%define version_major 4.0
%define version_minor 15
%define version %{version_major}.%{version_minor}
%define shell_ver %{version}
%define perl_ver %{version}
%define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{version}
Summary: Iptables-based firewall for Linux systems
Name: shorewall
Version: %{version}
%define subrel 1
Release: %mkrel 0
License: GPLv2+
Group: System/Servers
URL: http://www.shorewall.net/
Source0: %ftp_path/%{name}-common-%{version}.tar.bz2
Source1: %ftp_path/%{name}-lite-%{version}.tar.bz2
Source2: %ftp_path/%{name}-perl-%{perl_ver}.tar.bz2
Source3: %ftp_path/%{name}-shell-%{shell_ver}.tar.bz2
Source4: %ftp_path/%{name}-docs-html-%{version}.tar.bz2
Source5: %ftp_path/%{version}.sha1sums
Patch0: shorewall-common-4.0.7-init-script.patch
Patch1: shorewall-lite-4.0.7-init-script.patch
Requires: %{name}-common = %{version}-%{release}
Requires: %{name}-perl = %{version}-%{release}
BuildConflicts: apt-common
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
%package common
Summary: Common shorewall files
Group: System/Servers
Requires: iptables
Requires: iptables-ipv6
Requires: iproute2
Requires(post): rpm-helper
Requires(preun): rpm-helper
Conflicts: shorewall < 4.0.7-1
%description common
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
Shorewall offers two alternative firewall compilers, shorewall-perl and
shorewall-shell. The shorewall-perl compilers is suggested for new installed
systems and shorewall-shell is provided for backwards compatibility and smooth
legacy system upgrades because shorewall perl is not fully compatible with
all legacy configurations.
%package lite
Summary: Lite version of shorewall
Group: System/Servers
Requires: %{name}-common = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun): rpm-helper
%description lite
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.
%package perl
Summary: Perl compiler for shorewall
Group: System/Servers
Requires: %{name}-common = %{version}-%{release}
Requires: perl
Requires(post): rpm-helper
Requires(preun): rpm-helper
%description perl
Shorewall-perl is a part of Shorewall that allows faster compilation and
execution than the legacy shorewall-shell compiler.
%package shell
Summary: Shell compiler for shorewall
Group: System/Servers
Requires: %{name}-common = %{version}-%{release}
Requires(post): rpm-helper
Requires(preun): rpm-helper
%description shell
Shorewall-shell is a part of Shorewall that allows running shorewall with
legacy configurations. Shorewall-perl is the preferred compiler, please use
it for new installations.
%package doc
Summary: Firewall scripts
Group: System/Servers
%description doc
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
This package contains the docs.
%prep
%setup -q -c -n %{name}-%{version}
%setup -q -T -D -a 1
%setup -q -T -D -a 2
%setup -q -T -D -a 3
%setup -q -T -D -a 4
pushd %{name}-common-%{version}
%patch0 -p1 -b .init
popd
pushd %{name}-lite-%{version}
%patch1 -p1 -b .initlite
popd
%build
# (tpg) we do nothing here
%install
rm -rf %{buildroot}
export PREFIX=%{buildroot}
export OWNER=`id -n -u`
export GROUP=`id -n -g`
export DEST=%{_initrddir}
export CONFDIR=%{_sysconfdir}/%{name}
pushd %{name}-common-%{version}
# (blino) enable startup (new setting as of 2.1.3)
perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' %{name}.conf
# Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf
perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' %{name}.conf
# blank Internal option
perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' %{name}.conf
# (tpg) use perl compiler
perl -pi -e 's/SHOREWALL_COMPILER=.*/SHOREWALL_COMPILER=perl/' %{name}.conf
# (tpg) do the optimizations
perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' %{name}.conf
# (tpg) set config path
perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=%{_sysconfdir}/%{name}#' configpath
# let's do the install
./install.sh -n
popd
pushd %{name}-lite-%{version}
./install.sh -n
popd
pushd %{name}-perl-%{perl_ver}
./install.sh -n
popd
pushd %{name}-shell-%{shell_ver}
./install.sh -n
popd
# Suppress automatic replacement of "echo" by "gprintf" in the shorewall
# startup script by RPM. This automatic replacement is broken.
export DONT_GPRINTIFY=1
#(tpg) looks like these files are needed
touch %{buildroot}/%{_localstatedir}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore}
touch %{buildroot}/%{_localstatedir}/lib/shorewall-lite/firewall
%clean
rm -rf %{buildroot}
%post common
%_post_service shorewall
%create_ghostfile %{_localstatedir}/lib/shorewall/chains root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/nat root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/proxyarp root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/restarted root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/zones root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/restore-base root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/restore-tail root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/state root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/.modules root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/.modulesdir root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/.iptables-restore-input root root 644
%create_ghostfile %{_localstatedir}/lib/shorewall/.restart root root 700
%create_ghostfile %{_localstatedir}/lib/shorewall/.restore root root 700
%create_ghostfile %{_localstatedir}/lib/shorewall/.start root root 700
%preun common
%_preun_service shorewall
if [ $1 = 0 ] ; then
%{__rm} -f %{_sysconfdir}/%{name}/startup_disabled
%{__rm} -f %{_var}/lib/%{name}/*
fi
%post lite
%_post_service shorewall-lite
%create_ghostfile %{_localstatedir}/lib/shorewall-lite/firewall root root 644
%preun lite
%_preun_service shorewall-lite
%files
%defattr(-,root,root)
%files common
%defattr(-,root,root)
%doc %{name}-common-%{version}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples}
%dir %{_sysconfdir}/%{name}
%dir %{_datadir}/%{name}
%dir %attr(755,root,root) %{_localstatedir}/lib/shorewall
%ghost %{_localstatedir}/lib/shorewall/*
%ghost %{_localstatedir}/lib/shorewall/.??*
%attr(700,root,root) %{_initrddir}/shorewall
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name}/*
%attr(755,root,root) /sbin/shorewall
%{_datadir}/shorewall/action*
%exclude %{_datadir}/shorewall/configfiles/*
%{_datadir}/shorewall/configpath
%{_datadir}/shorewall/firewall
%{_datadir}/shorewall/functions
%{_datadir}/shorewall/lib.*
%{_datadir}/shorewall/macro.*
%{_datadir}/shorewall/modules
%{_datadir}/shorewall/rfc1918
%{_datadir}/shorewall/version
%{_datadir}/shorewall/wait4ifup
%{_mandir}/man5/shorewall-accounting.5.*
%{_mandir}/man5/shorewall-actions.5.*
%{_mandir}/man5/shorewall-blacklist.5.*
%{_mandir}/man5/shorewall-ecn.5.*
%{_mandir}/man5/shorewall-exclusion.5.*
%{_mandir}/man5/shorewall-hosts.5.*
%{_mandir}/man5/shorewall-interfaces.5.*
%{_mandir}/man5/shorewall-maclist.5.*
%{_mandir}/man5/shorewall-masq.5.*
%{_mandir}/man5/shorewall-modules.5.*
%{_mandir}/man5/shorewall-nat.5.*
%{_mandir}/man5/shorewall-nesting.5.*
%{_mandir}/man5/shorewall-netmap.5.*
%{_mandir}/man5/shorewall-params.5.*
%{_mandir}/man5/shorewall-policy.5.*
%{_mandir}/man5/shorewall-providers.5.*
%{_mandir}/man5/shorewall-proxyarp.5.*
%{_mandir}/man5/shorewall-rfc1918.5.*
%{_mandir}/man5/shorewall-route_rules.5.*
%{_mandir}/man5/shorewall-routestopped.5.*
%{_mandir}/man5/shorewall-rules.5.*
%{_mandir}/man5/shorewall-tcclasses.5.*
%{_mandir}/man5/shorewall-tcdevices.5.*
%{_mandir}/man5/shorewall-tcrules.5.*
%{_mandir}/man5/shorewall-tos.5.*
%{_mandir}/man5/shorewall-tunnels.5.*
%{_mandir}/man5/shorewall-vardir.5.*
%{_mandir}/man5/shorewall-zones.5.*
%{_mandir}/man5/shorewall.conf.5.*
%{_mandir}/man8/shorewall.8.*
%files lite
%defattr(-,root,root)
%doc %{name}-lite-%{version}/*.txt
%dir %{_datadir}/%{name}-lite
%dir %attr(755,root,root) %{_localstatedir}/lib/shorewall-lite
%ghost %{_localstatedir}/lib/shorewall-lite/*
%attr(700,root,root) %{_initrddir}/shorewall-lite
%config(noreplace) %{_sysconfdir}/%{name}-lite/*
%attr(755,root,root) /sbin/shorewall-lite
%{_datadir}/shorewall-lite/configpath
%{_datadir}/shorewall-lite/functions
%{_datadir}/shorewall-lite/lib.*
%{_datadir}/shorewall-lite/modules
%{_datadir}/shorewall-lite/shorecap
%{_datadir}/shorewall-lite/version
%{_datadir}/shorewall-lite/wait4ifup
%{_mandir}/man5/shorewall-lite*
%{_mandir}/man8/shorewall-lite*
%files perl
%defattr(-,root,root)
%doc %{name}-perl-%{perl_ver}/*.txt
%dir %{_datadir}/%{name}-perl
%dir %{_datadir}/%{name}-perl/Shorewall
%{_datadir}/%{name}-perl/Shorewall/*.pm
%{_datadir}/%{name}-perl/compiler.pl
%{_datadir}/%{name}-perl/prog.footer
%{_datadir}/%{name}-perl/prog.functions
%{_datadir}/%{name}-perl/prog.header
%{_datadir}/%{name}-perl/version
%files shell
%defattr(-,root,root)
%doc %{name}-shell-%{shell_ver}/*.txt
%dir %{_datadir}/%{name}-shell
%{_datadir}/%{name}-shell/compiler
%{_datadir}/%{name}-shell/lib.*
%{_datadir}/%{name}-shell/prog.*
%{_datadir}/%{name}-shell/version
%files doc
%defattr(-,root,root)
%doc %{name}-docs-html-%{version}/*
%changelog
* Mon Dec 07 2009 Eugeni Dodonov <eugeni@mandriva.com> 4.0.15-0.1mdv2009.0
+ Revision: 474456
- Updated to 4.0.15 (latest 4.0-series version).
- Installing correct permissions on shorewall config files.
* Tue Sep 23 2008 Olivier Blin <oblin@mandriva.com> 4.0.13-5mdv2009.0
+ Revision: 287298
- revert running iptables check, it should be done in iptables post instead of running this every boot
* Thu Aug 28 2008 Oden Eriksson <oeriksson@mandriva.com> 4.0.13-4mdv2009.0
+ Revision: 276811
- fix #42579 (shorewall-perl complains of missing Mult-port Match support in kernel/iptables)
- fix spec file bug in the shorewall-lite %%post script
* Mon Aug 04 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.13-3mdv2009.0
+ Revision: 263505
- New upstream version 4.0.13
* Wed Jun 18 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.11-3mdv2009.0
+ Revision: 225451
- update shorewall-perl to new version 4.0.11.1
+ Pixel <pixel@mandriva.com>
- adapt to %%_localstatedir now being /var instead of /var/lib (#22312)
* Thu May 29 2008 Gustavo De Nardin <gustavodn@mandriva.com> 4.0.11-2mdv2009.0
+ Revision: 213149
- fix missing requirement on iptables-ipv6, for Shorewall to be able to
"handle" IPv6 (currently, DISABLE_IPV6=Yes in /etc/shorewall/shorewall.conf)
* Sun May 25 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.11-1mdv2009.0
+ Revision: 211074
- update to new version 4.0.11
* Tue Mar 11 2008 Olivier Blin <oblin@mandriva.com> 4.0.9-3mdv2008.1
+ Revision: 185827
- do not package dirs as ghost (#38105)
- do not include . and .. in ghost files list
* Wed Feb 27 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.9-2mdv2008.1
+ Revision: 175897
- Update to bugfix release shorewall-perl-4.0.9.1
* Mon Feb 25 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.9-1mdv2008.1
+ Revision: 174942
- New upstream bugfix release
* Sat Feb 23 2008 Frederik Himpe <fhimpe@mandriva.org> 4.0.8-5mdv2008.1
+ Revision: 174093
- Add Conflicts to fix update from shorewall < 4.0 packages
(files were moved from shorewall package to shorewall-common)
* Mon Feb 18 2008 Thierry Vignaud <tvignaud@mandriva.com> 4.0.8-4mdv2008.1
+ Revision: 171106
- rebuild
- fix "foobar is blabla" summary (=> "blabla") so that it looks nice in rpmdrake
+ Tomasz Pawel Gajc <tpg@mandriva.org>
- fix ghost files one more time
* Sun Jan 27 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.8-2mdv2008.1
+ Revision: 158506
- fix permission of all ghost files
- add missing ghost files
* Sat Jan 26 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.8-1mdv2008.1
+ Revision: 158422
- update to latest release 4.0.8
- hardcode path to shorewall config files
- do not package config files twice, files in /etc/shorewall are sufficient
* Sat Jan 26 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.7-3mdv2008.1
+ Revision: 158257
- fix requires on iproute2
- shorewall package requires only shorewall-common and shorewall-perl, other subpackages are optional
- compile shorewal rules with perl compiler, as it is faster than shell one
- do the optimizations
* Fri Jan 25 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.7-2mdv2008.1
+ Revision: 158039
- add missing requires
- fix requires on subpackages
- make both initscripts mdv compiliant
- add missing scriplets
- use %%create_ghostfile
- fix permissions for initscripts and executables
- add ghost files for shorewall-lie
* Thu Jan 24 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.0.7-1mdv2008.1
+ Revision: 157724
- fix docs
- new version
- WARNING: big version jumps doesn't bring nothing good :)
- provide shorewall
o common
o lite
o perl
o shell
- fix file list, add %%ghost files
- better summaries and descriptions
- spec file clean
- TODO: provide patches for shorewall and shorewall-lite initscripts - cosmetics imho
+ Thierry Vignaud <tvignaud@mandriva.com>
- kill re-definition of %%buildroot on Pixel's request
* Thu Oct 11 2007 Oden Eriksson <oeriksson@mandriva.com> 3.4.6-1mdv2008.1
+ Revision: 97137
- 3.4.6
+ Thierry Vignaud <tvignaud@mandriva.com>
- s/Mandrake/Mandriva/
* Sat Jun 30 2007 Olivier Blin <oblin@mandriva.com> 3.4.4-2mdv2008.0
+ Revision: 46098
- fix compiler script permissions (#31651)
* Wed Jun 27 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 3.4.4-1mdv2008.0
+ Revision: 44819
- spec file clean
- new version
* Thu May 17 2007 Olivier Blin <oblin@mandriva.com> 3.4.3-1mdv2008.0
+ Revision: 27675
- 3.4.3 (and package man pages)
* Tue Feb 13 2007 Olivier Blin <oblin@mandriva.com> 3.2.9-1mdv2007.0
+ Revision: 120417
- 3.2.9
- buildconflicts with apt-common so that shorewall build does not detect a Debian system
- bunzip init script
* Mon Nov 27 2006 Olivier Blin <oblin@mandriva.com> 3.2.6-1mdv2007.1
+ Revision: 87676
- 3.2.6
- Import shorewall
* Thu Aug 31 2006 Olivier Blin <blino@mandriva.com> 3.2.3-2mdv2007.0
- fix typo in changelog
* Thu Aug 31 2006 Olivier Blin <blino@mandriva.com> 3.2.3-1mdv2007.0
- 3.2.3 (this closes #24157)
* Sun Jul 23 2006 Olivier Blin <blino@mandriva.com> 3.2.1-1mdv2007.0
- 3.2.1
- drop bogons file ('nobogons' options has been eliminated in 3.0.0)
* Mon Jan 23 2006 Daouda LO <daouda@mandriva.com> 3.0.4-1mdk
- 3.0.4
- console friendly again (Tuomo Soini)
* Mon Dec 26 2005 Daouda LO <daouda@mandriva.com> 3.0.3-1mdk
- 3.0.3
* Wed Nov 30 2005 Daouda LO <daouda@mandriva.com> 3.0.2-1mdk
- 3.0.2
* Thu Nov 24 2005 Daouda LO <daouda@mandriva.com> 3.0.1-1mdk
- 3.0.1
- add Samples
- cleanup spec
- Read The http://shorewall.net/pub/shorewall/3.0/shorewall-3.0.1/releasenotes.txt
o Thu Nov 17 2005 Nicolas CHIPAUX <chipaux@mandriva.com> 3.0.0-1mdk
- new version
- cleaning spec
- "clear" option in initscript is back
- info about migration from 2.x to 3.x
* Fri Jul 22 2005 Daouda LO <daouda@mandrakesoft.com> 2.4.1-3mdk
- initscript priority from 25 to 10 (Michael Reinsch)
- refreshed link to firewall script (Oblin)
* Tue Jul 19 2005 Olivier Blin <oblin@mandriva.com> 2.4.1-2mdk
- enable shorewall startup
* Tue Jul 19 2005 Daouda LO <daouda@mandrakesoft.com> 2.4.1-1mdk
- Fix for security vulnerability in MACLIST processing
- Support for multiple internet interfaces to different ISPs
- Support for ipset
- updated firewall script and bogons list
- back to shorewall genuine initscipt
* Mon Jul 11 2005 Olivier Blin <oblin@mandriva.com> 2.0.8-3mdk
- fix typo in init script to have chkconfig working again (#16657)
* Sat Apr 02 2005 Luca Berra <bluca@vodka.it> 2.0.8-2mdk
- use %%mkrel macro
- update firewall script from shorewall errata
- update bogons file from shorewall errata
* Thu Aug 26 2004 Florin <florin@mandrakesoft.com> 2.0.8-1mdk
- 2.0.8
* Thu Aug 05 2004 Florin <florin@mandrakesoft.com> 2.0.7-1mdk
- 2.0.7
* Wed Jun 30 2004 Florin <florin@mandrakesoft.com> 2.0.3a-1mdk
- 2.0.3a
- security update
* Fri Jun 25 2004 Florin <florin@mandrakesoft.com> 2.0.3-1mdk
- 2.0.3
* Sun Jun 13 2004 Florin <florin@mandrakesoft.com> 2.0.2f-1mdk
- 2.0.2f
- add the docs source
- remove the already present bogons and rf1918 files
* Thu Jun 03 2004 Florin <florin@mandrakesoft.com> 2.0.2d-1mdk
- 2.0.2d
* Tue May 18 2004 Florin <florin@mandrakesoft.com> 2.0.2a-1mdk
- 2.0.2a
- add the initdone file
* Fri May 14 2004 Florin <florin@mandrakesoft.com> 2.0.2-0.RC1.1mdk
- 2.0.2-RC1
- remove the already intergrated kernel-suffix patch
* Thu Apr 22 2004 Florin <florin@mandrakesoft.com> 2.0.1-3mdk
- add the bogons and rf1918 sources (thx to T. Backlund)
* Tue Apr 20 2004 Florin <florin@mandrakesoft.com> 2.0.1-2mdk
- add the kernel modules extension patch (bug #9311)
- the same patch fixes the Mandrake broken insmod (uses modprobe instead)
* Tue Apr 20 2004 Florin <florin@mandrakesoft.com> 2.0.1-1mdk
- 2.0.1
- samples 2.0.1
- add the netmap file
* Wed Mar 24 2004 Florin <florin@mandrakesoft.com> 2.0.0b-1mdk
- 2.0.0b
* Sat Mar 20 2004 Florin <florin@mandrakesoft.com> 2.0.0a-1mdk
- 2.0.0a
- samples 2.0.0
