summaryrefslogtreecommitdiff
path: root/pcr/vuurmuur
diff options
context:
space:
mode:
authoraurelien <aurelien@cwb.io>2012-11-22 10:59:05 +0100
committeraurelien <aurelien@cwb.io>2012-11-22 10:59:05 +0100
commitf97ff910471fb3ae2c8ea69befecaae8cbf6dbea (patch)
tree297ea34dee3ae68d71ca4a5175d1d478ce69be76 /pcr/vuurmuur
parent9cce2f098d5d77a2748952e1221127b9f0614566 (diff)
downloadabslibre-f97ff910471fb3ae2c8ea69befecaae8cbf6dbea.tar.gz
abslibre-f97ff910471fb3ae2c8ea69befecaae8cbf6dbea.tar.bz2
abslibre-f97ff910471fb3ae2c8ea69befecaae8cbf6dbea.zip
+ barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork snort vuurmuur xtables-addons
Diffstat (limited to 'pcr/vuurmuur')
-rw-r--r--pcr/vuurmuur/PKGBUILD139
-rw-r--r--pcr/vuurmuur/modules.conf3
-rw-r--r--pcr/vuurmuur/vuurmuur.install27
-rw-r--r--pcr/vuurmuur/vuurmuur.rc114
-rw-r--r--pcr/vuurmuur/vuurmuur.script88
-rw-r--r--pcr/vuurmuur/vuurmuur.service13
6 files changed, 384 insertions, 0 deletions
diff --git a/pcr/vuurmuur/PKGBUILD b/pcr/vuurmuur/PKGBUILD
new file mode 100644
index 000000000..8aed82655
--- /dev/null
+++ b/pcr/vuurmuur/PKGBUILD
@@ -0,0 +1,139 @@
+# vim:set ts=2 sw=2 et ft=sh tw=100: expandtab
+# Contributor: Piotr Rogoża <rogoza dot piotr at gmail dot com>
+# Contributor: skydrome <skydrome@i2pmail.org>
+# Contributor: Valere Monseur <valere_monseur@hotmail.com>
+# Contributor: Phillip Smith <fukawi2@NO-SPAM.gmail.com>
+# Contributor: (asper, noob
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO>
+
+pkgname=vuurmuur
+_pkgname=Vuurmuur
+pkgver=0.7
+pkgrel=1
+pkgdesc='powerful front-end for iptables aimed at system-administrators who need a decent firewall, but dont have netfilter specific knowledge'
+arch=('i686' 'x86_64')
+url='http://www.vuurmuur.org'
+license=('GPL')
+install='vuurmuur.install'
+depends=('iptables' 'ncurses' 'libjpeg')
+optdepends=('conntrack-tools: for connection tracking'
+ 'iproute2: for traffic shapping'
+ 'iptrafvol: for traffic volume logging')
+conflicts=(vuurmuur-devel)
+backup=('etc/vuurmuur/config.conf'
+ 'etc/vuurmuur/modules.conf'
+ 'etc/vuurmuur/vuurmuur_conf.conf'
+ 'etc/vuurmuur/plugins/textdir.conf'
+ 'etc/logrotate.d/vuurmuur')
+source=(
+ftp://ftp.vuurmuur.org/releases/$pkgver/${_pkgname}-$pkgver.tar.gz
+modules.conf
+vuurmuur.rc
+vuurmuur.service
+vuurmuur.script
+)
+build() {
+ cd ${srcdir}/${_pkgname}-${pkgver}
+
+ for archive in libvuurmuur vuurmuur vuurmuur_conf; do
+ [[ ! -d "$archive" ]] &&
+ tar xzf ${archive}-${pkgver}.tar.gz
+ done
+
+ msg "building vuurmuur libraries..."
+ pushd libvuurmuur-${pkgver}
+ ./configure --prefix=/usr --sysconfdir=/etc
+ make
+ popd
+
+ msg "building vuurmuur..."
+ pushd vuurmuur-${pkgver}
+ sed -i 's|-rpath|-rpath-link|' configure
+ LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src \
+ -L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src/.libs \
+ -Wl,-rpath=/usr/lib/${pkgname}/plugins" \
+ ./configure --prefix=/usr --sysconfdir=/etc \
+ --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" \
+ --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src"
+ make
+ popd
+
+ msg "building vuurmuur_conf..."
+ pushd vuurmuur_conf-${pkgver}
+ sed -i 's|-rpath|-rpath-link|' configure
+ LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src \
+ -L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src/.libs \
+ -Wl,-rpath=/usr/lib/${pkgname}/plugins" \
+ ./configure --prefix=/usr --sysconfdir=/etc \
+ --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" \
+ --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src"
+ make
+ popd
+}
+
+package() {
+ cd ${srcdir}/${_pkgname}-${pkgver}
+
+ pushd libvuurmuur-${pkgver}
+ make DESTDIR=${pkgdir} install
+ popd
+
+ pushd vuurmuur-${pkgver}
+ make DESTDIR=${pkgdir} install
+ popd
+
+ pushd vuurmuur_conf-${pkgver}
+ make DESTDIR=${pkgdir} install
+ popd
+
+ # make directory structure
+ install -dm700 ${pkgdir}/etc/${pkgname}
+ install -dm700 ${pkgdir}/etc/${pkgname}/plugins
+ install -dm700 ${pkgdir}/etc/logrotate.d/
+ install -dm755 ${pkgdir}/usr/share/${pkgname}/textdir/{interfaces,services,zones,rules}
+ install -dm700 ${pkgdir}/var/log/${pkgname}
+
+ # install daemon and log
+ install -Dm755 ${srcdir}/vuurmuur.rc ${pkgdir}/etc/rc.d/${pkgname}
+ install -Dm644 ${pkgdir}/usr/share/${pkgname}/scripts/vuurmuur-logrotate ${pkgdir}/etc/logrotate.d/${pkgname}
+
+ # install systemd's files
+ install -Dm755 $srcdir/vuurmuur.script $pkgdir/usr/lib/systemd/scripts/vuurmuur
+ install -Dm644 $srcdir/vuurmuur.service $pkgdir/usr/lib/systemd/system/vuurmuur.service
+
+ # install configuration
+ install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/config.conf.sample \
+ ${pkgdir}/etc/${pkgname}/config.conf
+ install -Dm600 ${srcdir}/modules.conf ${pkgdir}/etc/${pkgname}/modules.conf
+ install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/vuurmuur_conf.conf.sample \
+ ${pkgdir}/etc/${pkgname}/${pkgname}_conf.conf
+
+ sed -i ${pkgdir}/etc/${pkgname}/config.conf \
+ -e 's|"/sbin/tc|"/usr/sbin/tc|' \
+ -e 's|"/sbin/ip6tables|"/usr/sbin/ip6tables|' \
+ -e 's|"/sbin/iptables|"/usr/sbin/iptables|' \
+ -e 's|"/sbin/ip6tables-restore|"/usr/sbin/ip6tables-restore|' \
+ -e 's|"/sbin/iptables-restore|"/usr/sbin/iptables-restore|' \
+ -e 's|"/var/log/messages|"/var/log/iptables.log|'
+
+ sed -i ${pkgdir}/etc/${pkgname}/${pkgname}_conf.conf \
+ -e 's|"/usr/bin/iptrafvol.pl|"/usr/sbin/iptrafvol.pl|'
+
+
+ echo "LOCATION=\"/etc/${pkgname}/textdir\"" > ${pkgdir}/etc/${pkgname}/plugins/textdir.conf
+
+ # default firewall setup in /usr/share
+ touch ${pkgdir}/usr/share/${pkgname}/textdir/rules/rules.conf
+ touch ${pkgdir}/usr/share/${pkgname}/textdir/rules/blocklist.conf
+
+ cp -R ${srcdir}/${_pkgname}-${pkgver}/zones/* ${pkgdir}/usr/share/${pkgname}/textdir/zones/
+ mv ${pkgdir}/usr/share/${pkgname}/services/* ${pkgdir}/usr/share/${pkgname}/textdir/services/
+
+ # install licenses
+ install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/COPYING \
+ ${pkgdir}/usr/share/licenses/lib${pkgname}/COPYING
+ install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${pkgname}-${pkgver}/COPYING \
+ ${pkgdir}/usr/share/licenses/${pkgname}/COPYING
+ install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${pkgname}_conf-${pkgver}/COPYING \
+ ${pkgdir}/usr/share/licenses/${pkgname}_conf/COPYING
+}
diff --git a/pcr/vuurmuur/modules.conf b/pcr/vuurmuur/modules.conf
new file mode 100644
index 000000000..eda78a036
--- /dev/null
+++ b/pcr/vuurmuur/modules.conf
@@ -0,0 +1,3 @@
+# modules loaded by vuurmuur daemon
+# ip_queue => not found
+MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp"
diff --git a/pcr/vuurmuur/vuurmuur.install b/pcr/vuurmuur/vuurmuur.install
new file mode 100644
index 000000000..0f596b8c9
--- /dev/null
+++ b/pcr/vuurmuur/vuurmuur.install
@@ -0,0 +1,27 @@
+post_install() {
+ if [[ ! -d /etc/vuurmuur/textdir ]]; then
+ # copy default firewall setup
+ cp -R /usr/share/vuurmuur/textdir /etc/vuurmuur/
+
+ # set permissions and ownership
+ chown -R root:root /etc/vuurmuur
+ chmod -R o=rwX,go= /etc/vuurmuur
+ chown -R root:root /var/log/vuurmuur
+ chmod -R o=rwX,go= /var/log/vuurmuur
+
+ echo
+ echo "Default firewall setup has been installed in /etc/vuurmuur/textdir"
+ echo
+ echo "You can now setup your network topology and firewall rules using vuurmuur_conf"
+ echo "Don't forget to add 'vuurmuur' in /etc/rc.conf"
+ echo
+ echo "Usefull documentation can be found at http://www.vuurmuur.org"
+ echo
+ fi
+}
+
+post_remove () {
+ echo
+ echo "Your firewall setup has been left unchanged in /etc/vuurmuur/textdir"
+ echo
+}
diff --git a/pcr/vuurmuur/vuurmuur.rc b/pcr/vuurmuur/vuurmuur.rc
new file mode 100644
index 000000000..3b4d3e99e
--- /dev/null
+++ b/pcr/vuurmuur/vuurmuur.rc
@@ -0,0 +1,114 @@
+#!/bin/bash
+# vi: ft=sh
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+# PID file
+VUURMUURPID='/run/vuurmuur.pid'
+VUURMUURLOGPID='/run/vuurmuur_log.pid'
+case $1 in
+start)
+ # initialize
+ stat_busy "Starting Vuurmuur Firewall"
+ STATUS="ok"
+
+ # check if vuurmuur is configured
+ IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l`
+ if [ $IFNUM = 0 ]; then
+ stat_busy "Please configure Vuurmuur first by defining at least one interface."
+ stat_fail
+ exit 1
+ fi
+
+ # load modules
+ . /etc/vuurmuur/modules.conf
+ for MODULE in `echo $MODULES_TO_LOAD`; do
+ /sbin/modprobe $MODULE &>/dev/null
+ if [ $? != 0 ]; then
+ stat_busy "Error when loading module $MODULE. Check log files."
+ stat_fail
+ exit 1
+ fi
+ done
+
+ # start vuurmuur daemon
+ if [ ! -f $VUURMUURPID ]; then
+ /usr/bin/vuurmuur -l
+ if [ $? != 0 ]; then
+ stat_busy "Error when starting Vuurmuur daemon. Check log files."
+ STATUS="failed"
+ fi
+ else
+ PID=`cat $VUURMUURPID | cut -d " " -f 1`
+ stat_busy "Error when starting Vuurmuur daemon. Already running at pid $PID."
+ STATUS="failed"
+ fi
+
+ # start vuurmuur log parsing daemon
+ if [ ! -f $VUURMUURLOGPID ]; then
+ /usr/bin/vuurmuur_log
+ if [ $? != 0 ]; then
+ stat_busy "Error when starting Vuurmuur log parsing daemon. Check log files."
+ STATUS="failed"
+ fi
+ else
+ PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
+ stat_busy "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID."
+ STATUS="failed"
+ fi
+
+ # finalize
+ if [ $STATUS = "ok" ]; then
+ add_daemon vuurmuur
+ stat_done
+ else
+ stat_fail
+ exit 1
+ fi
+ ;;
+
+stop)
+ # initialize
+ stat_busy "Stopping Vuurmuur Firewall"
+ STATUS="ok"
+
+ # stop vuurmuur log parsing daemon
+ PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
+ if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
+ rm -f $VUURMUURLOGPID
+ else
+ stat_busy "Error when stopping Vuurmuur log parsing daemon. Check log files."
+ STATUS="failed"
+ fi
+
+ # stop vuurmuur daemon
+ PID=`cat $VUURMUURPID | cut -d " " -f 1`
+ if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
+ rm -f $VUURMUURPID
+ else
+ stat_busy "Error when stopping Vuurmuur daemon. Check log files."
+ STATUS="failed"
+ fi
+
+ # finalize
+ if [ $STATUS = "ok" ]; then
+ rm_daemon vuurmuur
+ stat_done
+ else
+ stat_fail
+ exit 1
+ fi
+ ;;
+
+restart)
+ $0 stop
+ $0 start
+ ;;
+
+*)
+ echo "Usage: $0 {start|stop|restart}" >&2
+ exit 1
+
+esac
+exit 0
diff --git a/pcr/vuurmuur/vuurmuur.script b/pcr/vuurmuur/vuurmuur.script
new file mode 100644
index 000000000..a643d6fbd
--- /dev/null
+++ b/pcr/vuurmuur/vuurmuur.script
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+VUURMUURPID='/run/vuurmuur.pid'
+VUURMUURLOGPID='/run/vuurmuur_log.pid'
+start() {
+ IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l`
+ if [ $IFNUM = 0 ]; then
+ echo "Please configure Vuurmuur first by defining at least one interface."
+ exit 1
+ fi
+
+ # load modules
+ . /etc/vuurmuur/modules.conf
+ for MODULE in `echo $MODULES_TO_LOAD`; do
+ /sbin/modprobe $MODULE &>/dev/null
+ if [ $? != 0 ]; then
+ echo "Error when loading module $MODULE. Check log files."
+ exit 1
+ fi
+ done
+
+ # start vuurmuur daemon
+ if [ ! -f $VUURMUURPID ]; then
+ /usr/bin/vuurmuur -l
+ if [ $? != 0 ]; then
+ echo "Error when starting Vuurmuur daemon. Check log files."
+ STATUS="failed"
+ fi
+ else
+ PID=`cat $VUURMUURPID | cut -d " " -f 1`
+ echo "Error when starting Vuurmuur daemon. Already running at pid $PID."
+ STATUS="failed"
+ fi
+
+ # start vuurmuur log parsing daemon
+ if [ ! -f $VUURMUURLOGPID ]; then
+ /usr/bin/vuurmuur_log
+ if [ $? != 0 ]; then
+ echo "Error when starting Vuurmuur log parsing daemon. Check log files."
+ STATUS="failed"
+ fi
+ else
+ PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
+ echo "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID."
+ STATUS="failed"
+ fi
+
+ # finalize
+ if [ $STATUS = "failed" ]; then
+ exit 1
+ fi
+}
+stop() {
+ # initialize
+ echo "Stopping Vuurmuur Firewall"
+ STATUS="ok"
+
+ # stop vuurmuur log parsing daemon
+ PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
+ if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
+ rm -f $VUURMUURLOGPID
+ else
+ echo "Error when stopping Vuurmuur log parsing daemon. Check log files."
+ STATUS="failed"
+ fi
+
+ # stop vuurmuur daemon
+ PID=`cat $VUURMUURPID | cut -d " " -f 1`
+ if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
+ rm -f $VUURMUURPID
+ else
+ echo "Error when stopping Vuurmuur daemon. Check log files."
+ STATUS="failed"
+ fi
+
+ # finalize
+ if [ $STATUS = "false" ]; then
+ exit 1
+ fi
+}
+restart() {
+ $0 stop
+ $0 start
+}
+
+case $1 in
+ start|stop|restart) "$1" ;;
+esac
diff --git a/pcr/vuurmuur/vuurmuur.service b/pcr/vuurmuur/vuurmuur.service
new file mode 100644
index 000000000..3defcaa82
--- /dev/null
+++ b/pcr/vuurmuur/vuurmuur.service
@@ -0,0 +1,13 @@
+# vi: ft=systemd
+[Unit]
+Description=Powerful front-end for iptables
+After=syslog.target network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/lib/systemd/scripts/vuurmuur start
+ExecStop=/usr/lib/systemd/scripts/vuurmuur stop
+ExecReload=/usr/lib/systemd/scripts/vuurmuur restart
+
+[Install]
+WantedBy=multi-user.target