diff options
author | Philip Lacroix <philnx@posteo.de> | 2014-03-21 01:32:46 +0700 |
---|---|---|
committer | Erik Hanson <erik@slackbuilds.org> | 2014-03-21 13:01:22 -0500 |
commit | 3db725242024794c5e48b655dfdf2ed701bb37d1 (patch) | |
tree | e3ebe3893f5d57669988341985af304af0443bb9 /network/arno-iptables-firewall | |
parent | 891fb57d09725bfc1bf8a85a4c4c6c43edb56302 (diff) | |
download | slackbuilds-3db725242024794c5e48b655dfdf2ed701bb37d1.tar.gz |
network/arno-iptables-firewall: Updated for version 2.0.1e.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/arno-iptables-firewall')
-rw-r--r-- | network/arno-iptables-firewall/CHANGELOG | 9 | ||||
-rw-r--r-- | network/arno-iptables-firewall/README | 4 | ||||
-rw-r--r-- | network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild | 35 | ||||
-rw-r--r-- | network/arno-iptables-firewall/arno-iptables-firewall.info | 10 | ||||
-rw-r--r-- | network/arno-iptables-firewall/files/conf.d.readme | 5 | ||||
-rw-r--r-- | network/arno-iptables-firewall/files/patch-configuration-file.diff (renamed from network/arno-iptables-firewall/patch-configuration-file.diff) | 8 | ||||
-rw-r--r-- | network/arno-iptables-firewall/files/patch-configuration-script.diff (renamed from network/arno-iptables-firewall/patch-configuration-script.diff) | 49 | ||||
-rw-r--r-- | network/arno-iptables-firewall/files/patch-startup-script.diff (renamed from network/arno-iptables-firewall/patch-startup-script.diff) | 2 | ||||
-rw-r--r-- | network/arno-iptables-firewall/slack-desc | 2 |
9 files changed, 82 insertions, 42 deletions
diff --git a/network/arno-iptables-firewall/CHANGELOG b/network/arno-iptables-firewall/CHANGELOG new file mode 100644 index 0000000000..6c59e6c89f --- /dev/null +++ b/network/arno-iptables-firewall/CHANGELOG @@ -0,0 +1,9 @@ +Changes to this SlackBuild since version 2.0.1d +----------------------------------------------- + +* Modified patch for configuration script: better behavior of the + script if empty values are entered. +* Updated links to homepage and to source tarball. +* Moved patches and conf.d.readme file to new "files/" directory. +* SlackBuild cleanup. + diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README index 8cee93f457..1ab26e62de 100644 --- a/network/arno-iptables-firewall/README +++ b/network/arno-iptables-firewall/README @@ -1,12 +1,12 @@ arno-iptables-firewall is a front-end for iptables. Its configuration -script will setup a secure and restrictive firewall by just asking a +script will set up a secure and restrictive firewall by just asking a few questions. This includes configuring internal networks for Internet access via NAT and network services like http or ssh. Moreover, it provides many advanced additional features that can be enabled in the well documented configuration file. PLEASE NOTE - The setup script is NOT going to be run automatically -after your package is installed. In order to do that, you'll have to +after your package is installed. In order to do that you'll have to issue the following command: # arno-iptables-firewall-configure diff --git a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild index 6be33adc91..a3fbecded7 100644 --- a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild +++ b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for arno-iptables-firewall -# Copyright 2013-2014 Philip Lacroix <philnx at bluebottle dot com> +# Copyright 2013-2014 Philip Lacroix <philnx at posteo at de> # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ # Thanks to Matteo Bernardini and Robby Workman for their valuable remarks. PRGNAM=arno-iptables-firewall -VERSION=${VERSION:-2.0.1d} +VERSION=${VERSION:-2.0.1e} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -39,10 +39,10 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM\_$VERSION -tar xvf $CWD/$PRGNAM\_$VERSION.tar.gz +rm -rf aif-$VERSION +tar xvf $CWD/$VERSION.tar.gz -cd $PRGNAM\_$VERSION +cd aif-$VERSION chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ @@ -64,19 +64,22 @@ cp -a ./bin/arno-fwfilter $PRGBIN/ # Patch the configuration script. We need this in order to be able to # run the script from outside the source directory as well. We're going -# to (1) change from relative to absolute the path to the environment +# to (1) change from relative to absolute the paths to the environment # file and firewall executable; (2) rename and change the path to the # startup script (this is for better consistency with Slackware's init # system); (3) change the path to the unmodified copy of the config # file, needed to check for existing custom setups. We will NOT create # a Slackware-compliant /etc/rc.d/rc.firewall symlink to the startup # script, as this should be done manually by the sysadmin. We won't -# create any SystemV-style symlinks either. Finally (4) we append the -# note, picked from the original installation script and slightly -# enhanced, that will be shown to the user when configuration is done -# (this is to inform that an rc.firewall symlink has to be created in -# order to start up the firewall at boot-time in a proper way). -patch $PRGBIN/$PRGNAM-configure < $CWD/patch-configuration-script.diff +# create any SystemV-style symlinks either. (4) We will allow the script +# to be run correctly more than once, by removing previously set values +# if no value is entered: this is to prevent e.g. ports from remaining +# open, or internal interfaces from remaining enabled with NAT. Finally +# (5) we append the note, picked from the original installation script +# and slightly enhanced, that the user will see when configuration is +# done: this is to inform that an rc.firewall symlink has to be created +# in order to start up the firewall at boot-time in a proper way. +patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff # Copy and compress man pages mkdir -p $PRGMAN @@ -87,8 +90,8 @@ find $PRGMAN -type f -exec gzip -9 {} \; # in order to fix paths; set permissions. mkdir -p $PRGETC/conf.d cp -a ./etc/$PRGNAM/* $PRGETC/ -cat $CWD/conf.d.readme > $PRGETC/conf.d/README -patch $PRGETC/firewall.conf < $CWD/patch-configuration-file.diff +cat $CWD/files/conf.d.readme > $PRGETC/conf.d/README +patch $PRGETC/firewall.conf < $CWD/files/patch-configuration-file.diff for conf in $( find $PRGETC -type f -not -name README ); do mv ${conf} ${conf}.new chmod 600 ${conf}.new @@ -107,10 +110,10 @@ ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/ # Slackware system. mkdir -p $PKG/etc/rc.d/ install -m 0644 ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM -patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/patch-startup-script.diff +patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff # Copy documentation, include third-party sample files. -mkdir -p $PRGDOC/contrib $PKG/usr/doc +mkdir -p $PRGDOC/contrib for doc in README CHANGELOG gpl_license.txt ; do cp -a ./${doc} $PRGDOC/ done diff --git a/network/arno-iptables-firewall/arno-iptables-firewall.info b/network/arno-iptables-firewall/arno-iptables-firewall.info index ad1a473ee1..22a9e6c652 100644 --- a/network/arno-iptables-firewall/arno-iptables-firewall.info +++ b/network/arno-iptables-firewall/arno-iptables-firewall.info @@ -1,10 +1,10 @@ PRGNAM="arno-iptables-firewall" -VERSION="2.0.1d" -HOMEPAGE="http://rocky.eld.leidenuniv.nl" -DOWNLOAD="http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1d.tar.gz" -MD5SUM="c0504a92f7f34f6973ce1d9996b4908d" +VERSION="2.0.1e" +HOMEPAGE="https://github.com/arno-iptables-firewall/aif" +DOWNLOAD="https://github.com/arno-iptables-firewall/aif/archive/2.0.1e.tar.gz" +MD5SUM="4981a336f55e2db90f594beedcaef47d" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" MAINTAINER="Philip Lacroix" -EMAIL="philnx at bluebottle dot com" +EMAIL="philnx at posteo dot de" diff --git a/network/arno-iptables-firewall/files/conf.d.readme b/network/arno-iptables-firewall/files/conf.d.readme new file mode 100644 index 0000000000..e64d1b133e --- /dev/null +++ b/network/arno-iptables-firewall/files/conf.d.readme @@ -0,0 +1,5 @@ +# /etc/arno-iptables-firewall/conf.d/ + +Files with a .conf extension in this directory will be sourced by the +environment file. + diff --git a/network/arno-iptables-firewall/patch-configuration-file.diff b/network/arno-iptables-firewall/files/patch-configuration-file.diff index f49ee6099f..c530647a22 100644 --- a/network/arno-iptables-firewall/patch-configuration-file.diff +++ b/network/arno-iptables-firewall/files/patch-configuration-file.diff @@ -1,16 +1,16 @@ -235c235 +233c233 < IP4TABLES="/sbin/iptables" --- > IP4TABLES="/usr/sbin/iptables" -240c240 +238c238 < IP6TABLES="/sbin/ip6tables" --- > IP6TABLES="/usr/sbin/ip6tables" -244c244 +242c242 < ENV_FILE="/usr/local/share/arno-iptables-firewall/environment" --- > ENV_FILE="/usr/share/arno-iptables-firewall/environment" -248c248 +246c246 < PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins" --- > PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins" diff --git a/network/arno-iptables-firewall/patch-configuration-script.diff b/network/arno-iptables-firewall/files/patch-configuration-script.diff index 6cdc80c7ad..de7aec5dbd 100644 --- a/network/arno-iptables-firewall/patch-configuration-script.diff +++ b/network/arno-iptables-firewall/files/patch-configuration-script.diff @@ -1,18 +1,40 @@ -34,35c34,35 +33,34c33,34 < if [ -f ./share/arno-iptables-firewall/environment ]; then < . ./share/arno-iptables-firewall/environment --- > if [ -f /usr/share/arno-iptables-firewall/environment ]; then > . /usr/share/arno-iptables-firewall/environment -37c37 +36c36 < printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2 --- > printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2 -219c219 +70a71,75 +> else +> # If no value is entered, remove (unless commented) previously set +> # values: this is to prevent e.g. ports from remaining open, or +> # internal interfaces from remaining enabled with NAT. +> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1" +85c90 +< # else +--- +> else +86a92,94 +> # This is needed in order to allow function change_conf_var() +> # to remove values for previously set open ports. +> change_conf_var "$2" "$3" "" +216a225,231 +> else +> # Remove previously set values related to the internal interface +> # if no internal interface is entered with this script. +> change_conf_var "$FIREWALL_CONF" "INT_IF" "" +> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" "" +> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" "" +> change_conf_var "$FIREWALL_CONF" "NAT" "0" +218c233 < --- > -221,223c221,223 +220,222c235,237 < chmod 755 /etc/init.d/arno-iptables-firewall < chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall < chmod 600 "$FIREWALL_CONF" @@ -20,11 +42,11 @@ > chmod 755 /etc/rc.d/rc.arno-iptables-firewall > chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall > chmod 600 "$FIREWALL_CONF" -228c228 +227c242 < AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" --- > AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" -236,252d235 +235,251d249 < # Remove any symlinks in rc*.d out of the way < rm -f /etc/rc*.d/*arno-iptables-firewall < @@ -42,23 +64,24 @@ < fi < fi < -254c237 +253c251 < change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1" --- > change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1" -256c239 +255c253 < change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0" --- > change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0" -259c242 +258c256 < if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then --- > if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then -275a259,276 +274a273,291 > echo "" > echo "-------------------------------------------------------------------------------" -> echo "** NOTE: 1) You can now (manually) start the firewall by executing **" -> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" **" +> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing **" +> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" or **" +> echo "** \"/etc/rc.d/rc.arno-iptables-firewall restart\" **" > echo "** It is recommended however to first review the settings in **" > echo "** /etc/arno-iptables-firewall/firewall.conf! **" > echo "** **" @@ -73,5 +96,5 @@ > echo "** at boot-time. **" > echo "-------------------------------------------------------------------------------" > echo "" -278d278 +277d293 < diff --git a/network/arno-iptables-firewall/patch-startup-script.diff b/network/arno-iptables-firewall/files/patch-startup-script.diff index c6dd915c78..c4b947d4e7 100644 --- a/network/arno-iptables-firewall/patch-startup-script.diff +++ b/network/arno-iptables-firewall/files/patch-startup-script.diff @@ -14,7 +14,7 @@ < # ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script"). # --- > # You should put this script in "/etc/rc.d/". # -> # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it. # +> # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. # > # If you want to run it upon boot, either create an "/etc/rc.d/rc.firewall" symlink to the # > # present script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") or # > # edit the network system startup script "/etc/rc.d/rc.inet2" by renaming both occurrences # diff --git a/network/arno-iptables-firewall/slack-desc b/network/arno-iptables-firewall/slack-desc index 80e82a06f9..89cec36c72 100644 --- a/network/arno-iptables-firewall/slack-desc +++ b/network/arno-iptables-firewall/slack-desc @@ -15,5 +15,5 @@ arno-iptables-firewall: for Internet access via NAT and network services like ht arno-iptables-firewall: Moreover, it provides many advanced additional features that can be arno-iptables-firewall: enabled in the well documented configuration file. arno-iptables-firewall: -arno-iptables-firewall: Homepage: http://rocky.eld.leidenuniv.nl +arno-iptables-firewall: https://github.com/arno-iptables-firewall/aif arno-iptables-firewall: |