From 58e662a21a1c630310cd84a83c9330d993e03f7c Mon Sep 17 00:00:00 2001 From: Aurélien DESBRIÈRES Date: Tue, 10 Jun 2014 14:21:00 +0200 Subject: arno-iptables-firewall --- pcr/arno-iptables-firewall/PKGBUILD | 69 ++++++++++++++++++++++ .../arno-iptables-firewall.patch | 25 ++++++++ .../arno-iptables-firewall.service | 14 +++++ 3 files changed, 108 insertions(+) create mode 100644 pcr/arno-iptables-firewall/PKGBUILD create mode 100644 pcr/arno-iptables-firewall/arno-iptables-firewall.patch create mode 100644 pcr/arno-iptables-firewall/arno-iptables-firewall.service diff --git a/pcr/arno-iptables-firewall/PKGBUILD b/pcr/arno-iptables-firewall/PKGBUILD new file mode 100644 index 000000000..f0def1909 --- /dev/null +++ b/pcr/arno-iptables-firewall/PKGBUILD @@ -0,0 +1,69 @@ +# Contributor (Arch) : Jaroslav Lichtblau +# Contributor (Arch) : Arto Puranen +# Maintainer (Parabola) : Aurélien DESBRIÈRES + +pkgname=arno-iptables-firewall +pkgver=2.0.1d +pkgrel=2 +pkgdesc="A secure stateful firewall for both single and multi-homed machine" +arch=('any') +url=(http://rocky.eld.leidenuniv.nl/joomla/) +license=('GPL') +depends=('iptables' 'iproute2') +makedepends=('patch') +backup=(etc/${pkgname}/firewall.conf + etc/${pkgname}/custom-rules + etc/${pkgname}/plugins/dmz-dnat.conf + etc/${pkgname}/plugins/dsl-ppp-modem.conf + etc/${pkgname}/plugins/dyndns-host-open.conf + etc/${pkgname}/plugins/ids-protection.conf + etc/${pkgname}/plugins/ipsec-vpn.conf + etc/${pkgname}/plugins/ipv6-over-ipv4.conf + etc/${pkgname}/plugins/linux-upnp-igd.conf + etc/${pkgname}/plugins/mac-address-filter.conf + etc/${pkgname}/plugins/multiroute.conf + etc/${pkgname}/plugins/sip-voip.conf + etc/${pkgname}/plugins/ssh-brute-force-protection.conf + etc/${pkgname}/plugins/traffic-accounting.conf + etc/${pkgname}/plugins/traffic-shaper.conf + etc/${pkgname}/plugins/transparent-dnat.conf + etc/${pkgname}/plugins/transparent-proxy.conf) +source=(http://rocky.eld.leidenuniv.nl/${pkgname}/${pkgname}_${pkgver}.tar.gz + ${pkgname}.patch \ + ${pkgname}.service) + +package() { + cd ${srcdir}/${pkgname}_${pkgver} + +# patch + patch -Np0 -i ${srcdir}/${pkgname}.patch + +# conf files + install -d -m 0755 etc/${pkgname}/plugins/ ${pkgdir}/etc/${pkgname}/plugins/ + for i in `find etc/${pkgname} -type f`; do install -T -m 0600 $i ${pkgdir}/$i ;done + install -D -m 0644 share/${pkgname}/environment ${pkgdir}/usr/share/${pkgname}/environment + +# plugins + install -d -m 0755 share/${pkgname}/plugins/ ${pkgdir}/usr/share/${pkgname}/plugins/ + for i in share/${pkgname}/plugins/*plugin; do install -T -m 0644 $i ${pkgdir}/usr/$i ;done + install -D -m 0744 share/${pkgname}/plugins/dyndns-host-open-helper \ + ${pkgdir}/usr/share/${pkgname}/plugins/dyndns-host-open-helper + install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-helper \ + ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-helper + install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-log-rotate \ + ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-log-rotate + install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-show \ + ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-show + +# binary + install -D -m 0744 bin/${pkgname} ${pkgdir}/usr/bin/${pkgname} + install -D -m 0744 bin/arno-fwfilter ${pkgdir}/usr/bin/arno-fwfilter + install -D -m 0744 contrib/adsl-failover ${pkgdir}/usr/bin/adsl-failover + +# man files + install -D -m 0644 share/man/man1/arno-fwfilter.1 ${pkgdir}/usr/share/man/man1/arno-fwfilter.1 + install -D -m 0644 share/man/man8/${pkgname}.8 ${pkgdir}/usr/share/man/man8/${pkgname}.8 + +# systemd script + install -D -m 0644 ${srcdir}/${pkgname}.service ${pkgdir}/usr/lib/systemd/system/${pkgname}.service +} diff --git a/pcr/arno-iptables-firewall/arno-iptables-firewall.patch b/pcr/arno-iptables-firewall/arno-iptables-firewall.patch new file mode 100644 index 000000000..298d0c0b8 --- /dev/null +++ b/pcr/arno-iptables-firewall/arno-iptables-firewall.patch @@ -0,0 +1,25 @@ +--- etc/arno-iptables-firewall/firewall.conf 2010-12-30 13:17:02.000000000 +0100 ++++ etc/arno-iptables-firewall/firewall.conf 2011-01-22 21:10:39.000000000 +0100 +@@ -233,18 +233,18 @@ + # 'whereis iptables' to manually locate it), required for (default) IPv4 support + # ----------------------------------------------------------------------------- +-IP4TABLES="/sbin/iptables" ++IP4TABLES="/usr/bin/iptables" + + # (EXPERT SETTING!) Location of the ip6tables-binary (use 'locate ip6tables' or + # 'whereis ip6tables' to manually locate it), required for IPv6 support + # ----------------------------------------------------------------------------- +-IP6TABLES="/sbin/ip6tables" ++IP6TABLES="/usr/bin/ip6tables" + + # (EXPERT SETTING!) Location of the environment file + # ----------------------------------------------------------------------------- +-ENV_FILE="/usr/local/share/arno-iptables-firewall/environment" ++ENV_FILE="/usr/share/arno-iptables-firewall/environment" + + # (EXPERT SETTING!) Location of plugin binary & config files + # ----------------------------------------------------------------------------- +-PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins" ++PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins" + PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins" + diff --git a/pcr/arno-iptables-firewall/arno-iptables-firewall.service b/pcr/arno-iptables-firewall/arno-iptables-firewall.service new file mode 100644 index 000000000..2d81c9869 --- /dev/null +++ b/pcr/arno-iptables-firewall/arno-iptables-firewall.service @@ -0,0 +1,14 @@ +[Unit] +Description=A secure stateful firewall for both single and multi-homed machine +Before=network.target +Wants=network.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/arno-iptables-firewall start +ExecStop=/usr/bin/arno-iptables-firewall stop +ExecReload=/usr/bin/arno-iptables-firewall force-reload +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3