diff options
Diffstat (limited to 'net-firewall/shorewall')
26 files changed, 3267 insertions, 0 deletions
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest new file mode 100644 index 000000000000..fe1674c7e4f7 --- /dev/null +++ b/net-firewall/shorewall/Manifest @@ -0,0 +1,62 @@ +AUX shorewall-init-01_remove-ipset-functionality-r1.patch 799 SHA256 c847e50428e17ba37b072c0e14d6b77839342ad290334083124af1d59b7bca45 SHA512 c8686cb9345abd1036a8fdc6cbdaacc21a69df9dc536393a65675a2ae19c9cfb71d71cc66a9776135ad923414bde783f01dfa69600d1cfaafd618fcea65c8dcf WHIRLPOOL c2a9945b08e178a99e23d9ef752d220992ee783f90a3ef02072821f5340493d37a59c07a96ae0a60abc8b7f32bc9ae1e7ff1feed102aa7afffdb70b27997b8fe +AUX shorewall-init-01_remove-ipset-functionality.patch 740 SHA256 ae880cdf3c4a7a2f1c1d128f345f847e1a18054349c03d6a6fecf8ca3dffc87d SHA512 aa35a780fe353970c4fe589ea7f57b010d58276aa51d7212459e80812a234aba8094bf85e7370b2b260a90ad36f80815bfe3a83178c5c7ca40cb15df9dcea0b6 WHIRLPOOL 2748ff87ddf254c18ac5c152fc61f4088ce6e2af911a1f90d5bfd9731ffc4a070f809bdf9683c15168fb1dab7b70be79ea898412609fc14f6692df97bb151318 +AUX shorewall-init.confd 152 SHA256 990ae5e4498ddf071de317f7746fb3eadca77fab37631d814f2f56d588ff2937 SHA512 105393c3cbdd1820066e41ed941b6a79cafde3196eb723c06ca984fc663370d6902757467339b6b4ebfb8d00167b9f85311b6842dadc564029313eb36f1a389b WHIRLPOOL d24e38eb1ab20799a515543f586dfc95854d2eeb5dff10cc8ddd1fb7878cc854c9115dde8bdf9387e349cdb75381c8ce03972d05bae858c8ae04efa75ece0299 +AUX shorewall-init.initd 4357 SHA256 bc5bffdca1957d413182ad247f8d4082faef9517ff01c32a4485c8daa0493033 SHA512 5cb410e0fe0391fd467f212b3e1cf3ec4c7fa3289de2341edbf301ce9087e7cba05a36999a8203d7bce28ac35a429c10bc017a96b750aec1bf257987aec23245 WHIRLPOOL 5dab913af5c253d3fdc0edfece0eade26b6630f174183b1befd2339f1fa901b022286614fa2a7e563aa452157df4b8ee4d322cc1efeb6edf446c490d7ae4420d +AUX shorewall-init.readme 1233 SHA256 01439a974c15797954f3b9ce8fc7dbd8c81baff79e6a4e81e745416103896ce3 SHA512 8dbb70cc381b81ae811dcbfbcff63f5de0ba776472107a7d3b53e912fe50f20acb59f5da2aecec5de87ad0513a40fb4b4dfa30b51ff5f4b0da9186504870304a WHIRLPOOL a4293a49656253e3d7903b5a067d67b1bffdb1fffb3d92a43a2c32dd8a796998c67ad66beb756b4c45db618ab72b0dbc1bc81f183976c174b483bb4a2401a643 +AUX shorewall-init.systemd 389 SHA256 06e6e307997f3cf33135fcd9c6f0cbe3439ea693a4881188f9b07e33600d3451 SHA512 458c5fb5d894f307cec27fd42d05a1b16f10d556afd11a7b73f75be8eb072aa5256ba6095b4e3454694b9bc3e6cf80d7f40314bbe368ebfd4646074a12669f4c WHIRLPOOL 72b32aad7ad3d6d35cee28aaeca562b46a9636b4f347016ddc16e9a10f27aa69a0f4657ab89daa95f19ad5332d1bdf815c1182e4188862e015d4ac453747014c +AUX shorewall-lite.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall-lite.initd-r2 2236 SHA256 4637dff8741acd93e07163c51259710b5aab4a0460b8de0be8fa2f0c6d451b93 SHA512 3277922dd65ea573ddc210f07f42831b18275157a595c95517e7306cccd75e2884d30acd36288b2082becf3879977a85efdd0456fc27466d2acff3cd921f6d0f WHIRLPOOL 251914570326868920b2c6ec243b717e2284011dc0c71fb4626faaac6b5f7d224ce78b16da2e8e38dd4d1dfea8e56a490c552c15baec3eb4753fc851528a5da9 +AUX shorewall-lite.systemd 603 SHA256 6af780b780dfe3adfbcbd1f7418e6ae836ec420c0e23cf104f441c21917e6f98 SHA512 b9ac8ca1f31d29dfbd6a3e9387932ebf954e18c634df7e6118c55e3eaaf20a835e47e0bad07bb4ae1c47e76cda91bb3d03cd59f61805e48c194833b86d14a54d WHIRLPOOL e3261e2f21390352533c635efc0de801e35e2d0f9a47f225180de4b3e56df2766d1bf3a889efb364701562c55de1f94c69bd7180780aa3b595ba01a01bdfe8c0 +AUX shorewall.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall.initd-r2 2652 SHA256 f856ecacfc758831ddba5f41444ec86f4a4cff0113cfe6a15e862afec52d7c46 SHA512 aee8747282dd8e7ecc7cd50ce358d8701f7bff3e5325d3da474aaa31edbf0833345338774fa51648498e398672f9a0ddefc49f3c2c09f5bf075571d9247c6858 WHIRLPOOL c71c4a3bbb4114ac61a403acbfffd137126fd0c1fb30fe83483a530639213da003244b53c01c952b56407e5c660ae17ec4e8b22c2cd4f3a01fee4e5accaf5055 +AUX shorewall.systemd 568 SHA256 90765e232ab1697e0aad47ba756823c9cd4fe6892af5b3b4ee18be4ca4d1c671 SHA512 eee635ce7818c416f3563fa8453d580a77451bc87bf12a285649ab22eb68c8d001ce54a8ba70742f46c7b1104acc3e2b9aba4878267992ad84f9042b625b0634 WHIRLPOOL ff7fdfa74343b5c38898be62f73b04381cdfe036abf3e0e65200b5a3ec1d5942074aa4dca3cac015f338dc016b3dca6d8dd706c7aefe7dbaf37bfb1b6e2d8372 +AUX shorewall6-lite.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall6-lite.initd-r1 2469 SHA256 e25dc2c646e38fd09c9f355a7765c6946ea55a19e99969e1856a75774d88c77c SHA512 036af6bafbbdf1e8f6a69efdf0ffb69992b262cd0c4ac7cc1ab7e3fec8d8b023e8528dc8fcfbff43f4a70f5eff0d1e48fea34007b9b3bb76b0c94615eb494ce7 WHIRLPOOL d0ebc2d8fb516af6b645ceb92ac222f85cb11a2b96aaad2575cc4b52ea0dbd28a8f1600a340fdbc08038b4909a9211b915e1238f662a9e3be0c67b31dd33866c +AUX shorewall6-lite.systemd 612 SHA256 1335ad400127a701b389288d81c5ffb95ba75b7edcc055061cee48e382c42295 SHA512 0bd832d4f8857bf9b1c9c776a53739d8666f002d1caab29c976a248916cf1eb5806d6b59dbf7ee8a120a3158b10e6fa6e179e34fe9fa6077a794ffa7d1e06cec WHIRLPOOL 645f73fdd7a99899fd8266d1903723481fbbf48e12efd5e44617c739c3165110ef0e082381c2821c94c99736f6ffa66d6db228afa4294587bcd729ef19d1bb6c +AUX shorewall6.confd-r1 197 SHA256 b9c439320c89b9896f983993782c5b5ace5c50eb7302c9889db5d3deed8ffa43 SHA512 fee275ba8089b0abda5239edb06a3ab70c96acbbcd715c1a3aa5e92ba976294525c251b67b00d876e45f7c827767db45bd7623df42cc68c822234a7ea13d527b WHIRLPOOL 4e52e21f54e89d69422074fce01c5fd3291fffaad9ceb96a6191a2dc1fd54765e9dd0117d965f96fb0aa2f9f82f92e414dff96fec21ba942d70b076a25a27b04 +AUX shorewall6.initd-r1 3168 SHA256 abad250a922cea9c9a5774bcad1a5de006d40511faef59b07c62356e1abc818c SHA512 3149b1848ed76b1d04466195810572c96cf1a68ffce6005c8c6cca08df7d7c8914f3c185ed80a357cf30cef23f076559ccb1df3236f443abf089133eeffe42b3 WHIRLPOOL 4f0597ab7853a633856ea2c492608b306f4d1a54f7912f45055bb10f1561a90221e8b3a0925d3e14e44c46ad6b3e37f04c89eb3a5a2a44b5060b7c3354ff5f7e +AUX shorewall6.systemd 577 SHA256 84543b65bfcdc02bb9d364b997a0805320508b6614c64eed7ffd3035a6097f14 SHA512 96b69df246a18e8b7dbfdbe78959da1baa8f2a97eb290853d4040a895f2ae91b97addd2ab4e4e19345960ffe8f1b099442f40ce319b27f0d4d8d7d4780d2e78d WHIRLPOOL ace953292744d4187b32471c828f053f5e816067d396418fca6f4638e6770491e3e5404c8252edf565bf68d53aca2bb096eaf5f4614adee46fdb975231852d36 +AUX shorewallrc-r1 2075 SHA256 300c00dd1f71ca0ef3f3244ab3fb19ad63493242b7d414450de6bbd47db403e2 SHA512 9cf87d5b5807b224a325c9d038f159e55d277ad3eca62a1fd82d06d9ec1d0f71e58b239c57532b9b081271c7ab6f90b281cea1dca0bb9ea26e1e1c8ddaf3a691 WHIRLPOOL d7c135563e67f4bfca6c0cdb7aecc2792334ea6601e46f45dfd6d88fd4eeccde45f3adf86d55f1884dbc22cf9d0b8990fd82d441288089cc367237fa83a9fb39 +DIST shorewall-5.1.5.2.tar.bz2 520374 SHA256 ca33a7bc9c590638575edb8a530b76a9b0bd844877bef7df7c23646e839e137b SHA512 aed35f0a00944d70bb2bdab195f151e3770e73dabe07a59c1b6dd7fce5147866c73d44325df9ded475c37b258cf7c31c8d1348c58476fadd5b98217b7f0b3888 WHIRLPOOL ac0489f4ec152ff57a6da6be2c86b0fe45281ad9bb09e3fd53aba11b94252bb44ec5a71f069e2541b5c4912922fcfbbbce6004804c395e17929c78465a0cd102 +DIST shorewall-5.1.6.1.tar.bz2 522476 SHA256 90702872726c30434ef87c19be1742ae5f04b4e0b1f9ee7761810b618b38a05e SHA512 604ee6150add87a5c121e863ec3d65f454b6ae1724236c80c08e2ce3365512966126f9d28d07c7e6a273d5626e02e5625015f91f6a7166b830f6ccb667f731ba WHIRLPOOL f0e70c3949e9f9b59a5f5a19ee1023ecc6dc2ece2e420245f67fa2d7197939bc1197402366d8a560d7e29231accd5ea1456a005df30c7deaa82f25e01375ff2a +DIST shorewall-5.1.7.1.tar.bz2 523943 SHA256 386223522c12c5279ec522efed137e3f1b5f638e396bbdef3e3d077104f8c053 SHA512 14ff5d4a19d355d489a6dd4ebdd1901112b8ac0cfdba1e0903ff9ac775fa02e3b923294b200dae1fb3113c7b7d43673b28877cf6dab8a07a844cb31b42393137 WHIRLPOOL 8717e3902fefcca580e189be80647caf39c76d1a0097f3d4e9ef5e2ff9f8c71b5a02e2b472d26abe57ce2f243b9ebba197a6fcbf84d566a7f49ff357f74e81a7 +DIST shorewall-5.1.7.2.tar.bz2 524263 SHA256 e7c4cde2d04894ddf6e8dd8a8f96e96e04574181807cfe9f78915fa0dfc836e4 SHA512 05599609b50189e300cd71eda6876ac5e8878a2d2ab7c1635afc1b79f1ab3c9bc92c1ac1758aa8996d10bb37783d1fa29c76adaa879ec93bc12669c3dbdbed9b WHIRLPOOL a2fcc48c9c51161c4a2ec692fa29215824a412056fdc15203892e6a9752c2239722462be89f26c4e7374ceb0131ba35df87847a3f16329438c57ec8f8dec0208 +DIST shorewall-5.1.7.tar.bz2 523676 SHA256 d19e6461fee8e497d3d569d69b4e0fed7736870171dd15ad8287e48facb25be0 SHA512 24f8dff494ee39926cb25680f62b2cd9073ab80b249ab57af5419af2211fc964d64e0bafb651879ba519677e0f844d5617cefe09f769369572c9c1a00149bce6 WHIRLPOOL 503fbf422b3888073cc64cdc4ba43c90a376b139252df3c146266d7da238b3aad92c1d778f5d1e8a45e4b9f1e6255e5c623c1b0530be68e95b184f7d56d0d21e +DIST shorewall-core-5.1.5.2.tar.bz2 77435 SHA256 24ca9c2e506cadda1fcbf621b376db0ebb3f3802cecc53d1518753a9cb77d450 SHA512 d4e0ef22d288e6addc2ce41813f2bab56fa142893ea495ef59dd1a636995e2a71e88477c38cac1004f055a7333ab0db27a334ca586b88558d6b781966712bff2 WHIRLPOOL 526495ae9a13a2e0dfc6dc7fffec0a7f8dd1be111be35ff2356bcf403c12c7e76993c82b2cb5b76541fa613856b23a5499b86a7a72b52062e7a21bd3b61e9082 +DIST shorewall-core-5.1.6.1.tar.bz2 78891 SHA256 31b48d50ce9a6b256739679c03ea4c6c219149b34201e6637f0ed2ccc6dd3530 SHA512 090425813791bc78531a46c493a54cadc3ac6106963c87abb3c48f0863267f71bccad644209f2893f9f1ec06057595242f12fbd59312c7e8dd932f0c3bc29236 WHIRLPOOL c255fd892a299fe8ef56a923b4c8511df2cbc21ce8821f90257b2e9a1fd66a20ec2a5070365dc7a6b43e40c0b0645c845b122a67b4dbc6e71e8a9f1de919b13b +DIST shorewall-core-5.1.7.1.tar.bz2 79801 SHA256 482d2d283cc891c7746c8f44cf745e7d54615f65e9eb67874a5c1d548f15c5ba SHA512 5a11a5f85518df3b57b77e16f8b8c7ff7b169a86d87ce21beb764e5a3e9651d1d07f4d5fe50ed0c15c22b7bd608aaca8aced9c0b892d7f50c712195fa22c77a9 WHIRLPOOL 62e6d98a376f90219b47b24432cf81f8654bed04b899136efedf0931b97543f9cdb6cd7459ea168a525c24477197fa0b61f5a21e0aadfc42893e42777983a4c4 +DIST shorewall-core-5.1.7.2.tar.bz2 80213 SHA256 c1f78229d9633ea6b35ec067c9724003e2929a39ae54ccd8e6875776d155cd70 SHA512 73c547d6985f17f5c2f2fe4a846a7db76fe514edbc03b7b2f191b437405ac6175cbe3dba615839bb46658031f7cd74ce26221cac42869818e5131b1836d43951 WHIRLPOOL e58a64514f50b375670908cea228610abab9bdb7a8300d04a3c728a70b662da144711e09124fa6149e61c941d165f93a65d162cedbc739eb670ddad4d86f76ff +DIST shorewall-core-5.1.7.tar.bz2 79711 SHA256 c94baf58a61b79407fbaea84a6439d323b17d02912dd81838f7b5ed07ccf1340 SHA512 91836595a3f0df8db6d26eeef47207e94364748e55762de771340ed368ea10be2c445680a57a2864fdfa68b35da18ee256cc0f8dcf6c53494c39f09da8ae829d WHIRLPOOL 4fd47f0b46c2881917561b9234acc38548fb9d4a1ef1e2f706a8eaceeb1d44aa0753a93fecddb7ebc80be9e19c20fdd853c22ca2ab7ae21e092aba7e60921b58 +DIST shorewall-docs-html-5.1.5.2.tar.bz2 4218574 SHA256 18a601050b6fcf6b5839ead037e96ee28ae85eb34262d7d614183cbee6169ef5 SHA512 a66161a601f5417bde8612a154c3886dbf81985e127955bbec213dcaa0e4778b2a3aabbf1dcf257d36db0806b5822bce5fa11a555da36427abbf0deb8f6f1501 WHIRLPOOL d8607b0c7ea3b7bd7b685e99895867f9e37bc2a0c8a5520a59311696fc0e2817452e36865c08e7b758a72fd9a546bf5ef6a47f4098f993cf8c95ad4e1f426dd8 +DIST shorewall-docs-html-5.1.6.1.tar.bz2 4218958 SHA256 db1d61b013f035a2e7d515f483d789fa160fe7a250e12e9efec5a79fb2ef1144 SHA512 c620209dd6fd9f044088e11e1adf8bee5c481bb27db76bfae5f42fae242dc139526cc457507251d5d00e55a652b358aa7ac3586ec10e28210e00f75932007277 WHIRLPOOL 36936c55029db3875f1a14014eb2c25845412f74bec22205a24919faa34c8b447539bbaa29189ed547bd63989ba20d1c4376fc5fd4d02d4c227f10d733fc0835 +DIST shorewall-docs-html-5.1.7.1.tar.bz2 4219011 SHA256 4f7c5d85945aff85ba4287d0afd63fa476afae0f3b22ed1cdc661cf18f963001 SHA512 af1c97e4e23ba9a80963161124e26ee322b8ef8900457c5e98a34e8af795d3122bb3b54cf026148543e33c7045827d51d07b3af913d9472646e07bda339695c3 WHIRLPOOL b29a81f77a006aaaf8ea1881925dcdb102219d67657c529f733b996011743118a9c743a4496db673fd38a25c114703529698d1986f562be70c73ac47f25095d5 +DIST shorewall-docs-html-5.1.7.2.tar.bz2 4218919 SHA256 348e9bf9c97e97aa3f8f425e30da9f6c89d2b7c5a035a21ac4c3e792ef33ac95 SHA512 b9c85d228b65ecf6b9e29ba316b8cf878a06832bc94f62e2ca8793c02c95bae7be934dd45dc572b31d8e4cff00e1092c8c8681d7c1fc4759c5700a1b8f868f55 WHIRLPOOL 01c51b28a9bcbed7e9a8d257ef01ecc113ba0ad095fce02d6fc17b3b341fd5d340281dfe1db0699ae1ff81e990f9413436d9fa0920846ae9f4b4298a483bede3 +DIST shorewall-docs-html-5.1.7.tar.bz2 4218629 SHA256 81a9906479bab465e61b420cc9904487ccb490f10bcaef4a5487ec5ff46a1428 SHA512 c24351701983c8b0e6b429094084cbfec1360eaaf4cae8c58b3513c3783957ae1b16a5b0443f07b6ccb4cbf5726324b7670f07dfe5fe1b0e58ec127d305baa4e WHIRLPOOL a31f6822011fb90e4e6b00f20f7f604a4cb4a6f67fc2563754bfb447a2fb2a09a86001412d3d47190f6ce388bdc321ec99fc32fd23015566fe0381f8a1f6a4c2 +DIST shorewall-init-5.1.5.2.tar.bz2 32646 SHA256 1ae9771f20ca3ede897fe0ee4443d65011dde37d6ecc146150ba22c980b6f272 SHA512 de67e167bbdd5e2860e01fb55f07b695011ce7473b98b374f605263eb0aa66e7de645cd7716526ecbf01bf8b65fb5e08294c85bf55ec45b54b78f1b66e80565c WHIRLPOOL d1f1d05b384b63b087e48afa90ded85e333d1ca1d8e90196de2540c8705239f55326ffa5d421f6c03e651e6d7076e18786ab47009c09f31de2cc6fe13910ac36 +DIST shorewall-init-5.1.6.1.tar.bz2 34153 SHA256 ad20b348e32f6cc332521b07ef89a891978453e56cfe7fbe916d1f83ae594194 SHA512 f6ea4aad0c0da6da8436dcb27441088cefd8312e37cc6d62187fd8210790b2be5452cc06f1823f1958c53cdec2e4b14abc5be31a7c029739838f5bbc6d143a00 WHIRLPOOL b5d6f01c5670a60a3471f1fffbd341ca914c20d39516ad5bf63693c7ebda882c0fa572d5839f28ef94d40a95216a1b13573b470fe14676f0421aebde62769fd6 +DIST shorewall-init-5.1.7.1.tar.bz2 35144 SHA256 e814448295918102fd83da6286925c59fc3387a211d9cf0e808509613e9b571b SHA512 dfbab688e60475e6e69279f4c48ce7492227ca3d541b171f2e4308793d7b6bd46cce7899a6ad0f1c48e817db576ddf3dea9d826d36ff5745f8f84c98cc6317f7 WHIRLPOOL d58ffd4fb4f643a6692f080f512b2be86bab43fe7701555408ecd5c34ead78374d960a6c6528579a7e68db53fdaa9bd7d1201f51a3bc3c0a4e6fee532bcea858 +DIST shorewall-init-5.1.7.2.tar.bz2 35347 SHA256 f47900550045901a38a96fbcad6e401f86cc53ba0a94c44e1b3903b0e6358609 SHA512 9f295da51cbfe7c2fa3aab4029b18ff4bb9c4834d852e2a4cc3770fbed6eae79797000053ad7097ba831e01f710bf4c030d1f3b0cda93cb8da3dc3befa6ae0f4 WHIRLPOOL 1d47c4211959193334e921a82fe50b2cfb353ac6f3635bb96d1b8500a8dacaf2ddf2d62f96874dd3c2d9f4dd9d7e7f689fee4254b528bf1fe92a47fff5d8cca5 +DIST shorewall-init-5.1.7.tar.bz2 34955 SHA256 c0a0218d209846cde2581ecc93d70eb8ae26bea976647db2f1fa887140f10811 SHA512 3951b24a0e992c45021d5e79d5ab4a1480559ba321c4c5c57b40068373bb4b14f45edf525e9cc384657167330ef8f6cec46374c84a8dcc7fb641a88e27e40a4d WHIRLPOOL f319cf109987cf627794d60beabcf988a2cb2a54abacdd84a46e60344960ed9371adeb6367fd3318ebe9e24a562a199a3ed98edca31a1e992757ab2db252f58e +DIST shorewall-lite-5.1.5.2.tar.bz2 38424 SHA256 acf092c051ce4e19b0aa67b1828511ec446006133c4451d9c13f60275025a397 SHA512 300793d3a123ab63cde988667a53e931adf7f40e6987bb5b57a60376502ad4ec46316e45bc0c589f82f3fb118ee6f78a0646f7aa5ef522791eea10e7ff2430da WHIRLPOOL 2a8b775d87601cb4e792fe817e0d2e7eaaf6b162eb9ed762081ec502239d1dc33d3843e9742b532d582939dc143561de617246aeb27a83448625bc4935d78505 +DIST shorewall-lite-5.1.6.1.tar.bz2 39930 SHA256 64424e0c69aff83fc02a73db5b1c7ee10fb916d317c027987ba40c8aff6ddd8f SHA512 69cfca2e703680238b32c8ffe3431a9267625faa3a03bed28593f0b0e8a5accc7d58ef4b91b77f87fc44e09f279d41e0302094e1d5255fc3ed1f6fc51863c07b WHIRLPOOL cb993586c09297aeaf8a37cbde8afa99f93687b62b1a5551e70e10ffa9633ba67077dc9323af583293c7e1d07b0ba558d2b1a124709fef147021bf9c5cffee9e +DIST shorewall-lite-5.1.7.1.tar.bz2 40847 SHA256 7e9f09a34eca462f58aaf3f43326a830d924d3868b6cb82a3d1f27875aee128c SHA512 5422c3a0fd53d37d615a81d1bc2273042ca1011ae64f357c295fb81b49962ab8a51343a7eb71819018fb6f1f3c9045b27a6b289974ad3bd436d8c85f24c5da63 WHIRLPOOL bf3baba44eda3457af584e0dcbe1e312dd2d890c9650523856b43a93f747b7ce0677ea0c5320ab51d1c4f733a5c4951505eae19223b4a9aeeaf5673a7eb6567f +DIST shorewall-lite-5.1.7.2.tar.bz2 41048 SHA256 e5f4f97031ef81ef599391279e18c26762f3db6dffc5fee33f3e93f37d92618c SHA512 385b072f93015259b6bb57a07c62815ac27c858c63254cd968240761a230e8b781207ee9f1cc9e6caab43e8f12c60e42cfcbaa6f938c964184b14e5d360bee83 WHIRLPOOL fe88d3f7df02164fe17f141dc1dfce9f082688ee133f93e8af63b4046981cf879560bff4a148fc21739f84d76bf3eda58906bf280fda81fc8bbec5f21f277535 +DIST shorewall-lite-5.1.7.tar.bz2 40648 SHA256 c55d2077bfc72f50bd49457984060d9cc0cabdefa26674662f8a68ccf1aad65f SHA512 a6ac156496aa52ff4bcaa4f6b72b3e0bcb93876a029a54f81989fd3d02ef2fbc9ebf870731912080c59e5f3afd56ebffc17fcaaf30716ad65693b72130e05500 WHIRLPOOL 974815a3ea8032638905da17fbc7f46441cb73cc4660f57f733fcd571a4ea606658db00c98518e914fe681a67effe19e5e681e0b1afccd5986bff7b6d86d68cb +DIST shorewall6-5.1.5.2.tar.bz2 188754 SHA256 c215a762ebb9c0a35be7463e1a2db2397ee1c01ab32c2224528f8de4a5ac9ac6 SHA512 1dbb7304f1f349ceb84a34c397a8c12e4fc5e9bdcd001d72881dbf76dda37e8e8448419f00c705e430f5f2e57cf3a7f9dc834cde6119d18cbeabf9d5a0e67e35 WHIRLPOOL 0daf72a3755b83b1ac3c6d90911149410cb9918f9ad312bd16f90c900880e32e852f5cb89791fdd68f14c1ae2389a365a23b94f430e227c687ab820d1b6d7619 +DIST shorewall6-5.1.6.1.tar.bz2 191131 SHA256 4732c560aa9166b35fbefaeecf6dcedf9f5224e1f56a739b3b1d30724af3affc SHA512 a26acc30f81c7419d9cbb8fd9f0a95c4647e4247b5f4f6232fc414abdba85c85ad8b127f441137cffa1dd88e7bebfba8a785416f54df36f77a36a50b4971b0f1 WHIRLPOOL a9cbe284762ee8af930808c8bb25931860ea9014e00c5b1f2d99ae48ffd31fa96a92dd0bb7ab43bbc44a7d02c5e8e5c334d938db3414b1c0e7069175f04fe026 +DIST shorewall6-5.1.7.1.tar.bz2 191749 SHA256 d950eb1acdffa5d6af19f4f9cc81c76e293c75af26f847452ca53401f9d7093b SHA512 fdea35fb2b6d9e7418d2c2d9124a3c05e42080240aa6e2faa23ef004e2b4ef7e1a05f965d6cdf1c3b224a7c226724a3f2e68b597c026d3b8abdc0326cb545b2a WHIRLPOOL 2dcff81b201b601ad5d5dab38a39344f3dffcfc2e90fe8b39ef31b4f3070295871cc87b5b17e3f9651c9131c1df4702413cb8735d4953088f6df99a8a01ce568 +DIST shorewall6-5.1.7.2.tar.bz2 192087 SHA256 8cddd2baafe71ebfd9aa691400bc320ab0672791f5d8f1e82067d91c3586deba SHA512 2ce5beb6be5ce9a5f9b1f116468f2834188938c5893ca2a9fdc7d76ab43ed487a7dd59cca5a8098ecee06274c1c359543ff57f2d3efa5e4ed8fc728702f6a689 WHIRLPOOL db5b3569689d3dd05e82316e9d7851f72e18b7df1a84b768bf6ceb546bf470843d31834a0e3d5a40e6c83597b65633efc9507eb75709a66f1c1d7223162792c2 +DIST shorewall6-5.1.7.tar.bz2 191614 SHA256 624fe000c881a75109f65f5fb11480a2f997b06237db546e51aeee2ed49dd10d SHA512 9423d6a141c61e1ca5546fd21e5db145c917d6e6825805ff404f5531449a0125f8288d0954e101231fa4d0a521e6db3993b4b312caba3188e41bc579eef350c3 WHIRLPOOL 7635d78eecf9f3e13b98e0577dff7687be34abdbeb8eee7d152ef1a0610dd9e82bf18024185ffe14caaa47053b809307e47b2aa111f7d03a8595a35d7c297ccf +DIST shorewall6-lite-5.1.5.2.tar.bz2 38137 SHA256 0b65ef615be93f921af6d8c11f702f2c46ba18d989fe12fe048732c53cf841de SHA512 e8961abdb7c105820d8420f623cbff72af33e2d35701bb0f81f2fad5364e91b88d5d1317d4ffc8e00c3b32d50c96f6c0dccda20cd981c5f6cc7aaf1662af8d27 WHIRLPOOL d3b04c2c6e9f3a10b8bbc0da1e5691dc3e428501ee52547e548eed05b14d54aec243111f711cb66ecc734efe5217dffa0230b1045296f90a60da88c390ba33bf +DIST shorewall6-lite-5.1.6.1.tar.bz2 39636 SHA256 a25a1430a09d797991f0028f76f5252b86ef898801fc8eb3e6c8ca695d1d2a98 SHA512 eb059a1d991e72cd7b4522ddecb5557918803b5ce8c79552919d7c2798aaab96548b2dea5950f9c3311091950307496c034d63f5389f745b6282074d20d9afbc WHIRLPOOL 2ffae1f3afafcf576d11265562f9f22e6d58061b509d9ef7fceb57980b1d8c8a598efd39aaec5e3bdbff4004a39741eccb0fec8ed0417ff9f36a09e417bb9047 +DIST shorewall6-lite-5.1.7.1.tar.bz2 40514 SHA256 a199a395ce4d23081338955c68fbf657c25e972b2656ef370544854074fa672c SHA512 a8fd7e33d1558fbebb53d1dc19c3784aac2d6095e1404c44030cd513cee5a6330632c50e86eedb0a6773b67acc77ca0d2fb26352c3f784abc8ac936d6f96c437 WHIRLPOOL 0276cbf74644205042dff963124e655fb8f0e14aca31f5550833f95ae84f1b569be77473324e8603b523d5dc67a0de74d6459b8634c2519af6eb5fc84276992e +DIST shorewall6-lite-5.1.7.2.tar.bz2 40737 SHA256 bf22e67559ebdeff464cd910b97578a4c82f5fcc87bc77aeeb9fb4a5ca2a71be SHA512 9125d4380b91f0bcaaedfef6bd5ba89ada0391bf322cd1a00deb239eebc2e818a994844a653daa2e8784bb21ad7ed51798fcaa129e28da08c66de4163fe13bdc WHIRLPOOL 12c5e8036ae08d312ee52af40157f7ad8c18e0ccc8475845b22a3ce7647a73105b8a2f9034851f3e547ed6c47b2a7f0ef566de6dc96a19a20b1da429cd90a170 +DIST shorewall6-lite-5.1.7.tar.bz2 40346 SHA256 2fa19a4c5046c05e4e5cf28d4b50dab0061f05f2a17cb0f8fd265812276cb975 SHA512 6e118b2fa369aa42dfade55b3b4c8855b3d950fd664c5cf2c22539c99e2065e8924e86970ea0f17b7b8930d1c28220bc425ef4329222f0c11feb872ba0145eb9 WHIRLPOOL 2f5be4d88e48e4ef535e60e050343ef78b2c4fdfa9918e79947e43107d3e8d46272c7c6f1134f4762b48894a9334daed2ddef4fa3843cf4670be54b9bb799714 +EBUILD shorewall-5.1.5.2.ebuild 16128 SHA256 cba49be9d3db23d946b260230f6bac2cfd2a7129b6c28a347c0ddd7990ae87a3 SHA512 2e7819897605c85866379b0bc9afd6bf89b1aacab27fc74917e0eae5816fdc2907201898be665d292c7a49fcfa1d0055e1b983a6881ab4dc83b691d6c2eaf0b6 WHIRLPOOL b0d80a8a547fce661a54ee4968ea875f33f7bfeba97d05b32aad6ab99e0a3471d77453c50cf678a5eb045056f878ea1dc060d92a61a5392294e344f97acee383 +EBUILD shorewall-5.1.6.1.ebuild 16135 SHA256 ba21c1957048088e635f857f9e4c932b1a60318384b9c89daf1822126eaca9e0 SHA512 f820651601fb30da69461a97cb590ebd519f37f0cd28866c64ad8389348b8700e4f25f43661cc4f3bf4ad13ff3cd0211035f528daa53b72b49597fb2a63ab30d WHIRLPOOL 0ecb98e00a3db7b215a3b5489c73912291aa70ff66f284a9653d97db5218bca9891028f8f0af2d60c1354c24c8fc835bbfe3ed26ec0de41b5701eaf9441f6e9a +EBUILD shorewall-5.1.7.1.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252 +EBUILD shorewall-5.1.7.2.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252 +EBUILD shorewall-5.1.7.ebuild 16138 SHA256 79e5158f3926ca0ea70430045e62e77d7dd34f22d69cf842bf4c8636220a4d6e SHA512 cfbc716de2ced76ab84b2adf32e7342351ba02ecd5d557e8a60111d655f699f897a4725f4d4f37fe5a2093346fbad9fea923db3d0bd6fe47e995f86477da7a34 WHIRLPOOL 3adc3e8d77686dc96e3f97ae7b93471ea43b3532cf3d78f55b61ec2dc978e2cc438f06cc84d909d6ef1e4c427e2fcf278113ccc7c54c52c9b321afcb3618c252 +MISC ChangeLog 20688 SHA256 7aae34526acf517056612b27d66a66d7ef22cb12bdfdf6e125386397b50ce3b3 SHA512 82bfaee85f9880adf5e5d0c5c116ee1c12f2cdcf09257419a0fed75c899c77569b2e96250d9eb073bfa0af7d80e241d30da88e0e8f8325ad35042fc511d41d4e WHIRLPOOL 6c24b24142e84fbd8b306ffd357bd7b0345e8cf2d498d6158ce2e9d9291defd6fa9aa40447b7cc1a8660ab76e8d167225fe289d57cb9b7b67c15768aeaed157f +MISC ChangeLog-2015 45029 SHA256 14c5a921b9bf1d140687dca0c9413f6ac23d4e2e9949fae1ce3b904b740fcbb2 SHA512 1140e3d6294d81b9511f6ef68dcf3d7bf84fa19423a7dde2540f9b96dd5dece1c60c1e02881a5ccf2a9a30fc3b7182ee890d59bc99a11827216106227e1ad5ab WHIRLPOOL fe4e74862743493a9cba6889481a081102977a60ee5ff0d31a155e79ca253e3b7740a93dac2ea3a3496949fcd08a6f99f7fe005836155522762d2df404b39621 +MISC metadata.xml 2254 SHA256 a8cdd75aab250e4e1001054d71fd9cb0e29bf0882de84593068787be2d3ecd3b SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33 WHIRLPOOL 078d62ca37deb03f7097c7d45e3f0fe3106a277a852be3dfafb4dbe59f30a8f618423978d79ff81cd362638eb8d197f8dc40decf49740d74934475fb6266b00d diff --git a/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch new file mode 100644 index 000000000000..8b7925d6dceb --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality-r1.patch @@ -0,0 +1,30 @@ +diff -rupN old/shorewall-init-5.1.7/shorewall-init new/shorewall-init-5.1.7/shorewall-init +--- old/shorewall-init-5.1.7/shorewall-init 2017-09-18 18:28:43.000000000 +0200 ++++ new/shorewall-init-5.1.7/shorewall-init 2017-09-23 15:46:03.489914459 +0200 +@@ -80,10 +80,6 @@ shorewall_start () { + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -101,15 +97,6 @@ shorewall_stop () { + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp" +- else +- rm -f "${SAVE_IPSETS}.tmp" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch new file mode 100644 index 000000000000..8b60eb245fc0 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init-01_remove-ipset-functionality.patch @@ -0,0 +1,28 @@ +diff -rupN old/shorewall-init-4.6.10.1/shorewall-init new/shorewall-init-4.6.10.1/shorewall-init +--- old/shorewall-init-4.6.10.1/shorewall-init 2015-06-09 20:02:00.000000000 +0200 ++++ new/shorewall-init-4.6.10.1/shorewall-init 2015-06-14 17:16:17.396424059 +0200 +@@ -78,10 +78,6 @@ shorewall_start () { + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -99,13 +95,6 @@ shorewall_stop () { + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/shorewall-init.confd b/net-firewall/shorewall/files/shorewall-init.confd new file mode 100644 index 000000000000..1b126be4e8bf --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.confd @@ -0,0 +1,6 @@ +# List the Shorewall products Shorewall-init should +# initialize (space-separated list). +# +# Sample: PRODUCTS="shorewall shorewall6-lite" +# +PRODUCTS="" diff --git a/net-firewall/shorewall/files/shorewall-init.initd b/net-firewall/shorewall/files/shorewall-init.initd new file mode 100644 index 000000000000..95873ef5eeee --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.initd @@ -0,0 +1,191 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" +CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" + +description="Puts Shorewall in a safe state at boot time" +description="${description} prior to bringing up the network." + +required_files="$SHOREWALLRC_FILE" + +depend() { + need localmount + before net + after bootmisc ipset tmpfiles.setup ulogd +} + + +. $SHOREWALLRC_FILE + +checkconfig() { + local PRODUCT= + + if [ -z "${VARLIB}" ]; then + eerror "\"VARLIB\" isn't defined or empty! Please check" \ + "\"${SHOREWALLRC_FILE}\"." + + return 1 + fi + + if [ -z "${PRODUCTS}" ]; then + eerror "${SVCNAME} isn't configured! Please check" \ + "\"${CONFIG_FILE}\"." + + return 1 + fi + + for PRODUCT in ${PRODUCTS}; do + if [ ! -x ${SBINDIR}/${PRODUCT} ]; then + eerror "Invalid product \"${PRODUCT}\" specified" \ + "in \"${CONFIG_FILE}\"!" + eerror "Maybe \"${PRODUCT}\" isn't installed?" + + return 1 + fi + done + + return 0 +} + +check_firewall_script() { + if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then + ebegin "Checking \"${STATEDIR}/firewall\"" + ${SBINDIR}/${PRODUCT} compile -c 1>/dev/null + eend $? + fi + + if [ ! -x ${STATEDIR}/firewall ]; then + eerror "\"${PRODUCT}\" isn't configured!" + + if [ ${PRODUCT} = shorewall-lite -o ${PRODUCT} = shorewall6-lite ]; then + eerror "Please go to your 'administrative system'" \ + "and deploy the compiled firewall" \ + "configuration for this system." + fi + + return 1 + fi + + return 0 +} + +is_allowed_to_be_executed() { + # This is not a real service. shorewall-init is an intermediate + # script to put your Shorewall-based firewall into a safe state + # at boot time prior to bringing up the network. + # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz + # for more information. + # When your system is up, there is no need to call shorewall-init. + # Please call shorewall{,6,-lite,6-lite} directly. That's the + # reason why we are preventing start, stop or restart here. + + local PRODUCT= + + if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then + # Starting shorewall-init is only allowed at boot time + eerror "This is a boot service, which can only be started" \ + "at boot." + eerror "If you want to get your shorewall-based firewall" \ + "into the same safe boot state again, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} stop" + done + eoutdent + eerror "" + eerror "Yes, \"stop\" and not start." + eerror "" + return 1 + fi + + if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then + # Stopping shorewall-init is only allowed at shutdown + eerror "This is a boot service, which cannot be stopped." + eerror "If you really want to stop your Shorewall-based" \ + "firewall the same way this service would stop" \ + "Shorewall at shutdown, please run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} clear" + done + eoutdent + eerror "" + eerror "Keep in mind that this will clear (=bring down)" \ + "your firewall!" + eerror "" + return 1 + fi + + if [ "${RC_CMD}" = "restart" ]; then + eerror "This is a boot service, which cannot be restarted." + eerror "If you want to restart any of your Shorewall-based" \ + "firewalls, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} restart" + done + eoutdent + eerror "" + return 1 + fi + + return 0 +} + +set_statedir() { + STATEDIR= + local VARDIR= + + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) + fi + + [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} +} + +start_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +start() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Initializing \"${PRODUCT}\"" + ${STATEDIR}/firewall stop 1>/dev/null + eend $? + done +} + +stop_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +stop() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Clearing \"${PRODUCT}\"" + ${STATEDIR}/firewall clear 1>/dev/null + eend $? + done +} diff --git a/net-firewall/shorewall/files/shorewall-init.readme b/net-firewall/shorewall/files/shorewall-init.readme new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.readme @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org diff --git a/net-firewall/shorewall/files/shorewall-init.systemd b/net-firewall/shorewall/files/shorewall-init.systemd new file mode 100644 index 000000000000..2b4695855f3a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-init.systemd @@ -0,0 +1,18 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall-lite.confd-r1 b/net-firewall/shorewall/files/shorewall-lite.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-lite.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall-lite.initd-r2 b/net-firewall/shorewall/files/shorewall-lite.initd-r2 new file mode 100644 index 000000000000..b319a0e7af2b --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-lite.initd-r2 @@ -0,0 +1,90 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +if [ "${RC_SVCNAME}" = "shorewall6-lite" ]; then + PRODUCT_NAME="Shorewall6-Lite" + command="/usr/sbin/shorewall6-lite" +else + PRODUCT_NAME="Shorewall-Lite" + command="/usr/sbin/shorewall-lite" +fi + +description="The Shoreline Firewall Lite, more commonly known as \"${PRODUCT_NAME}\", is" +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reload reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} ${PRODUCT_NAME}. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + provide firewall + after ulogd +} + +clear() { + ebegin "Clearing all ${RC_SVCNAME} rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in ${RC_SVCNAME}" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +restart() { + local _retval + ebegin "Restarting ${RC_SVCNAME}" + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +start() { + ebegin "Starting ${RC_SVCNAME}" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +stop() { + ebegin "Stopping ${RC_SVCNAME}" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall-lite.systemd b/net-firewall/shorewall/files/shorewall-lite.systemd new file mode 100644 index 000000000000..a9d66e732bb1 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall-lite.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall.confd-r1 b/net-firewall/shorewall/files/shorewall.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall.initd-r2 b/net-firewall/shorewall/files/shorewall.initd-r2 new file mode 100644 index 000000000000..4826610e2216 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall.initd-r2 @@ -0,0 +1,107 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +if [ "${RC_SVCNAME}" = "shorewall6" ]; then + PRODUCT_NAME="Shorewall6" + command="/usr/sbin/shorewall6" +else + PRODUCT_NAME="Shorewall" + command="/usr/sbin/shorewall" +fi + +description="The Shoreline Firewall, more commonly known as \"${PRODUCT_NAME}\", is" +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reload reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} ${PRODUCT_NAME}. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + provide firewall + after ulogd +} + +check() { + ebegin "Checking ${RC_SVCNAME} configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} + +clear() { + ebegin "Clearing all ${RC_SVCNAME} rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +refresh() { + ebegin "Refreshing ${RC_SVCNAME} rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading ${RC_SVCNAME}" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in ${RC_SVCNAME}" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +restart() { + local _retval + ebegin "Restarting ${RC_SVCNAME}" + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +start() { + ebegin "Starting ${RC_SVCNAME}" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +stop() { + ebegin "Stopping ${RC_SVCNAME}" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall.systemd b/net-firewall/shorewall/files/shorewall.systemd new file mode 100644 index 000000000000..0844178b0d1f --- /dev/null +++ b/net-firewall/shorewall/files/shorewall.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall6-lite.confd-r1 b/net-firewall/shorewall/files/shorewall6-lite.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6-lite.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall6-lite.initd-r1 b/net-firewall/shorewall/files/shorewall6-lite.initd-r1 new file mode 100644 index 000000000000..9db79c334513 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6-lite.initd-r1 @@ -0,0 +1,92 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reload reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6-lite" + +depend() { + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading shorewall6-lite" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall6-lite.systemd b/net-firewall/shorewall/files/shorewall6-lite.systemd new file mode 100644 index 000000000000..5ca1a0d2d1a8 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6-lite.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewall6.confd-r1 b/net-firewall/shorewall/files/shorewall6.confd-r1 new file mode 100644 index 000000000000..daef3054274a --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6.confd-r1 @@ -0,0 +1,19 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Reload options +# +RELOADOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/shorewall6.initd-r1 b/net-firewall/shorewall/files/shorewall6.initd-r1 new file mode 100644 index 000000000000..43a7d1b1f410 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6.initd-r1 @@ -0,0 +1,117 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reload reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reload="Reload is similar to \"${RC_SERVICE} start\" except that it assumes" +description_reload="${description_reload} that the firewall is already started." +description_reload="${description_reload} Existing connections are maintained." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6" + +depend() { + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reload() { + ebegin "Reloading shorewall6" + ${command} ${OPTIONS} reload ${RELOADOPTIONS} 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/shorewall6.systemd b/net-firewall/shorewall/files/shorewall6.systemd new file mode 100644 index 000000000000..182c71bd0803 --- /dev/null +++ b/net-firewall/shorewall/files/shorewall6.systemd @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V5.0 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +StandardOutput=syslog +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/shorewallrc-r1 b/net-firewall/shorewall/files/shorewallrc-r1 new file mode 100644 index 000000000000..3fc48c392404 --- /dev/null +++ b/net-firewall/shorewall/files/shorewallrc-r1 @@ -0,0 +1,24 @@ +# +# Gentoo Shorewall 5.1 rc file +# +BUILD=gentoo #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=${PREFIX}/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SERVICEDIR=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. +DEFAULT_PAGER=${PAGER} #Pager to use if none specified in shorewall[6].conf diff --git a/net-firewall/shorewall/metadata.xml b/net-firewall/shorewall/metadata.xml new file mode 100644 index 000000000000..e985bb0b02bf --- /dev/null +++ b/net-firewall/shorewall/metadata.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>whissi@gentoo.org</email> + <name>Thomas Deutschmann</name> + </maintainer> + <maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> + </maintainer> + <longdescription lang="en"> + The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. + You describe your firewall/gateway requirements using entries in a set of configuration files. + Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and + tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. + Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a + standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus + take advantage of Netfilter's connection state tracking capabilities. + + Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and + there is no "Shorewall process" left running in your system. The /usr/sbin/shorewall program can be used at + any time to monitor the Netfilter firewall. + </longdescription> + <upstream> + <doc lang="en">http://shorewall.net/Documentation_Index.html</doc> + <remote-id type="sourceforge">shorewall</remote-id> + </upstream> + <use> + <flag name="init">Adds the capability to place the firewall in a safe state prior to bringing up the network interfaces</flag> + <flag name="ipv4">Installs everything needed to create a full IPv4 firewall</flag> + <flag name="ipv6">Adds the capability to create a full IPv6 firewall (requires <pkg>net-firewall/shorewall</pkg> ipv4 USE flag)</flag> + <flag name="lite4">Installs everything needed to just *run* an IPv4 compiled firewall script created with <pkg>net-firewall/shorewall</pkg> ipv4 USE flag</flag> + <flag name="lite6">Installs everything needed to just *run* an IPv6 compiled firewall script created with <pkg>net-firewall/shorewall</pkg> ipv6 USE flag</flag> + </use> +</pkgmetadata> diff --git a/net-firewall/shorewall/shorewall-5.1.5.2.ebuild b/net-firewall/shorewall/shorewall-5.1.5.2.ebuild new file mode 100644 index 000000000000..20be5c54927e --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.5.2.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.6.1.ebuild b/net-firewall/shorewall/shorewall-5.1.6.1.ebuild new file mode 100644 index 000000000000..ea2ef11ce095 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.6.1.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.7.1.ebuild b/net-firewall/shorewall/shorewall-5.1.7.1.ebuild new file mode 100644 index 000000000000..3b7545ca47d4 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.7.1.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.7.2.ebuild b/net-firewall/shorewall/shorewall-5.1.7.2.ebuild new file mode 100644 index 000000000000..3b7545ca47d4 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.7.2.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-5.1.7.ebuild b/net-firewall/shorewall/shorewall-5.1.7.ebuild new file mode 100644 index 000000000000..3b7545ca47d4 --- /dev/null +++ b/net-firewall/shorewall/shorewall-5.1.7.ebuild @@ -0,0 +1,456 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info prefix systemd versionator + +DESCRIPTION='A high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [[ -n "${DIGEST}" ]]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed" + cp "${FILESDIR}"/shorewall.initd-r2 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed" + cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed" + cp "${FILESDIR}"/shorewall-lite.initd-r2 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed" + cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} || die + eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" || die + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + eapply_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [[ -d "${D}etc/NetworkManager" ]]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/* + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + local v + for v in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/Shorewall-5.html#idp51151872" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "*after* you have merged the changed files using one of the configuration" + elog "files update tools of your choice (dispatch-conf, etc-update...)." + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + + # Show this elog only once + break + fi + done + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi + + if ! has_version "dev-perl/Devel-NYTProf"; then + elog "" + elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!" + fi +} |