diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-firewall/shorewall | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-firewall/shorewall')
40 files changed, 2881 insertions, 0 deletions
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest new file mode 100644 index 000000000000..1431e17c8cce --- /dev/null +++ b/net-firewall/shorewall/Manifest @@ -0,0 +1,25 @@ +DIST shorewall-4.5.21.10.tar.bz2 489469 SHA256 961331ba61e5e6dccc106e43685e45f19bf1e155502067c88e18ecf94c2a794f SHA512 bdc673b999c99624c61caa1239ac3a58c4d85743179de05ed5fe947e755fc4b01425da34b67cb5e6db693c62bf25e316517f1473b450a1d76887e69e4e384682 WHIRLPOOL 04a7afd30d79d6360ec325e7df06ffd6e911d938382a4c0c331312ddf6951d6564f5a0452b244095309fe4ce00b1c72838b0ef76e198e137c153a617dc22e8e5 +DIST shorewall-4.5.21.9.tar.bz2 489618 SHA256 a1fc41abcba3181235e217a5da53bb25d11e6cdeef49dde82a0daeb2bb305fc6 SHA512 137eb33f63a25533f90150de5cd246f47e5072f838f8e42b044bd6a620bce767f8cb2b9da995fcfb61e37ab6774ea97819f6f7408f669539917b419262a68496 WHIRLPOOL be464ef64e06b35ff9fdf74e9b6a8c88b8de1aa766ec3bf2a7ccf9b69731ba23dc638047f5ad44f451ab93e093458f8f88d7b16201d61bbdfce40075f9ef25be +DIST shorewall-4.6.10.1.tar.bz2 496061 SHA256 de527474f5bac6bf59678321c604748c48efe28a897d339a2187a45e3efed8ef SHA512 a5ef4783ff04b6faaa2e25d1da57ca3c46860960859dad5cd3b8d3cb252626b1db39c35767b226333f10db7b08b0fb18c0c09cd4eaf14586cb02b1a4259b571d WHIRLPOOL 26ebb72e769d5ca7489f718cabdb1f9cfb78e2acd514329c7036edcafe27f159ffa4cdadeeb1cee43619f748474fcc7a614011147976abb14cf627503a542e3f +DIST shorewall-4.6.11.tar.bz2 496630 SHA256 b504371e94281330fef8e60efcf8fcde0d4898322001930e7c9a11b4aee1599c SHA512 8661c89ad7e632e69206d5f308d2cc9bb150efc8e99fe911c55383c82fab5543915305f72e515e13a2d28917a3afc69088b52ec1dc8d126915516e2db699d40b WHIRLPOOL 5a645e4c25f1641a3a6634fb9b8572cc83e80f110fbf734c7ef724208616e1c94430d6594a675c9650de838d4e9ec2b255d5262b3487c6fbe06743c07966f1b2 +DIST shorewall-4.6.6.2.tar.bz2 485880 SHA256 db41744e6303e031e29be531dbedd4191624c4a70f9e23fa0b450e26953708f4 SHA512 9b37430a51b84e16d6fec3bbe0581ff18d1f8f15defd4d73ac6a13cd68eebe063da129a9b422079a433f5d4b3bcd7c0800d844cb05bf0ef0c41aa36fe57915f2 WHIRLPOOL 09c90c5871c546d8e396bca32e1a2b8b1a7041653330b74930c415bfe2b94ff24ac4c34f38644c6b539495a277410c59c3816f396f86060754bd4247fb622194 +DIST shorewall-core-4.6.10.1.tar.bz2 58247 SHA256 5af804f39f4480685e995080dc8913d4af61af70d5a478dd00bbf0593851b44d SHA512 1028e0bf950aecbc77c6c263ab8351fb8ff90b6077a0d6bf7c0d882559f5d8644ce0f2c6aec6dd3614d90a319277763460909e345e1e004cf8ea1f548e369284 WHIRLPOOL 0a0834eb355e05679b5809a18dd0749c6c06ac3130a9ab375587c7e6134042c01762775ac136f0396c051f4ac4b2f379141d111760929a42da6f00656a96e120 +DIST shorewall-core-4.6.11.tar.bz2 59476 SHA256 7651aee387eb497f71b0645234b0ae39eac906bce1d622475a1fc4401817ceed SHA512 28bfa0900826ec3f70d85257d086eea186a0a49a098b66a6263ed0812877d9552ec13a0e5a535816918e03314236893a869afb3918606a9debcc9b047798fd3d WHIRLPOOL a04ff53322eb8dda8e1cec656be689be60865dbd5b9b6dc885e461da5bfcb0995f2b8576a6dddabea7295337e0d8b37ce05351d7f6dbc0a63b7233f88cc0bd6a +DIST shorewall-core-4.6.6.2.tar.bz2 54127 SHA256 764c8c22f619cdfd61eebd77e9f271a168515d44c4578b85af44921cc1f3b675 SHA512 bab5a8f1bb17a5273a5eadb734ad378a8b617b9a8be47a2a825f941d20c5161c88ce87dae285ebbbdbb21fe18c2e8cc5eff9b1097daef2d8def37c2eced05d6a WHIRLPOOL 8fd70565cfe0c6abc946cb41fc5cb1eca9ccc613fb4898f07b92f878fedd6293bc40e0aaf7c4af11f3e67ba47b341f471d69700e3edc0cc9426b4aad3bf38fb3 +DIST shorewall-docs-html-4.5.21.10.tar.bz2 4146174 SHA256 cdbc5f3654f7cfb6f0c3b3750a7174df8fa0590dfe34df055300140b3eb13192 SHA512 94852cc094d6a485cacc4023a2819431f1bfd80b8cbcab29981c422fdff9dfee90697ae8a9bda7ded3a8be03db516bdd5f4bcc4b83e7d01bc433a8c88d23731a WHIRLPOOL 6f02d0e3255dd1e31a43193f67f9b957546a6ae574631e61364f81244bee887e7f21c38f412fa21cde77b3d89aaf0e14e43909683db0c9c32edeb455c20b998e +DIST shorewall-docs-html-4.5.21.9.tar.bz2 4146065 SHA256 9056c22b8232d8276cc53a6eb74940bab42a250c670cb5baa42c75cfb89efdef SHA512 48b2c692ba59b7ec74307909e43a95104e212c9b8e21af7f0dd9f3438ac4f24a6fd2bcc6517966681517aef03beaa8faf03efd74406966d97b68cb416be8551b WHIRLPOOL f68cba7ecaf8c541e58d26c157914bff2d90cd9deae30af7323ca69c68d028217133f53e597bf383191aee83fab29203d233b3cd1e75e4cf08d9e17308dc25e4 +DIST shorewall-docs-html-4.6.10.1.tar.bz2 4185752 SHA256 eeaec18b7f8663f0b836b76d140d3fad7871075de90f18ccc7b9fbda1538a787 SHA512 1bf1b3f5745d54af3af5f9bb6417c661e2bde8028d699aed4c4fcbe7cf301b8eadfed7be5e9bfdd677659c362d1e757eee13cd1b497a0c6837c179883c33e3a8 WHIRLPOOL 937fc4f76174f615de86eaa08690ebbe42f658154320d3e9972cbb0bcaa461e11fdaf5390f517f5d2f905aa5996ecb7399ca07d1767f647a49d33b1220e8d547 +DIST shorewall-docs-html-4.6.11.tar.bz2 4175307 SHA256 e1f6966d5d06b043eb3b7f91d8b6d87a0f90418ecd173af2e3e817670435bd8c SHA512 85b5efa3f8bd9322fa8f982e0cdcf4e1ccdd99f419b77dce51a39a5f2d6ad02de8d6123437a2f55b5af2467cb59d9cbb8bbbd32195ab1587fc329c6f65173471 WHIRLPOOL 01577073dbbcf8e16f8dae2a2295bd4e60d6b5ce48384ebc8dbb03d0b75cf9b3c72c51dcdfc4934761f021eed85c26e0eeb637853b99af42702f5129be0ce25b +DIST shorewall-docs-html-4.6.6.2.tar.bz2 4178931 SHA256 89c6b3baba42bd3a4d7f67ccfbae395fec4054412bf636ff60a889dc2f5edc57 SHA512 63686a59eb6fe6330b036800dc99758bdfaecc1e67cf95c4dd3cc014db2e96a17a76d8cf92d1f44582990b34b53d062327c850187bc0a83e4d2369ac7e03d032 WHIRLPOOL 31eacfe0c6ea3dac32c24de0c5d01214f3ce4e2b95306e3d6e4165a636a7f6f225fedc741d19fa995c148a2758ec08439da0d5e1cd654483e2e5be4f21a5dfda +DIST shorewall-init-4.6.10.1.tar.bz2 37674 SHA256 c3948dbe48230358eb4d5a370a44b247f4a6e6f28b1c4853be23d9abda79f6ba SHA512 71507a9c27f9a8286f82567f731714fe5a6f5b21f1f3f27f3a3ba9171301361948bef9824a9a45445d65f74039c4dca3ffc83e74a6ffd33783d1528ad581578e WHIRLPOOL 23c886b1015c6430d819d3010b8cdc587d88054f55b8092238438310562affdaead265a40a74dd888d1c939367afafa0ebecfe8946ceb202bab126ca2232cd97 +DIST shorewall-init-4.6.11.tar.bz2 38404 SHA256 025958f609ccfea21229f4a3f76e030f82d4d9b444ccb71e5c82f620c46ca35a SHA512 5b0dd33885825457d94ad2c59cd9b3690d9a5bfad43a8b281ba55537c1e8edc7e1de227ac0bcd22162b54bc31cc606b9db1387f2618739b2ef28292b5b6b8be7 WHIRLPOOL 06b79197b9a61fb7d63c19b7e145e08fd68e9adbbc8c60b224882649f6759848b411f99fd39a7ff9c65b9aafb33b76005c788a16a28498d19cf2622e1bd94336 +DIST shorewall-init-4.6.6.2.tar.bz2 34467 SHA256 361374cd8f52cec0f807e07a7a100da4627595c7c80c2d75d050ccee1a342e67 SHA512 760eb593c53e89622c6efafe8a46f43956aa606853f26c9a5402ca43eabbf1243a2dd3c2d64cc4a1e70da54bd0fb86de31c0f5dc14aefd0540b37745c243fb48 WHIRLPOOL 64953fab35a4a95ece8757b786a301caefbb47bd70821b61c48bfbbb445ebb3f434ca87ac5808bdf691a5469d2e2e3dd47b8857f272267790282ad8bbeb8b3b9 +DIST shorewall-lite-4.6.10.1.tar.bz2 53535 SHA256 9944da74b9496fe29afe6ebab8f4a37cfb24a6a701282231dd6916831e064c38 SHA512 79347ae6c62e8f039efb2a21b10fd33d08831b6595b64fb4806cc5fd812216d295b73c859db775c0c19cd7c8bdfe67f21042db0d0b47ba47ab6b430d1d522659 WHIRLPOOL 593b8872ea0ff95c5847c51c9c3c312329017cbd7e96efcd39bf1a41a32ef3e99a29deb797a4260422d1bfd86ef4ca72b25024b7d2f5e4e17464df1f3f25571a +DIST shorewall-lite-4.6.11.tar.bz2 54339 SHA256 6b939754c685dc2e218ebb1f5bd4d81b1c73df8c99545d83644e5c7fa50dd568 SHA512 5a75a8e03bf48666e04cc2f5ac2a4e352b5624e8adfb1e92de400624691508fe2fe22d6f5a4e48dd412d4011d3ea737d7e0b098c56480daf72fd4801ec98f834 WHIRLPOOL 205387277cb6132c43ff18baad40c3ce6fbd7c483e736fce5f5775febeb68c3cfafbae3162682f1fb05312e48ca15c0851bb538761f6e53b5780070108397aa5 +DIST shorewall-lite-4.6.6.2.tar.bz2 48495 SHA256 6bd25fa1066da5272fa9bcc7a8a6041462eda682895cd000afce354bf42d9ebe SHA512 3c073b7531448c2d704bbdd0a7ad0287948d8969c371954f05a3cc276e6fcaaca907c554f4549c26aff2256d393fcc53221e7a1f93ac058cf519dc55c822104d WHIRLPOOL 1743c799022ab2a5ed1d86155f917120b44963c064d75b4168ea48b4e0b19970ccd1d944eb22eef0ea96f0abf396d60420508bda3f2cc30a33207c2edd12b27d +DIST shorewall6-4.6.10.1.tar.bz2 231553 SHA256 1a2e303e9361fccf393ebfe512cf8d770b522f6b65a0a125a5e4aa0b28dd6e0c SHA512 acb678bd84e68d72f5dafd00d03feedefc8b954f7df9a4e6d57c70647ad2b046f7145c7b5de729d8bf1258a036587a687ee41170add2a50a411675be61de7d3d WHIRLPOOL a3451ff58bc32f4d720f5b8c6db226ac924cf0179084f351b7b35773f011c1b0b5feff2e9544a7b198995d297637e210b80adfb483db198e186b24a1954d2cc1 +DIST shorewall6-4.6.11.tar.bz2 232736 SHA256 1b7a58f97c40c28c4ff8b614a44cc2bc8a8e4a332afa2b5b132e78ec06fef866 SHA512 5ae1a89a980efaf860a32a106a24c98d7543bf4523361b62b568b390a5a515e67d6090523499d2e9bae9421f5a6ceb29460efed8286c41ea67d8912e4fe59ab4 WHIRLPOOL 627d0b4521ce90a3d8ea34c98c1ed9fea84ba7f631c1478c58a3ce52fc538c05116278526d66ccd08e59326467e4bf5eb44ff8e5d74ef47ed4c0492644c0b1e7 +DIST shorewall6-4.6.6.2.tar.bz2 225643 SHA256 b475473eaf9d4a8b4067214f8fa14f1c1d97cdb77c180abd9e22dfdea6b9f637 SHA512 a448e6367459fe06ff2869e45d06a3ff31ce5c7a6766920ad8367e251f8380ccf9cc62333d011f79baa7d3d97efb42fcadf1c6aecce124f2a3b94c15d3454db9 WHIRLPOOL 7f1fc2288983cb779872098362d98c7820164207dcbbcdf63d0fbec4b8fb2190724fde10f071f51ad51ba3f8f10282ecba5ba4f4b976ffa816da39935c336c54 +DIST shorewall6-lite-4.6.10.1.tar.bz2 52669 SHA256 ce19583541f5eb39acad33099af087d030374d467eb64aa4415ac9b18e65c5a8 SHA512 a33ab4b2397864329f35e6352606b13d04fb8ada17777c98d75bc685411bcf9453bf452d3a0b6699c537081483347c542bdfa547d71ca4c0c41967ccd755fd2e WHIRLPOOL ff3ef6e3ad68f69f47e71553061e845ed125735c1c6986180835397c8148386349a0317debf592917ec5ed0734c3af461c5161d9a061c6b8a6ff5c81d52743f0 +DIST shorewall6-lite-4.6.11.tar.bz2 53501 SHA256 fb9a4a42d39e3277c7f49fc09eacb6e347bc08485281c578cacce8429a055a84 SHA512 4010dd36a1cad7fc491272db202914964a1588779645e12fb0dbaa9749c37e1c28b15826ac6b07449609cbf1e77a979a29619c8cf6a9fffbbe6d1f34c843b560 WHIRLPOOL 62554f304364c61dfde283042a81568ffc740c754d7078b462b5cf8cc8a3e7afb072325900e74c99c1efb5586a35c103a190cb618dd82b8d5cb09a1b9d912f02 +DIST shorewall6-lite-4.6.6.2.tar.bz2 47909 SHA256 a7a6de15ea84a0486c9ed92492fcd6f731f2c4ce71f06ce3c59f3abf3780ae86 SHA512 0d5b0fc3d166cfdd58978e1d6b36e2ac19a0d10b5b59bbf2fa62e79040e636d72256b120df14a7d8111dc39d24ac218758feb07c5fb2119aa61e51f78c567597 WHIRLPOOL c02c11ca0f578022daf96b2c594a7f62d042cf875c7c35682eaa2b312416446239c21c9af31f965536761a081015d73ae49b553c7cc08850955378d1cfb76af7 diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch new file mode 100644 index 000000000000..55b8f7039747 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall-10-fix-ipset-support-detection.patch @@ -0,0 +1,29 @@ +Beginning with 3.14, the address family of the ipset was checked and an +error is generated: + +root@jessie:~# ipset -N foo iphash +root@jessie:~# ip6tables -N foo +root@jessie:~# ip6tables -A foo -m set --match-set foo src +ip6tables v1.4.21: The protocol family of set foo is IPv4, which is not +applicable. + +Try `ip6tables -h' or 'ip6tables --help' for more information. +root@jessie:~# + +This caused the failure. By reversing the order of the terms, an ipv6 +ipset is created (if supported) and the ip6tables command succeeds. + +http://thread.gmane.org/gmane.comp.security.shorewall/31349 + +diff -rupN old/shorewall-4.5.21.10/Perl/Shorewall/Config.pm new/shorewall-4.5.21.10/Perl/Shorewall/Config.pm +--- old/shorewall-4.5.21.10/Perl/Shorewall/Config.pm 2014-05-26 16:47:21.000000000 +0200 ++++ new/shorewall-4.5.21.10/Perl/Shorewall/Config.pm 2014-07-20 18:11:28.186658453 +0200 +@@ -3961,7 +3961,7 @@ sub IPSet_Match() { + if ( $ipset && -x $ipset ) { + qt( "$ipset -X $sillyname" ); + +- if ( qt( "$ipset -N $sillyname iphash" ) || qt( "$ipset -N $sillyname hash:ip family $fam") ) { ++ if ( qt( "$ipset -N $sillyname hash:ip family $fam" ) || qt( "$ipset -N $sillyname iphash" ) ) { + if ( qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src -j ACCEPT" ) ) { + qt1( "$iptables $iptablesw -F $sillyname" ); + $result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 ); diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd new file mode 100644 index 000000000000..898dc319b0c2 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.initd @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall, more commonly known as "Shorewall", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall" + /sbin/shorewall ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall" + /sbin/shorewall ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall" + /sbin/shorewall status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + /sbin/shorewall ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall" + /sbin/shorewall ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall rules" + /sbin/shorewall ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall configuration" + /sbin/shorewall ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd new file mode 100644 index 000000000000..db278fd54585 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewall.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc b/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.10-r1/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewall.confd b/net-firewall/shorewall/files/4.5.21.9/shorewall.confd new file mode 100644 index 000000000000..e5957167b5b9 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewall.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewall.initd b/net-firewall/shorewall/files/4.5.21.9/shorewall.initd new file mode 100644 index 000000000000..898dc319b0c2 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewall.initd @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall, more commonly known as "Shorewall", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + /sbin/shorewall status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall" + /sbin/shorewall ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall" + /sbin/shorewall ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall" + /sbin/shorewall status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + /sbin/shorewall ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + /sbin/shorewall ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall" + /sbin/shorewall ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall rules" + /sbin/shorewall ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall configuration" + /sbin/shorewall ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewall.systemd b/net-firewall/shorewall/files/4.5.21.9/shorewall.systemd new file mode 100644 index 000000000000..db278fd54585 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewall.systemd @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-firewall/shorewall/files/4.5.21.9/shorewallrc b/net-firewall/shorewall/files/4.5.21.9/shorewallrc new file mode 100644 index 000000000000..46f5eb9a3603 --- /dev/null +++ b/net-firewall/shorewall/files/4.5.21.9/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality-r1.patch b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality-r1.patch new file mode 100644 index 000000000000..8b60eb245fc0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality-r1.patch @@ -0,0 +1,28 @@ +diff -rupN old/shorewall-init-4.6.10.1/shorewall-init new/shorewall-init-4.6.10.1/shorewall-init +--- old/shorewall-init-4.6.10.1/shorewall-init 2015-06-09 20:02:00.000000000 +0200 ++++ new/shorewall-init-4.6.10.1/shorewall-init 2015-06-14 17:16:17.396424059 +0200 +@@ -78,10 +78,6 @@ shorewall_start () { + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -99,13 +95,6 @@ shorewall_stop () { + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch new file mode 100644 index 000000000000..620e479f92fc --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch @@ -0,0 +1,27 @@ +--- shorewall-init.old 2013-09-08 23:25:36.364924304 +0200 ++++ shorewall-init 2013-09-08 23:29:27.418736392 +0200 +@@ -79,10 +79,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -100,13 +96,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.confd b/net-firewall/shorewall/files/4.6/shorewall-init.confd new file mode 100644 index 000000000000..1b126be4e8bf --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.confd @@ -0,0 +1,6 @@ +# List the Shorewall products Shorewall-init should +# initialize (space-separated list). +# +# Sample: PRODUCTS="shorewall shorewall6-lite" +# +PRODUCTS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.initd b/net-firewall/shorewall/files/4.6/shorewall-init.initd new file mode 100644 index 000000000000..837d609bb9fd --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.initd @@ -0,0 +1,192 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" +CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" + +description="Puts Shorewall in a safe state at boot time" +description="${description} prior to bringing up the network." + +required_files="$SHOREWALLRC_FILE" + +depend() { + need localmount + before net + after bootmisc ipset tmpfiles.setup ulogd +} + + +. $SHOREWALLRC_FILE + +checkconfig() { + local PRODUCT= + + if [ -z "${VARLIB}" ]; then + eerror "\"VARLIB\" isn't defined or empty! Please check" \ + "\"${SHOREWALLRC_FILE}\"." + + return 1 + fi + + if [ -z "${PRODUCTS}" ]; then + eerror "${SVCNAME} isn't configured! Please check" \ + "\"${CONFIG_FILE}\"." + + return 1 + fi + + for PRODUCT in ${PRODUCTS}; do + if [ ! -x ${SBINDIR}/${PRODUCT} ]; then + eerror "Invalid product \"${PRODUCT}\" specified" \ + "in \"${CONFIG_FILE}\"!" + eerror "Maybe \"${PRODUCT}\" isn't installed?" + + return 1 + fi + done + + return 0 +} + +check_firewall_script() { + if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then + ebegin "Checking \"${STATEDIR}/firewall\"" + ${SBINDIR}/${PRODUCT} compile -c 1>/dev/null + eend $? + fi + + if [ ! -x ${STATEDIR}/firewall ]; then + eerror "\"${PRODUCT}\" isn't configured!" + + if [ ${PRODUCT} = shorewall-lite -o ${PRODUCT} = shorewall6-lite ]; then + eerror "Please go to your 'administrative system'" \ + "and deploy the compiled firewall" \ + "configuration for this system." + fi + + return 1 + fi + + return 0 +} + +is_allowed_to_be_executed() { + # This is not a real service. shorewall-init is an intermediate + # script to put your Shorewall-based firewall into a safe state + # at boot time prior to bringing up the network. + # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz + # for more information. + # When your system is up, there is no need to call shorewall-init. + # Please call shorewall{,6,-lite,6-lite} directly. That's the + # reason why we are preventing start, stop or restart here. + + local PRODUCT= + + if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then + # Starting shorewall-init is only allowed at boot time + eerror "This is a boot service, which can only be started" \ + "at boot." + eerror "If you want to get your shorewall-based firewall" \ + "into the same safe boot state again, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} stop" + done + eoutdent + eerror "" + eerror "Yes, \"stop\" and not start." + eerror "" + return 1 + fi + + if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then + # Stopping shorewall-init is only allowed at shutdown + eerror "This is a boot service, which cannot be stopped." + eerror "If you really want to stop your Shorewall-based" \ + "firewall the same way this service would stop" \ + "Shorewall at shutdown, please run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} clear" + done + eoutdent + eerror "" + eerror "Keep in mind that this will clear (=bring down)" \ + "your firewall!" + eerror "" + return 1 + fi + + if [ "${RC_CMD}" = "restart" ]; then + eerror "This is a boot service, which cannot be restarted." + eerror "If you want to restart any of your Shorewall-based" \ + "firewalls, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} restart" + done + eoutdent + eerror "" + return 1 + fi + + return 0 +} + +set_statedir() { + STATEDIR= + local VARDIR= + + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) + fi + + [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} +} + +start_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +start() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Initializing \"${PRODUCT}\"" + ${STATEDIR}/firewall stop 1>/dev/null + eend $? + done +} + +stop_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +stop() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Clearing \"${PRODUCT}\"" + ${STATEDIR}/firewall clear 1>/dev/null + eend $? + done +} diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.readme b/net-firewall/shorewall/files/4.6/shorewall-init.readme new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.readme @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.systemd b/net-firewall/shorewall/files/4.6/shorewall-init.systemd new file mode 100644 index 000000000000..e98565fce8a1 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network-pre.target +Wants=network-pre.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall-init.systemd-r1 new file mode 100644 index 000000000000..542e2c26223b --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.systemd-r1 @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network-pre.target +Wants=network-pre.target +Conflicts=iptables.service ip6tables.service firewalld.service iptables-restore.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.confd b/net-firewall/shorewall/files/4.6/shorewall-lite.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.initd b/net-firewall/shorewall/files/4.6/shorewall-lite.initd new file mode 100644 index 000000000000..c3375153c44a --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.initd @@ -0,0 +1,74 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall Lite, more commonly known as "Shorewall Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall-lite" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + ebegin "Restarting shorewall-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + ebegin "Clearing all shorewall-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in shorewall-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.systemd b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd new file mode 100644 index 000000000000..5898ccb86c14 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd-r1 new file mode 100644 index 000000000000..b24fca8e33a3 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall.confd b/net-firewall/shorewall/files/4.6/shorewall.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall.initd b/net-firewall/shorewall/files/4.6/shorewall.initd new file mode 100644 index 000000000000..76d7741a1ecd --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.initd @@ -0,0 +1,99 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall, more commonly known as "Shorewall", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + ebegin "Restarting shorewall" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in shorewall" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall.systemd b/net-firewall/shorewall/files/4.6/shorewall.systemd new file mode 100644 index 000000000000..986c3510454a --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall.systemd-r1 new file mode 100644 index 000000000000..209d3f78ee33 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=iptables.service firewalld.service iptables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +StandardOutput=syslog +ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.confd b/net-firewall/shorewall/files/4.6/shorewall6-lite.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.initd b/net-firewall/shorewall/files/4.6/shorewall6-lite.initd new file mode 100644 index 000000000000..527eb5b47a26 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.initd @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6-lite" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd new file mode 100644 index 000000000000..768a84f2ded1 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=ip6tables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd-r1 new file mode 100644 index 000000000000..eda311d1b9c4 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +StandardOutput=syslog +ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6.confd b/net-firewall/shorewall/files/4.6/shorewall6.confd new file mode 100644 index 000000000000..210eec1b5730 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall6.initd b/net-firewall/shorewall/files/4.6/shorewall6.initd new file mode 100644 index 000000000000..8ed1079db1ed --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.initd @@ -0,0 +1,109 @@ +#!/sbin/runscript +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall6.systemd b/net-firewall/shorewall/files/4.6/shorewall6.systemd new file mode 100644 index 000000000000..6ae4ea589ee8 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=ip6tables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +StandardOutput=syslog +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6.systemd-r1 b/net-firewall/shorewall/files/4.6/shorewall6.systemd-r1 new file mode 100644 index 000000000000..64fd43585cf6 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.systemd-r1 @@ -0,0 +1,20 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +Wants=network-online.target +After=network-online.target +Conflicts=ip6tables.service firewalld.service ip6tables-restore.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +StandardOutput=syslog +ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewallrc b/net-firewall/shorewall/files/4.6/shorewallrc new file mode 100644 index 000000000000..0eef4147c008 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.6 rc file +# +BUILD=gentoo #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=${PREFIX}/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SERVICEDIR=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/metadata.xml b/net-firewall/shorewall/metadata.xml new file mode 100644 index 000000000000..b05083f3a6ea --- /dev/null +++ b/net-firewall/shorewall/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>netmon</herd> + <herd>proxy-maintainers</herd> + <maintainer> + <email>whissi@whissi.de</email> + <name>Thomas D. (Whissi)</name> + </maintainer> + <use> + <flag name="init">Adds the capability to place the firewall in a safe state prior to bringing up the network interfaces</flag> + <flag name="ipv4">Installs everything needed to create a full IPv4 firewall</flag> + <flag name="ipv6">Adds the capability to create a full IPv6 firewall (requires <pkg>net-firewall/shorewall[ipv4]</pkg>)</flag> + <flag name="lite4">Installs everything needed to just *run* an IPv4 compiled firewall script created with <pkg>net-firewall/shorewall[ipv4]</pkg></flag> + <flag name="lite6">Installs everything needed to just *run* an IPv6 compiled firewall script created with <pkg>net-firewall/shorewall[ipv6]</pkg></flag> + </use> +</pkgmetadata> diff --git a/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild b/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild new file mode 100644 index 000000000000..18a2a85decb7 --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.5.21.10-r1.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc" + +DEPEND=" + >=dev-lang/perl-5.10 + virtual/perl-Digest-SHA + =net-firewall/shorewall-core-${PVR} +" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run ${PN} on the local system." + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run ${PN} on the local system." + + check_extra_config +} + +src_prepare() { + epatch "${FILESDIR}"/${PVR}/shorewall-10-fix-ipset-support-detection.patch + + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + dodoc -r Samples + cd "${WORKDIR}"/${MY_P_DOCS} + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/${PN}/${PN}.conf" + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.5.21.9.ebuild b/net-firewall/shorewall/shorewall-4.5.21.9.ebuild new file mode 100644 index 000000000000..621938142fc6 --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.5.21.9.ebuild @@ -0,0 +1,116 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +MY_URL_PREFIX= +case ${P} in + *_beta* | \ + *_rc*) + MY_URL_PREFIX='development/' + ;; +esac + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} +MY_P_DOCS=shorewall-docs-html-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +SRC_URI=" + http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 ) +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +IUSE="doc" + +DEPEND=" + >=dev-lang/perl-5.10 + virtual/perl-Digest-SHA + =net-firewall/shorewall-core-${PVR} +" +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 +" + +S=${WORKDIR}/${MY_P} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run ${PN} on the local system." + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run ${PN} on the local system." + + check_extra_config +} + +src_prepare() { + cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed" + cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed" + cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed" + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + keepdir /var/lib/${PN} + + DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed" + + dodoc changelog.txt releasenotes.txt + if use doc; then + dodoc -r Samples + cd "${WORKDIR}"/${MY_P_DOCS} + dohtml -r * + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + elog "Before you can use ${PN}, you need to edit its configuration in:" + elog "" + elog " ${EPREFIX}/etc/${PN}/${PN}.conf" + elog "" + elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:" + elog "" + elog " # rc-update add ${PN} default" + fi + + if ! has_version ${CATEGORY}/shorewall-init; then + elog "" + elog "Starting with shorewall-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init," + elog "which we recommend to install, to protect your firewall at system boot." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.6.10.1.ebuild b/net-firewall/shorewall/shorewall-4.6.10.1.ebuild new file mode 100644 index 000000000000..9c4abe3d3a9c --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.6.10.1.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [ -n "${DIGEST}" ]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd-r1 "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd-r1 "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd-r1 "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd-r1 "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd-r1 "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} + epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [ -d "${D}etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + dohtml -r "${S}"/${MY_PN_DOCS} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + fi + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.6.11.ebuild b/net-firewall/shorewall/shorewall-4.6.11.ebuild new file mode 100644 index 000000000000..992829cb5b78 --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.6.11.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [ -n "${DIGEST}" ]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd-r1 "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd-r1 "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd-r1 "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd-r1 "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd-r1 "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} + epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality-r1.patch + cd "${S}" + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [ -d "${D}etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + dohtml -r "${S}"/${MY_PN_DOCS} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + fi + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi +} diff --git a/net-firewall/shorewall/shorewall-4.6.6.2.ebuild b/net-firewall/shorewall/shorewall-4.6.6.2.ebuild new file mode 100644 index 000000000000..06be7f76b1cb --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.6.6.2.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc +init +ipv4 ipv6 lite4 lite6" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +else + KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +pkg_setup() { + if [ -n "${DIGEST}" ]; then + einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..." + unset DIGEST + fi +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} + epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality.patch + cd "${S}" + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [ -d "${D}etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + dohtml -r "${S}"/${MY_PN_DOCS} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + fi + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi +} |