From 7c8990cac509cd7d9fe1796359f7d92e79b6533a Mon Sep 17 00:00:00 2001 From: "W. van den Akker" Date: Sun, 4 Jun 2017 15:44:00 +0200 Subject: [PATCH] Add package shorewall(6)-lite. Bump to version 5.1.4.1 Signed-off-by: W. van den Akker --- net/shorewall-core/Makefile | 61 +++++++++++++++ .../patches/110-lib.common.patch | 22 ++++++ net/shorewall-lite/Makefile | 76 ++++++++++++++++++ net/shorewall-lite/files/hostname | 2 + net/shorewall-lite/files/hotplug_iface | 12 +++ net/shorewall-lite/files/vardir | 3 + .../patches/010-install_cp.patch | 13 ++++ net/shorewall-lite/patches/120-LOGFILE.patch | 11 +++ net/shorewall6-lite/Makefile | 77 +++++++++++++++++++ net/shorewall6-lite/files/hostname | 2 + net/shorewall6-lite/files/hotplug_iface | 12 +++ net/shorewall6-lite/files/vardir | 2 + .../patches/010-install_cp.patch | 13 ++++ net/shorewall6-lite/patches/120-LOGFILE.patch | 11 +++ 14 files changed, 317 insertions(+) create mode 100644 net/shorewall-core/Makefile create mode 100644 net/shorewall-core/patches/110-lib.common.patch create mode 100644 net/shorewall-lite/Makefile create mode 100644 net/shorewall-lite/files/hostname create mode 100644 net/shorewall-lite/files/hotplug_iface create mode 100644 net/shorewall-lite/files/vardir create mode 100644 net/shorewall-lite/patches/010-install_cp.patch create mode 100644 net/shorewall-lite/patches/120-LOGFILE.patch create mode 100644 net/shorewall6-lite/Makefile create mode 100644 net/shorewall6-lite/files/hostname create mode 100644 net/shorewall6-lite/files/hotplug_iface create mode 100644 net/shorewall6-lite/files/vardir create mode 100644 net/shorewall6-lite/patches/010-install_cp.patch create mode 100644 net/shorewall6-lite/patches/120-LOGFILE.patch diff --git a/net/shorewall-core/Makefile b/net/shorewall-core/Makefile new file mode 100644 index 000000000..3a60d7aa0 --- /dev/null +++ b/net/shorewall-core/Makefile @@ -0,0 +1,61 @@ +# +# Copyright (C) 2008-2012 OpenWrt.org +# Copyright (C) 2017 Willem van den Akker +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=shorewall-core +PKG_VERSION:=5.1.4.1 +PKG_DIRECTORY:=5.1 +PKG_RELEASE:=1 +PKG_MAINVERSION:=5.1.4 + +PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/$(PKG_DIRECTORY)/shorewall-$(PKG_MAINVERSION)/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_HASH:=118378698e0fa1216b52ace92fe9eae0f7d32c39becbc50837a895d7367674b2c973b1633c8919045d9d16dd2a5fdbedb9d62ff1513547ee4770a2e9116d8b1e + +PKG_MAINTAINER:=Willem van den Akker +PKG_LICENSE:=GPL-2.0+ +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/shorewall-core + SECTION:=net + CATEGORY:=Network + DEPENDS:=+ip +iptables + TITLE:=Shorewall Core + URL:=http://www.shorewall.net/ + SUBMENU:=Firewall +endef + +define Package/shorewall-core/description + The Shoreline Firewall, is high-level tool for configuring Netfilter. + This package provides the core Shorewall libraries installed in /usr/share/shorewall/, + which are required for the rest of the Shorewall packages to work. +endef + +define Package/shorewall-core/conffiles + /usr/share/shorewall/shorewallrc +endef + +CONFIGURE_ARGS += \ + vendor=openwrt + +define Build/Compile + DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh +endef + +define Package/shorewall-core/install + $(INSTALL_DIR) $(1)/usr/share + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall $(1)/usr/share + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/shorewall/wait4ifup $(1)/usr/share/shorewall + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/shorewall $(1)/usr/sbin +endef + +$(eval $(call BuildPackage,shorewall-core)) diff --git a/net/shorewall-core/patches/110-lib.common.patch b/net/shorewall-core/patches/110-lib.common.patch new file mode 100644 index 000000000..6008d2744 --- /dev/null +++ b/net/shorewall-core/patches/110-lib.common.patch @@ -0,0 +1,22 @@ +Index: shorewall-core-5.0.15.2/lib.common +=================================================================== +--- shorewall-core-5.0.15.2.orig/lib.common 2016-12-20 23:42:20.000000000 +0100 ++++ shorewall-core-5.0.15.2/lib.common 2017-01-02 11:33:03.026495427 +0100 +@@ -352,7 +352,7 @@ + + if [ -z "$MODULESDIR" ]; then + uname=$(uname -r) +- MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset ++ MODULESDIR=/lib/modules/$uname:/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset + if [ -n "$extras" ]; then + for directory in $(split "$extras"); do + MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory" +@@ -408,7 +408,7 @@ + + if [ -z "$MODULESDIR" ]; then + uname=$(uname -r) +- MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset ++ MODULESDIR=/lib/modules/$uname:/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset + if [ -n "$extras" ]; then + for directory in $(split "$extras"); do + MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory" diff --git a/net/shorewall-lite/Makefile b/net/shorewall-lite/Makefile new file mode 100644 index 000000000..7cc25b29a --- /dev/null +++ b/net/shorewall-lite/Makefile @@ -0,0 +1,76 @@ +# +# Copyright (C) 2008-2012 OpenWrt.org +# Copyright (C) 2017 Willem van den Akker +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=shorewall-lite +PKG_VERSION:=5.1.4.1 +PKG_DIRECTORY:=5.1 +PKG_MAINVERSION:=5.1.4 +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/$(PKG_DIRECTORY)/shorewall-$(PKG_MAINVERSION)/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_HASH:=c06e365d06c484e7ef673e5a8597d70996f1008a00163aae2d7a53d0d720739a8b0317a093b3e75487ef1c8a02ac4c4c542480757226a974671f82ab08353896 + +PKG_MAINTAINER:=Willem van den Akker +PKG_LICENSE:=GPL-2.0+ +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/shorewall-lite + SECTION:=net + CATEGORY:=Network + DEPENDS:=+ip +iptables +shorewall-core + TITLE:=Shorewall Lite + URL:=http://www.shorewall.net/ + SUBMENU:=Firewall +endef + +define Package/shorewall-lite/description + The Shoreline Firewall, is high-level tool for configuring Netfilter. + + Shorewall allows for central administration of multiple IPv4 firewalls + through use of Shorewall lite. The full Shorewall product is installed + on a central administrative system where compiled Shorewall scripts are + generated. These scripts are copied to the firewall systems where they + run under the control of Shorewall-lite. + + Note: This is the IPv4 implementation of Shorewall. +endef + +define Package/shorewall-lite/conffiles +/etc/shorewall-lite/shorewall-lite.conf +/etc/shorewall-lite/vardir +endef + +CONFIGURE_ARGS += \ + vendor=openwrt + +define Build/Compile + DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh +endef + +define Package/shorewall-lite/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_DIR) $(1)/etc/shorewall-lite/state + $(INSTALL_DIR) $(1)/usr/share + $(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall-lite + $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall-lite $(1)/usr/share + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/shorewall-lite $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/shorewall-lite/shorecap $(1)/usr/share/shorewall-lite + $(INSTALL_BIN) ./files/hostname $(1)/usr/share/shorewall-lite + $(CP) $(PKG_INSTALL_DIR)/etc/shorewall-lite $(1)/etc + $(CP) $(PKG_INSTALL_DIR)/etc/init.d $(1)/etc + $(CP) ./files/vardir $(1)/etc/shorewall-lite +endef + +$(eval $(call BuildPackage,shorewall-lite)) diff --git a/net/shorewall-lite/files/hostname b/net/shorewall-lite/files/hostname new file mode 100644 index 000000000..42e164371 --- /dev/null +++ b/net/shorewall-lite/files/hostname @@ -0,0 +1,2 @@ +#!/bin/sh +cat /proc/sys/kernel/hostname diff --git a/net/shorewall-lite/files/hotplug_iface b/net/shorewall-lite/files/hotplug_iface new file mode 100644 index 000000000..b8b79830a --- /dev/null +++ b/net/shorewall-lite/files/hotplug_iface @@ -0,0 +1,12 @@ +#!/bin/sh + +# should restart shorewall-lite when an interface comes up + +[ ifup = "$ACTION" ] && { + /etc/init.d/shorewall-lite restart +} + +[ ifdown = "$ACTION" ] && { + # might need to restore some routing + /etc/init.d/shorewall-lite restart +} diff --git a/net/shorewall-lite/files/vardir b/net/shorewall-lite/files/vardir new file mode 100644 index 000000000..8a5071dbf --- /dev/null +++ b/net/shorewall-lite/files/vardir @@ -0,0 +1,3 @@ +# move state dir out of ram +VARDIR=/etc/shorewall-lite/state + diff --git a/net/shorewall-lite/patches/010-install_cp.patch b/net/shorewall-lite/patches/010-install_cp.patch new file mode 100644 index 000000000..0cc8e6cf7 --- /dev/null +++ b/net/shorewall-lite/patches/010-install_cp.patch @@ -0,0 +1,13 @@ +Index: shorewall-lite-5.0.15.2/install.sh +=================================================================== +--- shorewall-lite-5.0.15.2.orig/install.sh 2016-12-20 18:41:05.000000000 +0100 ++++ shorewall-lite-5.0.15.2/install.sh 2017-01-04 12:01:31.018724737 +0100 +@@ -549,7 +549,7 @@ + chmod 755 ${DESTDIR}${SYSCONFDIR} + fi + +- install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640 ++ install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}/${SYSCONFFILE} 0640 + echo "$SYSCONFFILE file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}" + fi + diff --git a/net/shorewall-lite/patches/120-LOGFILE.patch b/net/shorewall-lite/patches/120-LOGFILE.patch new file mode 100644 index 000000000..90f094771 --- /dev/null +++ b/net/shorewall-lite/patches/120-LOGFILE.patch @@ -0,0 +1,11 @@ +--- a/shorewall-lite.conf 2012-08-08 16:29:23.000000000 +0200 ++++ b/shorewall-lite.conf 2012-08-13 11:11:11.687938395 +0200 +@@ -28,7 +28,7 @@ + # L O G G I N G + ############################################################################### + +-LOGFILE= ++LOGFILE=/dev/null + + ############################################################################### + # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S \ No newline at end of file diff --git a/net/shorewall6-lite/Makefile b/net/shorewall6-lite/Makefile new file mode 100644 index 000000000..98a9c377b --- /dev/null +++ b/net/shorewall6-lite/Makefile @@ -0,0 +1,77 @@ +# +# Copyright (C) 2008-2012 OpenWrt.org +# Copyright (C) 2017 Willem van den Akker +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=shorewall6-lite +PKG_VERSION:=5.1.4.1 +PKG_DIRECTORY:=5.1 +PKG_MAINVERSION:=5.1.4 +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/$(PKG_DIRECTORY)/shorewall-$(PKG_MAINVERSION)/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_HASH:=b616c5886b5bc274e88052359ca4c8aa6df60a9706958698eac7fc362f1c893de00ed2272535d61a88cb6a786bae9b7cba64a835833a9f81c991fb2ffed8244b + +PKG_MAINTAINER:=Willem van den Akker +PKG_LICENSE:=GPL-2.0+ +PKG_LICENSE_FILES:=COPYING + + +include $(INCLUDE_DIR)/package.mk + +define Package/shorewall6-lite + SECTION:=net + CATEGORY:=Network + DEPENDS:=+ip +iptables6 +shorewall-core + TITLE:=Shorewall6 Lite + URL:=http://www.shorewall.net/ + SUBMENU:=Firewall +endef + +define Package/shorewall6-lite/description + The Shoreline Firewall, is high-level tool for configuring Netfilter. + + Shorewall6 allows for central administration of multiple IPv6 firewalls + through use of Shorewall6 lite. The full Shorewall6 product is installed + on a central administrative system where compiled Shorewall6 scripts are + generated. These scripts are copied to the firewall systems where they + run under the control of Shorewall6-lite. + + Note: This is the IPv6 implementation of Shorewall. +endef + +define Package/shorewall6-lite/conffiles +/etc/shorewall6-lite/shorewall6-lite.conf +/etc/shorewall6-lite/vardir +endef + +CONFIGURE_ARGS += \ + vendor=openwrt + +define Build/Compile + DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh +endef + +define Package/shorewall6-lite/install + $(INSTALL_DIR) $(1)/sbin + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_DIR) $(1)/etc/shorewall6-lite/state + $(INSTALL_DIR) $(1)/usr/share + $(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall6-lite + $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall6-lite $(1)/usr/share + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/shorewall6-lite $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/shorewall6-lite/shorecap $(1)/usr/share/shorewall6-lite + $(INSTALL_BIN) ./files/hostname $(1)/usr/share/shorewall6-lite + $(CP) $(PKG_INSTALL_DIR)/etc/shorewall6-lite $(1)/etc + $(CP) $(PKG_INSTALL_DIR)/etc/init.d $(1)/etc + $(CP) ./files/vardir $(1)/etc/shorewall6-lite +endef + +$(eval $(call BuildPackage,shorewall6-lite)) diff --git a/net/shorewall6-lite/files/hostname b/net/shorewall6-lite/files/hostname new file mode 100644 index 000000000..42e164371 --- /dev/null +++ b/net/shorewall6-lite/files/hostname @@ -0,0 +1,2 @@ +#!/bin/sh +cat /proc/sys/kernel/hostname diff --git a/net/shorewall6-lite/files/hotplug_iface b/net/shorewall6-lite/files/hotplug_iface new file mode 100644 index 000000000..40b8a0d59 --- /dev/null +++ b/net/shorewall6-lite/files/hotplug_iface @@ -0,0 +1,12 @@ +#!/bin/sh + +# should restart shorewall6-lite when an interface comes up + +[ ifup = "$ACTION" ] && { + /etc/init.d/shorewall6-lite restart +} + +[ ifdown = "$ACTION" ] && { + # might need to restore some routing + /etc/init.d/shorewall6-lite restart +} diff --git a/net/shorewall6-lite/files/vardir b/net/shorewall6-lite/files/vardir new file mode 100644 index 000000000..e7a903032 --- /dev/null +++ b/net/shorewall6-lite/files/vardir @@ -0,0 +1,2 @@ +# move state dir out of ram +VARDIR=/etc/shorewall6-lite/state diff --git a/net/shorewall6-lite/patches/010-install_cp.patch b/net/shorewall6-lite/patches/010-install_cp.patch new file mode 100644 index 000000000..44f63e305 --- /dev/null +++ b/net/shorewall6-lite/patches/010-install_cp.patch @@ -0,0 +1,13 @@ +Index: shorewall6-lite-5.0.15.2/install.sh +=================================================================== +--- shorewall6-lite-5.0.15.2.orig/install.sh 2016-12-20 18:41:05.000000000 +0100 ++++ shorewall6-lite-5.0.15.2/install.sh 2017-01-04 12:01:31.018724737 +0100 +@@ -549,7 +549,7 @@ + chmod 755 ${DESTDIR}${SYSCONFDIR} + fi + +- install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640 ++ install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT}/${SYSCONFFILE} 0640 + echo "$SYSCONFFILE file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}" + fi + diff --git a/net/shorewall6-lite/patches/120-LOGFILE.patch b/net/shorewall6-lite/patches/120-LOGFILE.patch new file mode 100644 index 000000000..554f7cec6 --- /dev/null +++ b/net/shorewall6-lite/patches/120-LOGFILE.patch @@ -0,0 +1,11 @@ +--- a/shorewall6-lite.conf 2012-08-08 16:29:23.000000000 +0200 ++++ b/shorewall6-lite.conf 2012-08-13 11:11:11.687938395 +0200 +@@ -28,7 +28,7 @@ + # L O G G I N G + ############################################################################### + +-LOGFILE= ++LOGFILE=/dev/null + + ############################################################################### + # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S \ No newline at end of file