66d4a757dd51cffe7a7297c2dd61730f7911fec81f1dbe0edc8a7ee53b164c5c597b556d321445b5039bda99348a814a9597efc29c02117c44d058 +MISC ChangeLog-2015 6478 SHA256 f79a1f8ac82776b02cca81f1912425cacb20a80add32c2f9a26445d444127907 SHA512 d518079ed50b77206bb4edfd9b029393309bd1ec6d8960ea9314ffa2cbb26a788c5931bcbab1b5e9fd22f7faec27471eb3d77967f053f19d76d8489aefe63389 WHIRLPOOL eb11a571f01b1f20c1510f5fada9b6a889c17125b50036628c721ddf96208e516f6c9ab316c843e1bf83efe9abc67d00319b9a83a5b391f346309b334aa2be87 +MISC metadata.xml 547 SHA256 5fa6d204f97c6a78e4444a3ec9d7bf82b357700316d8d8cf0c7e1f2e19da44a6 SHA512 29dea30db4101530fc810fd162a93aa7f87898f57a955f528a9259918a4a9c1d16dc1b7a790817846482b410a11e98f32987d409165a322fdfc8352bfd5383d5 WHIRLPOOL b983b968463071c98e7b009af91cfd1badddc46d230c736407aacfc2e938c0ec90079d8e0854b4eaeb833b8a9cdd92eb16b848298f01233fa9115862daec01e0 diff --git a/net-firewall/nufw/files/nuauth-conf.d b/net-firewall/nufw/files/nuauth-conf.d new file mode 100644 index 000000000000..1ac750cf49fd --- /dev/null +++ b/net-firewall/nufw/files/nuauth-conf.d @@ -0,0 +1,2 @@ +# configuration file for /etc/init.d/nuauth +NUAUTH_OPTIONS="" diff --git a/net-firewall/nufw/files/nuauth-init.d b/net-firewall/nufw/files/nuauth-init.d new file mode 100644 index 000000000000..db9c10b8a0d5 --- /dev/null +++ b/net-firewall/nufw/files/nuauth-init.d @@ -0,0 +1,27 @@ +#!/sbin/openrc-run + +depend() { + before net +} + +checkconfig() { + if [ ! -e /etc/nufw/nuauth.conf ]; then + eerror "You need a /etc/nufw/nuauth.conf file to run nuauth" + eerror "There is sample file in /usr/share/doc/nufw-version/" + return 1 + fi +} + +start() { + checkpath -d /run/nuauth + checkconfig || return 1 + ebegin "Starting nuauth" + start-stop-daemon --start --quiet --exec /usr/sbin/nuauth -- -D ${NUAUTH_OPTIONS} + eend $? +} + +stop() { + ebegin "Stopping nuauth" + start-stop-daemon --stop --quiet --pidfile /run/nuauth/nuauth.pid + eend $? +} diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch new file mode 100644 index 000000000000..e75d2b3fd61d --- /dev/null +++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch @@ -0,0 +1,103 @@ +From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.barlev@gmail.com> +Date: Sat, 4 Mar 2017 01:00:40 +0200 +Subject: [PATCH] ssl: drop call of deprecated + gnutls_certificate_type_set_priority() + +CTYPE-X.509 is the default value. Closes: #624077 + +Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> +--- + src/clients/lib/libnuclient.c | 15 ++------------- + src/nufw/tls.c | 14 -------------- + 2 files changed, 2 insertions(+), 27 deletions(-) + +diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c +index 917e75a..6e78c96 100644 +--- a/src/clients/lib/libnuclient.c ++++ b/src/clients/lib/libnuclient.c +@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; + # define DH_BITS 1024 + #endif + +-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; +- +- + void nu_exit_clean(nuauth_session_t * session) + { + if (session->ct) { +@@ -270,7 +267,7 @@ int check_key_perms(const char* filename) + return 1; + } + +-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st) ++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st) + { + printf("TLS error: server requests certificate, none configured\n"); + return 0; +@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session, + SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR); + return 0; + } +- gnutls_certificate_client_set_retrieve_function(session->cred, ++ gnutls_certificate_set_retrieve_function(session->cred, + &_cb_request_cert); + } + +@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session) + return 0; + } + +- ret = +- gnutls_certificate_type_set_priority(session->tls, +- cert_type_priority); +- if (ret < 0) { +- return 0; +- } + return 1; + } + +@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session) + gnutls_deinit(session->tls); + gnutls_init(&session->tls, GNUTLS_CLIENT); + gnutls_set_default_priority(session->tls); +- gnutls_certificate_type_set_priority(session->tls, +- cert_type_priority); + session->need_set_cred = 1; + + /* close socket */ +diff --git a/src/nufw/tls.c b/src/nufw/tls.c +index e7223eb..2d46820 100644 +--- a/src/nufw/tls.c ++++ b/src/nufw/tls.c +@@ -506,8 +506,6 @@ void tls_connect() + gnutls_session *tls_session; + int tls_socket, ret; + #if USE_X509 +- const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; +- + tls.session = NULL; + + /* compute patch key_file */ +@@ -655,18 +653,6 @@ void tls_connect() + return; + } + #if USE_X509 +- ret = gnutls_certificate_type_set_priority(*(tls_session), +- cert_type_priority); +- if (ret < 0) { +- log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, +- "TLS: gnutls_certificate_type_set_priority() failed: %s", +- gnutls_strerror(ret)); +- gnutls_certificate_free_credentials(tls.xcred); +- gnutls_deinit(*tls_session); +- free(tls_session); +- return; +- } +- + /* put the x509 credentials to the current session */ + ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE, + tls.xcred); +-- +2.10.2 + diff --git a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch new file mode 100644 index 000000000000..f6bcc95e0006 --- /dev/null +++ b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch @@ -0,0 +1,45 @@ +--- a/src/nuauth/auth_srv.h ++++ b/src/nuauth/auth_srv.h +@@ -162,7 +162,7 @@ + #ifdef S_SPLINT_S + # define NUAUTH_PID_FILE "/usr/local/var/run/nuauth/nuauth.pid" + #else +-# define NUAUTH_PID_FILE LOCAL_STATE_DIR "/run/nuauth/nuauth.pid" ++# define NUAUTH_PID_FILE "/run/nuauth/nuauth.pid" + #endif + + /* define the number of threads that will do user check */ +--- a/src/nuauth/command.c ++++ b/src/nuauth/command.c +@@ -26,7 +26,7 @@ + #include <sys/un.h> /* unix socket */ + #include <sys/stat.h> /* fchmod() */ + +-#define SOCKET_FILENAME LOCAL_STATE_DIR "/run/nuauth/nuauth-command.socket" ++#define SOCKET_FILENAME "/run/nuauth/nuauth-command.socket" + + const char* COMMAND_HELP = + "version: display nuauth version\n" +--- a/src/nufw/main.c ++++ b/src/nufw/main.c +@@ -54,7 +54,7 @@ + + /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined + * during compilation/installation) */ +-#define NUFW_PID_FILE LOCAL_STATE_DIR "/run/nufw.pid" ++#define NUFW_PID_FILE "/run/nufw.pid" + + /** + * Stop threads and then wait until threads exit. +--- a/src/nuauth/Makefile.am ++++ b/src/nuauth/Makefile.am +@@ -26,9 +26,6 @@ + + nuauth_LDADD = $(GLIB_LIBS) -lm -lgnutls -lsasl2 -lnufw -L$(top_builddir)/src/include/ + +-install-exec-local: +- install -d "$(DESTDIR)$(localstatedir)/run/nuauth/" +- + nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES) + @rm -f nuauth$(EXEEXT) + $(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD) diff --git a/net-firewall/nufw/files/nufw-conf.d b/net-firewall/nufw/files/nufw-conf.d new file mode 100644 index 000000000000..b2ea527744ec --- /dev/null +++ b/net-firewall/nufw/files/nufw-conf.d @@ -0,0 +1,2 @@ +# configuration file for /etc/init.d/nufw +NUFW_OPTIONS="-k /etc/nufw/nufw.key -c /etc/nufw/nufw.pem -d 127.0.0.1 -p 4129" diff --git a/net-firewall/nufw/files/nufw-init.d b/net-firewall/nufw/files/nufw-init.d new file mode 100644 index 000000000000..fd97dd408c7b --- /dev/null +++ b/net-firewall/nufw/files/nufw-init.d @@ -0,0 +1,17 @@ +#!/sbin/openrc-run + +depend() { + before net +} + +start() { + ebegin "Starting nufw" + start-stop-daemon --start --quiet --exec /usr/sbin/nufw -- -D ${NUFW_OPTIONS} + eend $? +} + +stop() { + ebegin "Stopping nufw" + start-stop-daemon --stop --quiet --pidfile /run/nufw.pid + eend $? +} diff --git a/net-firewall/nufw/metadata.xml b/net-firewall/nufw/metadata.xml new file mode 100644 index 000000000000..2d3a5a832ef3 --- /dev/null +++ b/net-firewall/nufw/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> +<email>netmon@gentoo.org</email> +<name>Gentoo network monitoring and analysis project</name> +</maintainer> +<use> +<flag name="nfconntrack">Use netfilter_conntrack</flag> +<flag name="nfqueue">Use NFQUEUE instead of QUEUE</flag> +<flag name="pam_nuauth">Add support for pam nufw from PAM</flag> +<flag name="plaintext">Add support for authentication with plaintext files</flag> +</use> +</pkgmetadata> diff --git a/net-firewall/nufw/nufw-2.2.22-r1.ebuild b/net-firewall/nufw/nufw-2.2.22-r1.ebuild new file mode 100644 index 000000000000..79f0b9290942 --- /dev/null +++ b/net-firewall/nufw/nufw-2.2.22-r1.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +SSL_CERT_MANDATORY=1 +inherit autotools eutils multilib pam ssl-cert + +DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" +HOMEPAGE="http://www.nufw.org/" +SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 x86" +IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test" + +REQUIRED_USE="pam_nuauth? ( plaintext )" +DEPEND=" + dev-libs/cyrus-sasl + dev-libs/glib:2 + dev-libs/libgcrypt:0 + dev-python/ipy + net-firewall/iptables + net-libs/gnutls + ldap? ( >=net-nds/openldap-2 ) + mysql? ( virtual/mysql ) + nfconntrack? ( net-libs/libnetfilter_conntrack ) + nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) + pam? ( sys-libs/pam ) + pam_nuauth? ( sys-libs/pam ) + postgres? ( dev-db/postgresql[server] ) + prelude? ( dev-libs/libprelude ) +" +RDEPEND=${DEPEND} + +RESTRICT="test" + +src_prepare() { + epatch "${FILESDIR}"/${P}-var-run.patch + sed -i \ + -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ + -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ + conf/nuauth.conf || die + sed -i \ + -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ + src/clients/pam_nufw/Makefile.am || die + eautoreconf +} + +src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable pam_nuauth pam-nufw) \ + $(use_enable static) \ + $(use_with ldap) \ + $(use_with mysql mysql-auth) \ + $(use_with mysql mysql-log) \ + $(use_with nfconntrack) \ + $(use_with nfqueue) \ + $(use_with pam system-auth) \ + $(use_with plaintext plaintext-auth) \ + $(use_with postgres pgsql-log) \ + $(use_with prelude prelude-log) \ + $(use_with syslog syslog-log) \ + $(use_with unicode utf8) \ + --enable-shared \ + --includedir="/usr/include/nufw" \ + --localstatedir="/var" \ + --sysconfdir="/etc/nufw" \ + --with-mark-group \ + --with-user-mark +} + +src_install() { + default + + newinitd "${FILESDIR}"/nufw-init.d nufw + newconfd "${FILESDIR}"/nufw-conf.d nufw + + newinitd "${FILESDIR}"/nuauth-init.d nuauth + newconfd "${FILESDIR}"/nuauth-conf.d nuauth + + insinto /etc/nufw + doins conf/nuauth.conf + + dodoc AUTHORS ChangeLog NEWS README TODO + docinto scripts + dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} + docinto conf + dodoc conf/*.{nufw,schema,conf,dump,xml} + + if use pam; then + pamd_mimic system-auth nufw auth account password session + fi + + prune_libtool_files +} + +pkg_postinst() { + install_cert /etc/nufw/{nufw,nuauth} +} diff --git a/net-firewall/nufw/nufw-2.2.22-r2.ebuild b/net-firewall/nufw/nufw-2.2.22-r2.ebuild new file mode 100644 index 000000000000..a3c6d2b4f822 --- /dev/null +++ b/net-firewall/nufw/nufw-2.2.22-r2.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +SSL_CERT_MANDATORY=1 +inherit autotools eutils multilib pam ssl-cert + +DESCRIPTION="An enterprise grade authenticating firewall based on netfilter" +HOMEPAGE="http://www.nufw.org/" +SRC_URI="http://www.nufw.org/attachments/download/39/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 x86" +IUSE="debug ldap mysql pam pam_nuauth plaintext postgres prelude unicode nfqueue nfconntrack static syslog test" + +REQUIRED_USE="pam_nuauth? ( plaintext )" +DEPEND=" + dev-libs/cyrus-sasl + dev-libs/glib:2 + dev-libs/libgcrypt:0 + dev-python/ipy + net-firewall/iptables + net-libs/gnutls + ldap? ( >=net-nds/openldap-2 ) + mysql? ( virtual/mysql ) + nfconntrack? ( net-libs/libnetfilter_conntrack ) + nfqueue? ( net-libs/libnfnetlink net-libs/libnetfilter_queue ) + pam? ( sys-libs/pam ) + pam_nuauth? ( sys-libs/pam ) + postgres? ( dev-db/postgresql:*[server] ) + prelude? ( dev-libs/libprelude ) +" +RDEPEND=${DEPEND} + +PATCHES=( + "${FILESDIR}/${P}-var-run.patch" + "${FILESDIR}/${P}-gnutls-3.4.patch" +) + +RESTRICT="test" + +src_prepare() { + default + sed -i \ + -e 's:^#\(nuauth_tls_key="/etc/nufw/\)nuauth-key.pem:\1nuauth.key:' \ + -e 's:^#\(nuauth_tls_cert="/etc/nufw/\)nuauth-cert.pem:\1nuauth.pem:' \ + conf/nuauth.conf || die + sed -i \ + -e "/^modulesdir/s|=.*|= /$(get_libdir)/security|g" \ + src/clients/pam_nufw/Makefile.am || die + eautoreconf +} + +src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable pam_nuauth pam-nufw) \ + $(use_enable static) \ + $(use_with ldap) \ + $(use_with mysql mysql-auth) \ + $(use_with mysql mysql-log) \ + $(use_with nfconntrack) \ + $(use_with nfqueue) \ + $(use_with pam system-auth) \ + $(use_with plaintext plaintext-auth) \ + $(use_with postgres pgsql-log) \ + $(use_with prelude prelude-log) \ + $(use_with syslog syslog-log) \ + $(use_with unicode utf8) \ + --enable-shared \ + --includedir="/usr/include/nufw" \ + --localstatedir="/var" \ + --sysconfdir="/etc/nufw" \ + --with-mark-group \ + --with-user-mark +} + +src_install() { + default + prune_libtool_files + + newinitd "${FILESDIR}"/nufw-init.d nufw + newconfd "${FILESDIR}"/nufw-conf.d nufw + + newinitd "${FILESDIR}"/nuauth-init.d nuauth + newconfd "${FILESDIR}"/nuauth-conf.d nuauth + + insinto /etc/nufw + doins conf/nuauth.conf + + docinto scripts + dodoc scripts/{clean_conntrack.pl,nuaclgen,nutop,README,ulog_rotate_daily.sh,ulog_rotate_weekly.sh} + docinto conf + dodoc conf/*.{nufw,schema,conf,dump,xml} + + if use pam; then + pamd_mimic system-auth nufw auth account password session + fi +} + +pkg_postinst() { + install_cert /etc/nufw/{nufw,nuauth} +} diff --git a/net-firewall/pftop/Manifest b/net-firewall/pftop/Manifest new file mode 100644 index 000000000000..34b61d874817 --- /dev/null +++ b/net-firewall/pftop/Manifest @@ -0,0 +1,6 @@ +DIST pftop-0.7-patches-3.tar.bz2 10611 SHA256 56826b18fb4b6559dd3ddec1d53ab7d84988dcb10f5b1abc6539f2f7ffb1ae22 SHA512 7c8f438e8fc1c507313cf9fe69da2b27bdc57e4cf27b8b0d6153fb0c269d417a59ff93cd74987809b131ae2d148b659ca00d93da1346a515b11c1d8bbfc67f1f WHIRLPOOL c4c5f833daa9aef066351dd924e581dfd595d8ee0b987ee5dd5693480eca540ebbb4c603a1ceb4fc87678473ea4790e026b0ad86775187581aa6e285c19fbc4f +DIST pftop-0.7.tar.gz 59765 SHA256 afde859fab77597e4aae1ef6b87f1bb26a5ad8cb2b1d7316a12e5098153492af SHA512 e9be01704adc112bd1f5dc011f7900754d600df6be50e28ee4a937faabe00b627ed4d1565e92560d750e70f5117533c494565f616f3562eae61301642d438713 WHIRLPOOL af50aa66c7eecfa7bdd390f86e0953baac4ccd45652c6fadfbe952b201190fe402b667fb5c262449e503c3aac88916f23e6e2bc219803b5ea823670df85097dc +EBUILD pftop-0.7-r2.ebuild 1233 SHA256 bebf71d34a0792a612a229df414e63e46fd3f7223d90cac4b1fd1e4779ea7e85 SHA512 c921daba289a5cb7e1bfc31364185bb1ef385283df0eaf9b5ea7d41866f82263f33a55899df2611349810716f3ec2ec0d663c0c25a05d043b74f1e70fbd28d33 WHIRLPOOL 345edc81e7618df1a0fd4b03c63de539932037b3a440936a7eeaa99ef7b29a9330819b973bc22a16dd46797ffab36c2d6cebaac715339189cbe42bb397d13cfe +MISC ChangeLog 2849 SHA256 5e6249ea36c35d1bafb05881e1f26e4588c575567641c01f23dbefcf1f611da5 SHA512 83767051ee175a43e1b68646a9ae5bb61d9dc91bb8974b10190d63597ce7bd501de7da16c4c0e696dd1e358e06bf5e0c7626ba46b5e3d9a688b161a0b1430fae WHIRLPOOL f8bee53a97acae950bd81b0e6c7fc54ddfa16260e2e0c46a133778a2683f543e9f773ea36e932bff5630e28e7d789195f39924107d29a1f6c7f4d1043624baf0 +MISC ChangeLog-2015 1940 SHA256 e88b111738150ebffecf9017474fe8b8f27d775efec2197d63ac1e6da3ebea2f SHA512 fdf7d192e86fca31cb52c65d94f4acf5a5d665987826111993294071f9d8fd03b194786d902eee0b2c6d960beeb404e1f7c4a82097f73a9441ed2f2f674b8dd7 WHIRLPOOL 73b46fc0f0161f2fa2d38b055bd4e1ac76a56ee1eaba3f06b0384b08679af35c3e8c449fb2d51185fa87fe984ff686f2952e08ff2f6b9d946e3097e7e5cc179d +MISC metadata.xml 349 SHA256 9de8354235e53f5c26052762eacb38247be55e893834dea5560356af4082a655 SHA512 90bdc41abf6957dbaa912df1db6731ed1b7b3ac557fec239b2dfd2f7c23b066df13ff8c5534cd36d05780a07cb4ba287d8ffe4551054a5507280fdfdaca47c24 WHIRLPOOL 2361888d4462b1dde987f847727089386987041d9cf4dc3cbd40302f03640f53b00a9f9ca00e3b18c2e37c566041764814763fa44feecb3e4b6d0e0d04c32272 diff --git a/net-firewall/pftop/metadata.xml b/net-firewall/pftop/metadata.xml new file mode 100644 index 000000000000..eb54224c8109 --- /dev/null +++ b/net-firewall/pftop/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>bsd@gentoo.org</email> + <name>BSD Project</name> + </maintainer> + <use> + <flag name="altq">Enable altq(4) support — alternate queuing of network packets.</flag> + </use> +</pkgmetadata> diff --git a/net-firewall/pftop/pftop-0.7-r2.ebuild b/net-firewall/pftop/pftop-0.7-r2.ebuild new file mode 100644 index 000000000000..ede062387ec1 --- /dev/null +++ b/net-firewall/pftop/pftop-0.7-r2.ebuild @@ -0,0 +1,49 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 +PATCH_PV=3 + +inherit bsdmk flag-o-matic eutils + +DESCRIPTION="Tool for real-time display of active states and rule statistics for pf" +HOMEPAGE="http://www.eee.metu.edu.tr/~canacar/pftop/" +SRC_URI="http://www.eee.metu.edu.tr/~canacar/${P}.tar.gz + mirror://gentoo/${P}-patches-${PATCH_PV}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~x86-fbsd" +IUSE="altq" + +RDEPEND="sys-libs/ncurses" + +src_prepare() { + epatch "${WORKDIR}"/patches/* +} + +src_compile() { + # OS_LEVEL variable refers to the version of pf shipped with OpenBSD. + # On FreeBSD we have to know it. + local OSLEVEL + + case ${CHOST} in + *-openbsd*) + local obsdver=${CHOST/*-openbsd/} + OSLEVEL=${obsdver//.} + ;; + *-freebsd[78]*) OSLEVEL=41 ;; + *-freebsd9*) OSLEVEL=45 ;; + *) + die "Your OS/Version is not supported (${CHOST}), please report." + ;; + esac + append-flags "-DHAVE_SNPRINTF -DHAVE_VSNPRINTF -DOS_LEVEL=${OSLEVEL}" + use altq && append-flags "-DHAVE_ALTQ" + mkmake LOCALBASE="/usr" CFLAGS="${CFLAGS}" || die "pmake failed" +} + +src_install() { + mkinstall DESTDIR="${D}" LOCALBASE="/usr" MANDIR="/usr/share/man/man" \ + NO_MANCOMPRESS= install || die +} diff --git a/net-firewall/pglinux/Manifest b/net-firewall/pglinux/Manifest new file mode 100644 index 000000000000..991afd7eaa13 --- /dev/null +++ b/net-firewall/pglinux/Manifest @@ -0,0 +1,5 @@ +DIST pgl-2.3.1.tar.gz 605656 SHA256 1b5c6d233baa943b42254c95ed2853d036f3f246feaebc073e3c91c05a4c98b4 SHA512 f23d44ad6448814ba0a2c90292ff4a933d31fed942886d63c50bb62fb56e1af70df72e09070ad3cd27c878f322576326040c330fbdbda63128ad304375b02a1e WHIRLPOOL f36f2d740f2b760d70e90de2e8004932289130b76119af80e478b0e8136d0dffb167c941b54b602a6f1857c9a3f8df1e7b4c6ed5c02099c008bec601ab967e2b +EBUILD pglinux-2.3.1.ebuild 2364 SHA256 814fe04bbc33e3663225b7adea87de21d100f81de1262b67bbf0bf99b676fb63 SHA512 5cec196b62f8654d4da1d03732ecbb63aa263118277c998c127b7f69a4e594d432a93e6e04c9bf51af2af0202b451167c6ee583ec6d17cd51eccbc93d053511d WHIRLPOOL 8f9affd84cac40cace1700d7a14b197e80c16c8427469452647ac63de5a79be5a4eaf35f758c33afd9c35d8a5850415c31f072a04d0e41d00604c6d5310be766 +MISC ChangeLog 4805 SHA256 badfc3708b18786eaef537aaf802c137b169adda8bd7fc1e5d69b9fda20b83cc SHA512 4f13586b8082e5ed7c57b07340fa91c05db235920b021c7636639bdc4d4214d825ce93bf080108e7ac9e850742ece5222f508ede1f298697c873541383770a55 WHIRLPOOL 28f47f823ee6c0baf5096575f03e3c0958a0904fed295cbdf6c18ba6a1bda2475cf28a885417473770384f1f5f2677f5d47ccd2f142cd52afcd05217ba852a73 +MISC ChangeLog-2015 3668 SHA256 cf247c113d334dd230fd44602a780bd2b2b237edabfabce07243879539e6f46c SHA512 edf54b955f83610f16b49a4ddb0bf683f280627515ed83ec0bd33bac584fdc70ac9e46f3514d725131ddf20071d80bc3fc9f0c80996bdfa3840db7bb805ed256 WHIRLPOOL 96bdd353e8a30873c73e8dd7a58e90b0947ace53129f181ddb85d38c6e142a2ea322a3c328a6fc55f2531ac87a5bf1822b29c918731f08caccb8513c0c4a0ea6 +MISC metadata.xml 882 SHA256 3df0fb92322d2e78d34ded34757164f79618cdd76e384bda33cd4a39ec54dcfe SHA512 34297f9b8e083798fedc61991300cb4d9a2eb5fff8065656590a51d732e2d4e187f05db08b336ace3b24982362e1aa3b0b18b6eebc8ddf9a72e81f27be424672 WHIRLPOOL 095dcdf6b37396f792e7c2cde112a637cc65a4a7f734edc8199d5877108db921f08e05f1dc29fa729016eb2057442d09288362886a2292c369c23698b022ca05 diff --git a/net-firewall/pglinux/metadata.xml b/net-firewall/pglinux/metadata.xml new file mode 100644 index 000000000000..cd9a336cff52 --- /dev/null +++ b/net-firewall/pglinux/metadata.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <upstream> + <changelog>https://sourceforge.net/news/?group_id=131687</changelog> + <doc lang="en">https://sourceforge.net/projects/peerguardian/support</doc> + <bugs-to>https://sourceforge.net/tracker/?group_id=131687</bugs-to> + <remote-id type="sourceforge">peerguardian</remote-id> + </upstream> + <use> + <flag name="cron">Install cron script</flag> + <flag name="logrotate">Install logrotate.d file</flag> + </use> + <longdescription lang="en"> + PeerGuardian Linux (pgl) is a privacy oriented firewall application. It blocks + connections to and from hosts specified in huge blocklists (thousands or + millions of IP ranges). pgl is based on the Linux kernel netfilter framework + and iptables. + </longdescription> +</pkgmetadata> diff --git a/net-firewall/pglinux/pglinux-2.3.1.ebuild b/net-firewall/pglinux/pglinux-2.3.1.ebuild new file mode 100644 index 000000000000..e524edf5a018 --- /dev/null +++ b/net-firewall/pglinux/pglinux-2.3.1.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit eutils gnome2-utils linux-info systemd + +MY_P="pgl-${PV}" + +DESCRIPTION="Privacy oriented firewall application" +HOMEPAGE="https://sourceforge.net/projects/peerguardian/" +SRC_URI="mirror://sourceforge/peerguardian/${MY_P}.tar.gz" + +LICENSE="GPL-3" +KEYWORDS="amd64 x86" +SLOT="0" +IUSE="cron dbus logrotate networkmanager qt4 zlib" +REQUIRED_USE="qt4? ( dbus )" + +COMMON_DEPEND=" + net-libs/libnetfilter_queue + net-libs/libnfnetlink + dbus? ( sys-apps/dbus ) + zlib? ( sys-libs/zlib ) + qt4? ( sys-auth/polkit-qt[qt4] + dev-qt/qtcore:4 + dev-qt/qtdbus:4 + dev-qt/qtgui:4 + || ( kde-plasma/kde-cli-tools[kdesu] kde-apps/kdesu x11-misc/ktsuss ) + ) +" +DEPEND="${COMMON_DEPEND} + virtual/pkgconfig + sys-devel/libtool:2 +" +RDEPEND="${COMMON_DEPEND} + net-firewall/iptables + sys-apps/sysvinit + cron? ( virtual/cron ) + logrotate? ( app-admin/logrotate ) + networkmanager? ( net-misc/networkmanager:= ) +" + +CONFIG_CHECK="~NETFILTER_NETLINK + ~NETFILTER_NETLINK_QUEUE + ~NETFILTER_XTABLES + ~NETFILTER_XT_TARGET_NFQUEUE + ~NETFILTER_XT_MATCH_IPRANGE + ~NETFILTER_XT_MARK + ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_STATE + ~NF_CONNTRACK + ~NF_CONNTRACK_IPV4 + ~NF_DEFRAG_IPV4 + ~IP_NF_FILTER + ~IP_NF_IPTABLES + ~IP_NF_TARGET_REJECT" + +S="${WORKDIR}/${MY_P}" + +src_prepare() { + default + sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' pglcmd/init/pgl.gentoo.in || die +} + +src_configure() { + econf \ + --localstatedir=/var \ + $(use_enable logrotate) \ + $(use_enable cron) \ + $(use_enable networkmanager) \ + $(use_enable zlib) \ + $(use_enable dbus) \ + --disable-lowmem \ + --with-iconsdir=/usr/share/icons/hicolor/128x128/apps \ + --with-gentoo-init \ + $(use_with qt4) \ + --with-systemd="$(systemd_get_systemunitdir)" +} + +src_install() { + default + keepdir /var/{lib,log,spool}/pgl + rm -rf "${ED%/}"/tmp || die + prune_libtool_files --modules +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + elog "optional dependencies:" + elog " app-arch/p7zip (needed for blocklists packed as .7z)" + elog " app-arch/unzip (needed for blocklists packed as .zip)" + elog " virtual/mta (needed to send informational (blocklist updates) and" + elog " warning mails (if pglcmd.wd detects a problem.))" + + gnome2_icon_cache_update +} + +pkg_postrm() { + gnome2_icon_cache_update +} diff --git a/net-firewall/psad/Manifest b/net-firewall/psad/Manifest new file mode 100644 index 000000000000..fbf046025b38 --- /dev/null +++ b/net-firewall/psad/Manifest @@ -0,0 +1,12 @@ +AUX psad-2.2.4-var-run.patch 589 SHA256 e4182e086cad3f4534baab0357cc327a8adcaa4c783abae86d8d5427fc591417 SHA512 dfd46dc06ef1f5bacb1424dc3ef9df23c5dc28abe6c6b1ffcbf7720e1d134e983e581831e7ed04074592bd1865f3628c753b313b7df1f7fdf84d438e82c25464 WHIRLPOOL f447483b8b3fdcbf542513c541c027b6b27eeec1abc1b0af2daa9481fd772c25e41454080b5cecf9808dded85e3af2c574d890e3755a8913553ca9229b9a6af3 +DIST psad-2.2.5.tar.bz2 1243987 SHA256 736d446266227cb65511d792c85224573c95ea4dc3bde3d5c65bc19084f57452 SHA512 195a06420cf821d182a5422705ba2d407fd35f23887430e61925cad0eada7d20e2416eaf6317857a5aec2f1264a280a7e0128cc301f17dcf20cf833a9f0efb6e WHIRLPOOL fac4797e0a399d4f5edf2179c21d37791d184ee1e334b9b8fb2707405afc10ca0c0d4ab43cd274f34cf8ba9453189066b1d46b955d0533fa357e376ef3817f1f +DIST psad-2.4.3.tar.bz2 1395260 SHA256 e482de4602ab72dba868dcdd1078ad3645d49ab02a9eb116dd117c1a5a20f8c5 SHA512 8a25ef377e3f4f406c2179a42217110a670f1c0eb8e7991e32a99fd695ca1866218274e9aaeb48552e1bd9bd91b5fbf34b226d767c28f1db27f15b08fba2b0e8 WHIRLPOOL a1c06df2cd67baa3e2b519094ffcccd027aab47352c00cd3147a8d3db2366ce8cbea42c37f5e8adcd9c2532af215bd87ed5d925e376cf8d965725e4f5cf4c7ea +DIST psad-2.4.4.tar.bz2 1429113 SHA256 4a8dad05554f779c359fb1091b07b37219dd4321d85e162a5885a11efaec1901 SHA512 0437a489fcb54458dbb33e0139385e577a89db0c07bd872e4e56780feb8033080d59c99aeff419f3c94b22be8fb41995674749123d15f7d578cc8b0a77d7783f WHIRLPOOL 5ab47d1b23659058ed17f484d7b5aa2c2dad5412f06dfde2fc0032ae50c2d25e9ab9a05bcad29547dd9dc69b0268ec7601917d60d4178bf8032f661aa7ef742c +DIST psad-2.4.5.tar.bz2 1631602 SHA256 2de1115325bd7c95d32ce0bdee5028c43a86c2893203b5fc1ba6bdfe8ba182d1 SHA512 6466cf3191092672557fb6c044c6126290f1d89aea37a20aad1b3eb148b5b8be5bc2cf3700938b91263d7403f776613f304bd491c24a7e16b0975b81f24481a0 WHIRLPOOL 87bbd23cf4419e6a85cbb4fdb7a08dfe3e1aeb10c1542766d4b708a837182dea2859d5db982f2d91a67331b80c2e6728391917964f6dd555b70c3a38f7e7d607 +EBUILD psad-2.2.5.ebuild 1867 SHA256 5907a00070175bd9311ff1298364e5d90a4a324aa606d1b59e7bc289f4037b12 SHA512 3eed54b311474cd74352f93e8ca8061f9e5149041251c3e4034c6d81ecf28233f29f2a9597863e4a0eb7bc04b9812d589d3e0f1214241103678116761b2b8ba2 WHIRLPOOL 8efdc258398833639a78423b5fe32021f39fb8d1df9fadb58090d961787f6c65c58462f430ade28176ad58b514630342d3262239f88ac204ebbaff1045082e1b +EBUILD psad-2.4.3.ebuild 1897 SHA256 86cb786a5681b7d32fcf40b04680e03dc2efec276a502231b1a2b5c398347a68 SHA512 5d12f26624e1315f15656ef70a57588bffd5cd492452008109ccda58aa76fe771ecd3c110e081d66f3cb4c0c700ec64377f765f5c20a35fce13fa3ff82a78077 WHIRLPOOL a745424dc83ee2d817cf2467ac975695a265c0dc1d86df3553d231ef39b39bfb534ff2adb3c4c712c7a1470bd47736cb9b6152a5b0649d699ef63b464e8aec5c +EBUILD psad-2.4.4.ebuild 1904 SHA256 a54988d01200d8cf10318a0ade1b96218edbb5152929298ee70445c345ab35d5 SHA512 d14a9739f329c2692cde9d26d54d6742b27d4269ac0ce93091d9b96a153afac2ea242ea5297afd86e33ce8d47615d3c462b60c1525b6f1c3c50692ec8a525092 WHIRLPOOL 28255452f1c1e5f243c947b8d8701f39f8bbdbdb57a54805866281158ea13d9e23e03901083f425fb31686c3d92fb1ecd31aeffbcab04ef352075af0a079f16e +EBUILD psad-2.4.5.ebuild 1921 SHA256 42b222cff2a4e945d8f2bb5c646e5fb6ab1c75122a8a3ff4996505ecf1cfc059 SHA512 bb1cb04edec855a03db0c8f233893378580490c53e4c7527e8b6b7ca2d298100fa2510b2b68ddfdf183cba446cfb4df2a6a1fe31b48cde90d7513de42b3631dc WHIRLPOOL 0523b4ab30f963f61ef54c890324ad6f6faaadf18c11dc1ed29769db9bbc5085b5e7873dd865c26cea1c337cf7f60cd5c80ab3c7d9a672658df9f55a971f2cd2 +MISC ChangeLog 2795 SHA256 6f4cd1d2278282b170cf8b1f1a1bfa64bf7839f89e5606d1400559e72b33cf96 SHA512 65030159a65e8155376a6222b61386a2766333cf72640da1a3a449c87373dc881d26033ecc7179828a1917364d9a01c9bd38adb09303375d94eb966d351b0e4c WHIRLPOOL 51b36ef1c8fdebe6fd6f5fcbe4c445cb4a5d88aa143cf3809e8a4d25b896f19e01ca8345a7f0acc7ebace489973d73d03a87ceaa34f9b89673968bcbdecefd83 +MISC ChangeLog-2015 14175 SHA256 3a1c9b801bc22111418b71a299c313d7b1efe641c01fee45e1c0100a098e14c8 SHA512 891e32e6c30e45bc49e3ea01eb79f9b56293e97a5866089156f40ad549b459def60cd9162f8d6971c057b5e194868868040f77ad38b62190d74eaea3b25f9398 WHIRLPOOL 93ed4e50c4e2e406c3c0f3e4cc6e0b9a3b25040b9d900e0fc3dad12bdd3b1bc79ef61a90945188874239444d88df75865fb4cc21918460ac14a1808ff0b9de81 +MISC metadata.xml 276 SHA256 d15d6b6bd9ffc8a642c7469d01788ba9158efb4ca27fcf3324d9e52d1b70ec93 SHA512 f0e6c6bc89659e01e157d9bf30d0a2f3fd2d71bc26c8d12489c4a44fc5237159946e25b46e7295ab4676aea63559194977a0b1e76aced31d81cf6387dd0f4250 WHIRLPOOL 26b9e81575f613b751f76234013c30a8da84a1c0dd75c12b8df32706ee753691bbc889a2dec5001cc8c4b05c47aca49ed9fabbb5a6fefed74aaa86d6c3f56cee diff --git a/net-firewall/psad/files/psad-2.2.4-var-run.patch b/net-firewall/psad/files/psad-2.2.4-var-run.patch new file mode 100644 index 000000000000..7e6c9d29081d --- /dev/null +++ b/net-firewall/psad/files/psad-2.2.4-var-run.patch @@ -0,0 +1,19 @@ +--- a/init-scripts/psad-init.gentoo ++++ b/init-scripts/psad-init.gentoo +@@ -1,4 +1,4 @@ +-#!/sbin/runscript ++#!/sbin/openrc-run + ## Copyright 2006 Michael Rash + # Distributed under the terms of the GNU General Public License v2 + # Author: Michael Rash +@@ -19,6 +19,10 @@ + + start() { + checkconfig || return 1 ++ checkpath -q -d -m 755 -o root:root /run/psad ++ checkpath -q -d -m 755 -o root:root /var/lib/psad ++ checkpath -q -d -m 755 -o root:root /var/log/psad ++ [ -p /var/lib/psad/psadfifo ] || mknod -m 600 /var/lib/psad/psadfifo p + + ebegin "Starting ${SVCNAME}" + start-stop-daemon \ diff --git a/net-firewall/psad/metadata.xml b/net-firewall/psad/metadata.xml new file mode 100644 index 000000000000..74c2baebb4ec --- /dev/null +++ b/net-firewall/psad/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> +</maintainer> +</pkgmetadata> diff --git a/net-firewall/psad/psad-2.2.5.ebuild b/net-firewall/psad/psad-2.2.5.ebuild new file mode 100644 index 000000000000..f45bb3101a38 --- /dev/null +++ b/net-firewall/psad/psad-2.2.5.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +#PERL_EXPORT_PHASE_FUNCTIONS=no +inherit eutils perl-module toolchain-funcs + +DESCRIPTION="Port Scanning Attack Detection daemon" +SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2" +HOMEPAGE="http://www.cipherdyne.org/psad" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="alpha amd64 ppc ~sparc x86" + +DEPEND="virtual/perl-ExtUtils-MakeMaker" +RDEPEND=" + dev-perl/Bit-Vector + dev-perl/Date-Calc + dev-perl/NetAddr-IP + dev-perl/Unix-Syslog + net-firewall/iptables + net-misc/whois + virtual/logger + virtual/mailx + virtual/perl-Storable +" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.2.4-var-run.patch + + sed -i \ + -e 's|/usr/bin/gcc|$(CC)|g' \ + -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \ + Makefile || die + # Fix up default paths + sed -i \ + -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \ + psad.conf || die +} + +src_configure() { + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + SRC_PREP="no" perl-module_src_configure + done +} + +src_compile() { + tc-export CC + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_compile + done +} + +src_install() { + newbin pscan psad-pscan + + insinto /usr + dosbin kmsgsd psad psadwatchd + newsbin fwcheck_psad.pl fwcheck_psad + + insinto /etc/psad + doins \ + *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \ + protocols signatures + + newinitd init-scripts/psad-init.gentoo psad + + doman *.8 + + dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README SCAN_LOG + + insinto /etc/psad/snort_rules + doins deps/snort_rules/* + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_install + done +} diff --git a/net-firewall/psad/psad-2.4.3.ebuild b/net-firewall/psad/psad-2.4.3.ebuild new file mode 100644 index 000000000000..79b1d6323a88 --- /dev/null +++ b/net-firewall/psad/psad-2.4.3.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +#PERL_EXPORT_PHASE_FUNCTIONS=no +inherit eutils perl-module toolchain-funcs + +DESCRIPTION="Port Scanning Attack Detection daemon" +SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2" +HOMEPAGE="http://www.cipherdyne.org/psad" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" + +DEPEND="virtual/perl-ExtUtils-MakeMaker" +RDEPEND=" + dev-perl/Bit-Vector + dev-perl/Date-Calc + dev-perl/NetAddr-IP + dev-perl/Unix-Syslog + net-firewall/iptables + net-misc/whois + virtual/logger + virtual/mailx + virtual/perl-Storable +" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.2.4-var-run.patch + + sed -i \ + -e 's|/usr/bin/gcc|$(CC)|g' \ + -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \ + Makefile || die + # Fix up default paths + sed -i \ + -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \ + psad.conf || die +} + +src_configure() { + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + SRC_PREP="no" perl-module_src_configure + done +} + +src_compile() { + tc-export CC + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_compile + done +} + +src_install() { + newbin pscan psad-pscan + + insinto /usr + dosbin kmsgsd psad psadwatchd + newsbin fwcheck_psad.pl fwcheck_psad + + insinto /etc/psad + doins \ + *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \ + protocols signatures + + newinitd init-scripts/psad-init.gentoo psad + + doman *.8 + + dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES FW_HELP README \ + README.SYSLOG SCAN_LOG + + insinto /etc/psad/snort_rules + doins deps/snort_rules/* + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_install + done +} diff --git a/net-firewall/psad/psad-2.4.4.ebuild b/net-firewall/psad/psad-2.4.4.ebuild new file mode 100644 index 000000000000..7470cc6b3cdc --- /dev/null +++ b/net-firewall/psad/psad-2.4.4.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +#PERL_EXPORT_PHASE_FUNCTIONS=no +inherit perl-module toolchain-funcs + +DESCRIPTION="Port Scanning Attack Detection daemon" +SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2" +HOMEPAGE="http://www.cipherdyne.org/psad" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" + +DEPEND="virtual/perl-ExtUtils-MakeMaker" +RDEPEND=" + dev-perl/Bit-Vector + dev-perl/Date-Calc + dev-perl/NetAddr-IP + dev-perl/Unix-Syslog + net-firewall/iptables + net-misc/whois + virtual/logger + virtual/mailx + virtual/perl-Storable +" +PATCHES=( + "${FILESDIR}"/${PN}-2.2.4-var-run.patch +) + +src_prepare() { + default + + sed -i \ + -e 's|/usr/bin/gcc|$(CC)|g' \ + -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \ + Makefile || die + # Fix up default paths + sed -i \ + -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \ + psad.conf || die +} + +src_configure() { + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + SRC_PREP="no" perl-module_src_configure + done +} + +src_compile() { + tc-export CC + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_compile + done +} + +src_install() { + newbin pscan psad-pscan + + insinto /usr + dosbin kmsgsd psad psadwatchd + newsbin fwcheck_psad.pl fwcheck_psad + + insinto /etc/psad + doins \ + *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \ + protocols signatures + + newinitd init-scripts/psad-init.gentoo psad + + doman *.8 + + dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES FW_HELP README \ + README.SYSLOG SCAN_LOG + + insinto /etc/psad/snort_rules + doins deps/snort_rules/* + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_install + done +} diff --git a/net-firewall/psad/psad-2.4.5.ebuild b/net-firewall/psad/psad-2.4.5.ebuild new file mode 100644 index 000000000000..fa26cc018d83 --- /dev/null +++ b/net-firewall/psad/psad-2.4.5.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +#PERL_EXPORT_PHASE_FUNCTIONS=no +inherit perl-module toolchain-funcs + +DESCRIPTION="Port Scanning Attack Detection daemon" +SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2" +HOMEPAGE="http://www.cipherdyne.org/psad" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" + +DEPEND="virtual/perl-ExtUtils-MakeMaker" +RDEPEND=" + dev-perl/Bit-Vector + dev-perl/Date-Calc + dev-perl/NetAddr-IP + dev-perl/Unix-Syslog + net-firewall/iptables + net-misc/whois + virtual/logger + virtual/mailx + virtual/perl-Storable +" +PATCHES=( + "${FILESDIR}"/${PN}-2.2.4-var-run.patch +) + +src_prepare() { + default + + sed -i \ + -e 's|/usr/bin/gcc|$(CC)|g' \ + -e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \ + Makefile || die + # Fix up default paths + sed -i \ + -e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \ + psad.conf || die +} + +src_configure() { + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + SRC_PREP="no" perl-module_src_configure + done +} + +src_compile() { + tc-export CC + default + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_compile + done +} + +src_install() { + newbin misc/pscan psad-pscan + + insinto /usr + dosbin kmsgsd psad psadwatchd + newsbin fwcheck_psad.pl fwcheck_psad + + insinto /etc/psad + doins \ + *.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \ + protocols signatures + + newinitd init-scripts/psad-init.gentoo psad + + doman doc/*.8 + + dodoc doc/BENCHMARK CREDITS Change* doc/FW_EXAMPLE_RULES README \ + doc/README.SYSLOG doc/SCAN_LOG + + insinto /etc/psad/snort_rules + doins deps/snort_rules/* + + local deps_subdir + for deps_subdir in IPTables-Parse IPTables-ChainMgr; do + cd "${S}"/deps/${deps_subdir} || die + perl-module_src_install + done +} diff --git a/net-firewall/quicktables/Manifest b/net-firewall/quicktables/Manifest new file mode 100644 index 000000000000..d2c0b24c95ff --- /dev/null +++ b/net-firewall/quicktables/Manifest @@ -0,0 +1,5 @@ +DIST quicktables-2.3.tar.gz 20287 SHA256 f96c39dd72227b0056899d635531c3836a64a300183d657a12a5625d435155f6 SHA512 4a2a7c98d353724b845a8c474c39a2759a51ad4dae38a327d2db614a9e872ca3d1d05b150ab1e6815d461ec575590c5793a9342300524197fd9a52d294e55766 WHIRLPOOL 77a5b7c658d07604672afd346ad3248ef8110bd3a057bab74869c076609fefaad45213cbecff02f91734915662c0012196767b24fc55f0073c16fb877c961813 +EBUILD quicktables-2.3.ebuild 418 SHA256 b7292dd1ef6e89177848a8a80eb301b1d4445f0da32a5a2c75c4710d7699dd44 SHA512 69518d43fc18970baa7923e985f14e1895553bd1b3b735ad0927af913e43a4644963af4495cb70addc283d42a7b49ae9621ba67eeee20fe9c018e07214c86ace WHIRLPOOL 3359a5164fc1ad24d2c01bed15cec94aaded478dc6e3bb0eb6d0200b41917a3f33f52b8c8675978aa9d9a3cfc8cd1e4ff8bce363ea3f38b1b2565e630a072361 +MISC ChangeLog 2534 SHA256 2d6185b2be8752bc2559328f44b7ab9b918a0c65c2526b80d89d22a25d09ea94 SHA512 5c7fbd0b6281455acfd6a0b0d2b257963528aeff0eb5566d688d7b8869ac3a57983f2804558f30bb44885d5982c6448c955664e84f99a6212f1a60258024eaed WHIRLPOOL fbc414b13b762674f6037f24038f00906cb9c9135171fccf5cecbc75e373de86872c7ce11519d0d2513a2da0d55ee13502087e98ce83d607cc7efa97af253729 +MISC ChangeLog-2015 647 SHA256 e5f123cbe5a6c3c9de2b3336393793418b1e6b5ba65b3f5f75b962ea040b029a SHA512 a4efe14c64d6dc4b47647873e6044db6d114f59cd34c95d7f18f27625c2e9edb259fd6ca69cc0956e80353e7cad735977b5687f23e910161a8c0a04027a240d1 WHIRLPOOL e8454679000050e3f6cc9f852733b778db79a12e0640d05814f44620d9c104d372b9d94453581ab1bc9dd03e4b77a063acc595437d83f2a44c8aa12b64272404 +MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968 diff --git a/net-firewall/quicktables/metadata.xml b/net-firewall/quicktables/metadata.xml new file mode 100644 index 000000000000..6f49eba8f496 --- /dev/null +++ b/net-firewall/quicktables/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> +</pkgmetadata> diff --git a/net-firewall/quicktables/quicktables-2.3.ebuild b/net-firewall/quicktables/quicktables-2.3.ebuild new file mode 100644 index 000000000000..9abcb7ee6637 --- /dev/null +++ b/net-firewall/quicktables/quicktables-2.3.ebuild @@ -0,0 +1,18 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +DESCRIPTION="a quick iptables script generator" +HOMEPAGE="http://qtables.radom.org/" +SRC_URI="http://qtables.radom.org/files/${P}.tar.gz" + +LICENSE="GPL-2" +IUSE="" +KEYWORDS="~amd64 ~ppc ~x86" +SLOT="0" + +RDEPEND="net-firewall/iptables" + +src_install() { + dosbin quicktables-2.3 || die + dodoc changes readme todo +} diff --git a/net-firewall/rtsp-conntrack/Manifest b/net-firewall/rtsp-conntrack/Manifest new file mode 100644 index 000000000000..1fd353e7175b --- /dev/null +++ b/net-firewall/rtsp-conntrack/Manifest @@ -0,0 +1,5 @@ +DIST rtsp-module-3.7.tar.gz 11474 SHA256 a8333924e9553ec25ed0707b8e78637bf055e654a888ff7e40634f356102068a SHA512 480316f41f7e9a2a75b73b3edcbbdc98bf293f013a5549c6829659e601d2d1ec0ac94f7a2519cd6e40d41cbd02cf64f81fe2a371c703c3b0ba36d200fe29a3c1 WHIRLPOOL c76f20fb016a11c036d452998a6892af055247dccb7fa6e35c5c4bd2954fcc2a7b2d1403612d05c19d278ff4222faaaaa31284e81d7c135ed7cac47f2b3c69d3 +EBUILD rtsp-conntrack-3.7.ebuild 879 SHA256 db83aade58e267f18a7058f2030ee040853296d65f4108f5aad15e9758e696eb SHA512 0c13d2e618b37c9ec7d0712f8ff7d18bbcb6a9fcc8e9b29fdfe980f18b2fcf4961a5f336d7dae9975557e597de59302b0b5da3818a5d360d8ec6c22ffc611b58 WHIRLPOOL 9e48f9dd5b7bb964dc1191c697c098c1f9e2f796c8b8b28e93a0572cba6a09935e8cf2c71f16d4efd934cf5628c63343c083e2e53f6de0bea9f628ecf5e06a4b +MISC ChangeLog 2197 SHA256 14df61893bfe37e6bbeddb83b3355d626755523c1b3cfae4b357f6d89c12d8d8 SHA512 066f68c57a29f88c59b76284e17e40faaa1269ae4d69b825e12c392777d9d57943ec39a55752b82c1f54c2f6478e172540efa352f77385a5c82c8a382a58e74d WHIRLPOOL 5f36a49d0ba6c408b1bf22441dfb40f5343e775833fc8e870b1baa9ea66ee3c46b2eb7d943455ebcefea275b9a282df20e4cce84496d64298dd7fadaaa2c6639 +MISC ChangeLog-2015 726 SHA256 34d9c6af97fda6277d914cf634b9dbaf52ad0a47f21af28e6ed889cbf731bf72 SHA512 d679708090c1baf887a894698afba5c7200f18cef3e76dc27b08f61265ae72d2a57be5c54a07c5de8faf88bce551c78ca3a937e9c6fbede16cb0b7a84ce53b2f WHIRLPOOL e5c8ef6f4fb6ac9017b9edbfff423dddfe32ae07e816e11b077a4befb4e249c2eb64da43d7e13050af8348ae2e78e05c08e88281864bc12fc059f9b90597cdae +MISC metadata.xml 247 SHA256 fb925313d1ae70feaa6db91150f34a2157b48e884e8f47d773640af149e3744b SHA512 96c55c2979dd6a4c4761fce9b5a0be387b11fcf197ef903d8680ae82f01a2caea93b1238bed1ac96d3eb250744e2149a507e0424ac017b4324f0806a54e72c4a WHIRLPOOL 142b4295733faec48b0ca9eb6d3561799ff743481aabf2b74ecf6d717d972b4961979c7b6bf32b9840cb34e47d22fe2befb9b0ef8ec0d3f28f6416069128d3c7 diff --git a/net-firewall/rtsp-conntrack/metadata.xml b/net-firewall/rtsp-conntrack/metadata.xml new file mode 100644 index 000000000000..5b159fbcadd1 --- /dev/null +++ b/net-firewall/rtsp-conntrack/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>pinkbyte@gentoo.org</email> + <name>Sergey Popov</name> + </maintainer> +</pkgmetadata> diff --git a/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild new file mode 100644 index 000000000000..51d0c0cf892b --- /dev/null +++ b/net-firewall/rtsp-conntrack/rtsp-conntrack-3.7.ebuild @@ -0,0 +1,35 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils linux-mod versionator + +DESCRIPTION="RTSP conntrack module for Netfilter" +HOMEPAGE="http://mike.it-loops.com/rtsp" +SRC_URI="http://mike.it-loops.com/rtsp/rtsp-module-${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" + +S="${WORKDIR}/rtsp" + +BUILD_TARGETS="all" +MODULE_NAMES=" + nf_conntrack_rtsp(net/netfilter::) + nf_nat_rtsp(net/ipv4/netfilter::)" +MODULESD_NF_CONNTRACK_RTSP_DOCS="README.rst" + +CONFIG_CHECK="NF_CONNTRACK" +WARNING_NF_CONNTRACK="You must enable NF_CONNTRACK in your kernel, otherwise ${PN} would not work" + +BUILD_PARAMS="KERNELDIR=${KERNEL_DIR} V=1" + +pkg_setup() { + linux-mod_pkg_setup + kernel_is -lt $(get_version_components) && die "This version of ${PN} would not work on kernels <= ${PV}" +} + +src_prepare() { + epatch_user +} diff --git a/net-firewall/sanewall/Manifest b/net-firewall/sanewall/Manifest new file mode 100644 index 000000000000..2e6d2dda21e7 --- /dev/null +++ b/net-firewall/sanewall/Manifest @@ -0,0 +1,7 @@ +AUX sanewall.confd 120 SHA256 b489da8c9a2254956191429aec83cfda2a33ca6624e3fe7f41ca38fbd6d67bd8 SHA512 5b8468d6e167ab00e37481618650f4844cb186465097a3cbca8a462940f324d50447d464d8db58666c77909231c3d664022bd7979501d3496ad627bf726cfa7e WHIRLPOOL f50ed841d8bf38ce0d81a413103a9934eb2ba8281c6902e4a37e93cd891dfb2f067e2ffdd903541d9d3a17c34a553094dc47eb3d0b4809c51c46bc14fe4a6146 +AUX sanewall.initd 1051 SHA256 4c7c5f4c0495014639ed26ca93c7cf63efc42af6857dbb22140fb033ea7094f7 SHA512 2272e7ee2a7d2c0bf97d1fdfb0cfd2b271626d8934545fca20c1c3757b4b90f5f715417c0e2d48e900a12a4d72a5fb0005294ef753b3c1b1ed8d5f217da7f571 WHIRLPOOL a32eb4009aa6eada5f1099b11ad61ece16b99a311364997149f06484d0f932fe71231371c6e287766a49fe0f341dd156a58e739a1202e5461812d1de6a2bd242 +DIST sanewall-1.1.6.tar.xz 585316 SHA256 c26a339a1ac945aa0ddffbbb92ac4dff07302da8d9de6983832e91e123c4b00e SHA512 73260197b88816e90b15fc244a5940c290ec99c82eb8e50338b4f0f88710900c8cd18920c6f319205e527859c0696da28798428ab04b03c7f355c1d8ba6f7ca0 WHIRLPOOL cf906c539c4d348837fc93e46e7cf3d1d94cadcd111db918c265fa78133b35befd69ea2bdef782a054b035f40130821291b11965c7846220eaf4551237bcfb78 +EBUILD sanewall-1.1.6-r2.ebuild 1495 SHA256 98f1df3a3689021135167c005f148b54f47bc2e8ada6a7c00bcd2cbbccfe01eb SHA512 41faef759794c9cbdce600d70e611ee0edf510d2d9f3604bb55849e702b19085a10f7c8d05a8636f19a0c4ba21004c77c968790556a4687b39129ffeeb5aed7d WHIRLPOOL 4745dcbdf1350c8ca2ff51aa09b9c0ca5381dcc0230e50b9886d8ebe5aea0896d901b831e5cf92c96225fd5536e95c74d39f95b17fb4032f0fdf3883209a2d81 +MISC ChangeLog 3395 SHA256 46e183d6124ec933289eeec5783fa39ae239dcdea95a51014df2f93c9323348e SHA512 02afec425c31557a492a1a28f91e0a07b983e75af2231133082fe411ea50f09a61bcd84ee437a944ee665b946708b991e63b1d5dec5909f8fafd48c3a6e59d95 WHIRLPOOL e86e65d89710ee177f12a3b61b4a4a2f24eb1da8ad6ee649f87f608d51d151e3bee05d7802d8fb113cdf4188b514ecb2a62b7c7fbd57bed9cb5e9078696f959b +MISC ChangeLog-2015 1291 SHA256 894e6aed9b6ac605aa86990a79836cbd7822bc696b01b93fd0374f2400e28027 SHA512 0251984de693d86f16363aba0927fbfafb6131ee2d1d039d30816873031d3aad8ab88c38338fcc919c343b3c2b42dbf79bcaf9eb878aec30c769fdf8bdad57b1 WHIRLPOOL 23f652748328d6eb34a72428a7c87c4af893458a5209e0e74410749a439ce34110593a21c4d6c7648b237e86dc029564d74e4c1bb4ca7d113787f9287b113eca +MISC metadata.xml 166 SHA256 2caff447f5bd2701d8456ada5cc633c41ef4373fa4bfeabeb73599d40bcc941b SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84 WHIRLPOOL 1ff70497eca6531f0e0614c72a19f4b8e5ff486a58d369f4f0b36308d1d6b01168f9da887740e3b9f536236be251d3fe05f904d27a9233a7cf613416ba882968 diff --git a/net-firewall/sanewall/files/sanewall.confd b/net-firewall/sanewall/files/sanewall.confd new file mode 100644 index 000000000000..2193b04d49bf --- /dev/null +++ b/net-firewall/sanewall/files/sanewall.confd @@ -0,0 +1,5 @@ +# location of sanewall config +SANEWALL_CONFIG="/etc/sanewall/sanewall.conf" + +# arguments for sanewall +#SANEWALL_OPTS="" diff --git a/net-firewall/sanewall/files/sanewall.initd b/net-firewall/sanewall/files/sanewall.initd new file mode 100644 index 000000000000..c13d2df106ad --- /dev/null +++ b/net-firewall/sanewall/files/sanewall.initd @@ -0,0 +1,56 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="save panic try" +extra_started_commands="reload" + +depend() { + need localmount + after bootmisc + before net + provide firewall +} + +start_pre() { + if [ ! -f ${SANEWALL_CONFIG} ]; then + eerror "Not starting sanewall, missing config file ${SANEWALL_CONFIG}." + return 1 + fi +} + +start() { + ebegin "Starting sanewall" + /usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} start >/dev/null + eend $? +} + +stop() { + ebegin "Stopping sanewall" + /usr/sbin/sanewall ${SANEWALL_OPTS} stop >/dev/null + eend $? +} + +try() { + ebegin "Trying sanewall configuration" + /usr/sbin/sanewall ${SANEWALL_OPTS} ${SANEWALL_CONFIG} try + eend $? +} + +status() { + ebegin "Showing sanewall status" + /usr/sbin/sanewall ${SANEWALL_OPTS} status + eend $? +} + +panic() { + ebegin "sanewall panic" + /usr/sbin/sanewall ${SANEWALL_OPTS} panic + eend $? +} + +save() { + ebegin "Saving sanewall configuration" + /usr/sbin/sanewall ${SANEWALL_OPTS} save + eend $? +} diff --git a/net-firewall/sanewall/metadata.xml b/net-firewall/sanewall/metadata.xml new file mode 100644 index 000000000000..6f49eba8f496 --- /dev/null +++ b/net-firewall/sanewall/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> +</pkgmetadata> diff --git a/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild b/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild new file mode 100644 index 000000000000..c9997782098b --- /dev/null +++ b/net-firewall/sanewall/sanewall-1.1.6-r2.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit linux-info + +DESCRIPTION="iptables firewall generator (fork of firehol)" +HOMEPAGE="http://www.sanewall.org/" +SRC_URI="http://download.sanewall.org/releases/${PV}/${P}.tar.xz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="app-arch/xz-utils" +RDEPEND="net-firewall/iptables[ipv6] + sys-apps/iproute2[-minimal] + virtual/modutils + || ( + net-misc/wget + net-misc/curl + )" + +pkg_setup() { + local KCONFIG_OPTS="~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_MARK ~NF_NAT ~NF_NAT_FTP ~NF_NAT_IRC \ + ~IP_NF_IPTABLES ~IP_NF_FILTER ~IP_NF_TARGET_REJECT ~IP_NF_TARGET_LOG ~IP_NF_TARGET_ULOG \ + ~IP_NF_TARGET_MASQUERADE ~IP_NF_TARGET_REDIRECT ~IP_NF_MANGLE \ + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_STATE ~NETFILTER_XT_MATCH_OWNER" + + get_version + if [[ ${KV_PATCH} -ge 25 ]] ; then + CONFIG_CHECK="~NF_CONNTRACK ${KCONFIG_OPTS}" + else + CONFIG_CHECK="~NF_CONNTRACK_ENABLED ${KCONFIG_OPTS}" + fi + linux-info_pkg_setup +} + +src_configure() { + econf --docdir="/usr/share/doc/${PF}" +} + +src_install() { + default + newconfd "${FILESDIR}"/${PN}.confd ${PN} + newinitd "${FILESDIR}"/${PN}.initd ${PN} +} + +pkg_postinst() { + # install default configuration if it doesn't exist + if [[ ! -e "${ROOT}"/etc/${PN}/${PN}.conf ]] ; then + einfo "Installing a sample configuration to ${ROOT}/etc/${PN}/${PN}.conf" + cp "${ROOT}"/etc/${PN}/${PN}.conf.example "${ROOT}"/etc/${PN}/${PN}.conf || die + fi +} diff --git a/net-firewall/shapecfg/Manifest b/net-firewall/shapecfg/Manifest new file mode 100644 index 000000000000..dcd266cc39bb --- /dev/null +++ b/net-firewall/shapecfg/Manifest @@ -0,0 +1,7 @@ +AUX README.shaper 1698 SHA256 d642f4db8392a4603fbe28c120ae0febad6e1ad1a62e680835227af35c787ab9 SHA512 1c71dec95441defe5353a481639788a024a4bdff413958362989c784eeeecc098f4edea7a94f5c643cd83fd0ec8a24c321985579596c766e468f34e9b1c74f47 WHIRLPOOL bad2ce469b90ea8335716003d48d83b20714ebb637a129cc04e5391e612d903981dcb66462e297fb9002f20af5fb6ada707d793710a153d75b835bd22db2ca78 +AUX shapercfg-2.0.36-glibc.patch 372 SHA256 d1eb3d35c96747a6d79ae1cebd3cbd47e068584c618b65d956683962b501081b SHA512 d9fae6594a0992fda9cc11c9c395be37f72ea8e2f3cfdf05a4657f98dfec8787f031c4b1a2725b970a1c6467c60e682beb5478e6bce1e987ddbde531d693ce42 WHIRLPOOL 0926277f936b508c90cfdc2f3bb5bce8b819ad71d9e7b5213c8b54b49067f7a4dfc473701f361c07195c19ec648b78be5a9dac49c10af77df17646e2a7bbd496 +DIST shaper.36.tar.gz 671 SHA256 33abccecf7628da63e668042b3f6d5ac94df6036f8194d86d233964f15400323 SHA512 5e2e7149b68e8256ec7d38c9bf5bd9de53867a9b5c859610ed21c3edbef458ba28e9bb3a3d95ee2f048483b5ca3020d474eeb15bac161eb14b3726212b9216fe WHIRLPOOL 7625cae34a0877b4eb550c182f3f93c8856f60d4a4ddcd3f9b808ace12b195d6ea7416ffef1fcbff95750207a4b529118b7e5f26ac06c26c34c138135c2a1b91 +EBUILD shapecfg-36.ebuild 721 SHA256 e561d07926b44d4bbe34bea1ed19f5a25deab4145ff7b47e68b989354b113900 SHA512 76fb88e64aba6aef8d3d7161ea1af9ad960981d5c64db2b2c4889080bfcce13ecbd646b5d492fb30ac4127b61649b501721e6f93c6f5188799ee1202fe7595ba WHIRLPOOL f9efe35508cffcc9e6c964231672e2fb15add01e9357f38017e2e10e8d899fda895e04d9e32c0b0e0972fb457157c24fc59a78cc6b5c60021ceaa59f1b5787ea +MISC ChangeLog 3238 SHA256 0025f4233c428d9fa75426dcf59b6a44d98b225166837cb2aca82495a589725c SHA512 8f752fee7816af4d007ad0811852627de20eac61595a8c29bcbd45be30bc1b101d6cd45f628231f4abb151b4caddbc43fe432b380cd6e1892061d1a0a6a12ab4 WHIRLPOOL c44133668de869fa714205c3dadcad9aa01ab96e4217252158763746ee4f07b2f1c10d231ef5786b11693547e33802c7c978c4386a0a8940d9e97108376f0853 +MISC ChangeLog-2015 626 SHA256 fea5ab9e2457fc7c399a9ba67fc9dd58709a8909060a1839d4cee411bcabea46 SHA512 dc82980b3a58896c6c699497fd82455c980882d163b1ac21f4ba2c319e2ec57100237931a89f4d96752e41705aaf311d618daf7662b05f736340ba1197286645 WHIRLPOOL 7f33597481753f796d141d6db54bdc1a68729c4a80f0c35abd92afef057393334d1d1b5fb1500af7bffef4b085f8045ff1ef5fd6cd0116222c95f7bfa65b56f5 +MISC metadata.xml 244 SHA256 ffdbeb4c645efad13e8aeb89f087143dae128eb717af78d46c47ffb81c11cb50 SHA512 d922092251c07becd0effd06de2ed063038394b7396c9a303e4e234ac514ec7a3c9f00e76503f4bb435ac5dce5401f3d05495def1ce94d63fa9d823dda1e3a54 WHIRLPOOL 90572f1bcc80e6f3ff795d929c267dd746b59b111f4f97342e700ee2f8f1f0ceb644f34a04a83f80d3cb6a5c9bba60f0c677a5cfbd1c910a68e855a7b6cfd578 diff --git a/net-firewall/shapecfg/files/README.shaper b/net-firewall/shapecfg/files/README.shaper new file mode 100644 index 000000000000..60c2b4d6afb6 --- /dev/null +++ b/net-firewall/shapecfg/files/README.shaper @@ -0,0 +1,50 @@ + +Traffic Shaper For Linux + +This is the current ALPHA release of the traffic shaper for Linux. It works +within the following limits: + +o Minimum shaping speed is currently about 9600 baud (it can only + shape down to 1 byte per clock tick) + +o Maximum is about 256K, it will go above this but get a bit blocky. + +o If you ifconfig the master device that a shaper is attached to down + then your machine will follow. + +o The shaper must be a module. + + +Setup: + +A shaper device is configured using the shapeconfig program. +Typically you will do something like this + +shapecfg attach shaper0 eth1 +shapecfg speed shaper0 64000 +ifconfig shaper0 myhost netmask 255.255.255.240 broadcast 1.2.3.4.255 up +route add -net some.network netmask a.b.c.d dev shaper0 + +The shaper should have the same IP address as the device it is attached to +for normal use. + +Gotchas: + + The shaper shapes transmitted traffic. It's rather impossible to +shape received traffic except at the end (or a router) transmitting it. + + Gated/routed/rwhod/mrouted all see the shaper as an additional device +and will treat it as such unless patched. Note that for mrouted you can run +mrouted tunnels via a traffic shaper to control bandwidth usage. + + The shaper is device/route based. This makes it very easy to use +with any setup BUT less flexible. You may well want to combine this patch +with Mike McLagan 's patch to allow routes to be +specified by source/destination pairs. + + There is no "borrowing" or "sharing" scheme. This is a simple +traffic limiter. I'd like to implement Van Jacobson and Sally Floyd's CBQ +architecture into Linux one day (maybe in 2.1 sometime) and do this with +style. + + diff --git a/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch b/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch new file mode 100644 index 000000000000..3fb6a36ae50b --- /dev/null +++ b/net-firewall/shapecfg/files/shapercfg-2.0.36-glibc.patch @@ -0,0 +1,15 @@ +--- shaper/shapecfg.c.glibc Tue Sep 29 20:24:02 1998 ++++ shaper/shapecfg.c Tue Sep 29 20:29:27 1998 +@@ -3,9 +3,9 @@ + #include <stdlib.h> + #include <linux/types.h> + #include <netinet/in.h> +-#include <linux/if.h> +-#include <linux/if_shaper.h> +-#include <linux/sockios.h> ++#include <net/if.h> ++#include <net/if_shaper.h> ++#include <sys/ioctl.h> + + void usage(char *name) + { diff --git a/net-firewall/shapecfg/metadata.xml b/net-firewall/shapecfg/metadata.xml new file mode 100644 index 000000000000..30d444a41f42 --- /dev/null +++ b/net-firewall/shapecfg/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <upstream> + <remote-id type="sourceforge">cbqinit</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/shapecfg/shapecfg-36.ebuild b/net-firewall/shapecfg/shapecfg-36.ebuild new file mode 100644 index 000000000000..862128700d3d --- /dev/null +++ b/net-firewall/shapecfg/shapecfg-36.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +inherit eutils flag-o-matic + +DESCRIPTION="configuration tool for setting traffic bandwidth parameters" +HOMEPAGE="ftp://archive.download.redhat.com/pub/redhat/linux/9/en/os/i386/SRPMS https://sourceforge.net/projects/cbqinit" +SRC_URI="mirror://gentoo/shaper.${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="" + +DEPEND="" + +S=${WORKDIR}/shaper + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/shapercfg-2.0.36-glibc.patch + rm -f Makefile +} + +src_compile() { + append-flags -Wall + emake shapecfg || die +} + +src_install() { + dobin shapecfg || die + dodoc "${FILESDIR}"/README.shaper +} diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest new file mode 100644 index 000000000000..fe1674c7e4f7 --- /dev/null +++ b/net-firewall/shorewall/Manifest @@ -0,0 +1,62 @@ +AUX shorewall-init-01_remove-ipset-functionality-r1.patch 799 SHA256 c847e50428e17ba37b072c0e14d6b77839342ad290334083124af1d59b7bca45 SHA512 c8686cb9345abd1036a8fdc6cbdaacc21a69df9dc536393a65675a2ae19c9cfb71d71cc66a9776135ad923414bde783f01dfa69600d1cfaafd618fcea65c8dcf WHIRLPOOL c2a9945b08e178a99e23d9ef752d220992ee783f90a3ef02072821f5340493d37a59c07a96ae0a60abc8b7f32bc9ae1e7ff1feed102aa7afffdb70b27997b8fe +AUX shorewall-init-01_remove-ipset-functionality.patch 740 SHA256 ae880cdf3c4a7a2f1c1d128f345f847e1a18054349c03d6a6fecf8ca3dffc87d SHA512 aa35a780fe353970c4fe589ea7f57b010d58276aa51d7212459e80812a234aba8094bf85e7370b2b260a90ad36f80815bfe3a83178c5c7ca40cb15df9dcea0b6 WHIRLPOOL 2748ff87ddf254c18ac5c152fc61f4088ce6e2af911a1f90d5bfd9731ffc4a070f809bdf9683c15168fb1dab7b70be79ea898412609fc14f6692df97bb151318 +AUX shorewall-init.confd 152 SHA256 990ae5e4498ddf071de317f7746fb3eadca77fab37631d814f2f56d588ff2937 SHA512 105393c3cbdd1820066e41ed941b6a79cafde3196eb723c06ca984fc663370d6902757467339b6b4ebfb8d00167b9f85311b6842dadc564029313eb36f1a389b WHIRLPOOL d24e38eb1ab20799a515543f586dfc95854d2eeb5dff10cc8ddd1fb7878cc854c9115dde8bdf9387e349cdb75381c8ce03972d05bae858c8ae04efa75ece0299 +AUX shorewall-init.initd 4357 SHA256 bc5bffdca1957d413182ad247f8d4082faef9517ff01c32a4485c8daa0493033 SHA512 5cb410e0fe0391fd467f212b3e1cf3ec4c7fa3289de2341edbf301ce9087e7cba05a36999a8203d7bce28ac35a429c10bc017a96b750aec1bf257987aec23245 WHIRLPOOL 5dab913af5c253d3fdc0edfece0eade26b6630f174183b1befd2339f1fa901b022286614fa2a7e563aa452157df4b8ee4d322cc1efeb6edf446c490d7ae4420d +AUX shorewall-init.readme 1233 SHA256 01439a974c15797954f3b9ce8fc7dbd8c81baff79e6a4e81e745416103896ce3 SHA512 8dbb70cc381b81ae811dcbfbcff63f5de0ba776472107a7d3b53e912fe50f20acb59f5da2aecec5de87ad0513a40fb4b4dfa30b51ff5f4b0da9186504870304a WHIRLPOOL a4293a49656253e3d7903b5a067d67b1bffdb1fffb3d92a43a2c32dd8a796998c67ad66beb756b4c45db618ab72b0dbc1bc81f183976c174b483bb4a2401a643 +AUX shorewall-init.systemd 389 SHA256 06e6e307997f3cf33135fcd9c6f0cbe3439ea693a4881188f9b07e33600d3451 SHA512 458c5fb5d894f307cec27fd42d05a1b16f10d556afd11a7b73f75be8eb072aa5256ba6095b4e3454694b9bc3e6cf80d7f40314bbe368ebfd4646074a12669f4c WHIRLPOOL 72b32aad7ad3d6d35cee28aaeca562b46a9636b4f347016ddc16e9a10f27aa69a0f4657ab89daa95f19ad5332d1bdf815c1182e4188862e015d4ac453747014c +AUX shorewall-lite.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall-lite.initd-r2 2236 SHA256 4637dff8741acd93e07163c51259710b5aab4a0460b8de0be8fa2f0c6d451b93 SHA512 3277922dd65ea573ddc210f07f42831b18275157a595c95517e7306cccd75e2884d30acd36288b2082becf3879977a85efdd0456fc27466d2acff3cd921f6d0f WHIRLPOOL 251914570326868920b2c6ec243b717e2284011dc0c71fb4626faaac6b5f7d224ce78b16da2e8e38dd4d1dfea8e56a490c552c15baec3eb4753fc851528a5da9 +AUX shorewall-lite.systemd 603 SHA256 6af780b780dfe3adfbcbd1f7418e6ae836ec420c0e23cf104f441c21917e6f98 SHA512 b9ac8ca1f31d29dfbd6a3e9387932ebf954e18c634df7e6118c55e3eaaf20a835e47e0bad07bb4ae1c47e76cda91bb3d03cd59f61805e48c194833b86d14a54d WHIRLPOOL e3261e2f21390352533c635efc0de801e35e2d0f9a47f225180de4b3e56df2766d1bf3a889efb364701562c55de1f94c69bd7180780aa3b595ba01a01bdfe8c0 +AUX shorewall.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall.initd-r2 2652 SHA256 f856ecacfc758831ddba5f41444ec86f4a4cff0113cfe6a15e862afec52d7c46 SHA512 aee8747282dd8e7ecc7cd50ce358d8701f7bff3e5325d3da474aaa31edbf0833345338774fa51648498e398672f9a0ddefc49f3c2c09f5bf075571d9247c6858 WHIRLPOOL c71c4a3bbb4114ac61a403acbfffd137126fd0c1fb30fe83483a530639213da003244b53c01c952b56407e5c660ae17ec4e8b22c2cd4f3a01fee4e5accaf5055 +AUX shorewall.systemd 568 SHA256 90765e232ab1697e0aad47ba756823c9cd4fe6892af5b3b4ee18be4ca4d1c671 SHA512 eee635ce7818c416f3563fa8453d580a77451bc87bf12a285649ab22eb68c8d001ce54a8ba70742f46c7b1104acc3e2b9aba4878267992ad84f9042b625b0634 WHIRLPOOL ff7fdfa74343b5c38898be62f73b04381cdfe036abf3e0e65200b5a3ec1d5942074aa4dca3cac015f338dc016b3dca6d8dd706c7aefe7dbaf37bfb1b6e2d8372 +AUX shorewall6-lite.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall6-lite.initd-r1 2469 SHA256 e25dc2c646e38fd09c9f355a7765c6946ea55a19e99969e1856a75774d88c77c SHA512 036af6bafbbdf1e8f6a69efdf0ffb69992b262cd0c4ac7cc1ab7e3fec8d8b023e8528dc8fcfbff43f4a70f5eff0d1e48fea34007b9b3bb76b0c94615eb494ce7 WHIRLPOOL d0ebc2d8fb516af6b645ceb92ac222f85cb11a2b96aaad2575cc4b52ea0dbd28a8f1600a340fdbc08038b4909a9211b915e1238f662a9e3be0c67b31dd33866c +AUX shorewall6-lite.systemd 612 SHA256 1335ad400127a701b389288d81c5ffb95ba75b7edcc055061cee48e382c42295 SHA512 0bd832d4f8857bf9b1c9c776a53739d8666f002d1caab29c976a248916cf1eb5806d6b59dbf7ee8a120a3158b10e6fa6e179e34fe9fa6077a794ffa7d1e06cec WHIRLPOOL 645f73fdd7a99899fd8266d1903723481fbbf48e12efd5e44617c739c3165110ef0e082381c2821c94c99736f6ffa66d6db228afa4294587bcd729ef19d1bb6c +AUX shorewall6.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall6.initd-r1 3168 SHA256 abad250a922cea9c9a5774bcad1a5de006d40511faef59b07c62356e1abc818c SHA512 3149b1848ed76b1d04466195810572c96cf1a68ffce6005c8c6cca08df7d7c8914f3c185ed80a357cf30cef23f076559ccb1df3236f443abf089133eeffe42b3 WHIRLPOOL 4f0597ab7853a633856ea2c492608b306f4d1a54f7912f45055bb10f1561a90221e8b3a0925d3e14e44c46ad6b3e37f04c89eb3a5a2a44b5060b7c3354ff5f7e +AUX shorewall6.systemd 577 SHA256 84543b65bfcdc02bb9d364b997a0805320508b6614c64eed7ffd3035a6097f14 SHA512 96b69df246a18e8b7dbfdbe78959da1baa8f2a97eb290853d4040a895f2ae91b97addd2ab4e4e19345960ffe8f1b099442f40ce319b27f0d4d8d7d4780d2e78d WHIRLPOOL ace953292744d4187b32471c828f053f5e816067d396418fca6f4638e6770491e3e5404c8252edf565bf68d53aca2bb096eaf5f4614adee46fdb975231852d36 +AUX shorewallrc-r1 2075 SHA256 300c00dd1f71ca0ef3f3244ab3fb19ad63493242b7d414450de6bbd47db403e2 SHA512 9cf87d5b5807b224a325c9d038f159e55d277ad3eca62a1fd82d06d9ec1d0f71e58b239c57532b9b081271c7ab6f90b281cea1dca0bb9ea26e1e1c8ddaf3a691 WHIRLPOOL d7c135563e67f4bfca6c0cdb7aecc2792334ea6601e46f45dfd6d88fd4eeccde45f3adf86d55f1884dbc22cf9d0b8990fd82d441288089cc367237fa83a9fb39 +DIST shorewall-5.1.5.2.tar.bz2 520374 SHA256 ca33a7bc9c590638575edb8a530b76a9b0bd844877bef7df7c23646e839e137b SHA512 aed35f0a00944d70bb2bdab195f151e3770e73dabe07a59c1b6dd7fce5147866c73d44325df9ded475c37b258cf7c31c8d1348c58476fadd5b98217b7f0b3888 WHIRLPOOL ac0489f4ec152ff57a6da6be2c86b0fe45281ad9bb09e3fd53aba11b94252bb44ec5a71f069e2541b5c4912922fcfbbbce6004804c395e17929c78465a0cd102 +DIST shorewall-5.1.6.1.tar.bz2 522476 SHA256 90702872726c30434ef87c19be1742ae5f04b4e0b1f9ee7761810b618b38a05e SHA512 604ee6150add87a5c121e863ec3d65f454b6ae1724236c80c08e2ce3365512966126f9d28d07c7e6a273d5626e02e5625015f91f6a7166b830f6ccb667f731ba WHIRLPOOL f0e70c3949e9f9b59a5f5a19ee1023ecc6dc2ece2e420245f67fa2d7197939bc1197402366d8a560d7e29231accd5ea1456a005df30c7deaa82f25e01375ff2a +DIST shorewall-5.1.7.1.tar.bz2 523943 SHA256 386223522c12c5279ec522efed137e3f1b5f638e396bbdef3e3d077104f8c053 SHA512 14ff5d4a19d355d489a6dd4ebdd1901112b8ac0cfdba1e0903ff9ac775fa02e3b923294b200dae1fb3113c7b7d43673b28877cf6dab8a07a844cb31b42393137 WHIRLPOOL 8717e3902fefcca580e189be80647caf39c76d1a0097f3d4e9ef5e2ff9f8c71b5a02e2b472d26abe57ce2f243b9ebba197a6fcbf84d566a7f49ff357f74e81a7 +DIST shorewall-5.1.7.2.tar.bz2 524263 SHA256 e7c4cde2d04894ddf6e8dd8a8f96e96e04574181807cfe9f78915fa0dfc836e4 SHA512 05599609b50189e300cd71eda6876ac5e8878a2d2ab7c1635afc1b79f1ab3c9bc92c1ac1758aa8996d10bb37783d1fa29c76adaa879ec93bc12669c3dbdbed9b WHIRLPOOL a2fcc48c9c51161c4a2ec692fa29215824a412056fdc15203892e6a9752c2239722462be89f26c4e7374ceb0131ba35df87847a3f16329438c57ec8f8dec0208 +DIST shorewall-5.1.7.tar.bz2 523676 SHA256 d19e6461fee8e497d3d569d69b4e0fed7736870171dd15ad8287e48facb25be0 SHA512 24f8dff494ee39926cb25680f62b2cd9073ab80b249ab57af5419af2211fc964d64e0bafb651879ba519677e0f844d5617cefe09f769369572c9c1a00149bce6 WHIRLPOOL 503fbf422b3888073cc64cdc4ba43c90a376b139252df3c146266d7da238b3aad92c1d778f5d1e8a45e4b9f1e6255e5c623c1b0530be68e95b184f7d56d0d21e +DIST shorewall-core-5.1.5.2.tar.bz2 77435 SHA256 24ca9c2e506cadda1fcbf621b376db0ebb3f3802cecc53d1518753a9cb77d450 SHA512 d4e0ef22d288e6addc2ce41813f2bab56fa142893ea495ef59dd1a636995e2a71e88477c38cac1004f055a7333ab0db27a334ca586b88558d6b781966712bff2 WHIRLPOOL 526495ae9a13a2e0dfc6dc7fffec0a7f8dd1be111be35ff2356bcf403c12c7e76993c82b2cb5b76541fa613856b23a5499b86a7a72b52062e7a21bd3b61e9082 +DIST shorewall-core-5.1.6.1.tar.bz2 78891 SHA256 31b48d50ce9a6b256739679c03ea4c6c219149b34201e6637f0ed2ccc6dd3530 SHA512 090425813791bc78531a46c493a54cadc3ac6106963c87abb3c48f0863267f71bccad644209f2893f9f1ec06057595242f12fbd59312c7e8dd932f0c3bc29236 WHIRLPOOL c255fd892a299fe8ef56a923b4c8511df2cbc21ce8821f90257b2e9a1fd66a20ec2a5070365dc7a6b43e40c0b0645c845b122a67b4dbc6e71e8a9f1de919b13b +DIST shorewall-core-5.1.7.1.tar.bz2 79801 SHA256 482d2d283cc891c7746c8f44cf745e7d54615f65e9eb67874a5c1d548f15c5ba SHA512 5a11a5f85518df3b57b77e16f8b8c7ff7b169a86d87ce21beb764e5a3e9651d1d07f4d5fe50ed0c15c22b7bd608aaca8aced9c0b892d7f50c712195fa22c77a9 WHIRLPOOL 62e6d98a376f90219b47b24432cf81f8654bed04b899136efedf0931b97543f9cdb6cd7459ea168a525c24477197fa0b61f5a21e0aadfc42893e42777983a4c4 +DIST shorewall-core-5.1.7.2.tar.bz2 80213 SHA256 c1f78229d9633ea6b35ec067c9724003e2929a39ae54ccd8e6875776d155cd70 SHA512 73c547d6985f17f5c2f2fe4a846a7db76fe514edbc03b7b2f191b437405ac6175cbe3dba615839bb46658031f7cd74ce26221cac42869818e5131b1836d43951 WHIRLPOOL e58a64514f50b375670908cea228610abab9bdb7a8300d04a3c728a70b662da144711e09124fa6149e61c941d165f93a65d162cedbc739eb670ddad4d86f76ff +DIST shorewall-core-5.1.7.tar.bz2 79711 SHA256 c94baf58a61b79407fbaea84a6439d323b17d02912dd81838f7b5ed07ccf1340 SHA512 91836595a3f0df8db6d26eeef47207e94364748e55762de771340ed368ea10be2c445680a57a2864fdfa68b35da18ee256cc0f8dcf6c53494c39f09da8ae829d WHIRLPOOL 4fd47f0b46c2881917561b9234acc38548fb9d4a1ef1e2f706a8eaceeb1d44aa0753a93fecddb7ebc80be9e19c20fdd853c22ca2ab7ae21e092aba7e60921b58 +DIST shorewall-docs-html-5.1.5.2.tar.bz2 4218574 SHA256 18a601050b6fcf6b5839ead037e96ee28ae85eb34262d7d614183cbee6169ef5 SHA512 a66161a601f5417bde8612a154c3886dbf81985e127955bbec213dcaa0e4778b2a3aabbf1dcf257d36db0806b5822bce5fa11a555da36427abbf0deb8f6f1501 WHIRLPOOL d8607b0c7ea3b7bd7b685e99895867f9e37bc2a0c8a5520a59311696fc0e2817452e36865c08e7b758a72fd9a546bf5ef6a47f4098f993cf8c95ad4e1f426dd8 +DIST shorewall-docs-html-5.1.6.1.tar.bz2 4218958 SHA256 db1d61b013f035a2e7d515f483d789fa160fe7a250e12e9efec5a79fb2ef1144 SHA512 c620209dd6fd9f044088e11e1adf8bee5c481bb27db76bfae5f42fae242dc139526cc457507251d5d00e55a652b358aa7ac3586ec10e28210e00f75932007277 WHIRLPOOL 36936c55029db3875f1a14014eb2c25845412f74bec22205a24919faa34c8b447539bbaa29189ed547bd63989ba20d1c4376fc5fd4d02d4c227f10d733fc0835 +DIST shorewall-docs-html-5.1.7.1.tar.bz2 4219011 SHA256 4f7c5d85945aff85ba4287d0afd63fa476afae0f3b22ed1cdc661cf18f963001 SHA512 af1c97e4e23ba9a80963161124e26ee322b8ef8900457c5e98a34e8af795d3122bb3b54cf026148543e33c7045827d51d07b3af913d9472646e07bda339695c3 WHIRLPOOL b29a81f77a006aaaf8ea1881925dcdb102219d67657c529f733b996011743118a9c743a4496db673fd38a25c114703529698d1986f562be70c73ac47f25095d5 +DIST shorewall-docs-html-5.1.7.2.tar.bz2 4218919 SHA256 348e9bf9c97e97aa3f8f425e30da9f6c89d2b7c5a035a21ac4c3e792ef33ac95 SHA512 b9c85d228b65ecf6b9e29ba316b8cf878a06832bc94f62e2ca8793c02c95bae7be934dd45dc572b31d8e4cff00e1092c8c8681d7c1fc4759c5700a1b8f868f55 WHIRLPOOL 01c51b28a9bcbed7e9a8d257ef01ecc113ba0ad095fce02d6fc17b3b341fd5d340281dfe1db0699ae1ff81e990f9413436d9fa0920846ae9f4b4298a483bede3 +DIST shorewall-docs-html-5.1.7.tar.bz2 4218629 SHA256 81a9906479bab465e61b420cc9904487ccb490f10bcaef4a5487ec5ff46a1428 SHA512 c24351701983c8b0e6b429094084cbfec1360eaaf4cae8c58b3513c3783957ae1b16a5b0443f07b6ccb4cbf5726324b7670f07dfe5fe1b0e58ec127d305baa4e WHIRLPOOL a31f6822011fb90e4e6b00f20f7f604a4cb4a6f67fc2563754bfb447a2fb2a09a86001412d3d47190f6ce388bdc321ec99fc32fd23015566fe0381f8a1f6a4c2 +DIST shorewall-init-5.1.5.2.tar.bz2 32646 SHA256 1ae9771f20ca3ede897fe0ee4443d65011dde37d6ecc146150ba22c980b6f272 SHA512 de67e167bbdd5e2860e01fb55f07b695011ce7473b98b374f605263eb0aa66e7de645cd7716526ecbf01bf8b65fb5e08294c85bf55ec45b54b78f1b66e80565c WHIRLPOOL d1f1d05b384b63b087e48afa90ded85e333d1ca1d8e90196de2540c8705239f55326ffa5d421f6c03e651e6d7076e18786ab47009c09f31de2cc6fe13910ac36 +DIST shorewall-init-5.1.6.1.tar.bz2 34153 SHA256 ad20b348e32f6cc332521b07ef89a891978453e56cfe7fbe916d1f83ae594194 SHA512 f6ea4aad0c0da6da8436dcb27441088cefd8312e37cc6d62187fd8210790b2be5452cc06f1823f1958c53cdec2e4b14abc5be31a7c029739838f5bbc6d143a00 WHIRLPOOL b5d6f01c5670a60a3471f1fffbd341ca914c20d39516ad5bf63693c7ebda882c0fa572d5839f28ef94d40a95216a1b13573b470fe14676f0421aebde62769fd6 +DIST shorewall-init-5.1.7.1.tar.bz2 35144 SHA256 e814448295918102fd83da6286925c59fc3387a211d9cf0e808509613e9b571b SHA512 dfbab688e60475e6e69279f4c48ce7492227ca3d541b171f2e4308793d7b6bd46cce7899a6ad0f1c48e817db576ddf3dea9d826d36ff5745f8f84c98cc6317f7 WHIRLPOOL d58ffd4fb4f643a6692f080f512b2be86bab43fe7701555408ecd5c34ead78374d960a6c6528579a7e68db53fdaa9bd7d1201f51a3bc3c0a4e6fee532bcea858 +DIST shorewall-init-5.1.7.2.tar.bz2 35347 SHA256 f47900550045901a38a96fbcad6e401f86cc53ba0a94c44e1b3903b0e6358609 SHA512 9f295da51cbfe7c2fa3aab4029b18ff4bb9c4834d852e2a4cc3770fbed6eae79797000053ad7097ba831e01f710bf4c030d1f3b0cda93cb8da3dc3befa6ae0f4 WHIRLPOOL 1d47c4211959193334e921a82fe50b2cfb353ac6f3635bb96d1b8500a8dacaf2ddf2d62f96874dd3c2d9f4dd9d7e7f689fee4254b528bf1fe92a47fff5d8cca5 +DIST shorewall-init-5.1.7.tar.bz2 34955 SHA256 c0a0218d209846cde2581ecc93d70eb8ae26bea976647db2f1fa887140f10811 SHA512 3951b24a0e992c45021d5e79d5ab4a1480559ba321c4c5c57b40068373bb4b14f45edf525e9cc384657167330ef8f6cec46374c84a8dcc7fb641a88e27e40a4d WHIRLPOOL f319cf109987cf627794d60beabcf988a2cb2a54abacdd84a46e60344960ed9371adeb6367fd3318ebe9e24a562a199a3ed98edca31a1e992757ab2db252f58e +DIST shorewall-lite-5.1.5.2.tar.bz2 38424 SHA256 acf092c051ce4e19b0aa67b1828511ec446006133c4451d9c13f60275025a397 SHA512 300793d3a123ab63cde988667a53e931adf7f40e6987bb5b57a60376502ad4ec46316e45bc0c589f82f3fb118ee6f78a0646f7aa5ef522791eea10e7ff2430da WHIRLPOOL 2a8b775d87601cb4e792fe817e0d2e7eaaf6b162eb9ed762081ec502239d1dc33d3843e9742b532d582939dc143561de617246aeb27a83448625bc4935d78505 +DIST shorewall-lite-5.1.6.1.tar.bz2 39930 SHA256 64424e0c69aff83fc02a73db5b1c7ee10fb916d317c027987ba40c8aff6ddd8f SHA512 69cfca2e703680238b32c8ffe3431a9267625faa3a03bed28593f0b0e8a5accc7d58ef4b91b77f87fc44e09f279d41e0302094e1d5255fc3ed1f6fc51863c07b WHIRLPOOL cb993586c09297aeaf8a37cbde8afa99f93687b62b1a5551e70e10ffa9633ba67077dc9323af583293c7e1d07b0ba558d2b1a124709fef147021bf9c5cffee9e +DIST shorewall-lite-5.1.7.1.tar.bz2 40847 SHA256 7e9f09a34eca462f58aaf3f43326a830d924d3868b6cb82a3d1f27875aee128c SHA512 5422c3a0fd53d37d615a81d1bc2273042ca1011ae64f357c295fb81b49962ab8a51343a7eb71819018fb6f1f3c9045b27a6b289974ad3bd436d8c85f24c5da63 WHIRLPOOL bf3baba44eda3457af584e0dcbe1e312dd2d890c9650523856b43a93f747b7ce0677ea0c5320ab51d1c4f733a5c4951505eae19223b4a9aeeaf5673a7eb6567f +DIST shorewall-lite-5.1.7.2.tar.bz2 41048 SHA256 e5f4f97031ef81ef599391279e18c26762f3db6dffc5fee33f3e93f37d92618c SHA512 385b072f93015259b6bb57a07c62815ac27c858c63254cd968240761a230e8b781207ee9f1cc9e6caab43e8f12c60e42cfcbaa6f938c964184b14e5d360bee83 WHIRLPOOL fe88d3f7df02164fe17f141dc1dfce9f082688ee133f93e8af63b4046981cf879560bff4a148fc21739f84d76bf3eda58906bf280fda81fc8bbec5f21f277535 +DIST shorewall-lite-5.1.7.tar.bz2 40648 SHA256 c55d2077bfc72f50bd49457984060d9cc0cabdefa26674662f8a68ccf1aad65f SHA512 a6ac156496aa52ff4bcaa4f6b72b3e0bcb93876a029a54f81989fd3d02ef2fbc9ebf870731912080c59e5f3afd56ebffc17fcaaf30716ad65693b72130e05500 WHIRLPOOL 974815a3ea8032638905da17fbc7f46441cb73cc4660f57f733fcd571a4ea606658db00c98518e914fe681a67effe19e5e681e0b1afccd5986bff7b6d86d68cb +DIST shorewall6-5.1.5.2.tar.bz2 188754 SHA256 c215a762ebb9c0a35be7463e1a2db2397ee1c01ab32c2224528f8de4a5ac9ac6 SHA512 1dbb7304f1f349ceb84a34c397a8c12e4fc5e9bdcd001d72881dbf76dda37e8e8448419f00c705e430f5f2e57cf3a7f9dc834cde6119d18cbeabf9d5a0e67e35 WHIRLPOOL 0daf72a3755b83b1ac3c6d90911149410cb9918f9ad312bd16f90c900880e32e852f5cb89791fdd68f14c1ae2389a365a23b94f430e227c687ab820d1b6d7619 +DIST shorewall6-5.1.6.1.tar.bz2 191131 SHA256 4732c560aa9166b35fbefaeecf6dcedf9f5224e1f56a739b3b1d30724af3affc SHA512 a26acc30f81c7419d9cbb8fd9f0a95c4647e4247b5f4f6232fc414abdba85c85ad8b127f441137cffa1dd88e7bebfba8a785416f54df36f77a36a50b4971b0f1 WHIRLPOOL a9cbe284762ee8af930808c8bb25931860ea9014e00c5b1f2d99ae48ffd31fa96a92dd0bb7ab43bbc44a7d02c5e8e5c334d938db3414b1c0e7069175f04fe026 +DIST shorewall6-5.1.7.1.tar.bz2 191749 SHA256 d950eb1acdffa5d6af19f4f9cc81c76e293c75af26f847452ca53401f9d7093b SHA512 fdea35fb2b6d9e7418d2c2d9124a3c05e42080240aa6e2faa23ef004e2b4ef7e1a05f965d6cdf1c3b224a7c226724a3f2e68b597c026d3b8abdc0326cb545b2a WHIRLPOOL 2dcff81b201b601ad5d5dab38a39344f3dffcfc2e90fe8b39ef31b4f3070295871cc87b5b17e3f9651c9131c1df4702413cb8735d4953088f6df99a8a01ce568 +DIST shorewall6-5.1.7.2.tar.bz2 192087 SHA256 8cddd2baafe71ebfd9aa691400bc320ab0672791f5d8f1e82067d91c3586deba SHA512 2ce5beb6be5ce9a5f9b1f116468f2834188938c5893ca2a9fdc7d76ab43ed487a7dd59cca5a8098ecee06274c1c359543ff57f2d3efa5e4ed8fc728702f6a689 WHIRLPOOL db5b3569689d3dd05e82316e9d7851f72e18b7df1a84b768bf6ceb546bf470843d31834a0e3d5a40e6c83597b65633efc9507eb75709a66f1c1d7223162792c2 +DIST shorewall6-5.1.7.tar.bz2 191614 SHA256 624fe000c881a75109f65f5fb11480a2f997b06237db546e51aeee2ed49dd10d SHA512 9423d6a141c61e1ca5546fd21e5db145c917d6e6825805ff404f5531449a0125f8288d0954e101231fa4d0a521e6db3993b4b312caba3188e41bc579eef350c3 WHIRLPOOL 7635d78eecf9f3e13b98e0577dff7687be34abdbeb8eee7d152ef1a0610dd9e82bf18024185ffe14caaa47053b809307e47b2aa111f7d03a8595a35d7c297ccf +DIST shorewall6-lite-5.1.5.2.tar.bz2 38137 SHA256 0b65ef615be93f921af6d8c11f702f2c46ba18d989fe12fe048732c53cf841de SHA512 e8961abdb7c105820d8420f623cbff72af33e2d35701bb0f81f2fad5364e91b88d5d1317d4ffc8e00c3b32d50c96f6c0dccda20cd981c5f6cc7aaf1662af8d27 WHIRLPOOL d3b04c2c6e9f3a10b8bbc0da1e5691dc3e428501ee52547e548eed05b14d54aec243111f711cb66ecc734efe5217dffa0230b1045296f90a60da88c390ba33bf +DIST shorewall6-lite-5.1.6.1.tar.bz2 39636 SHA256 a25a1430a09d797991f0028f76f5252b86ef898801fc8eb3e6c8ca695d1d2a98 SHA512 eb059a1d991e72cd7b4522ddecb5557918803b5ce8c79552919d7c2798aaab96548b2dea5950f9c3311091950307496c034d63f5389f745b6282074d20d9afbc WHIRLPOOL 2ffae1f3afafcf576d11265562f9f22e6d58061b509d9ef7fceb57980b1d8c8a598efd39aaec5e3bdbff4004a39741eccb0fec8ed0417ff9f36a09e417bb9047 +DIST shorewall6-lite-5.1.7.1.tar.bz2 40514 SHA256 a199a395ce4d23081338955c68fbf657c25e972b2656ef370544854074fa672c SHA512 a8fd7e33d1558fbebb53d1dc19c3784aac2d6095e1404c44030cd513cee5a6330632c50e86eedb0a6773b67acc77ca0d2fb26352c3f784abc8ac936d6f96c437 WHIRLPOOL 0276cbf74644205042dff963124e655fb8f0e14aca31f5550833f95ae84f1b569be77473324e8603b523d5dc67a0de74d6459b8634c2519af6eb5fc84276992e +DIST shorewall6-lite-5.1.7.2.tar.bz2 40737 SHA256 bf22e67559ebdeff464cd910b97578a4c82f5fcc87bc77aeeb9fb4a5ca2a71be SHA512 9125d4380b91f0bcaaedfef6bd5ba89ada0391bf322cd1a00deb239eebc2e818a994844a653daa2e8784bb21ad7ed51798fcaa129e28da08c66de4163fe13bdc WHIRLPOOL 12c5e8036ae08d312ee52af40157f7ad8c18e0ccc8475845b22a3ce7647a73105b8a2f9034851f3e547ed6c47b2a7f0ef566de6dc96a19a20b1da429cd90a170 +DIST shorewall6-lite-5.1.7.tar.bz2 40346 SHA256 2fa19a4c5046c05e4e5cf28d4b50dab0061f05f2a17cb0f8fd265812276cb975 SHA512 6e118b2fa369aa42dfade55b3b4c8855b3d950fd664c5cf2c22539c99e2065e8924e86970ea0f17b7b8930d1c28220bc425ef4329222f0c11feb872ba0145eb9 WHIRLPOOL 2f5be4d88e48e4ef535e60e050343ef78b2c4fdfa9918e79947e43107d3e8d46272c7c6f1134f4762b48894a9334daed2ddef4fa3843cf4670be54b9bb799714 +EBUILD shorewall-5.1.5.2.ebuild 16128 SHA256 cba49be9d3db23d946b260230f6bac2cfd2a7129b6c28a347c0ddd7990ae87a3 SHA512 2e7819897605c85866379b0bc9afd6bf89b1aacab27fc74917e0eae5816fdc2907201898be665d292c7a49fcfa1d0055e1b983a6881ab4dc83b691d6c2eaf0b6 WHIRLPOOL b0d80a8a547fce661a54ee4968ea875f33f7bfeba97d05b32aad6ab99e0a3471d77453c50cf678a5eb045056f878ea1dc060d92a61a5392294e344f97acee383 +EBUILD shorewall-5.1.6.1.ebuild 16135 SHA256 ba21c1957048088e635f857f9e4c932b1a60318384b9c89daf1822126eaca9e0 SHA512 f820651601fb30da69461a97cb590ebd519f37f0cd28866c64ad8389348b8700e4f25f43661cc4f3bf4ad13ff3cd0211035f528daa53b72b49597fb2a63ab30d WHIRLPOOL 0ecb98e00a3db7b215a3b5489c73912291aa70ff66f284a9653d97db5218bca9891028f8f0af2d60c1354c24c8fc835bbfe3ed26ec0de41b5701eaf9441f6e9a +EBUILD shorewall-5.1.7.1.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252 +EBUILD shorewall-5.1.7.2.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252 +EBUILD shorewall-5.1.7.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252 +MISC ChangeLog 20688 SHA256 7aae34526acf517056612b27d66a66d7ef22cb12bdfdf6e125386397b50ce3b3 SHA512 82bfaee85f9880adf5e5d0c5c116ee1c12f2cdcf09257419a0fed75c899c77569b2e96250d9eb073bfa0af7d80e241d30da88e0e8f8325ad35042fc511d41d4e WHIRLPOOL 6c24b24142e84fbd8b306ffd357bd7b0345e8cf2d498d6158ce2e9d9291defd6fa9aa40447b7cc1a8660ab76e8d167225fe289d57cb9b7b67c15768aeaed157f +MISC ChangeLog-2015 45029 SHA256 14c5a921b9bf1d140687dca0c9413f6ac23d4e2e9949fae1ce3b904b740fcbb2 SHA512 1140e3d6294d81b9511f6ef68dcf3d7bf84fa19423a7dde2540f9b96dd5dece1c60c1e02881a5ccf2a9a30fc3b7182ee890d59bc99a11827216106227e1ad5ab WHIRLPOOL fe4e74862743493a9cba6889481a081102977a60ee5ff0d31a155e79ca253e3b7740a93dac2ea3a3496949fcd08a6f99f7fe005836155522762d2df404b39621 +MISC metadata.xml 2254 SHA256 a8cdd75aab250e4e1001054d71fd9cb0e29bf0882de84593068787be2d3ecd3b SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33 WHIRLPOOL 078d62ca37deb03f7097c7d45e3f0fe3106a277a852be3dfafb4dbe59f30a8f618423978d79ff81cd362638eb8d197f8dc40decf49740d74934475fb6266b00d diff --git a/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch new file mode 100644 index 000000000000..8b7925d6dceb --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch @@ -0,0 +1,30 @@ +diff -rupN old/shorewall-init-5.1.7/shorewall-init new/shorewall-init-5.1.7/shorewall-init +--- old/shorewall-init-5.1.7/shorewall-init 2017-09-18 18:28:43.000000000 +0200 ++++ new/shorewall-init-5.1.7/shorewall-init 2017-09-23 15:46:03.489914459 +0200 +@@ -80,10 +80,6 @@ shorewall_start () { + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -101,15 +97,6 @@ shorewall_stop () { + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp" +- else +- rm -f "${SAVE_IPSETS}.tmp" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch new file mode 100644 index 000000000000..8b60eb245fc0 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch @@ -0,0 +1,28 @@ +diff -rupN old/shorewall-init-4.6.10.1/shorewall-init new/shorewall-init-4.6.10.1/shorewall-init +--- old/shorewall-init-4.6.10.1/shorewall-init 2015-06-09 20:02:00.000000000 +0200 ++++ new/shorewall-init-4.6.10.1/shorewall-init 2015-06-14 17:16:17.396424059 +0200 +@@ -78,10 +78,6 @@ shorewall_start () { + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -99,13 +95,6 @@ shorewall_stop () { + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/shorewall-init.confd b/net-firewall/shorewall/files/shorewall-init.confd new file mode 100644 index 000000000000..1b126be4e8bf --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.confd @@ -0,0 +1,6 @@ +# List the Shorewall products Shorewall-init should +# initialize (space-separated list). +# +# Sample: PRODUCTS="shorewall shorewall6-lite" +# +PRODUCTS="" diff --git a/net-firewall/shorewall/files/shorewall-init.initd b/net-firewall/shorewall/files/shorewall-init.initd new file mode 100644 index 000000000000..95873ef5eeee --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.initd @@ -0,0 +1,191 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" +CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" + +description="Puts Shorewall in a safe state at boot time" +description="${description} prior to bringing up the network." + +required_files="$SHOREWALLRC_FILE" + +depend() { + need localmount + before net + after bootmisc ipset tmpfiles.setup ulogd +} + + +. $SHOREWALLRC_FILE + +checkconfig() { + local PRODUCT= + + if [ -z "${VARLIB}" ]; then + eerror "\"VARLIB\" isn't defined or empty! Please check" \ + "\"${SHOREWALLRC_FILE}\"." + + return 1 + fi + + if [ -z "${PRODUCTS}" ]; then + eerror "${SVCNAME} isn't configured! Please check" \ + "\"${CONFIG_FILE}\"." + + return 1 + fi + + for PRODUCT in ${PRODUCTS}; do + if [ ! -x ${SBINDIR}/${PRODUCT} ]; then + eerror "Invalid product \"${PRODUCT}\" specified" \ + "in \"${CONFIG_FILE}\"!" + eerror "Maybe \"${PRODUCT}\" isn't installed?" + + return 1 + fi + done + + return 0 +} + +check_firewall_script() { + if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then + ebegin "Checking \"${STATEDIR}/firewall\"" + ${SBINDIR}/${PRODUCT} compile -c 1>/dev/null + eend $? + fi + + if [ ! -x ${STATEDIR}/firewall ]; then + eerror "\"${PRODUCT}\" isn't configured!" + + if [ ${PRODUCT} = shorewall-lite -o ${PRODUCT} = shorewall6-lite ]; then + eerror "Please go to your 'administrative system'" \ + "and deploy the compiled firewall" \ + "configuration for this system." + fi + + return 1 + fi + + return 0 +} + +is_allowed_to_be_executed() { + # This is not a real service. shorewall-init is an intermediate + # script to put your Shorewall-based firewall into a safe state + # at boot time prior to bringing up the network. + # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz + # for more information. + # When your system is up, there is no need to call shorewall-init. + # Please call shorewall{,6,-lite,6-lite} directly. That's the + # reason why we are preventing start, stop or restart here. + + local PRODUCT= + + if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then + # Starting shorewall-init is only allowed at boot time + eerror "This is a boot service, which can only be started" \ + "at boot." + eerror "If you want to get your shorewall-based firewall" \ + "into the same safe boot state again, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} stop" + done + eoutdent + eerror "" + eerror "Yes, \"stop\" and not start." + eerror "" + return 1 + fi + + if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then + # Stopping shorewall-init is only allowed at shutdown + eerror "This is a boot service, which cannot be stopped." + eerror "If you really want to stop your Shorewall-based" \ + "firewall the same way this service would stop" \ + "Shorewall at shutdown, please run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} clear" + done + eoutdent + eerror "" + eerror "Keep in mind that this will clear (=bring down)" \ + "your firewall!" + eerror "" + return 1 + fi + + if [ "${RC_CMD}" = "restart" ]; then + eerror "This is a boot service, which cannot be restarted." + eerror "If you want to restart any of your Shorewall-based" \ + "firewalls, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} restart" + done + eoutdent + eerror "" + return 1 + fi + + return 0 +} + +set_statedir() { + STATEDIR= + local VARDIR= + + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) + fi + + [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} +} + +start_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +start() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Initializing \"${PRODUCT}\"" + ${STATEDIR}/firewall stop 1>/dev/null + eend $? + done +} + +stop_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +stop() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Clearing \"${PRODUCT}\"" + ${STATEDIR}/firewall clear 1>/dev/null + eend $? + done +} diff --git a/net-firewall/shorewall/files/shorewall-init.readme b/net-firewall/shorewall/files/shorewall-init.readme new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.readme @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org diff --git a/net-firewall/shorewall/files/shorewall-init.systemd b/net-firewall/shorewall/files/shorewall-init.systemd new file mode 100644 index 000000000000..2b4695855f3a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.systemd @@ -0,0 +1,18 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall-lite.confd-r1 b/net-firewall/shorewall/files/shorewall-lite.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-lite.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall-lite.initd-r2 b/net-firewall/shorewall/files/shorewall-lite.initd-r2 new file mode 100644 index 000000000000..b319a0e7af2b --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-lite.initd-r2 @@ -0,0 +1,90 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +if [ "${RC_SVCNAME}" = "shorewall6-lite" ]; then + PRODUCT_NAME="Shorewall6-Lite" + command="/usr/sbin/shorewall6-lite" +else + PRODUCT_NAME="Shorewall-Lite" + command="/usr/sbin/shorewall-lite" +fi + +description="The Shoreline Firewall Lite, more commonly known as \"${PRODUCT_NAME}\", is" +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reload reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} ${PRODUCT_NAME}. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + provide firewall + after ulogd +} + +clear() { + ebegin "Clearing all ${RC_SVCNAME} rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in ${RC_SVCNAME}" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +restart() { + local _retval + ebegin "Restarting ${RC_SVCNAME}" + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +start() { + ebegin "Starting ${RC_SVCNAME}" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +stop() { + ebegin "Stopping ${RC_SVCNAME}" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall-lite.systemd b/net-firewall/shorewall/files/shorewall-lite.systemd new file mode 100644 index 000000000000..a9d66e732bb1 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-lite.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall.confd-r1 b/net-firewall/shorewall/files/shorewall.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall.initd-r2 b/net-firewall/shorewall/files/shorewall.initd-r2 new file mode 100644 index 000000000000..4826610e2216 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall.initd-r2 @@ -0,0 +1,107 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +if [ "${RC_SVCNAME}" = "shorewall6" ]; then + PRODUCT_NAME="Shorewall6" + command="/usr/sbin/shorewall6" +else + PRODUCT_NAME="Shorewall" + command="/usr/sbin/shorewall" +fi + +description="The Shoreline Firewall, more commonly known as \"${PRODUCT_NAME}\", is" +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reload reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} ${PRODUCT_NAME}. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + provide firewall + after ulogd +} + +check() { + ebegin "Checking ${RC_SVCNAME} configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} + +clear() { + ebegin "Clearing all ${RC_SVCNAME} rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +refresh() { + ebegin "Refreshing ${RC_SVCNAME} rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in ${RC_SVCNAME}" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +restart() { + local _retval + ebegin "Restarting ${RC_SVCNAME}" + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +start() { + ebegin "Starting ${RC_SVCNAME}" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +stop() { + ebegin "Stopping ${RC_SVCNAME}" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall.systemd b/net-firewall/shorewall/files/shorewall.systemd new file mode 100644 index 000000000000..0844178b0d1f --- /dev/null +++ b/net-firewall/shorewall/files/shorewall.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall6-lite.confd-r1 b/net-firewall/shorewall/files/shorewall6-lite.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6-lite.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall6-lite.initd-r1 b/net-firewall/shorewall/files/shorewall6-lite.initd-r1 new file mode 100644 index 000000000000..9db79c334513 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6-lite.initd-r1 @@ -0,0 +1,92 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reload reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6-lite" + +depend() { + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading shorewall6-lite" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall6-lite.systemd b/net-firewall/shorewall/files/shorewall6-lite.systemd new file mode 100644 index 000000000000..5ca1a0d2d1a8 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6-lite.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall6.confd-r1 b/net-firewall/shorewall/files/shorewall6.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall6.initd-r1 b/net-firewall/shorewall/files/shorewall6.initd-r1 new file mode 100644 index 000000000000..43a7d1b1f410 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6.initd-r1 @@ -0,0 +1,117 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reload reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6" + +depend() { + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading shorewall6" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall6.systemd b/net-firewall/shorewall/files/shorewall6.systemd new file mode 100644 index 000000000000..182c71bd0803 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +StandardOutput=syslog +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewallrc-r1 b/net-firewall/shorewall/files/shorewallrc-r1 new file mode 100644 index 000000000000..3fc48c392404 --- /dev/null +++ b/net-firewall/shorewall/files/shorewallrc-r1 @@ -0,0 +1,24 @@ +# +# Gentoo Shorewall 5.1 rc file +# +BUILD=gentoo #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=${PREFIX}/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SERVICEDIR=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. +DEFAULT_PAGER=${PAGER} #Pager to use if none specified in shorewall[6].conf diff --git a/net-firewall/shorewall/metadata.xml b/net-firewall/shorewall/metadata.xml new file mode 100644 index 000000000000..e985bb0b02bf --- /dev/null +++ b/net-firewall/shorewall/metadata.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>whissi@gentoo.org</email> + <name>Thomas Deutschmann</name> + </maintainer> + <maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> + </maintainer> + <longdescription lang="en"> + The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. + You describe your firewall/gateway requirements using entries in a set of configuration files. + Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and + tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. + Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a + standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus + take advantage of Netfilter's connection state tracking capabilities. + + Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and + there is no "Shorewall process" left running in your system. The /usr/sbin/shorewall program can be used at + any time to monitor the Netfilter firewall. + </longdescription> + <upstream> + <doc lang="en">http://shorewall.net/Documentation_Index.html</doc> + <remote-id type="sourceforge">shorewall</remote-id> + </upstream> + <use> + <flag name="init">Adds the capability to place the firewall in a safe state prior to bringing up the network interfaces</flag> + <flag name="ipv4">Installs everything needed to create a full IPv4 firewall</flag> + <flag name="ipv6">Adds the capability to create a full IPv6 firewall (requires <pkg>net-firewall/shorewall</pkg> ipv4 USE flag)</flag> + <flag name="lite4">Installs everything needed to just *run* an IPv4 compiled firewall script created with <pkg>net-firewall/shorewall</pkg> ipv4 USE flag</flag> + <flag name="lite6">Installs everything needed to just *run* an IPv6 compiled firewall script created with <pkg>net-firewall/shorewall</pkg> ipv6 USE flag</flag> + </use> +</pkgmetadata> diff --git a/net-firewall/shorewall/shorewall-5.1.5.2.ebuild b/net-firewall/shorewall/shorewall-5.1.5.2.ebuild new file mode 100644 index 000000000000..20be5c54927e --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.5.2.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.6.1.ebuild b/net-firewall/shorewall/shorewall-5.1.6.1.ebuild new file mode 100644 index 000000000000..ea2ef11ce095 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.6.1.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.7.1.ebuild b/net-firewall/shorewall/shorewall-5.1.7.1.ebuild new file mode 100644 index 000000000000..3b7545ca47d4 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.7.1.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.7.2.ebuild b/net-firewall/shorewall/shorewall-5.1.7.2.ebuild new file mode 100644 index 000000000000..3b7545ca47d4 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.7.2.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.7.ebuild b/net-firewall/shorewall/shorewall-5.1.7.ebuild new file mode 100644 index 000000000000..3b7545ca47d4 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.7.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/ufw-frontends/Manifest b/net-firewall/ufw-frontends/Manifest new file mode 100644 index 000000000000..ec97642e36e7 --- /dev/null +++ b/net-firewall/ufw-frontends/Manifest @@ -0,0 +1,7 @@ +AUX org.gentoo.pkexec.ufw-gtk.policy 778 SHA256 abeae0fbfffbc09f6f208c713612e8425d8a11268baeae774fd12ee8aacae1c0 SHA512 f2b47a01535d565d2d3f40266f61b5b0ee3ad5befa4aa9f704000000f111980ac219eccea7d22fe3b0995d91aa794c278daa4f6a6d36649cd0db7b53772bd61f WHIRLPOOL 7119bad2f11779a3beb8c2267c918d31048eb9d70e949cb14b0e3068594b148ca88fca46cd46ff3b6e17216c1be208596eee1be9d8d182396769dac1d892c8fd +AUX ufw-frontends-0.3.2-no-log-crash.patch 2224 SHA256 4e0120c76321900bc8ede1acb5c2aaad8e37d1989365e0576da718f15bace2b1 SHA512 a68e414c92d6570ba7368526ddefae30897d79f7b352e841f69fa95435a1b14c26b551b37b3431830ee3df700d3a48fc62d454c9be8f8e59d070f5e47ece7ea7 WHIRLPOOL 1a3550ee0e1cde3740a5d56515181822bf46f349741572eeb76e2cc53be74ec0b0220b2eab3d4f0c7bedb414d4138f49b489b503db24d6a6951aa5988ad4de9a +DIST ufw-frontends-0.3.2.tar.gz 85472 SHA256 7ff838d1f20a122307ef5e2bc94f6cbb5ea019a1d3d7ec72f7493c5f8c0a7910 SHA512 9f311596a3bad71562ca98acb8bf4d0d55990520cb5373c299dad05d1a1986e791eac984385013a511af4693a9988351ec37d8735ae6748818a9570db416b274 WHIRLPOOL 8b12a19c3338210d388b3d5ed24e22cbb49357d9fa9c768ad7b9ff8bcb6481cf4888048ec4c60266915a69095a90e2ce776a81f92f0f9692d8c2ef3fc4b669ed +EBUILD ufw-frontends-0.3.2-r5.ebuild 1732 SHA256 1900583650e29f64fb526cb93709186cbdc10fe86620f5f8d1c7b81a0f8fb5cc SHA512 c72a46f0cd68c533fb4c573130fbc7d1ed5c7fe29ee9b0e93a336daf6f5f5392bb0488ac52d8c8fabd8a50fe81402381f6429dcc525b2b28ed6da0a8b6a1cd94 WHIRLPOOL 304a34b19abc464a551f8dc24a2b833f6252bfbed6b118705ba381e3974017da287a244e4ff4e1a2c360fb9f850c3df4ef0ddc39b20f78edc0956643cfd8aa8f +MISC ChangeLog 3306 SHA256 a5ec494b04a01454594d451bfd595e1c9b4e54e145f744c33ce66b9fd1bb4075 SHA512 8c0dfc30631c5922800ba0ba789063bbbb3566647bb0b564745cd5c1affb1d2887e287b22c9519009366ba27da2e92521e6155b40b2219d800bd086c1d0b84ee WHIRLPOOL dffa4a7c355aac8b968c1bdc6e38cdb05851bf415a59504bd674042bfe03367b6f41312b2f3e60f0c76611e0f3a9ec40ad56f4180479f5d4c4436cf00521ff3d +MISC ChangeLog-2015 2522 SHA256 ee4ac21cd338acbfece37091459f375aaba514d61a6f99b7ff84bfbda89fff08 SHA512 9c072320ae0523c34a26232ee181aae5cac8b10a61d81d53c088312220b1c1a01392defc5733ef86cda08b739b3644461da4a0501b746d43c32b31a881279e37 WHIRLPOOL 25cc8064cc516c855b48ebbe413fc666dc4db8cca98020042fd7508fa0e263815f2a9e0a6d3b019ceabbbff107e69acd0603a6e8832ce6f07eac739a06f6acd6 +MISC metadata.xml 917 SHA256 27898a6e1baa0c7b79728884555b1ac20f37472476684a50745d911ef8dbf0be SHA512 e61b8a84c60861b69cae3a0f0748e5ab7d730ab0b9356ba29f991bfe1656cefdcc5f7395058003ac073daf71c4f58e484fcdbf9278e991bc92d8a7badcf453a9 WHIRLPOOL 9ae029eb71c35d6ef0aa0006a9f78c53a2ce6da9daf6236c5d21f6586ce05e982c3f6f5a35d4bef30705a9e133395d60910cd25faa19d1ce0f0db31b04fe3be3 diff --git a/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy b/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy new file mode 100644 index 000000000000..7410debbc818 --- /dev/null +++ b/net-firewall/ufw-frontends/files/org.gentoo.pkexec.ufw-gtk.policy @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>Gentoo</vendor> + <vendor_url>http://www.gentoo.org/</vendor_url> + + <action id="org.gentoo.pkexec.ufw-gtk"> + <message>Authentication is required to run the ufw configuration tool</message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/ufw-gtk</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> + +</policyconfig> diff --git a/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch b/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch new file mode 100644 index 000000000000..f4adb49826ec --- /dev/null +++ b/net-firewall/ufw-frontends/files/ufw-frontends-0.3.2-no-log-crash.patch @@ -0,0 +1,61 @@ +From e7bcf87788588c3a38ce18c9a8d69bbe156860e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C5=82awomir=20Nizio?= <slawomir.nizio@sabayon.org> +Date: Mon, 3 Mar 2014 08:31:47 +0100 +Subject: [PATCH] Fix crash when no log in supported location can be found + +This can happen for example on systems that use Journal +from systemd. + +In this case, ufw-gtk exits with a traceback containing: +IOError: [Errno 2] No such file or directory: '/var/log/messages.log' +(this is the last log file tried). + +The patch works around the issue by handling the error +and disabling the widget in the "Events" tab. +--- + gfw/frontend_gtk.py | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/gfw/frontend_gtk.py b/gfw/frontend_gtk.py +index 75ebb33..75dfde0 100644 +--- a/gfw/frontend_gtk.py ++++ b/gfw/frontend_gtk.py +@@ -33,14 +33,21 @@ from gfw.frontend import Frontend + + class Notifier(gfw.event.Notifier): + +- def __init__(self, callback): +- gfw.event.Notifier.__init__(self, callback) ++ def __init__(self, callback, inactive_handler): ++ self._active = False ++ try: ++ gfw.event.Notifier.__init__(self, callback) ++ except IOError: ++ inactive_handler() ++ return ++ self._active = True + self._w = gobject.io_add_watch(self._fd, gobject.IO_IN | gobject.IO_PRI, + self._trigger) + + def __del__(self): +- gfw.event.Notifier.__del__(self) +- gobject.source_remove(self._w) ++ if self._active: ++ gfw.event.Notifier.__del__(self) ++ gobject.source_remove(self._w) + + + class Builder(gtk.Builder): +@@ -90,7 +97,8 @@ class GtkFrontend(Frontend): + data = (timestamp, event, conn['IN'], conn['OUT'], conn['PROTO'], + conn['SRC'], spt, conn['DST'], dpt) + self.ui.events_model.append(data) +- self._notifier = Notifier(callback) ++ self._notifier = Notifier(callback, ++ lambda: self.ui.events_view.set_sensitive(False)) + self.ui.main_window.show_all() + ## FIXME: for the 0.3.0 release, hide the tab for the connections view + page = self.ui.view.get_nth_page(2) +-- +1.9.0 + diff --git a/net-firewall/ufw-frontends/metadata.xml b/net-firewall/ufw-frontends/metadata.xml new file mode 100644 index 000000000000..a3ab739d57cd --- /dev/null +++ b/net-firewall/ufw-frontends/metadata.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>slawomir.nizio@sabayon.org</email> + <name>Sławomir Nizio</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription lang="en">Currently, UFW provides only a command-line interface (CLI) for user + interaction--the ufw command. This project implements graphical frontends + for UFW using PyGTK and PyQt (the latter in early stage of development).</longdescription> + <upstream> + <remote-id type="github">baudm/ufw-frontends</remote-id> + </upstream> + <use> + <flag name="policykit">Use pkexec to gain root privileges</flag> + <flag name="kde">Use kdesu to gain root privileges (note: the flag has lower priority than "policykit")</flag> + </use> +</pkgmetadata> diff --git a/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r5.ebuild b/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r5.ebuild new file mode 100644 index 000000000000..6110449589c7 --- /dev/null +++ b/net-firewall/ufw-frontends/ufw-frontends-0.3.2-r5.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) +inherit distutils-r1 + +DESCRIPTION="Provides graphical frontend to ufw" +HOMEPAGE="https://github.com/baudm/ufw-frontends" +SRC_URI="https://github.com/baudm/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + +# CC-BY-NC-SA-3.0 is for a png file +LICENSE="GPL-3 CC-BY-NC-SA-3.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="kde policykit" + +DEPEND="" +RDEPEND="${DEPEND} + dev-python/pygobject:2[${PYTHON_USEDEP}] + dev-python/pygtk[${PYTHON_USEDEP}] + dev-python/pyinotify[${PYTHON_USEDEP}] + net-firewall/ufw[${PYTHON_USEDEP}] + !policykit? ( kde? ( kde-plasma/kde-cli-tools[kdesu] ) ) + policykit? ( sys-auth/polkit ) +" + +# fix crash when no ufw logs in supported locations can be found +PATCHES=( "${FILESDIR}/${P}-no-log-crash.patch" ) + +python_prepare_all() { + if use policykit; then + sed -i 's/^Exec=su-to-root -X -c/Exec=pkexec/' \ + share/ufw-gtk.desktop || die + elif use kde; then + sed -i 's/^Exec=su-to-root -X -c/Exec=kdesu/' \ + share/ufw-gtk.desktop || die + fi + + # don't try to override run() to install the script + # under /usr/sbin; it does not work with distutils-r1 + # and so it is handled differently (in python_install) + sed -i '/cmdclass=/d' setup.py || die + + # Qt version is unusable + rm gfw/frontend_qt.py || die + distutils-r1_python_prepare_all +} + +python_install() { + distutils-r1_python_install --install-scripts="/usr/sbin" +} + +python_install_all() { + distutils-r1_python_install_all + + if use policykit; then + insinto /usr/share/polkit-1/actions/ + doins "${FILESDIR}"/org.gentoo.pkexec.ufw-gtk.policy + elif ! use kde; then + rm "${ED}usr/share/applications/ufw-gtk.desktop" || die + fi +} diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest new file mode 100644 index 000000000000..8b482e6c9f93 --- /dev/null +++ b/net-firewall/ufw/Manifest @@ -0,0 +1,19 @@ +AUX rsyslog/ufw.logrotate 178 SHA256 02d1a00ca68446fbe056a4c3aede319f77b3262e26092cc04ea46de8923d03f8 SHA512 d381a34b23d8656c316af69c07d49042d6c4def4cea3e51367210bce20681376fd0259a95b6b9403171c5d80732927a8880f3d401e13e6f76b505324eecb146b WHIRLPOOL 10b63f8966ad7ad0894a18216a0102fc8a102b14c8f9fb468a4a8d61ae13b1ec3176c7bb9ffb852f8aaa4ac7874584a8f8f5a2d6e98fa3fb56f5945e9bd99139 +AUX syslog-ng/syslog-ng.example 381 SHA256 70a795c1b20e2cdef38565d74b9de042c6666f860a2fd1b3bdc6f31dd451bc68 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e WHIRLPOOL 44874c68257b6f9a53e7fd1affc6ccf2492d9ec09a4700a17239fb3e413e2dcf2ede87eafb1e253d965c27a1c5ead36c413c8c84ec3ed55f5cf2191b927aacbe +AUX syslog-ng/ufw.logrotate 269 SHA256 cddd86613bde19b45f0f935c65bb43721f69aefc14e7d629612b23ea3b5c5c97 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d WHIRLPOOL 5da4f8c615667d829ea4eb318ec01b712adf69002dcf8c3df7deba8fa3e49e426b1c00e468805ba571ed2f2ce05fa81b7e2ac83e7231de3f3305d6ce190264e5 +AUX ufw-0.31.1-move-path.patch 7071 SHA256 88a7b20696b731bac01b3c5d88b0353842b1228d3239cfebe1f2a47c1bdb6768 SHA512 66382ded35437e563c874dc01417a2735a2aa136a1e670fd3707c3311516a6d9a0e62a20679a4f5dcaa2edc0225535cf2410d7f86676b1e10eb309ecc3e24bc2 WHIRLPOOL 89e3165900def8380cade3eb62fc351be9e43c8055f4b71c356f3aa5356b0c57154e18485d94e0ca86462da7c55b1b4755de379a88f1958d313b93c0ec723715 +AUX ufw-0.33-dont-check-iptables.patch 1659 SHA256 8a3ae20d399e83aa9c779dfed1f65d99b277263681b1a3e7e9e86143d5fabd0a SHA512 8f92d4b79f1caf01cb97ec64014c7607a410fb0a36e5e87376707c026d714a060ae554591b6e5b3834b671acd4145dcca68a9373aa41051ef60c9dd409dd008d WHIRLPOOL 8f897654bde85d84b17dc32507c5a469fe04eb2201acb55bfd02a76346620399dbcb9c7d0ce19f48285f6eec5de0a5d96420483d6a0b7a4c31a41fa329f91180 +AUX ufw-0.34_pre805-bash-completion.patch 255 SHA256 673ee8092b1a41a78bfbfe68ab6f97665b821861b5be44fda3cecf5e3ab57acb SHA512 e3fceb0cbf683b82e9d9aa0aa0c41b1cde9aee59b6dd2d06ca80de0b980231fd999bdff3b2705f7ff8e90c9f2cc84a4ee11b34530630cf77a170ecfbf028550f WHIRLPOOL a267de2cc5615fdb9eac29fdcd4fade22ec3fc54bb6823c91965b0c7e668dbf4e19dc8d5f6fb8fca2be3700f4ac2c7bb71ee27f20d07b3fa1c1d528273ade63f +AUX ufw-0.34_pre805-shebang.patch 675 SHA256 4348689359f3d80c1bcfe66d12710578ba31a5382bf078242b84e86f7233e38d SHA512 8954f679a993d65cb880ffce09b448626fd64dea93257f0faa97b8bec76dcbbda4fb0d19408655d6db387066a0ac94b962dca2e5febcc5b5685e9b16b97b4cad WHIRLPOOL 44c83c5e1795fa0db7ed40d1440df7b4220b869bd42a294ba0d8262fbb2b2e114154d0ce9a22e100db8ad7c1cd402eefacfe854679e7caecda4a251d98720f03 +AUX ufw-0.35-bash-completion.patch 259 SHA256 11748e3da794896fa3204fe28f84d15abece17d265b29b960267050ec28d9806 SHA512 9a59ff192e6fb3365c8585b984f4743a05f7cb18ae581a8b79c4afe39e43f12d993febf1319e1ee810483d610d970649e75c4b9dde891be728869b69c80b4709 WHIRLPOOL eedae7fb0a16317d04f215213b25750214e941001cfe81851b0a10546c65964a5a16a7a672d4937f4ed30fcfd737aed37d5bc220cac82b33695e4eed28338000 +AUX ufw-0.35-move-path.patch 7386 SHA256 a4eb14379372bf575a9a007ea965ddfbf0e9fdb3f6f911f980e90eab7b4c2d50 SHA512 eac6e0c96e7b0e501b3792671a21306049f40869fafc1d9c579c2424fb32b91987a846b3562c30513326433031ff46bc4df2bbb5706f7af18e6216f8f2b7546f WHIRLPOOL d62dc665951555bda2b228cac1ff983a45c52a451c9c32ec425698618d28d1bc8e1641bc2b4adc0cccd46ee545681226e1a016330c77d8e0a6124f7fc728dcbf +AUX ufw-2.initd 2611 SHA256 7d668989a96d47cb5a9f71ae2e6000b469be6d1786f9cf3809b28461d42308ea SHA512 f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80 WHIRLPOOL 6e0924b89c7faf9a5aea81da0369283a54d90abd6f1113ec2c3093707f6ddcd2f87e53076edd9e53b14691c0dda9607a6cfca49c12cb06efb707d142e8160b0c +AUX ufw.confd 219 SHA256 069aa7382b40aecebf26ef53f3f4c49890314e0357925c84b3c15f1d0b913be0 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 WHIRLPOOL e6c4537392921c63f8a57fab7ea269fbeea846468ef8968816d988556557495e8abb77aee9d60648a1483a599683613cf5ea832cbcf498a8828baa9abcd31752 +AUX ufw.service 329 SHA256 1c600d9b9425485a0536fdf77a39fbf94bfcaade686789d6c4f3f1aac08ffe69 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7 WHIRLPOOL a00069a5582b9c52b5ff9a9c88b03294140dd06596ea0fbcbd0e7f6de016b1eed97840728c932a82f18762c84c9e8849f86ee504b49931420f2d097bb9b0ebd6 +DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829 +DIST ufw-0.35.tar.gz 375310 SHA256 662f865bc83bf8aa1a40a6fe578bc2ce796ff60a1be2c1103def7db1b91f8509 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc WHIRLPOOL 789b163bf9cc3b27f231024f33a68d3637ca26cf71f202b438abbf16a2725485ba787b811a040d03d4f99fb8c510f8f9a25154e03d2387d3fb0f03a7c4624de7 +EBUILD ufw-0.34_pre805-r2.ebuild 5375 SHA256 71aef78be97fd63ddd8722041dfbaf87456059c99441bde8dcc608ef2e83ff59 SHA512 63d693768d88d6503cd50ce18bbdd048ed94f44d943e5d36e4523c0ee4918db37ba14616ecbd57df018d6144396285e1c34495813f456035c3a1bb42a6472951 WHIRLPOOL 29b288384da513ec8abcbb98b362fb1a2da899181f6311798484ff2c630ab62a3099b968a7e177cba14b5c2150fed78613ddeb264ff16b470a5c3e6d7ae0349c +EBUILD ufw-0.35-r1.ebuild 5641 SHA256 ddd8b30244d01fc6b139aa0c63d436363507e7915322d7cd1499c5de2228d0db SHA512 094d8bb245be93148de7d5139fc161f0688dc1d57b4dd57476db4076b3b45b744105cf3b39de4243fe5eb0b77965535fa4f7d5a0cd86a301a368c962d789a393 WHIRLPOOL 3dc02f7068e213f40202f92f9911b604a2c5e5d4c916abb715d6cf7775b905e600af052af149a7e05afb9895c0925af885d7b8e7922674804754b2f3f6198fbc +MISC ChangeLog 4651 SHA256 ca318d9d1b269d1582973cefec02747c0f3cddd7f8d477fc510cfb44bdada85c SHA512 b7256be9c482f474d5f82619f0dc5a3a9cf6e73fde582fb6fd0c46f07bb4e20e364b6f99fdf3d33d1d23fc7dfe5177c5acf2a096e2bdea09a486fe1e9009c2ed WHIRLPOOL b4889960738fed92941a4a9edeff3bcf4f8e48baf27ad739491dd9bfe74b01a16c88e533f94e5661b262a7372d51783cf0a90d5ae035c5ef4eb7e03fea1f0b01 +MISC ChangeLog-2015 4596 SHA256 6455b96eb0344e530635c59ed1b27be852adce2aa9ff63fb087c100b8706be3a SHA512 ca1fe76a2d6a1e02983f51cd4807360d5cf9c2a4db0ec383fe4cb256e3c0327214dcc67091eb94df6d0786bd8f7d391aa23c2a3096c954c26a1a331fac2fa184 WHIRLPOOL 656dcd650383507ac7a02cba12e67fa5e27502741a029275fb057c0af9efb7228bf2c6afc3da328ad26809c8033db3f034d241faf28dd048d26e0ec3429eb514 +MISC metadata.xml 537 SHA256 61416b9746e6ad9d4881ce56816be62d3f1e1f576f4e968eb9839ccb9bc9e52a SHA512 0fa137bf55e1506664168d3e56387c989ce0c7d5a8a0f8c36ce596e5f95a449e3bc35114188b786ebe5fc60d750c4240fafb4ca761f2e29000c23f9c01b5addc WHIRLPOOL 6c563c75a3687e706231ce922242a7c505a715746bb2c02c7d3a34284daa65644152182f600e73a37d3bec1d78cfb8a4d4eb5770e52b835edb61fb5aa1ccb841 diff --git a/net-firewall/ufw/files/rsyslog/ufw.logrotate b/net-firewall/ufw/files/rsyslog/ufw.logrotate new file mode 100644 index 000000000000..f88ca8265bea --- /dev/null +++ b/net-firewall/ufw/files/rsyslog/ufw.logrotate @@ -0,0 +1,13 @@ +/var/log/ufw.log +{ + rotate 5 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/rsyslog reload >/dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/syslog-ng/syslog-ng.example b/net-firewall/ufw/files/syslog-ng/syslog-ng.example new file mode 100644 index 000000000000..41f7ce39cef7 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/syslog-ng.example @@ -0,0 +1,13 @@ +# This is an example rule for app-admin/syslog-ng to separate ufw logs +# from /var/log/messages. +# Place those lines before "log" entries in /etc/syslog-ng/syslog-ng.conf. + +filter f_ufw { match("\\[UFW " value("MESSAGE")); }; +destination ufwfile { file("/var/log/ufw.log"); }; +log { + source(src); + filter(f_ufw); + destination(ufwfile); + destination(console_all); + flags(final); +}; diff --git a/net-firewall/ufw/files/syslog-ng/ufw.logrotate b/net-firewall/ufw/files/syslog-ng/ufw.logrotate new file mode 100644 index 000000000000..5080aa1bfa38 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/ufw.logrotate @@ -0,0 +1,12 @@ +# logrotate snippet for ufw +# requires app-admin/syslog-ng +# copy the file into /etc/logrotate.d +/var/log/ufw.log { + missingok + rotate 5 + notifempty + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/ufw-0.31.1-move-path.patch b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch new file mode 100644 index 000000000000..24d00ea68ccd --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch @@ -0,0 +1,177 @@ +diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8 +--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before[6].rules +@@ -41,7 +41,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. It supports the following arguments: + .TP +diff -Naur ufw-0.31.orig/README ufw-0.31/README +--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100 +@@ -58,7 +58,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example. Consult +@@ -72,9 +72,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script ++/usr/share/ufw/ufw-init start script + + + Usage +@@ -149,7 +149,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -247,7 +247,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -290,7 +290,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py +--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100 +@@ -54,7 +54,8 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ # real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -116,7 +117,7 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir +@@ -127,8 +128,14 @@ + self.copy_file('conf/user.rules', user_rules) + self.copy_file('conf/user6.rules', user6_rules) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -199,13 +206,18 @@ + + subprocess.call(["sed", + "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ file]) ++ ++ subprocess.call(["sed", ++ "-i", + "s%#VERSION#%" + ufw_version + "%g", + file]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for file in [ before_rules, after_rules, \ +diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py +--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100 +@@ -22,7 +22,7 @@ + import sys + import time + +-from ufw.common import UFWError, UFWRule, config_dir, state_dir ++from ufw.common import UFWError, UFWRule, config_dir, state_dir, share_dir + from ufw.util import warn, debug, msg, cmd, cmd_pipe + import ufw.backend + +@@ -40,7 +40,7 @@ + files['rules6'] = os.path.join(state_dir, 'user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(state_dir, 'ufw-init') ++ files['init'] = os.path.join(share_dir, 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files) + +diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init +--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100 +@@ -18,8 +18,8 @@ + # + set -e + +-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then +- . "#STATE_PREFIX#/ufw-init-functions" ++if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then ++ . "#SHARE_DIR#/ufw-init-functions" + else + echo "Could not find $s (aborting)" + exit 1 +@@ -56,7 +56,7 @@ + flush_builtins || exit "$?" + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch new file mode 100644 index 000000000000..b7eae3595cb5 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch @@ -0,0 +1,46 @@ +diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py +--- ufw-0.32/setup.py 2012-07-06 17:46:29.000000000 +0200 ++++ ufw-0.32.new/setup.py 2012-07-30 15:28:31.874547818 +0200 +@@ -225,41 +225,7 @@ + os.unlink(os.path.join('staging', 'ufw-init')) + os.unlink(os.path.join('staging', 'ufw-init-functions')) + +-iptables_exe = '' +-iptables_dir = '' +- +-for e in ['iptables']: +- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ +- '/usr/local/bin']: +- if e == "iptables": +- if os.path.exists(os.path.join(dir, e)): +- iptables_dir = dir +- iptables_exe = os.path.join(iptables_dir, "iptables") +- print("Found '%s'" % iptables_exe) +- else: +- continue +- +- if iptables_exe != "": +- break +- +- +-if iptables_exe == '': +- print("ERROR: could not find required binary 'iptables'", file=sys.stderr) +- sys.exit(1) +- +-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: +- if not os.path.exists(os.path.join(iptables_dir, e)): +- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) +- sys.exit(1) +- +-(rc, out) = cmd([iptables_exe, '-V']) +-if rc != 0: +- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ +- (iptables_exe)) +-version = re.sub('^v', '', re.split('\s', str(out))[1]) +-print("Found '%s' version '%s'" % (iptables_exe, version)) +-if version < "1.4": +- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) ++iptables_dir = '/sbin' + + setup (name='ufw', + version=ufw_version, diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch new file mode 100644 index 000000000000..dc922435de10 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch @@ -0,0 +1,17 @@ +--- shell-completion/bash ++++ shell-completion/bash +@@ -52,7 +52,6 @@ + echo "numbered verbose" + } + +-have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -83,5 +82,5 @@ + fi + } + +-[ "$have" ] && complete -F _ufw ufw ++complete -F _ufw ufw + diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch new file mode 100644 index 000000000000..991f4c826ece --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch @@ -0,0 +1,15 @@ +--- a/setup.py ++++ b/setup.py +@@ -107,12 +107,6 @@ class Install(_install, object): + for f in [ script, manpage, manpage_f ]: + self.mkpath(os.path.dirname(f)) + +- # update the interpreter to that of the one the user specified for setup +- print("Updating staging/ufw to use %s" % (sys.executable)) +- subprocess.call(["sed", +- "-i", +- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", +- 'staging/ufw']) + self.copy_file('staging/ufw', script) + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) diff --git a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch new file mode 100644 index 000000000000..fde635ddc335 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch @@ -0,0 +1,17 @@ +--- a/shell-completion/bash ++++ b/shell-completion/bash +@@ -52,7 +52,6 @@ + echo "numbered verbose" + } + +-have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -83,5 +82,5 @@ + fi + } + +-[ "$have" ] && complete -F _ufw ufw ++complete -F _ufw ufw + diff --git a/net-firewall/ufw/files/ufw-0.35-move-path.patch b/net-firewall/ufw/files/ufw-0.35-move-path.patch new file mode 100644 index 000000000000..58af77215085 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.35-move-path.patch @@ -0,0 +1,179 @@ +diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8 +--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before[6].rules +@@ -41,7 +41,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. It supports the following arguments: + .TP +diff -Naur ufw-0.31.orig/README ufw-0.31/README +--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100 +@@ -58,7 +58,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example. Consult +@@ -72,9 +72,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script ++/usr/share/ufw/ufw-init start script + + + Usage +@@ -149,7 +149,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -247,7 +247,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -290,7 +290,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py +--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100 +@@ -54,7 +54,8 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ # real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -116,7 +117,7 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir +@@ -127,8 +128,14 @@ + self.copy_file('conf/user.rules', user_rules) + self.copy_file('conf/user6.rules', user6_rules) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -199,13 +206,18 @@ + + subprocess.call(["sed", + "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ f]) ++ ++ subprocess.call(["sed", ++ "-i", + "s%#VERSION#%" + ufw_version + "%g", + f]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for file in [ before_rules, after_rules, \ +diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py +--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100 +@@ -38,6 +38,7 @@ + files = {} + config_dir = _findpath(ufw.common.config_dir, datadir) + state_dir = _findpath(ufw.common.state_dir, datadir) ++ share_dir = _findpath(ufw.common.share_dir, datadir) + + files['rules'] = os.path.join(config_dir, 'ufw/user.rules') + files['before_rules'] = os.ppath.join(config_dir, 'ufw/before.rules') +@@ -45,7 +46,7 @@ + files['rules6'] = os.path.join(state_dir, 'user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(_findpath(state_dir, rootdir), 'ufw-init') ++ files['init'] = os.path.join(_findpath(share_dir, rootdir), 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files) + +diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init +--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100 +@@ -18,10 +18,10 @@ + # + set -e + +-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then +- . "${rootdir}#STATE_PREFIX#/ufw-init-functions" ++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then ++ . "${rootdir}#SHARE_DIR#/ufw-init-functions" + else +- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)" ++ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)" + exit 1 + fi + +@@ -56,7 +56,7 @@ + flush_builtins || exit "$?" + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/net-firewall/ufw/files/ufw-2.initd b/net-firewall/ufw/files/ufw-2.initd new file mode 100644 index 000000000000..bccd83ddb3a2 --- /dev/null +++ b/net-firewall/ufw/files/ufw-2.initd @@ -0,0 +1,136 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before net + provide firewall +} + +start() { + ebegin "Starting ufw" + _source_file || { eend $?; return $?; } + + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Avoid "Firewall already started, use 'force-reload'" message that + # appears if `ufw enable' had been run before start(). + if _status_quiet; then + eend 0 + return + fi + + # The ufw_start function does the same: if ufw is disabled using `ufw disable', + # ufw_start would not start ufw and return 0, so let's handle this case. + case $enabled_in_cfg in + 0) + ufw_start + ret=$? + eend $ret "Failed to start ufw." + ;; + 1) + # see /etc/conf.d/<name> + if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then + ret=1 + eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first." + else + ret=0 + eend 0 + fi + ;; + 2) + ret=1 + eend $ret "Failed to start ufw." + ;; + esac + + return $ret +} + +stop() { + ebegin "Stopping ufw" + _source_file || { eend $?; return $?; } + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Same as above (unless --force is passed to ufw_stop). + case $enabled_in_cfg in + 0) + ufw_stop + ret=$? + ;; + 1) + einfo "INFO: ufw is configured to be disabled" + ufw_stop --force + ret=$? + ;; + 2) + ret=1 + ;; + esac + + eend $ret "Failed to stop ufw." + return $ret +} + +_status_quiet() { + # return values: 0 - started, 1 - stopped, 2 - error + # Does not execute _source_file. + local ret + ufw_status > /dev/null + ret=$? + # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions. + case $ret in + 0) return 0 ;; + 3) return 1 ;; + *) return 2 ;; + esac +} + +_source_file() { + local sourced_f="/usr/share/ufw/ufw-init-functions" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 1 + fi + + local _path=$PATH + if ! . "$sourced_f"; then + # PATH can be broken here, fix it... + PATH=$_path + eerror "Error sourcing file $sourced_f" + return 1 + fi + + if [ -z "$PATH" ]; then + PATH=$_path + else + PATH="${PATH}:${_path}" + fi + return 0 +} + +_check_if_enabled_in_cfg() { + # Check if user has enabled the firewall with "ufw enable". + # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error. + + local sourced_f="/etc/ufw/ufw.conf" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 2 + fi + + if ! . "$sourced_f"; then + eerror "Error sourcing file $sourced_f" + return 2 + fi + + if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then + return 0 + else + return 1 + fi +} diff --git a/net-firewall/ufw/files/ufw.confd b/net-firewall/ufw/files/ufw.confd new file mode 100644 index 000000000000..900d3bf67bd4 --- /dev/null +++ b/net-firewall/ufw/files/ufw.confd @@ -0,0 +1,5 @@ +# If equals to "yes", warnings that firewall is disabled +# (using `ufw disable') will be suppressed and the service +# will be considered started. +# Default if unset or another value is "no". +ufw_nonfatal_if_disabled=no diff --git a/net-firewall/ufw/files/ufw.service b/net-firewall/ufw/files/ufw.service new file mode 100644 index 000000000000..9d6972036a05 --- /dev/null +++ b/net-firewall/ufw/files/ufw.service @@ -0,0 +1,15 @@ +[Unit] +Description=Uncomplicated Firewall +DefaultDependencies=no +Before=network.target sysinit.target +After=systemd-sysctl.service +ConditionPathExists=|/etc/ufw/ufw.conf + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/share/ufw/ufw-init start +ExecStop=/usr/share/ufw/ufw-init stop + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml new file mode 100644 index 000000000000..b8103d2da1af --- /dev/null +++ b/net-firewall/ufw/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <longdescription lang="en"> + The Uncomplicated Firewall (ufw) is a frontend for iptables and is + particularly well-suited for host-based firewalls. It provides a framework + for managing netfilter, as well as an easy to use command-line interface for + manipulating the firewall. +</longdescription> + <upstream> + <remote-id type="launchpad">ufw</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild new file mode 100644 index 000000000000..ec748222d329 --- /dev/null +++ b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild @@ -0,0 +1,185 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_4} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="https://launchpad.net/ufw" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ia64 ppc ppc64 sparc ~x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${P}-shebang.patch + # Fix bash completions, bug #526300 + "${FILESDIR}"/${P}-bash-completion.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] \ + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; + then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} diff --git a/net-firewall/ufw/ufw-0.35-r1.ebuild b/net-firewall/ufw/ufw-0.35-r1.ebuild new file mode 100644 index 000000000000..d5b5aa280a4d --- /dev/null +++ b/net-firewall/ufw/ufw-0.35-r1.ebuild @@ -0,0 +1,195 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="https://launchpad.net/ufw" +SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ia64 ppc ppc64 ~sparc x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.35-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${PN}-0.34_pre805-shebang.patch + # Fix bash completions, bug #526300 + "${FILESDIR}"/${P}-bash-completion.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + local print_check_req_warn + print_check_req_warn=false + + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + print_check_req_warn=true + else + for rv in ${REPLACING_VERSIONS}; do + local major=${rv%%.*} + local minor=${rv#${major}.} + if [[ ${major} -eq 0 && ${minor} -lt 34 ]]; then + print_check_req_warn=true + fi + done + fi + if $print_check_req_warn; then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} diff --git a/net-firewall/xtables-addons/Manifest b/net-firewall/xtables-addons/Manifest new file mode 100644 index 000000000000..0b1135a90820 --- /dev/null +++ b/net-firewall/xtables-addons/Manifest @@ -0,0 +1,5 @@ +DIST xtables-addons-2.13.tar.xz 322116 SHA256 d141879d438424764e953b97fbb16edafdf8ef6baa57f6e36e07b894a7775dfc SHA512 51cfa963d6f2f931b0361746e0b48f5ecf43a14e9e8d5297ef55faf0e9f8d1deb4641e88e3fea2afdbb3e39dd06d414de6057fb4a21e5184d4ea3d21b8028497 WHIRLPOOL 46463d4497d3b581868ea2a60216bfd198a8f540313c557abda3cb3033be9a853403d8d336f75ed6998d831435950efbacb462406f5d55848b76f12921f39e5f +EBUILD xtables-addons-2.13.ebuild 5448 SHA256 2229745913b3f77329ea5e5e05b0acb46044de8d0a42cf7e6c275e709c210bdc SHA512 2fddc069312fa3ae39a1e67e95627b7c1eca04bac181012a462f5f596e052ba94497a8bf003c7bd6fbf701429ea16f8c6db348d6df515c3fb5fa631962732bc4 WHIRLPOOL 9d339580bd6262c5dce406af2fe674ec822453001da5f832c08f1bda54e17422d84d4187f686bd7386979941015ccd1b7fa42d9f6f52281e828aabb5241db075 +MISC ChangeLog 4324 SHA256 afc267fed8a3e247a50f43245c13919f9157ec360837b6131d54d062bbbae388 SHA512 e7eb34915db7db57522b98895afdfc47500d03dc7265cee04b6eea8f4f50426a2aae73202470630e10d6f48e4cf64ed8e51369785724d8146075ab439ccebd5b WHIRLPOOL 72ac47e18a45962c6bbf22f1209507770bd4a2fa30f42fb30f6d956de16250346c07b576d8ebc0f48e76c85d32533d54cbdf69128cbc6ed18134a8bd90a6f68a +MISC ChangeLog-2015 8970 SHA256 96fe537b449a43efa68f2a9951887709d8329c7f97fe9c1392c59dd8041f8abd SHA512 b749f3d9723096aebb79bb71a336f0d055644ec55e5d169fe0335d05ed6286f15adec1b56c132405dc2311116a01120ebec27740b0819e07c2054e508f3dc58a WHIRLPOOL 24ecc94c0802fb43014c3656a3fcbfeb027523dc7b336db7eb7b68c05cba2f477779bfd1b5a9b232c3d55bd56d1437769655362acd1c66cf6d9e747e584b678f +MISC metadata.xml 775 SHA256 1c33ffbc4d2428b7c135dc9dd36db40f2ac518ee1f1b745657acf5f189b13880 SHA512 85474ba552703d77bc7cc18ccef424f5eeb68e23eb41e14a8c360afcdcb2632a99420fda2dca57ea15dbda3f850d939c16b18cbdc96dbfcf31a6af3f40743f0c WHIRLPOOL b6baf2383e762d33e3c12b799212b14995aa5c451206d0dee3b98de77194324abb32ecefb4ad734f56c9ba8a2b46eb4b860aa77c1a7ccd20f7c094113e76610f diff --git a/net-firewall/xtables-addons/metadata.xml b/net-firewall/xtables-addons/metadata.xml new file mode 100644 index 000000000000..4a2b4663dd3b --- /dev/null +++ b/net-firewall/xtables-addons/metadata.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <longdescription> +Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains +extensions that were not, or are not yet, accepted in the main kernel/iptables +packages. + +Xtables-addons is different from patch-o-matic in that you do not have to patch +or recompile the kernel, sometimes recompiling iptables is also not needed. But +please see the INSTALL file for the minimum requirements of this package. +</longdescription> + <upstream> + <remote-id type="sourceforge">xtables-addons</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/xtables-addons/xtables-addons-2.13.ebuild b/net-firewall/xtables-addons/xtables-addons-2.13.ebuild new file mode 100644 index 000000000000..344178cebcc0 --- /dev/null +++ b/net-firewall/xtables-addons/xtables-addons-2.13.ebuild @@ -0,0 +1,187 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils linux-info linux-mod multilib + +DESCRIPTION="iptables extensions not yet accepted in the main kernel" +HOMEPAGE="http://xtables-addons.sourceforge.net/" +SRC_URI="mirror://sourceforge/xtables-addons/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="modules" + +MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq logmark ipmark echo dnetmap dhcpmac delude chaos account" + +for mod in ${MODULES}; do + IUSE="${IUSE} xtables_addons_${mod}" +done + +DEPEND=">=net-firewall/iptables-1.4.5" + +RDEPEND="${DEPEND} + xtables_addons_geoip? ( + app-arch/unzip + dev-perl/Text-CSV_XS + virtual/perl-Getopt-Long + ) +" + +DEPEND="${DEPEND} + virtual/linux-sources" + +SKIP_MODULES="" + +XA_check4internal_module() { + local mod=${1} + local version=${3} + local kconfigname=${3} + + if use xtables_addons_${mod} && kernel_is -gt ${version}; then + ewarn "${kconfigname} should be provided by the kernel. Skipping its build..." + if ! linux_chkconfig_present ${kconfigname}; then + ewarn "Please enable ${kconfigname} target in your kernel + configuration or disable checksum module in ${PN}." + fi + # SKIP_MODULES in case we need to disable building of everything + # like having this USE disabled + SKIP_MODULES+=" ${mod}" + fi +} + +pkg_setup() { + if use modules; then + get_version + check_modules_supported + CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR" + ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector" + linux-mod_pkg_setup + + if ! linux_chkconfig_present IPV6; then + SKIP_IPV6_MODULES="ip6table_rawpost" + ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}" + fi + kernel_is -lt 3 7 && die "${P} requires kernel version >= 3.7, if you have older kernel please use 1.x version instead" + fi +} + +# Helper for maintainer: cheks if all possible MODULES are listed. +XA_qa_check() { + local all_modules + all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig") + if [[ ${all_modules} != ${MODULES} ]]; then + ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild." + ewarn "Please, update MODULES in ebuild." + ewarn "'${all_modules}'" + fi +} + +# Is there any use flag set? +XA_has_something_to_build() { + local mod + for mod in ${MODULES}; do + use xtables_addons_${mod} && return + done + + eerror "All modules are disabled. What do you want me to build?" + eerror "Please, set XTABLES_ADDONS to any combination of" + eerror "${MODULES}" + die "All modules are disabled." +} + +# Parse Kbuid files and generates list of sources +XA_get_module_name() { + [[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument." + local mod objdir build_mod sources_list + mod=${1} + objdir=${S}/extensions + # Take modules name from mconfig + build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig") + # strip .o, = and everything before = and print + sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + + if [[ -d ${S}/extensions/${sources_list} ]]; then + objdir=${S}/extensions/${sources_list} + sources_list=$(sed -n "/^obj-m/\ + {s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \ + "${objdir}/Kbuild") + fi + for mod_src in ${sources_list}; do + has ${mod_src} ${SKIP_IPV6_MODULES} || \ + echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})" + done +} + +# Die on modules known to fail on certain kernel version. +XA_known_failure() { + local module_name=$1 + local KV_max=$2 + + if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then + eerror + eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above." + eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel." + eerror + die + fi +} + +src_prepare() { + XA_qa_check + XA_has_something_to_build + + # Bug #553630#c2. echo fails on linux-4 and above. + # This appears to be fixed, at least as of linux-4.2 + # XA_known_failure "echo" 4 + + local mod module_name + if use modules; then + MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)" + fi + for mod in ${MODULES}; do + if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then + sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die + if use modules; then + for module_name in $(XA_get_module_name ${mod}); do + MODULE_NAMES+=" ${module_name}" + done + fi + else + sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die + fi + done + einfo "${MODULE_NAMES}" # for debugging + + sed -e 's/depmod -a/true/' -i Makefile.in || die + sed -e '/^all-local:/{s: modules::}' \ + -e '/^install-exec-local:/{s: modules_install::}' \ + -i extensions/Makefile.in || die + + use xtables_addons_geoip || sed -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in + + eapply_user +} + +src_configure() { + set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile + econf --prefix="${EPREFIX}/" \ + --libexecdir="${EPREFIX}/$(get_libdir)/" \ + --with-kbuild="${KV_DIR}" +} + +src_compile() { + emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1 + use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile +} + +src_install() { + emake DESTDIR="${D}" install + use modules && linux-mod_src_install + dodoc -r README doc/* + find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+' +} |