diff options
| author |   Michael Weber <xmw@gentoo.org> | 2014-11-18 12:55:03 +0000 |
|---|---|---|
| committer | Michael Weber <xmw@gentoo.org> | 2014-11-18 12:55:03 +0000 |
| commit | ed96a0733f50cd53c57920166d62d37fd302cc40 (patch) | |
| tree | cb3accbcd21f2d482e9865316ee04f24975de1e5 /net-firewall | |
| parent | Remove obsolete sed script. (diff) | |
| download | historical-ed96a0733f50cd53c57920166d62d37fd302cc40.tar.gz historical-ed96a0733f50cd53c57920166d62d37fd302cc40.tar.bz2 historical-ed96a0733f50cd53c57920166d62d37fd302cc40.zip | |
Version bump (big thanks to whissi, bug 522278).
Package-Manager: portage-2.2.14/cvs/Linux x86_64
Manifest-Sign-Key: 0x62EEF090
Diffstat (limited to 'net-firewall')
23 files changed, 1315 insertions, 7 deletions
diff --git a/net-firewall/shorewall/ChangeLog b/net-firewall/shorewall/ChangeLog index b8bcfd8271a5..efc2b2b510bb 100644 --- a/net-firewall/shorewall/ChangeLog +++ b/net-firewall/shorewall/ChangeLog @@ -1,6 +1,22 @@ # ChangeLog for net-firewall/shorewall # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/ChangeLog,v 1.266 2014/11/18 11:12:24 xmw Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/ChangeLog,v 1.267 2014/11/18 12:54:56 xmw Exp $ + +*shorewall-4.6.5.2 (18 Nov 2014) + + 18 Nov 2014; Michael Weber <xmw@gentoo.org> + +files/4.6/shorewall-init-01_remove-ipset-functionality.patch, + +files/4.6/shorewall-init.confd, +files/4.6/shorewall-init.initd, + +files/4.6/shorewall-init.readme, +files/4.6/shorewall-init.systemd, + +files/4.6/shorewall-lite.confd, +files/4.6/shorewall-lite.initd, + +files/4.6/shorewall-lite.systemd, +files/4.6/shorewall.confd, + +files/4.6/shorewall.initd, +files/4.6/shorewall.systemd, + +files/4.6/shorewall6-lite.confd, +files/4.6/shorewall6-lite.initd, + +files/4.6/shorewall6-lite.systemd, +files/4.6/shorewall6.confd, + +files/4.6/shorewall6.initd, +files/4.6/shorewall6.systemd, + +files/4.6/shorewallrc, +files/4.6/shorewallrc-r1, +shorewall-4.6.5.2.ebuild, + metadata.xml: + Version bump (big thanks to whissi, bug 522278). *shorewall-4.5.21.10-r1 (18 Nov 2014) diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest index 875915579a40..b3286f771fe1 100644 --- a/net-firewall/shorewall/Manifest +++ b/net-firewall/shorewall/Manifest @@ -19,26 +19,53 @@ AUX 4.5.21.9/shorewall.confd 160 SHA256 99aa9a4d3ae9f3bb590f5426c1266b6f7ee50a9e AUX 4.5.21.9/shorewall.initd 2944 SHA256 2dd8631c82895b4e16849b3423625d66f59ce2a00a678f14491569378040144b SHA512 b33a82cecde87d6ea52c961f30dc23d7317239fcb3f1765e06d735196d058e30f6fe18bb0ff6ec58526cb21d002b66c68f52ca26d3ac52220e635814d8695853 WHIRLPOOL b039aa54637eeb4fa38fa0da94cd20b0f7a5d1dd02052192a1c6bb0739bb05a0bcdd35565dfac4ebc58d1382b71d6b4307be5d793be0a1670bc22c91e2d3d6d4 AUX 4.5.21.9/shorewall.systemd 446 SHA256 f593a0514902bf369ae3f4e9aa6b782fd0e3abfbba6d63ce9d0521303b504c17 SHA512 63cb819570a249ce97bd0bf3b29e27bc84116c201348c49cb52688eb86bb45e30fb78f6b73055ea54db2392d75c77638ec64d636b9c801345e446402d43b27a2 WHIRLPOOL 98ff8938b7998a20fbf0acd0f1186ac13e543b4e2df99f55feea0e8f038e6a6724083ef221efba33f5c1af0844a8e53d1dcd266686ea2a2dcbd65d67a75b251d AUX 4.5.21.9/shorewallrc 2006 SHA256 1f5a784ccb33ffe50cbacc066f783e1446996a60d99deb473ffbd5a69e9150a6 SHA512 c397c556f56444b08b091f405f2b82d16cf4b4e42d98176bede01ff32f270841fbaa6e0e5f5e7e1e4871ed5a0be22b654ae5c07f728e747449ab5f43025cde9f WHIRLPOOL 1d94b8bc7a9a4ac73480a610be58d4842bf0243f004fd7d5f668eab9be0e02ed3ce58bef9281bb638e5e5d346f47e8a15cc33d9a1e0bba1d642e125923d953e3 +AUX 4.6/shorewall-init-01_remove-ipset-functionality.patch 563 SHA256 ed4e8debb0eac40527f4c63df929e84d54bce066f1c7f002cafd9e34b01079ce SHA512 d4b9c4aea7a0d1eea24c6e7f045ce7b61b24969e962fee0f95b28c6fad490eb20c6c6cb568813d0bebf91fa6da22b9de06da03ed5bf7b2284309d0bd7d236394 WHIRLPOOL 1c3cb1f5a3829e317e834fb56a6be9a1d3ed3c63f5e4825875bbb71a85f9db195de09f6b36002e25b477e70ddf57ce6921290c31a001bb6f7036dc6600943708 +AUX 4.6/shorewall-init.confd 152 SHA256 990ae5e4498ddf071de317f7746fb3eadca77fab37631d814f2f56d588ff2937 SHA512 105393c3cbdd1820066e41ed941b6a79cafde3196eb723c06ca984fc663370d6902757467339b6b4ebfb8d00167b9f85311b6842dadc564029313eb36f1a389b WHIRLPOOL d24e38eb1ab20799a515543f586dfc95854d2eeb5dff10cc8ddd1fb7878cc854c9115dde8bdf9387e349cdb75381c8ce03972d05bae858c8ae04efa75ece0299 +AUX 4.6/shorewall-init.initd 4482 SHA256 f048cd1b19f8da92e7ca21a5d65196d3cf1ef0bcf5cd627e42d44e1e48097306 SHA512 456f01fa9a2ba5448a5c4a21bcbac499103bb9e2643325f153d8f464b98c1d1f32bff2d80a1ec28a52c08a8b923d922aabc24626d2a1d537d3cd07cd277d307d WHIRLPOOL d1d945991fc8196e91bdf2c53d68c663a0ae8f8c9b1a65a30c838cbcdbf45416e5497ebf20631175c628066e5bfaa5241aa9f3f7d1d02d3de238d8b9bf84ec86 +AUX 4.6/shorewall-init.readme 1233 SHA256 01439a974c15797954f3b9ce8fc7dbd8c81baff79e6a4e81e745416103896ce3 SHA512 8dbb70cc381b81ae811dcbfbcff63f5de0ba776472107a7d3b53e912fe50f20acb59f5da2aecec5de87ad0513a40fb4b4dfa30b51ff5f4b0da9186504870304a WHIRLPOOL a4293a49656253e3d7903b5a067d67b1bffdb1fffb3d92a43a2c32dd8a796998c67ad66beb756b4c45db618ab72b0dbc1bc81f183976c174b483bb4a2401a643 +AUX 4.6/shorewall-init.systemd 442 SHA256 45307588fd8cb6ea9883cbc4748f19ee2284d3c0f54821007f6ee01f7cb79c43 SHA512 bd93374c9c22a45b16a8013e3be4b744f8186d8f5a427931cea3bc29604ad2b12c9db1ba7c39822290a180977563e853bc6919489a4e9b9c1297a5b80080bb37 WHIRLPOOL ddc95680b4d41eb2ce64fca7e137e203ef991b9941182474666ebe75a970d5645f0adc63e14ce05c0efdc1e342a3f0f38560b1bd7f311a2e8d0499c7e8b98a81 +AUX 4.6/shorewall-lite.confd 160 SHA256 6aaa091f85ca7626023883b7e4fc7ffb644e427581d9aaf9307958fafbfdca88 SHA512 90a54824162c31276b791cfaed93f871d78af880f75184355fed3c597aae981e7a05d4725d127419892d849685bf11b26d3c71282b8ae0e0072a32b7d1309c91 WHIRLPOOL 02e1af5589ad1cd72cd9f6eb9858e590ab0451af7459118fbf830ac8ee47989c814d87e319f68cb7e5113a9a7792b7faed433ddec0e8b30b2dff28b8cb2ca45b +AUX 4.6/shorewall-lite.initd 1806 SHA256 27ced7d3d8c9558e70834663b1e8d2f338386cbcbee65c92f9b74bfa249d1ae1 SHA512 acaa70ccf6f341b08b31dc3d498a80280e643d0797a63115e8d78bb3d5ddda97308b74c442d896742a2ad2b8546d892eaa78a2a1739eeb1f77e2e5a1c185e0f1 WHIRLPOOL 42c39d11d44d293bc4ecaea2e63c0b143bf7f800434ea4a3a503e836d6ed4950c4a98eaac8d0d702997ad80c45e603e2b4d5eef040a062778e404d6485703c68 +AUX 4.6/shorewall-lite.systemd 558 SHA256 acb60cb64c87d18edb8bad06d5fce134ffcb10a1b15bf326b4cea185d980fe85 SHA512 bc792bd6aa94b89f125dacf326f74efc347aac3ee866e59c3a4f9efcc27c6070abac5761525419c39d4b9a66278193a39d72809a57800a987438acda29182ee5 WHIRLPOOL 91893522f38b149d81f323c862cbbf44bb6853715b9641b2770ccd1d91978435f740d0bd6920dbc44385dd71673545588457489a9782fdaeb5197192285b1488 +AUX 4.6/shorewall.confd 160 SHA256 6aaa091f85ca7626023883b7e4fc7ffb644e427581d9aaf9307958fafbfdca88 SHA512 90a54824162c31276b791cfaed93f871d78af880f75184355fed3c597aae981e7a05d4725d127419892d849685bf11b26d3c71282b8ae0e0072a32b7d1309c91 WHIRLPOOL 02e1af5589ad1cd72cd9f6eb9858e590ab0451af7459118fbf830ac8ee47989c814d87e319f68cb7e5113a9a7792b7faed433ddec0e8b30b2dff28b8cb2ca45b +AUX 4.6/shorewall.initd 2508 SHA256 3a6aa8055c957a6cb00d2da1abec56c9da3f22bf7ad4703fd0f67ee9bc03e0cf SHA512 dd28a1ab52b04bfa9d334e14cdfab3949ce4e7ed1755f1e61b570e4be7eb1946a55b624418e1c403c90e82d4df650a188a86b596d64c6073a0f2c776b40d233b WHIRLPOOL 650fc46fadfbce3abde2af2c58de414d34b6fddeb35487d1582aa7e7f2505de1403810f0a813aea57d3e043e4d8d4a2121f27f6d260d17f1cf49e1d77ba0ce92 +AUX 4.6/shorewall.systemd 523 SHA256 3fe82c0bc8cf71ff94be78d9019643a1a6ea149c0565dca0fb384f3e5240a694 SHA512 4be4d07bfc42f1230f1107716bad4152358cab35bdd4dd8bde7233db3d8ea43603fa917565b09fddd2167edd364b68551939c551c8739933d6a807787de6f84d WHIRLPOOL 5d90188f3037941d8ea71d0083c6ba7abeceb5e7a6b7ff3c4608737b7af8387a069bbd262ad213318fa08f74c49f267c81ebe71e3c28238e638b8cfd1e82a511 +AUX 4.6/shorewall6-lite.confd 160 SHA256 6aaa091f85ca7626023883b7e4fc7ffb644e427581d9aaf9307958fafbfdca88 SHA512 90a54824162c31276b791cfaed93f871d78af880f75184355fed3c597aae981e7a05d4725d127419892d849685bf11b26d3c71282b8ae0e0072a32b7d1309c91 WHIRLPOOL 02e1af5589ad1cd72cd9f6eb9858e590ab0451af7459118fbf830ac8ee47989c814d87e319f68cb7e5113a9a7792b7faed433ddec0e8b30b2dff28b8cb2ca45b +AUX 4.6/shorewall6-lite.initd 2231 SHA256 713b70b7a7b1ca7b8d921313d05d6aeeb385efb1bdb0c0a83e3cc1ef66756d41 SHA512 f3d51c911cc58ec093a1c000a3dd15c99fe2552bd391e675b24de6e7fd4679bec9c254b1dddb0d81374c3566e965a0ebdd7cbc939c1b20ad8569f294fa9a4e54 WHIRLPOOL e22d4797b31242d7f5330f9d121e1c2dde5a988a5bf7ee1c27ba18629a90f6e351232d356e4585e2a23747567cb17ba1b26a58ca53fa337146d6e29845a379d9 +AUX 4.6/shorewall6-lite.systemd 566 SHA256 ee5d9672c345c302620760d4e219dba8895b020dcc6dc808db44dabe0146e42e SHA512 34e0b14493a455961a5a1884007f535443f659d5de82f44af98d458cb0a8c5047cf13541239e2e0531b9e9c37296b991608902b76b9922722439f2d999215d3f WHIRLPOOL 397e54663942136b9b95888c9787278da7dcd3be53fb6d2c5c34a9894e4e7e2f6ac527ba2b2897c72c337c2aba7bf6769e05964e63b5e3fdb5d94fd4f699bafc +AUX 4.6/shorewall6.confd 164 SHA256 647eb46f02a9be03a662223e09331313b9a3bcacbbccc34ba6779da0f7a3d381 SHA512 ba52458e30bc9b1aa352f8f6de46762e646e225c2624dc6de3961cfa21a8023cdbf3598308dce343badaad626710fad0481fb670b6a9749642774d550b6dd931 WHIRLPOOL 1bb6f6ab368a24260f08eb10ba396db8499ee22a9ed53fc23ac7d5ee37c8d5543016604d09c6b42d23bc66b954acb5cf64c601dd579f32f0f4e63498e358c750 +AUX 4.6/shorewall6.initd 2933 SHA256 f818d2e84346295b5683fd6bfb747b786a44b336f1dd207854c180372eb1ad88 SHA512 18960f340e1c4b7e8da1d9957ef09aa02b6e0b516ba0d32261ff3446e6d85e4ccf038a29790dab3336e2b0f376f1edfcf96aec20fdff175b6382078b5b323b1f WHIRLPOOL 0aa3a22173089f2aeea45ec0dcd0855232289d0a1a7a39e4173a2650f3cd00dcb6f0e7474332b1de3c7c593faeac2a5cb0e3627ce0cc73726c9a53a2a2af6ca5 +AUX 4.6/shorewall6.systemd 531 SHA256 231f0ad56d0083ef0dc647f9f9486e2179c0179fd68f70de00fe1f771e40016b SHA512 37d932ee91437d5cfcc8e64ffd6f188f50fa31792c76310c448410da8534e7d06c09121732798bcff5f8373b61231ffc84d033eb914c16361e32ebea9545848e WHIRLPOOL 1f259c055226e03f7453279e6f491976ca153c0c7e13cea7444c62b6c45d8f8e091a84d94d4bfd11f10cadc53e5174bd34b0a96bd506facb1904ac57820a6207 +AUX 4.6/shorewallrc 1982 SHA256 75c265c5968c05c120c9ea12e6337fa26c520c2d0900e1e3b78d32a827219727 SHA512 94885be09943c83dc9781a324c441faaddc653406f5c13e0fd1f79d0dacebad865a8d53117fbe78b0905b8b050c738e8bd0c5c1db5c3fb12bad355740c0683cd WHIRLPOOL d89cb1bb6765fe0bca1be85f53909b0c616a35674211911f8dffee70f6d428c6740858312fd5cc8c0fe0afededa6e7c73dc324508e2af0cec95adc200d861d98 +AUX 4.6/shorewallrc-r1 1982 SHA256 c2e371d12fa8d9e48212e1e0fd9a9c986730d8f0ed29ced60dc80f5a27d14874 SHA512 607d06a30bfe5656316df16063133c0cf2f8707d1143238b7c533996421e2b6273164710308f19b461e9caa89f164f3cec06fe9c289bcb346fda6053e50dab41 WHIRLPOOL 2b3f2ceef279548925cc03c0af98f27b1d2aec126dfa1edf737198514b380e68a27946f2f35ce4061f88bd7671a01f91d26623cf2231c0b35e834da828a1eb5f DIST shorewall-4.5.18.tar.bz2 470187 SHA256 81bbcb2cc24d0b54769fb153cb472d78e6eed9cdc9f005f1dd70ef2ae9efe131 SHA512 69857ba9181989a0d0b8ce691e637b313b59d4f5643784e62a801f8d74add0605452011e19e5344aaca97a329fe66980627181e69d9c0fc0625ff23afb192f78 WHIRLPOOL 2aaa1d5fce8170507e4989cb5c11cedeca938a161795894edad0ced658c9af42eac299ff4385b15d5fde003ece87f856ac57b985e4d26ea0adc870f109596082 DIST shorewall-4.5.21.10.tar.bz2 489469 SHA256 961331ba61e5e6dccc106e43685e45f19bf1e155502067c88e18ecf94c2a794f SHA512 bdc673b999c99624c61caa1239ac3a58c4d85743179de05ed5fe947e755fc4b01425da34b67cb5e6db693c62bf25e316517f1473b450a1d76887e69e4e384682 WHIRLPOOL 04a7afd30d79d6360ec325e7df06ffd6e911d938382a4c0c331312ddf6951d6564f5a0452b244095309fe4ce00b1c72838b0ef76e198e137c153a617dc22e8e5 DIST shorewall-4.5.21.7.tar.bz2 489095 SHA256 ac319243a583c31fb6cabacd28157a3c05085b951fb841b068028744b0d825e0 SHA512 1427780e4b75c9af26a90b916d4c410ea2622aea5740ad92a18994dcbbac3ce06989bf39ff60b6af9d10ac79db6e88b63921663e64f1a76298056e799763e859 WHIRLPOOL eba4975e96a2dd6c96bb19d3666a8734d62608fe864e78d9a0d6d4a0b4747c1c6ac720cd722b8d1b4adeacb13bded633f845809a45e1d01db7e7d4d7d59404bc DIST shorewall-4.5.21.9.tar.bz2 489618 SHA256 a1fc41abcba3181235e217a5da53bb25d11e6cdeef49dde82a0daeb2bb305fc6 SHA512 137eb33f63a25533f90150de5cd246f47e5072f838f8e42b044bd6a620bce767f8cb2b9da995fcfb61e37ab6774ea97819f6f7408f669539917b419262a68496 WHIRLPOOL be464ef64e06b35ff9fdf74e9b6a8c88b8de1aa766ec3bf2a7ccf9b69731ba23dc638047f5ad44f451ab93e093458f8f88d7b16201d61bbdfce40075f9ef25be +DIST shorewall-4.6.5.2.tar.bz2 481318 SHA256 2a3c52db59e80124e1613606b2526c4693059fb8a7a341ed600fdd093187eb84 SHA512 8b792b8c85bf53c5ce3e03a85f199e8ab2e6a17bacb47c04a8d63c1d936be9481a1d1ef74bad9c86b34d3db22b1c793c22390324049bd599138f13c9a6fca0fe WHIRLPOOL b04d3e0546aa6e850d621146d695e34b1067df419c9f3a60c71d1bfb21e91557be3fae6e2c85df710bd8779279390495c37e096b8e9f51b6edd188dfdbe55619 +DIST shorewall-core-4.6.5.2.tar.bz2 51710 SHA256 fc38dd578a394ce2307921b138cbfdb76bc0d5c9c64bcb3b397a2ccf21f761cf SHA512 6d10a807da8ed25881dd95d809bf2e3047e346c340d1a6683588e0d46947494803a024dd13d3f5e390fd336fb91f013afdb4a37fd8f4c38db7d4d6921bc77bf5 WHIRLPOOL 5b954c0408cf55534be29021007dd32a12eb295e9a28c60c40e823fdec0e643a6d4e08efef53e932521178747b78e4baff71a5c1d628609acb145c9979e94374 DIST shorewall-docs-html-4.5.18.tar.bz2 4022828 SHA256 a98263059952ed50b826eb1787e18eccff09f41fa8f5d70f705ce39660b0c835 SHA512 790b89c3ee885a70daf62d145fcc3e1fb15871abcc9e8a868154c982e264a46acd8dfba81986604de60eb1c375b080d52992b6435b15b3cca91ab3afb895708f WHIRLPOOL 72c73ed925f3289978bfdfd8490bd617c0d39190ce874583773f04ec16d5710d007fd2edaef80b20e7b504e58df0d7bcf09595ee228a0948500295b848c333b3 DIST shorewall-docs-html-4.5.21.10.tar.bz2 4146174 SHA256 cdbc5f3654f7cfb6f0c3b3750a7174df8fa0590dfe34df055300140b3eb13192 SHA512 94852cc094d6a485cacc4023a2819431f1bfd80b8cbcab29981c422fdff9dfee90697ae8a9bda7ded3a8be03db516bdd5f4bcc4b83e7d01bc433a8c88d23731a WHIRLPOOL 6f02d0e3255dd1e31a43193f67f9b957546a6ae574631e61364f81244bee887e7f21c38f412fa21cde77b3d89aaf0e14e43909683db0c9c32edeb455c20b998e DIST shorewall-docs-html-4.5.21.7.tar.bz2 4146237 SHA256 cd7de8343924828cea0959496a96f830086421d8583783158a80ba0900ae021d SHA512 4a945aff7d03b726ca14cc9f0bf9b1d42d06ea670f7aa917bb3ec085eadc3dee004582228702885b3d6ed56bf24e291bd7cae03e327e2dc9c8d7dc616962ddc7 WHIRLPOOL 09fe3c7f532a3092abc4aede6bcd62dcda962de4e9ad4179797a0e653e971fe3e8199f751fecd9cacb35f03ba69d8eb4664e8faea215538ebc40dc7bf50c1ada DIST shorewall-docs-html-4.5.21.9.tar.bz2 4146065 SHA256 9056c22b8232d8276cc53a6eb74940bab42a250c670cb5baa42c75cfb89efdef SHA512 48b2c692ba59b7ec74307909e43a95104e212c9b8e21af7f0dd9f3438ac4f24a6fd2bcc6517966681517aef03beaa8faf03efd74406966d97b68cb416be8551b WHIRLPOOL f68cba7ecaf8c541e58d26c157914bff2d90cd9deae30af7323ca69c68d028217133f53e597bf383191aee83fab29203d233b3cd1e75e4cf08d9e17308dc25e4 +DIST shorewall-docs-html-4.6.5.2.tar.bz2 4177913 SHA256 46e9906f6e31f4be5f0de338d618797108b97a3a62b2018c8813069cee1ec7f9 SHA512 94e4ff3258b4ceec445e4f5e55b5c908bc5cd9a1cda73037d5195c1ce8a08bde1c0431227a0d9350effb581178ac36d87a211d37e6f0b806e1fc6562057a5f00 WHIRLPOOL b1c26ea862c6ca3b3684cbc35cbdc381472253a60355fd93cf3a22020ae5657e96ba1a92d8eff542996114a1eb65f068765f7caa3343ddc19ce99ae1cb9b4fd7 +DIST shorewall-init-4.6.5.2.tar.bz2 32299 SHA256 4bf8a830fcf6fd1869672dfdfd895fecd0dd22bb68f2af68c27b0e5828ff556c SHA512 d7a67ebc64b4746ea4d5eb1afb53c9d46e7cf99a4c657df2da602a94a9ea39ce5186ae2b80427e41f737ce937955011690098dbde8daac64882d85ffb77dfb50 WHIRLPOOL 53e9e22fa566fff951f5683db283fba378c02e290520c2aa3ca519da65f738a791dc90d808e1b6a72274b8cd6ccb8eac47f74eeb85a364ed6135e45721a6d0c0 +DIST shorewall-lite-4.6.5.2.tar.bz2 46259 SHA256 aae4bf4618273bf06408033be1811e003e1cf52ee4369203b6bfe4d72060af3e SHA512 2dc219877e21bcfbf19aa0a1e2ce5ac4c7350ab8676c3f8e0a66763155ab90e4662b40e3c0c7a52bd974d71e970cc50a206400706bcef2e29b1bc816c939605a WHIRLPOOL acfb9debc56168d29e0cd5813566629fbf8c0a4890734abaa9e16d25316848241f7fcbb8276647bee7ef74114e30bf9cee9070fef0325d446b4ed0eb6d09413c +DIST shorewall6-4.6.5.2.tar.bz2 222025 SHA256 0dbea15d8457219b8eab41dab461388cb566a90715f2aee67b82514e4278f680 SHA512 4c3905a90d1b4330751187da8e8a70427d81f4086f68eeb0afa1dbe5cd3e33380aefe4b1c26ad58a1df8da1ac86b1ea8a13e2a8ff6dcdb368e5c50adf16dc69d WHIRLPOOL d4e5cd59e7f99e99b7fd98883a6927558e3f6cc2207be26711731160ba8f836db21ab59e02ccc5479bf143da3defb1998ead59cea3d3e11192bf0f05bbad0471 +DIST shorewall6-lite-4.6.5.2.tar.bz2 45654 SHA256 3dc2e6c4062bb50129e5828682faa9ddd783e796626204055bdfc87b4aec41a2 SHA512 89097be628281a5d617768f51cd192e92e8b175773e2a460d5f7a7e39e9d09fdb4158c37546d8b78857474239720cea6d8eb210a8fc7c9e7930114690df1cbf7 WHIRLPOOL 4706b792162a49039b8039b4ea170f297bdea949c8fc3c7098e07fe3f0f1b88e4b1425a53b705a61f7a40a08e2f757765990375273a6219db7a3fd96c2102fa8 EBUILD shorewall-4.5.18-r1.ebuild 1797 SHA256 d8537c2c5580ee455b24cda4bbb43482e1efcab5e60e95477d199f6d4d5d0f6f SHA512 d93f15726d781d463bff8e43aec855d296baee8f9fad4486c931d2f4a4c738d3669e5fca6a2081a183e8c247056c5778d06c1bb103d5d1c7f1398c0e9cc67c0d WHIRLPOOL f7672bf53fbe5fd0cb4cac5fb1b5d0b3383638da38599b9df3d7acfa17326da8e46b6bbefc5adcd0c695c6980942204b69db400d906073f90c0446072455db6e EBUILD shorewall-4.5.21.10-r1.ebuild 3373 SHA256 368f0d97aefdce58465d94700bb2aaf2209d16251ba3a1eb668efd77b5e4b8d9 SHA512 b5ee3e3e6f2ee05d05671cb506364cd9df407c20c5bc87e232eaa611c5b1689805d339902c9d791b02324e5324751eac7282b83caa25aa30eb28020b82fd676e WHIRLPOOL 774b7f9a2f7c5c25ebebc026e1d202edbf727f95b5a1434bb61c0376653122104b1bfe237bcf6bc2483d3a55ba615f9a73d573d78a50d0450a06a5ba0e2dbb43 EBUILD shorewall-4.5.21.7.ebuild 3347 SHA256 b3458ad72d9db6bd4baf1c05e58297d724993f7b10a5d3d34e0e9b0fafd2396c SHA512 10a9773100b4f234690eb94cb281b57d80b40ca07cf21baf29908fdd2586f347a11aee1d85caf6a8ebd36d53e320d1ce160e105e04e931783193b2963be115f4 WHIRLPOOL 58c877f361b4f90d54695c0d4d1bbfd4a5a74c13d0df82ae78a81f224e7b5ca3e220b055be2a192a20cc30dffe03c4195a479f3da61fec3fd31b4396bfbeef61 EBUILD shorewall-4.5.21.9.ebuild 3285 SHA256 9d6e1cc9a7a22de912d5c9146d3fc119c8978c04036a1e98cbbde31fd5f78b45 SHA512 df887615e704c0c181fa2bc10f01e07d9a3f12b68193643c0cb9facd6a8df73b3801e1db3cc9ad561a4e769b5f9656e7ac908f87c5ac4e0a00471b6048518abe WHIRLPOOL 2e100845a3a83d0476f381cba4173e7fbc5e771eb6c5c1d21a3357c4ca0d41ef980cba77cda0b5b5daf903a75679ee560e709aee776127262f7d22dcb5827d3d -MISC ChangeLog 39586 SHA256 c5f957fdf1d4dc8611563bfd85c5801232c6a9269403f3f7b63b194f0014933f SHA512 e30f5c6a6fd0a9a6b89b92dccc8ac3829d8b0aeea3318498ad4520926669e6cf7fdb9b76dbc88e830c2b5b9ecc73f6d5f372bc96a666e3afe4957241ad44ffca WHIRLPOOL 82cb728640b33e516f6ff3cc6bca2785d481cfa7d513ea3b9992ea914e45cc31a57d5a1e021784797637abc0c2a1b12ab64bd59390b2313b4898df201c7b588d -MISC metadata.xml 289 SHA256 8c1fb547b467632a3f8f41524f2aa2fb7bfcaaeb980e5b9eb7dcde83464df222 SHA512 b626395ae7b75ae4bcd3ca4120e967f649ceb514661dcc967679f9e5e93a9974baf890ea77426144623821f01e9f42d6fbc405172d0530e1e7d8bb0f046150b0 WHIRLPOOL d0e1145ee0aa32be11b6ad80c3d6e69392b3853a72af757fea16deb5f84e01c5fa8f943589662697efc2eda5f7149dd9601e95bf653cf2bd24917d82d3844449 +EBUILD shorewall-4.6.5.2.ebuild 16109 SHA256 394490438b5412123bc3ac16076d13beea2a1102a40480002963f790961a8c58 SHA512 2c0d7214a43cac14c6701b5238bb00acc6ba213c902475fb383fb2e587301636ddf5932f8716efcc357698f2e5f7c021637170fc61f011a772ad82f093c8d2ae WHIRLPOOL 6c1a0b9f58a1c9a629180b95f85db3e6ac9713a481c3ea198d47b06c2bbc0c713c22323eca0029b2875dff195c8136f60df94e397b6d169429b5e2e6e5b2bb7d +MISC ChangeLog 40410 SHA256 4536c9d69501a91abb0ba7467ace6049387c5b0306bdae0faaadb2b1b53ceab7 SHA512 a90a06aa9ecab33932b5ba7bf4b36de45903ea57ea72024aefbb2dd8cf9bc1cec6c7d125882ff06a5e1afbafd27d8a798e3b11e92ea436fa37d0bfeb644016a1 WHIRLPOOL 5a78ae63b445da8e70b860ce538b552dcb80df78e5eb670c78d6f37bc769e5d32db0b807fadb505d2c33fc5524cd31df768b466a62b611929ec768b01256b64d +MISC metadata.xml 957 SHA256 57ebb61c223d75b1210f8ca8e2877bb3a7a02a187f801b7003365592731ca5a4 SHA512 ae64bf8fb7956117a2465cec264a10d616e7a8ac9740665b0fe62e174afe0f2c5a67d4b6c47896a67fa8ca26d867ee5484876907049c37d447e50f821278019f WHIRLPOOL 98f26ea1ea8029a3ad08d8e758b22bdd2c279ef1793cd043f59332b5852a437724a906cc692b855e4f2d73cac457f46dc979fa2b35975481361ff8b9f2a07ed4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iL4EAREIAGYFAlRrKaJfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl +iL4EAREIAGYFAlRrQatfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDY3QjA4MzdGODg1NUMxMjIzNUQ0MDgxNzky -N0FERDBDNjJFRUYwOTAACgkQknrdDGLu8JBzVQD+LMYFL0YPSgXwu4ciHu6a4nu7 -kj/8dl+Z348ZVivveCkA/iveHc+jBVuT+XayULbbbOvZBUfE0z74keNWs+KHGeNg -=yUq/ +N0FERDBDNjJFRUYwOTAACgkQknrdDGLu8JAXyAEAhjcN2v0dH3p4T+ZRmNOd9LvD +T5rWDZcnC5Niwb7Xb4YBAJHNMeuTvXih7BPkHyk0QwkZuhO5UFHH5bYE3gGTSaUq +=dWTI -----END PGP SIGNATURE----- diff --git a/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch new file mode 100644 index 000000000000..620e479f92fc --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init-01_remove-ipset-functionality.patch @@ -0,0 +1,27 @@ +--- shorewall-init.old 2013-09-08 23:25:36.364924304 +0200 ++++ shorewall-init 2013-09-08 23:29:27.418736392 +0200 +@@ -79,10 +79,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then +- ipset -R < "$SAVE_IPSETS" +- fi +- + return 0 + } + +@@ -100,13 +96,6 @@ + fi + done + +- if [ -n "$SAVE_IPSETS" ]; then +- mkdir -p $(dirname "$SAVE_IPSETS") +- if ipset -S > "${SAVE_IPSETS}.tmp"; then +- grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" +- fi +- fi +- + return 0 + } + diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.confd b/net-firewall/shorewall/files/4.6/shorewall-init.confd new file mode 100644 index 000000000000..1b126be4e8bf --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.confd @@ -0,0 +1,6 @@ +# List the Shorewall products Shorewall-init should +# initialize (space-separated list). +# +# Sample: PRODUCTS="shorewall shorewall6-lite" +# +PRODUCTS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.initd b/net-firewall/shorewall/files/4.6/shorewall-init.initd new file mode 100644 index 000000000000..26ea0e09d4b1 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.initd @@ -0,0 +1,192 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/4.6/shorewall-init.initd,v 1.1 2014/11/18 12:54:56 xmw Exp $ + +SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc" +CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}" + +description="Puts Shorewall in a safe state at boot time" +description="${description} prior to bringing up the network." + +required_files="$SHOREWALLRC_FILE" + +depend() { + need localmount + before net + after bootmisc ipset tmpfiles.setup ulogd +} + + +. $SHOREWALLRC_FILE + +checkconfig() { + local PRODUCT= + + if [ -z "${VARLIB}" ]; then + eerror "\"VARLIB\" isn't defined or empty! Please check" \ + "\"${SHOREWALLRC_FILE}\"." + + return 1 + fi + + if [ -z "${PRODUCTS}" ]; then + eerror "${SVCNAME} isn't configured! Please check" \ + "\"${CONFIG_FILE}\"." + + return 1 + fi + + for PRODUCT in ${PRODUCTS}; do + if [ ! -x ${SBINDIR}/${PRODUCT} ]; then + eerror "Invalid product \"${PRODUCT}\" specified" \ + "in \"${CONFIG_FILE}\"!" + eerror "Maybe \"${PRODUCT}\" isn't installed?" + + return 1 + fi + done + + return 0 +} + +check_firewall_script() { + if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then + ebegin "Checking \"${STATEDIR}/firewall\"" + ${SBINDIR}/${PRODUCT} compile -c 1>/dev/null + eend $? + fi + + if [ ! -x ${STATEDIR}/firewall ]; then + eerror "\"${PRODUCT}\" isn't configured!" + + if [ ${PRODUCT} = shorewall-lite -o ${PRODUCT} = shorewall6-lite ]; then + eerror "Please go to your 'administrative system'" \ + "and deploy the compiled firewall" \ + "configuration for this system." + fi + + return 1 + fi + + return 0 +} + +is_allowed_to_be_executed() { + # This is not a real service. shorewall-init is an intermediate + # script to put your Shorewall-based firewall into a safe state + # at boot time prior to bringing up the network. + # Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz + # for more information. + # When your system is up, there is no need to call shorewall-init. + # Please call shorewall{,6,-lite,6-lite} directly. That's the + # reason why we are preventing start, stop or restart here. + + local PRODUCT= + + if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then + # Starting shorewall-init is only allowed at boot time + eerror "This is a boot service, which can only be started" \ + "at boot." + eerror "If you want to get your shorewall-based firewall" \ + "into the same safe boot state again, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} stop" + done + eoutdent + eerror "" + eerror "Yes, \"stop\" and not start." + eerror "" + return 1 + fi + + if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then + # Stopping shorewall-init is only allowed at shutdown + eerror "This is a boot service, which cannot be stopped." + eerror "If you really want to stop your Shorewall-based" \ + "firewall the same way this service would stop" \ + "Shorewall at shutdown, please run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} clear" + done + eoutdent + eerror "" + eerror "Keep in mind that this will clear (=bring down)" \ + "your firewall!" + eerror "" + return 1 + fi + + if [ "${RC_CMD}" = "restart" ]; then + eerror "This is a boot service, which cannot be restarted." + eerror "If you want to restart any of your Shorewall-based" \ + "firewalls, run" + eerror "" + eindent + for PRODUCT in ${PRODUCTS}; do + eerror "/etc/init.d/${PRODUCT} restart" + done + eoutdent + eerror "" + return 1 + fi + + return 0 +} + +set_statedir() { + STATEDIR= + local VARDIR= + + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} ) + fi + + [ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT} +} + +start_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +start() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Initializing \"${PRODUCT}\"" + ${STATEDIR}/firewall stop 1>/dev/null + eend $? + done +} + +stop_pre() { + checkconfig || return 1 + + is_allowed_to_be_executed || return 1 +} + +stop() { + local PRODUCT= + local STATEDIR= + + for PRODUCT in ${PRODUCTS}; do + set_statedir + + check_firewall_script || return 1 + + ebegin "Clearing \"${PRODUCT}\"" + ${STATEDIR}/firewall clear 1>/dev/null + eend $? + done +} diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.readme b/net-firewall/shorewall/files/4.6/shorewall-init.readme new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.readme @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.systemd b/net-firewall/shorewall/files/4.6/shorewall-init.systemd new file mode 100644 index 000000000000..e58c7e2375ce --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=shorewall-init +Documentation=http://www.shorewall.net/Shorewall-init.html +Before=network-pre.target +Wants=network-pre.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=syslog +ExecStart=/usr/sbin/shorewall-init start +ExecStop=/usr/sbin/shorewall-init stop + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.confd b/net-firewall/shorewall/files/4.6/shorewall-lite.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.initd b/net-firewall/shorewall/files/4.6/shorewall-lite.initd new file mode 100644 index 000000000000..76411682727c --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.initd @@ -0,0 +1,74 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/4.6/shorewall-lite.initd,v 1.1 2014/11/18 12:54:56 xmw Exp $ + +description='The Shoreline Firewall Lite, more commonly known as "Shorewall Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall-lite" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + ebegin "Restarting shorewall-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + ebegin "Clearing all shorewall-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in shorewall-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall-lite.systemd b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd new file mode 100644 index 000000000000..87f994fef7ca --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-lite.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall lite +Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall-lite +StandardOutput=syslog +ExecStart=/usr/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS +ExecStop=/usr/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall.confd b/net-firewall/shorewall/files/4.6/shorewall.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall.initd b/net-firewall/shorewall/files/4.6/shorewall.initd new file mode 100644 index 000000000000..68211d98bd5b --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.initd @@ -0,0 +1,99 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/4.6/shorewall.initd,v 1.1 2014/11/18 12:54:56 xmw Exp $ + +description='The Shoreline Firewall, more commonly known as "Shorewall", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + ebegin "Restarting shorewall" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + ebegin "Resetting the packet and byte counters in shorewall" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall.systemd b/net-firewall/shorewall/files/4.6/shorewall.systemd new file mode 100644 index 000000000000..bdb829e6a12a --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv4 firewall +Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall +StandardOutput=syslog +ExecStart=/usr/sbin/shorewall $OPTIONS start $STARTOPTIONS +ExecStop=/usr/sbin/shorewall $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.confd b/net-firewall/shorewall/files/4.6/shorewall6-lite.confd new file mode 100644 index 000000000000..0e419b87a3c0 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.initd b/net-firewall/shorewall/files/4.6/shorewall6-lite.initd new file mode 100644 index 000000000000..a6e8eed190b5 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.initd @@ -0,0 +1,84 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/4.6/shorewall6-lite.initd,v 1.1 2014/11/18 12:54:56 xmw Exp $ + +description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="clear" +extra_started_commands="reset" + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6 Lite. The firewall is" +description_clear="${description_clear} then wide open and unprotected." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6-lite" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6-lite" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6-lite" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6-lite" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6-lite" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd new file mode 100644 index 000000000000..7c4d306eac57 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6-lite.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall lite +Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=ip6tables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6-lite +StandardOutput=syslog +ExecStart=/usr/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS +ExecStop=/usr/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewall6.confd b/net-firewall/shorewall/files/4.6/shorewall6.confd new file mode 100644 index 000000000000..210eec1b5730 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.confd @@ -0,0 +1,15 @@ +# Global start/restart/stop options +# +OPTIONS="-tvv" + +# Start options +# +STARTOPTIONS="" + +# Stop options +# +STOPOPTIONS="" + +# Restart options +# +RESTARTOPTIONS="" diff --git a/net-firewall/shorewall/files/4.6/shorewall6.initd b/net-firewall/shorewall/files/4.6/shorewall6.initd new file mode 100644 index 000000000000..9ca043cf0adf --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.initd @@ -0,0 +1,109 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/files/4.6/shorewall6.initd,v 1.1 2014/11/18 12:54:56 xmw Exp $ + +description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is' +description="${description} a high-level tool for configuring Netfilter." + +extra_commands="check clear" +extra_started_commands="refresh reset" + +description_check="Checks if the configuration will compile or not." + +description_clear="Clear will remove all rules and chains installed by" +description_clear="${description_clear} Shorewall6. The firewall is then" +description_clear="${description_clear} wide open and unprotected." + +description_refresh="The mangle table will be refreshed along with the" +description_refresh="${description_refresh} blacklist chain (if any)." + +description_reset="All the packet and byte counters in the firewall are reset." + +command="/usr/sbin/shorewall6" + +depend() { + need net + provide firewall + after ulogd +} + +status() { + local _retval + ${command} status 1>/dev/null + _retval=$? + if [ ${_retval} = '0' ]; then + einfo 'status: started' + mark_service_started "${SVCNAME}" + return 0 + else + einfo 'status: stopped' + mark_service_stopped "${SVCNAME}" + return 3 + fi +} + +start() { + ebegin "Starting shorewall6" + ${command} ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping shorewall6" + ${command} ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + + ebegin "Restarting shorewall6" + ${command} status 1>/dev/null + if [ $? != 0 ] ; then + svc_start + else + ${command} ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all shorewall rules and setting policy to ACCEPT" + ${command} ${OPTIONS} clear 1>/dev/null + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in shorewall6" + ${command} ${OPTIONS} reset 1>/dev/null + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing shorewall6 rules" + ${command} ${OPTIONS} refresh 1>/dev/null + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking shorewall6 configuration" + ${command} ${OPTIONS} check 1>/dev/null + eend $? +} diff --git a/net-firewall/shorewall/files/4.6/shorewall6.systemd b/net-firewall/shorewall/files/4.6/shorewall6.systemd new file mode 100644 index 000000000000..bb29c6e5ce0f --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall6.systemd @@ -0,0 +1,19 @@ +# +# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.6 +# +[Unit] +Description=Shorewall IPv6 firewall +Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html +After=network-online.target +Conflicts=ip6tables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=/etc/conf.d/shorewall6 +StandardOutput=syslog +ExecStart=/usr/sbin/shorewall6 $OPTIONS start $STARTOPTIONS +ExecStop=/usr/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS + +[Install] +WantedBy=basic.target diff --git a/net-firewall/shorewall/files/4.6/shorewallrc b/net-firewall/shorewall/files/4.6/shorewallrc new file mode 100644 index 000000000000..a948027eedfd --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewallrc @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.6 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=${PREFIX}/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/files/4.6/shorewallrc-r1 b/net-firewall/shorewall/files/4.6/shorewallrc-r1 new file mode 100644 index 000000000000..b3809bb9c242 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewallrc-r1 @@ -0,0 +1,23 @@ +# +# Gentoo Shorewall 4.6 rc file +# +BUILD= #Default is to detect the build system +HOST=gentoo #Gentoo GNU Linux +PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed +SBINDIR=${PREFIX}/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed. +INITFILE=${PRODUCT} #Name of the product's installed SysV init script +INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SERVICEDIR=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file +SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR +SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed +SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored. diff --git a/net-firewall/shorewall/metadata.xml b/net-firewall/shorewall/metadata.xml index 52ffdde3f9be..67e8813360e3 100644 --- a/net-firewall/shorewall/metadata.xml +++ b/net-firewall/shorewall/metadata.xml @@ -7,4 +7,11 @@ <email>whissi@whissi.de</email> <name>Thomas D. (Whissi)</name> </maintainer> + <use> + <flag name="init">Adds the capability to place the firewall in a safe state prior to bringing up the network interfaces</flag> + <flag name="ipv4">Installs everything needed to create a full IPv4 firewall</flag> + <flag name="ipv6">Adds the capability to create a full IPv6 firewall (requires <pkg>net-firewall/shorewall[ipv4]</pkg>)</flag> + <flag name="lite4">Installs everything needed to just *run* an IPv4 compiled firewall script created with <pkg>net-firewall/shorewall[ipv4]</pkg></flag> + <flag name="lite6">Installs everything needed to just *run* an IPv6 compiled firewall script created with <pkg>net-firewall/shorewall[ipv6]</pkg></flag> + </use> </pkgmetadata> diff --git a/net-firewall/shorewall/shorewall-4.6.5.2.ebuild b/net-firewall/shorewall/shorewall-4.6.5.2.ebuild new file mode 100644 index 000000000000..91af74d4a61a --- /dev/null +++ b/net-firewall/shorewall/shorewall-4.6.5.2.ebuild @@ -0,0 +1,436 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/shorewall-4.6.5.2.ebuild,v 1.1 2014/11/18 12:54:56 xmw Exp $ + +EAPI="5" + +inherit eutils linux-info prefix systemd versionator + +DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' +DESCRIPTION+=' a high-level tool for configuring Netfilter' +HOMEPAGE="http://www.shorewall.net/" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc +init +ipv4 ipv6 lite4 lite6" + +MY_PV=${PV/_rc/-RC} +MY_PV=${MY_PV/_beta/-Beta} +MY_P=${PN}-${MY_PV} + +MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) +MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) + +# shorewall +MY_PN_IPV4=Shorewall +MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} + +# shorewall6 +MY_PN_IPV6=Shorewall6 +MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} + +# shorewall-lite +MY_PN_LITE4=Shorewall-lite +MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} + +# shorewall6-lite +MY_PN_LITE6=Shorewall6-lite +MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} + +# shorewall-init +MY_PN_INIT=Shorewall-init +MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} + +# shorewall-core +MY_PN_CORE=Shorewall-core +MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} + +# shorewall-docs-html +MY_PN_DOCS=Shorewall-docs-html +MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} + +# Upstream URL schema: +# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 +# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 +# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 + +MY_URL_PREFIX= +MY_URL_SUFFIX= +if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then + KEYWORDS="" + MY_URL_PREFIX='development/' + + _tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) + _tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) + if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then + MY_URL_SUFFIX="-${_tmp_suffix}" + fi + + # Cleaning up temporary variables + unset _tmp_last_index + unset _tmp_suffix +fi + +SRC_URI=" + http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 + ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) + ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) + lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) + lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) + init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) + doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) +" + +# - Shorewall6 requires Shorewall +# - Installing Shorewall-init or just the documentation doesn't make any sense, +# that's why we force the user to select at least one "real" Shorewall product +# +# See http://shorewall.net/download.htm#Which +REQUIRED_USE=" + ipv6? ( ipv4 ) + || ( ipv4 lite4 lite6 ) +" + +# No build dependencies! Just plain shell scripts... +DEPEND="" + +RDEPEND=" + >=net-firewall/iptables-1.4.20 + >=sys-apps/iproute2-3.8.0[-minimal] + >=sys-devel/bc-1.06.95 + ipv4? ( + >=dev-lang/perl-5.16 + virtual/perl-Digest-SHA + ) + ipv6? ( + >=dev-perl/Socket6-0.230.0 + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + lite6? ( + >=net-firewall/iptables-1.4.20[ipv6] + >=sys-apps/iproute2-3.8.0[ipv6] + ) + init? ( >=sys-apps/coreutils-8.20 ) + !net-firewall/shorewall-core + !net-firewall/shorewall6 + !net-firewall/shorewall-lite + !net-firewall/shorewall6-lite + !net-firewall/shorewall-init + !<sys-apps/openrc-0.13 + !<sys-apps/systemd-214 +" + +S=${WORKDIR} + +pkg_pretend() { + local CONFIG_CHECK="~NF_CONNTRACK" + + local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" + local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." + + if use ipv4 || use lite4; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" + + local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" + local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." + fi + + if use ipv6 || use lite6; then + CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" + + local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" + local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." + fi + + check_extra_config +} + +src_prepare() { + # We are moving each unpacked source from MY_P_* to MY_PN_*. + # This allows us to use patches from upstream and keeps epatch_user working + + einfo "Preparing shorewallrc ..." + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc-r1 failed" + eprefixify "${S}"/shorewallrc.gentoo + + # shorewall-core + mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." + ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + eend 0 + + # shorewall + if use ipv4; then + mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" + eend 0 + fi + + # shorewall6 + if use ipv6; then + mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" + ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" + eend 0 + fi + + # shorewall-lite + if use lite4; then + mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" + eend 0 + fi + + # shorewall6-lite + if use lite6; then + mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" + ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" + eend 0 + fi + + # shorewall-init + if use init; then + mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" + ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" + ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" + cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" + eend 0 + + eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh + + cd "${S}"/${MY_PN_INIT} + epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality.patch + cd "${S}" + fi + + # shorewall-docs-html + if use doc; then + mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" + fi + + epatch_user +} + +src_configure() { + :; +} + +src_compile() { + :; +} + +src_install() { + # shorewall-core + einfo "Installing ${MY_P_CORE} ..." + DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" + dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt + + # shorewall + if use ipv4; then + einfo "Installing ${MY_P_IPV4} ..." + keepdir /var/lib/shorewall + DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV4}/Samples + fi + fi + + # shorewall6 + if use ipv6; then + einfo "Installing ${MY_P_IPV6} ..." + keepdir /var/lib/shorewall6 + DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" + + if use doc; then + dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 + fi + fi + + # shorewall-lite + if use lite4; then + einfo "Installing ${MY_P_LITE4} ..." + keepdir /var/lib/shorewall-lite + DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" + fi + + # shorewall6-lite + if use lite6; then + einfo "Installing ${MY_P_LITE6} ..." + keepdir /var/lib/shorewall6-lite + DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" + fi + + # shorewall-init + if use init; then + einfo "Installing ${MY_P_INIT} ..." + DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" + dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt + + if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then + # On Gentoo, shorewall-init will not create shorewall-ifupdown.log, + # so we don't need a logrotate configuration file for shorewall-init + einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." + rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" + fi + + if [ -d "${D}etc/NetworkManager" ]; then + # On Gentoo, we don't support NetworkManager + # so we don't need this folder at all + einfo "Removing unused \"${D}etc/NetworkManager\" ..." + rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" + fi + + if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then + # This script isn't supported on Gentoo + rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" + fi + fi + + if use doc; then + einfo "Installing ${MY_P_DOCS} ..." + dohtml -r "${S}"/${MY_PN_DOCS} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + + # Show first steps for shorewall/shorewall6 + local _PRODUCTS="" + if use ipv4; then + _PRODUCTS="shorewall" + + if use ipv6; then + _PRODUCTS="${_PRODUCTS}/shorewall6" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" + elog "" + elog " /etc/shorewall/shorewall.conf" + + if use ipv6; then + elog " /etc/shorewall6/shorewall6.conf" + fi + + elog "" + elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" + elog "" + elog " # rc-update add shorewall default" + + if use ipv6; then + elog " # rc-update add shorewall6 default" + fi + fi + + # Show first steps for shorewall-lite/shorewall6-lite + _PRODUCTS="" + if use lite4; then + _PRODUCTS="shorewall-lite" + fi + + if use lite6; then + if [[ -z "${_PRODUCTS}" ]]; then + _PRODUCTS="shorewall6-lite" + else + _PRODUCTS="${_PRODUCTS}/shorewall6-lite" + fi + fi + + if [[ -n "${_PRODUCTS}" ]]; then + if use ipv4; then + elog "" + fi + + elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" + elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." + elog "" + elog "To read more about ${_PRODUCTS}, please visit" + elog " http://shorewall.net/CompiledPrograms.html" + elog "" + elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" + elog "" + + if use lite4; then + elog " # rc-update add shorewall-lite default" + fi + + if use lite6; then + elog " # rc-update add shorewall6-lite default" + fi + fi + + if use init; then + elog "" + elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" + elog "" + elog " # rc-update add shorewall-init boot" + elog "" + elog "and review \$PRODUCTS in" + elog "" + elog " /etc/conf.d/shorewall-init" + fi + + fi + + if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then + # This is an upgrade + + elog "You are upgrading from a previous major version. It is highly recommended that you read" + elog "" + elog " - /usr/share/doc/shorewall*/releasenotes.tx*" + elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" + + if use ipv4; then + elog "" + elog "You can auto-migrate your configuration using" + elog "" + elog " # shorewall update -A" + + if use ipv6; then + elog " # shorewall6 update -A" + fi + + elog "" + elog "But if you are not familiar with the \"shorewall[6] update\" command," + elog "please read the shorewall[6] man page first." + fi + fi + + if ! use init; then + elog "" + elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" + elog "before your shorewall-based firewall is ready to start." + elog "" + elog "To read more about shorewall-init, please visit" + elog " http://www.shorewall.net/Shorewall-init.html" + fi + + if ! has_version "net-firewall/conntrack-tools"; then + elog "" + elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" + elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" + fi +} |