%define version_major 4.0 %define version_minor 15 %define version %{version_major}.%{version_minor} %define shell_ver %{version} %define perl_ver %{version} %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{version} Summary: Iptables-based firewall for Linux systems Name: shorewall Version: %{version} %define subrel 2 Release: %mkrel 0 License: GPLv2+ Group: System/Servers URL: http://www.shorewall.net/ Source0: %ftp_path/%{name}-common-%{version}.tar.bz2 Source1: %ftp_path/%{name}-lite-%{version}.tar.bz2 Source2: %ftp_path/%{name}-perl-%{perl_ver}.tar.bz2 Source3: %ftp_path/%{name}-shell-%{shell_ver}.tar.bz2 Source4: %ftp_path/%{name}-docs-html-%{version}.tar.bz2 Source5: %ftp_path/%{version}.sha1sums Patch0: shorewall-common-4.0.7-init-script.patch Patch1: shorewall-lite-4.0.7-init-script.patch Requires: %{name}-common = %{version}-%{release} Requires: %{name}-perl = %{version}-%{release} BuildConflicts: apt-common BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package common Summary: Common shorewall files Group: System/Servers Requires: iptables Requires: iptables-ipv6 Requires: iproute2 Requires(post): rpm-helper Requires(preun): rpm-helper Conflicts: shorewall < 4.0.7-1 %description common The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. Shorewall offers two alternative firewall compilers, shorewall-perl and shorewall-shell. The shorewall-perl compilers is suggested for new installed systems and shorewall-shell is provided for backwards compatibility and smooth legacy system upgrades because shorewall perl is not fully compatible with all legacy configurations. %package lite Summary: Lite version of shorewall Group: System/Servers Requires: %{name}-common = %{version}-%{release} Requires(post): rpm-helper Requires(preun): rpm-helper %description lite Shorewall Lite is a companion product to Shorewall that allows network administrators to centralize the configuration of Shorewall-based firewalls. %package perl Summary: Perl compiler for shorewall Group: System/Servers Requires: %{name}-common = %{version}-%{release} Requires: perl Requires(post): rpm-helper Requires(preun): rpm-helper %description perl Shorewall-perl is a part of Shorewall that allows faster compilation and execution than the legacy shorewall-shell compiler. %package shell Summary: Shell compiler for shorewall Group: System/Servers Requires: %{name}-common = %{version}-%{release} Requires(post): rpm-helper Requires(preun): rpm-helper %description shell Shorewall-shell is a part of Shorewall that allows running shorewall with legacy configurations. Shorewall-perl is the preferred compiler, please use it for new installations. %package doc Summary: Firewall scripts Group: System/Servers %description doc The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. This package contains the docs. %prep %setup -q -c -n %{name}-%{version} %setup -q -T -D -a 1 %setup -q -T -D -a 2 %setup -q -T -D -a 3 %setup -q -T -D -a 4 pushd %{name}-common-%{version} %patch0 -p1 -b .init popd pushd %{name}-lite-%{version} %patch1 -p1 -b .initlite popd %build # (tpg) we do nothing here %install rm -rf %{buildroot} export PREFIX=%{buildroot} export OWNER=`id -n -u` export GROUP=`id -n -g` export DEST=%{_initrddir} export CONFDIR=%{_sysconfdir}/%{name} pushd %{name}-common-%{version} # (blino) enable startup (new setting as of 2.1.3) perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' %{name}.conf # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' %{name}.conf # blank Internal option perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' %{name}.conf # (tpg) use perl compiler perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' %{name}.conf # (tpg) do the optimizations perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' %{name}.conf # (tpg) set config path perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=%{_sysconfdir}/%{name}#' configpath # let's do the install ./install.sh -n popd pushd %{name}-lite-%{version} ./install.sh -n popd pushd %{name}-perl-%{perl_ver} ./install.sh -n popd pushd %{name}-shell-%{shell_ver} ./install.sh -n popd # Suppress automatic replacement of "echo" by "gprintf" in the shorewall # startup script by RPM. This automatic replacement is broken. export DONT_GPRINTIFY=1 #(tpg) looks like these files are needed touch %{buildroot}/%{_localstatedir}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore} touch %{buildroot}/%{_localstatedir}/lib/shorewall-lite/firewall %clean rm -rf %{buildroot} %post common %_post_service shorewall %create_ghostfile %{_localstatedir}/lib/shorewall/chains root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/nat root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/proxyarp root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/restarted root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/zones root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/restore-base root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/restore-tail root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/state root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/.modules root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/.modulesdir root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/.iptables-restore-input root root 644 %create_ghostfile %{_localstatedir}/lib/shorewall/.restart root root 700 %create_ghostfile %{_localstatedir}/lib/shorewall/.restore root root 700 %create_ghostfile %{_localstatedir}/lib/shorewall/.start root root 700 %preun common %_preun_service shorewall if [ $1 = 0 ] ; then %{__rm} -f %{_sysconfdir}/%{name}/startup_disabled %{__rm} -f %{_var}/lib/%{name}/* fi %post lite %_post_service shorewall-lite %create_ghostfile %{_localstatedir}/lib/shorewall-lite/firewall root root 644 %preun lite %_preun_service shorewall-lite %files %defattr(-,root,root) %files common %defattr(-,root,root) %doc %{name}-common-%{version}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples} %dir %{_sysconfdir}/%{name} %dir %{_datadir}/%{name} %dir %attr(755,root,root) %{_localstatedir}/lib/shorewall %ghost %{_localstatedir}/lib/shorewall/* %ghost %{_localstatedir}/lib/shorewall/.??* %attr(700,root,root) %{_initrddir}/shorewall %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/* %attr(755,root,root) /sbin/shorewall %{_datadir}/shorewall/action* %exclude %{_datadir}/shorewall/configfiles/* %{_datadir}/shorewall/configpath %{_datadir}/shorewall/firewall %{_datadir}/shorewall/functions %{_datadir}/shorewall/lib.* %{_datadir}/shorewall/macro.* %{_datadir}/shorewall/modules %{_datadir}/shorewall/rfc1918 %{_datadir}/shorewall/version %{_datadir}/shorewall/wait4ifup %{_mandir}/man5/shorewall-accounting.5.* %{_mandir}/man5/shorewall-actions.5.* %{_mandir}/man5/shorewall-blacklist.5.* %{_mandir}/man5/shorewall-ecn.5.* %{_mandir}/man5/shorewall-exclusion.5.* %{_mandir}/man5/shorewall-hosts.5.* %{_mandir}/man5/shorewall-interfaces.5.* %{_mandir}/man5/shorewall-maclist.5.* %{_mandir}/man5/shorewall-masq.5.* %{_mandir}/man5/shorewall-modules.5.* %{_mandir}/man5/shorewall-nat.5.* %{_mandir}/man5/shorewall-nesting.5.* %{_mandir}/man5/shorewall-netmap.5.* %{_mandir}/man5/shorewall-params.5.* %{_mandir}/man5/shorewall-policy.5.* %{_mandir}/man5/shorewall-providers.5.* %{_mandir}/man5/shorewall-proxyarp.5.* %{_mandir}/man5/shorewall-rfc1918.5.* %{_mandir}/man5/shorewall-route_rules.5.* %{_mandir}/man5/shorewall-routestopped.5.* %{_mandir}/man5/shorewall-rules.5.* %{_mandir}/man5/shorewall-tcclasses.5.* %{_mandir}/man5/shorewall-tcdevices.5.* %{_mandir}/man5/shorewall-tcrules.5.* %{_mandir}/man5/shorewall-tos.5.* %{_mandir}/man5/shorewall-tunnels.5.* %{_mandir}/man5/shorewall-vardir.5.* %{_mandir}/man5/shorewall-zones.5.* %{_mandir}/man5/shorewall.conf.5.* %{_mandir}/man8/shorewall.8.* %files lite %defattr(-,root,root) %doc %{name}-lite-%{version}/*.txt %dir %{_datadir}/%{name}-lite %dir %attr(755,root,root) %{_localstatedir}/lib/shorewall-lite %ghost %{_localstatedir}/lib/shorewall-lite/* %attr(700,root,root) %{_initrddir}/shorewall-lite %config(noreplace) %{_sysconfdir}/%{name}-lite/* %attr(755,root,root) /sbin/shorewall-lite %{_datadir}/shorewall-lite/configpath %{_datadir}/shorewall-lite/functions %{_datadir}/shorewall-lite/lib.* %{_datadir}/shorewall-lite/modules %{_datadir}/shorewall-lite/shorecap %{_datadir}/shorewall-lite/version %{_datadir}/shorewall-lite/wait4ifup %{_mandir}/man5/shorewall-lite* %{_mandir}/man8/shorewall-lite* %files perl %defattr(-,root,root) %doc %{name}-perl-%{perl_ver}/*.txt %dir %{_datadir}/%{name}-perl %dir %{_datadir}/%{name}-perl/Shorewall %{_datadir}/%{name}-perl/Shorewall/*.pm %{_datadir}/%{name}-perl/compiler.pl %{_datadir}/%{name}-perl/prog.footer %{_datadir}/%{name}-perl/prog.functions %{_datadir}/%{name}-perl/prog.header %{_datadir}/%{name}-perl/version %files shell %defattr(-,root,root) %doc %{name}-shell-%{shell_ver}/*.txt %dir %{_datadir}/%{name}-shell %{_datadir}/%{name}-shell/compiler %{_datadir}/%{name}-shell/lib.* %{_datadir}/%{name}-shell/prog.* %{_datadir}/%{name}-shell/version %files doc %defattr(-,root,root) %doc %{name}-docs-html-%{version}/* %changelog * Tue Dec 08 2009 Eugeni Dodonov <eugeni@mandriva.com> 4.0.15-0.2mdv2009.0 - built for updates * Mon Dec 07 2009 Eugeni Dodonov <eugeni@mandriva.com> 4.0.15-0.1mdv2009.0 + Revision: 474456 - Updated to 4.0.15 (latest 4.0-series version). - Installing correct permissions on shorewall config files. * Tue Sep 23 2008 Olivier Blin <oblin@mandriva.com> 4.0.13-5mdv2009.0 + Revision: 287298 - revert running iptables check, it should be done in iptables post instead of running this every boot * Thu Aug 28 2008 Oden Eriksson <oeriksson@mandriva.com> 4.0.13-4mdv2009.0 + Revision: 276811 - fix #42579 (shorewall-perl complains of missing Mult-port Match support in kernel/iptables) - fix spec file bug in the shorewall-lite %%post script * Mon Aug 04 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.13-3mdv2009.0 + Revision: 263505 - New upstream version 4.0.13 * Wed Jun 18 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.11-3mdv2009.0 + Revision: 225451 - update shorewall-perl to new version 4.0.11.1 + Pixel <pixel@mandriva.com> - adapt to %%_localstatedir now being /var instead of /var/lib (#22312) * Thu May 29 2008 Gustavo De Nardin <gustavodn@mandriva.com> 4.0.11-2mdv2009.0 + Revision: 213149 - fix missing requirement on iptables-ipv6, for Shorewall to be able to "handle" IPv6 (currently, DISABLE_IPV6=Yes in /etc/shorewall/shorewall.conf) * Sun May 25 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.11-1mdv2009.0 + Revision: 211074 - update to new version 4.0.11 * Tue Mar 11 2008 Olivier Blin <oblin@mandriva.com> 4.0.9-3mdv2008.1 + Revision: 185827 - do not package dirs as ghost (#38105) - do not include . and .. in ghost files list * Wed Feb 27 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.9-2mdv2008.1 + Revision: 175897 - Update to bugfix release shorewall-perl-4.0.9.1 * Mon Feb 25 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.9-1mdv2008.1 + Revision: 174942 - New upstream bugfix release * Sat Feb 23 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.8-5mdv2008.1 + Revision: 174093 - Add Conflicts to fix update from shorewall < 4.0 packages (files were moved from shorewall package to shorewall-common) * Mon Feb 18 2008 Thierry Vignaud <tvignaud@mandriva.com> 4.0.8-4mdv2008.1 + Revision: 171106 - rebuild - fix "foobar is blabla" summary (=> "blabla") so that it looks nice in rpmdrake + Tomasz Pawel Gajc <tpg@mandriva.org> - fix ghost files one more time * Sun Jan 27 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.8-2mdv2008.1 + Revision: 158506 - fix permission of all ghost files - add missing ghost files * Sat Jan 26 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.8-1mdv2008.1 + Revision: 158422 - update to latest release 4.0.8 - hardcode path to shorewall config files - do not package config files twice, files in /etc/shorewall are sufficient * Sat Jan 26 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.7-3mdv2008.1 + Revision: 158257 - fix requires on iproute2 - shorewall package requires only shorewall-common and shorewall-perl, other subpackages are optional - compile shorewal rules with perl compiler, as it is faster than shell one - do the optimizations * Fri Jan 25 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.7-2mdv2008.1 + Revision: 158039 - add missing requires - fix requires on subpackages - make both initscripts mdv compiliant - add missing scriplets - use %%create_ghostfile - fix permissions for initscripts and executables - add ghost files for shorewall-lie * Thu Jan 24 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.7-1mdv2008.1 + Revision: 157724 - fix docs - new version - WARNING: big version jumps doesn't bring nothing good :) - provide shorewall o common o lite o perl o shell - fix file list, add %%ghost files - better summaries and descriptions - spec file clean - TODO: provide patches for shorewall and shorewall-lite initscripts - cosmetics imho + Thierry Vignaud <tvignaud@mandriva.com> - kill re-definition of %%buildroot on Pixel's request * Thu Oct 11 2007 Oden Eriksson <oeriksson@mandriva.com> 3.4.6-1mdv2008.1 + Revision: 97137 - 3.4.6 + Thierry Vignaud <tvignaud@mandriva.com> - s/Mandrake/Mandriva/ * Sat Jun 30 2007 Olivier Blin <oblin@mandriva.com> 3.4.4-2mdv2008.0 + Revision: 46098 - fix compiler script permissions (#31651) * Wed Jun 27 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 3.4.4-1mdv2008.0 + Revision: 44819 - spec file clean - new version * Thu May 17 2007 Olivier Blin <oblin@mandriva.com> 3.4.3-1mdv2008.0 + Revision: 27675 - 3.4.3 (and package man pages) * Tue Feb 13 2007 Olivier Blin <oblin@mandriva.com> 3.2.9-1mdv2007.0 + Revision: 120417 - 3.2.9 - buildconflicts with apt-common so that shorewall build does not detect a Debian system - bunzip init script * Mon Nov 27 2006 Olivier Blin <oblin@mandriva.com> 3.2.6-1mdv2007.1 + Revision: 87676 - 3.2.6 - Import shorewall * Thu Aug 31 2006 Olivier Blin <blino@mandriva.com> 3.2.3-2mdv2007.0 - fix typo in changelog * Thu Aug 31 2006 Olivier Blin <blino@mandriva.com> 3.2.3-1mdv2007.0 - 3.2.3 (this closes #24157) * Sun Jul 23 2006 Olivier Blin <blino@mandriva.com> 3.2.1-1mdv2007.0 - 3.2.1 - drop bogons file ('nobogons' options has been eliminated in 3.0.0) * Mon Jan 23 2006 Daouda LO <daouda@mandriva.com> 3.0.4-1mdk - 3.0.4 - console friendly again (Tuomo Soini) * Mon Dec 26 2005 Daouda LO <daouda@mandriva.com> 3.0.3-1mdk - 3.0.3 * Wed Nov 30 2005 Daouda LO <daouda@mandriva.com> 3.0.2-1mdk - 3.0.2 * Thu Nov 24 2005 Daouda LO <daouda@mandriva.com> 3.0.1-1mdk - 3.0.1 - add Samples - cleanup spec - Read The http://shorewall.net/pub/shorewall/3.0/shorewall-3.0.1/releasenotes.txt o Thu Nov 17 2005 Nicolas CHIPAUX <chipaux@mandriva.com> 3.0.0-1mdk - new version - cleaning spec - "clear" option in initscript is back - info about migration from 2.x to 3.x * Fri Jul 22 2005 Daouda LO <daouda@mandrakesoft.com> 2.4.1-3mdk - initscript priority from 25 to 10 (Michael Reinsch) - refreshed link to firewall script (Oblin) * Tue Jul 19 2005 Olivier Blin <oblin@mandriva.com> 2.4.1-2mdk - enable shorewall startup * Tue Jul 19 2005 Daouda LO <daouda@mandrakesoft.com> 2.4.1-1mdk - Fix for security vulnerability in MACLIST processing - Support for multiple internet interfaces to different ISPs - Support for ipset - updated firewall script and bogons list - back to shorewall genuine initscipt * Mon Jul 11 2005 Olivier Blin <oblin@mandriva.com> 2.0.8-3mdk - fix typo in init script to have chkconfig working again (#16657) * Sat Apr 02 2005 Luca Berra <bluca@vodka.it> 2.0.8-2mdk - use %%mkrel macro - update firewall script from shorewall errata - update bogons file from shorewall errata * Thu Aug 26 2004 Florin <florin@mandrakesoft.com> 2.0.8-1mdk - 2.0.8 * Thu Aug 05 2004 Florin <florin@mandrakesoft.com> 2.0.7-1mdk - 2.0.7 * Wed Jun 30 2004 Florin <florin@mandrakesoft.com> 2.0.3a-1mdk - 2.0.3a - security update * Fri Jun 25 2004 Florin <florin@mandrakesoft.com> 2.0.3-1mdk - 2.0.3 * Sun Jun 13 2004 Florin <florin@mandrakesoft.com> 2.0.2f-1mdk - 2.0.2f - add the docs source - remove the already present bogons and rf1918 files * Thu Jun 03 2004 Florin <florin@mandrakesoft.com> 2.0.2d-1mdk - 2.0.2d * Tue May 18 2004 Florin <florin@mandrakesoft.com> 2.0.2a-1mdk - 2.0.2a - add the initdone file * Fri May 14 2004 Florin <florin@mandrakesoft.com> 2.0.2-0.RC1.1mdk - 2.0.2-RC1 - remove the already intergrated kernel-suffix patch * Thu Apr 22 2004 Florin <florin@mandrakesoft.com> 2.0.1-3mdk - add the bogons and rf1918 sources (thx to T. Backlund) * Tue Apr 20 2004 Florin <florin@mandrakesoft.com> 2.0.1-2mdk - add the kernel modules extension patch (bug #9311) - the same patch fixes the Mandrake broken insmod (uses modprobe instead) * Tue Apr 20 2004 Florin <florin@mandrakesoft.com> 2.0.1-1mdk - 2.0.1 - samples 2.0.1 - add the netmap file * Wed Mar 24 2004 Florin <florin@mandrakesoft.com> 2.0.0b-1mdk - 2.0.0b * Sat Mar 20 2004 Florin <florin@mandrakesoft.com> 2.0.0a-1mdk - 2.0.0a - samples 2.0.0