From c311bf8c4aa887415603eda97d67b80dc9ec75e8 Mon Sep 17 00:00:00 2001 From: nbd Date: Fri, 11 Dec 2009 02:09:15 +0000 Subject: [PATCH] Add shorewall6-lite Signed-off-by: Brian J. Murrell git-svn-id: svn://svn.openwrt.org/openwrt/packages@18735 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- ipv6/shorewall6-lite/Makefile | 66 +++++++++++++++++++ ipv6/shorewall6-lite/files/hostname | 2 + ipv6/shorewall6-lite/files/hotplug_iface | 12 ++++ .../shorewall6-lite/files/shorewall-lite.init | 20 ++++++ ipv6/shorewall6-lite/files/vardir | 2 + .../patches/100-hostname.patch | 11 ++++ .../patches/110-MODULESDIR.patch | 20 ++++++ .../shorewall6-lite/patches/120-LOGFILE.patch | 20 ++++++ 8 files changed, 153 insertions(+) create mode 100644 ipv6/shorewall6-lite/Makefile create mode 100644 ipv6/shorewall6-lite/files/hostname create mode 100644 ipv6/shorewall6-lite/files/hotplug_iface create mode 100644 ipv6/shorewall6-lite/files/shorewall-lite.init create mode 100644 ipv6/shorewall6-lite/files/vardir create mode 100644 ipv6/shorewall6-lite/patches/100-hostname.patch create mode 100644 ipv6/shorewall6-lite/patches/110-MODULESDIR.patch create mode 100644 ipv6/shorewall6-lite/patches/120-LOGFILE.patch diff --git a/ipv6/shorewall6-lite/Makefile b/ipv6/shorewall6-lite/Makefile new file mode 100644 index 000000000..1a7275a01 --- /dev/null +++ b/ipv6/shorewall6-lite/Makefile @@ -0,0 +1,66 @@ +# +# Copyright (C) 2008 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=shorewall6-lite +PKG_VERSION:=4.2.11.2 +PKG_VERSION_DIR:=4.2.11 +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \ + http://www1.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \ + http://slovakia.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \ + http://shorewall.de/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \ + http://www.shorewall.com.au/4.2/shorewall-$(PKG_VERSION_DIR)/ \ + http://shorewall.infohiiway.com/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \ + http://www.shorewall.com.ar/pub/shorewall/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_MD5SUM:=ade665881a4bb0b5592276e8d90c4681 + +include $(INCLUDE_DIR)/package.mk + +define Package/shorewall6-lite + SECTION:=ipv6 + CATEGORY:=IPv6 + DEPENDS:=+ip +ip6tables +ip6tables-utils + TITLE:=Shorewall6 Lite + URL:=http://www.shorewall.net/ + SUBMENU:=firewall +endef + +define Package/shorewall6-lite/description + Shoreline Firewall 6 Lite is an iptables-based firewall for Linux systems. +endef + +define Package/shorewall6-lite/conffiles +/etc/shorewall6-lite/shorewall6-lite.conf +/etc/shorewall6-lite/vardir +endef + +define Build/Compile + rm -rf $(PKG_INSTALL_DIR) + mkdir -p $(PKG_INSTALL_DIR) + PREFIX=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh +endef + +define Package/shorewall6-lite/install + $(INSTALL_DIR) $(1)/sbin + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_DIR) $(1)/etc/shorewall6-lite + $(INSTALL_DIR) $(1)/usr/share + $(INSTALL_BIN) ./files/shorewall-lite.init $(1)/etc/init.d/shorewall6-lite + $(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall6-lite + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/shorewall6-lite $(1)/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall6-lite $(1)/usr/share + $(INSTALL_BIN) ./files/hostname $(1)/usr/share/shorewall6-lite + $(CP) $(PKG_INSTALL_DIR)/etc/shorewall6-lite $(1)/etc + $(CP) ./files/vardir $(1)/etc/shorewall6-lite +endef + +$(eval $(call BuildPackage,shorewall6-lite)) diff --git a/ipv6/shorewall6-lite/files/hostname b/ipv6/shorewall6-lite/files/hostname new file mode 100644 index 000000000..42e164371 --- /dev/null +++ b/ipv6/shorewall6-lite/files/hostname @@ -0,0 +1,2 @@ +#!/bin/sh +cat /proc/sys/kernel/hostname diff --git a/ipv6/shorewall6-lite/files/hotplug_iface b/ipv6/shorewall6-lite/files/hotplug_iface new file mode 100644 index 000000000..58ecbf9c2 --- /dev/null +++ b/ipv6/shorewall6-lite/files/hotplug_iface @@ -0,0 +1,12 @@ +#!/bin/sh + +# should restart shorewall when an interface comes up + +[ ifup = "$ACTION" ] && { + /etc/init.d/shorewall6-lite restart +} + +[ ifdown = "$ACTION" ] && { + # might need to restore some routing + /etc/init.d/shorewall6-lite restart +} diff --git a/ipv6/shorewall6-lite/files/shorewall-lite.init b/ipv6/shorewall6-lite/files/shorewall-lite.init new file mode 100644 index 000000000..ca24bbccb --- /dev/null +++ b/ipv6/shorewall6-lite/files/shorewall-lite.init @@ -0,0 +1,20 @@ +#!/bin/sh /etc/rc.common + +START=46 +start() { + touch /var/log/messages + mkdir -p /var/lock/subsys + /sbin/shorewall6-lite -qq start -f +} + +stop() { + /sbin/shorewall6-lite -qq stop +} + +restart() { + if [ -f /etc/shorewall6-lite/state/restore ] ; then + /sbin/shorewall6-lite -qq restore + else + /sbin/shorewall6-lite -qq restart + fi +} diff --git a/ipv6/shorewall6-lite/files/vardir b/ipv6/shorewall6-lite/files/vardir new file mode 100644 index 000000000..e7a903032 --- /dev/null +++ b/ipv6/shorewall6-lite/files/vardir @@ -0,0 +1,2 @@ +# move state dir out of ram +VARDIR=/etc/shorewall6-lite/state diff --git a/ipv6/shorewall6-lite/patches/100-hostname.patch b/ipv6/shorewall6-lite/patches/100-hostname.patch new file mode 100644 index 000000000..f901cb67f --- /dev/null +++ b/ipv6/shorewall6-lite/patches/100-hostname.patch @@ -0,0 +1,11 @@ +--- a/shorewall6-lite ++++ b/shorewall6-lite +@@ -153,7 +153,7 @@ + + export VERBOSE + +- [ -n "${HOSTNAME:=$(hostname)}" ] ++ [ -n "${HOSTNAME:=$(${SHAREDIR}/hostname)}" ] + + } + diff --git a/ipv6/shorewall6-lite/patches/110-MODULESDIR.patch b/ipv6/shorewall6-lite/patches/110-MODULESDIR.patch new file mode 100644 index 000000000..12f6f8d0c --- /dev/null +++ b/ipv6/shorewall6-lite/patches/110-MODULESDIR.patch @@ -0,0 +1,20 @@ +--- a/lib.base ++++ b/lib.base +@@ -260,7 +260,7 @@ + + [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ] + +- [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter ++ [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r) + MODULES=$(lsmod | cut -d ' ' -f1) + + for directory in $(split $MODULESDIR); do +@@ -296,7 +296,7 @@ + [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ] + + [ -z "$MODULESDIR" ] && \ +- MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter ++ MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r) + + for directory in $(split $MODULESDIR); do + [ -d $directory ] && moduledirectories="$moduledirectories $directory" diff --git a/ipv6/shorewall6-lite/patches/120-LOGFILE.patch b/ipv6/shorewall6-lite/patches/120-LOGFILE.patch new file mode 100644 index 000000000..60d6f0352 --- /dev/null +++ b/ipv6/shorewall6-lite/patches/120-LOGFILE.patch @@ -0,0 +1,20 @@ +--- a/shorewall6-lite 2009-12-05 22:35:20.000000000 -0500 ++++ b/shorewall6-lite 2009-12-05 22:35:27.000000000 -0500 +@@ -95,7 +95,7 @@ + + if ( ps ax 2> /dev/null | grep -v grep | qt grep 'syslogd.*-C' ) ; then + LOGREAD="logread | tac" +- elif [ -f $LOGFILE ]; then ++ elif [ -r $LOGFILE ]; then + LOGREAD="tac $LOGFILE" + else + echo "LOGFILE ($LOGFILE) does not exist!" >&2 +--- a/shorewall6-lite.conf 2009-12-05 22:37:43.000000000 -0500 ++++ b/shorewall6-lite.conf 2009-12-05 22:37:51.000000000 -0500 +@@ -46,4 +46,6 @@ + + RESTOREFILE= + ++LOGFILE=/dev/null ++ + #LAST LINE -- DO NOT REMOVE