diff --git a/net/shorewall/Makefile b/net/shorewall/Makefile new file mode 100644 index 000000000..fbe384f24 --- /dev/null +++ b/net/shorewall/Makefile @@ -0,0 +1,75 @@ +# +# Copyright (C) 2008-2012 OpenWrt.org +# Copyright (C) 2017 Willem van den Akker +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=shorewall +PKG_VERSION:=5.1.8.1 +PKG_DIRECTORY:=5.1 +PKG_MAINVERSION:=5.1.8 +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/$(PKG_DIRECTORY)/shorewall-$(PKG_MAINVERSION)/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_HASH:=0ba4f22394d988a5714637444c248e542d5897e41ab5770907edf38e422fe2ff +PKG_MAINTAINER:=Willem van den Akker +PKG_LICENSE:=GPL-2.0+ +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/shorewall + SECTION:=devel + CATEGORY:=Network + DEPENDS:=+ip +iptables +kmod-ipt-hashlimit +kmod-ipt-raw +iptables-mod-hashlimit +shorewall-core \ + +perl +perlbase-autoloader +perlbase-autouse +perlbase-dynaloader +perlbase-digest \ + +perlbase-findbin +perlbase-getopt +perlbase-hash + TITLE:=Shorewall Central Administration System + URL:=http://www.shorewall.net/ + SUBMENU:=Firewall +endef + +define Package/shorewall/description + The Shoreline Firewall, is high-level tool for configuring Netfilter. + + Shorewall allows for central administration of multiple IPv4 firewalls. + This is the full Shorewall product which will compile Shorewall scripts. + It is not recommended to run it on a low memory system. + + Note: This is the IPv4 implementation of Shorewall. + This full Shorewal packages also installs Perl which can make the image big (about +2M). +endef + +CONFIGURE_ARGS += \ + vendor=openwrt + +define Build/Compile + DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh +endef + +define Package/shorewall/conffiles +/etc/shorewall/ +endef + +define Package/shorewall/install + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface/ + $(INSTALL_DIR) $(1)/etc/shorewall/ + $(INSTALL_DIR) $(1)/usr/lib/shorewall/ + $(INSTALL_DIR) $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/share/shorewall/ + $(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall + $(INSTALL_BIN) ./files/hostname $(1)/etc/shorewall/ + $(INSTALL_BIN) ./files/shorewall.init $(1)/etc/init.d/shorewall + $(INSTALL_BIN) ./files/vardir $(1)/etc/shorewall/ + $(CP) $(PKG_INSTALL_DIR)/etc/shorewall/. $(1)/etc/shorewall/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/shorewall/. $(1)/usr/lib/shorewall/ + $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall/. $(1)/usr/share/shorewall/ +endef + +$(eval $(call BuildPackage,shorewall)) diff --git a/net/shorewall/files/hostname b/net/shorewall/files/hostname new file mode 100644 index 000000000..29c736ec6 --- /dev/null +++ b/net/shorewall/files/hostname @@ -0,0 +1,3 @@ +#!/bin/sh +uci get system.@system[0].hostname + diff --git a/net/shorewall/files/hotplug_iface b/net/shorewall/files/hotplug_iface new file mode 100644 index 000000000..f787424c1 --- /dev/null +++ b/net/shorewall/files/hotplug_iface @@ -0,0 +1,13 @@ +#!/bin/sh + +# should restart shorewall when an interface comes up + +case "$ACTION" in + ifup) + /etc/init.d/shorewall restart + ;; + ifdown) + # might need to restore some routing + /etc/init.d/shorewall restart + ;; +esac diff --git a/net/shorewall/files/shorewall.init b/net/shorewall/files/shorewall.init new file mode 100644 index 000000000..ef2f00aae --- /dev/null +++ b/net/shorewall/files/shorewall.init @@ -0,0 +1,32 @@ +#!/bin/sh /etc/rc.common + +USE_PROCD=1 +START=50 + +load_params () { + . /usr/share/shorewall/shorewallrc +} + +start_service() { + load_params + + ${SBINDIR}/shorewall $OPTIONS start $STARTOPTIONS +} + +stop_service() { + load_params + + ${SBINDIR}/shorewall $OPTIONS stop $STOPOPTIONS +} + +restart_service() { + load_params + + ${SBINDIR}/shorewall $OPTIONS restart $RESTARTOPTIONS +} + +reload_service() { + load_params + + ${SBINDIR}/shorewall $OPTIONS reload $RESTARTOPTIONS +} diff --git a/net/shorewall/files/vardir b/net/shorewall/files/vardir new file mode 100644 index 000000000..f9a55a81e --- /dev/null +++ b/net/shorewall/files/vardir @@ -0,0 +1,2 @@ +VARDIR=/tmp/state + diff --git a/net/shorewall/patches/010-update_install_sh.patch b/net/shorewall/patches/010-update_install_sh.patch new file mode 100644 index 000000000..bd9e97103 --- /dev/null +++ b/net/shorewall/patches/010-update_install_sh.patch @@ -0,0 +1,23 @@ +Index: shorewall-5.1.4.1/install.sh +=================================================================== +--- shorewall-5.1.4.1.orig/install.sh 2017-05-26 17:39:12.000000000 +0200 ++++ shorewall-5.1.4.1/install.sh 2017-06-06 19:26:46.152686822 +0200 +@@ -213,6 +213,8 @@ + BUILD=suse + elif [ -f /etc/arch-release ] ; then + BUILD=archlinux ++ elif [ -f ${CONFDIR}/openwrt_release ] ; then ++ BUILD=openwrt + else + BUILD=linux + fi +@@ -264,6 +266,9 @@ + archlinux) + echo "Installing ArchLinux-specific configuration..." + ;; ++ openwrt) ++ echo "Installing OpenWRT-specific configuration..." ++ ;; + linux) + ;; + *) diff --git a/net/shorewall/patches/120-logfile.patch b/net/shorewall/patches/120-logfile.patch new file mode 100644 index 000000000..e36019dc8 --- /dev/null +++ b/net/shorewall/patches/120-logfile.patch @@ -0,0 +1,22 @@ +Index: shorewall-5.1.4.1/configfiles/shorewall.conf +=================================================================== +--- shorewall-5.1.4.1.orig/configfiles/shorewall.conf 2017-10-05 11:18:41.586275516 +0200 ++++ shorewall-5.1.4.1/configfiles/shorewall.conf 2017-10-05 11:26:11.825609382 +0200 +@@ -33,7 +33,7 @@ + # L O G G I N G + ############################################################################### + +-LOG_LEVEL="info" ++LOG_LEVEL="warn" + + BLACKLIST_LOG_LEVEL= + +@@ -101,7 +101,7 @@ + + SHOREWALL_SHELL=/bin/sh + +-SUBSYSLOCK=/var/lock/subsys/shorewall ++SUBSYSLOCK=/var/lock/shorewall + + TC= +