%define debug_package %{nil} %define version_major 4.5 %define version_minor 10.1 %define version %{version_major}.%{version_minor} %define version_main %{version} %define version_lite %{version} %define ipv6_ver %{version} %define ipv6_lite_ver %{version} %define sha1sums_ver %{version} %define ftp_ver %{version_major}.10 %define ftp_path ftp://ftp.shorewall.net/pub/shorewall/%{version_major}/%{name}-%{ftp_ver} %define name6 %{name}6 Summary: Iptables-based firewall for Linux systems Name: shorewall Version: %{version} Release: %mkrel 1 License: GPLv2+ and LGPLv2.1+ Group: System/Servers URL: http://www.shorewall.net/ Source0: %ftp_path/%{name}-%{version}.tar.bz2 Source1: %ftp_path/%{name}-lite-%{version_lite}.tar.bz2 Source2: %ftp_path/%{name}-docs-html-%{version}.tar.bz2 Source3: %ftp_path/%{name6}-%{ipv6_ver}.tar.bz2 Source4: %ftp_path/%{name6}-lite-%{ipv6_lite_ver}.tar.bz2 Source5: %ftp_path/%{sha1sums_ver}.sha1sums Source6: %ftp_path/%{name}-core-%{version}.tar.bz2 Patch4: %{name}-4.4.23-allow-netmask-0.patch Requires: iptables Requires: iproute2 Requires(post): rpm-helper Requires(preun): rpm-helper BuildConflicts: apt-common BuildArch: noarch %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package core Summary: Shorewall core libraries Group: System/Servers Requires(post): rpm-helper Requires(preun): rpm-helper %description core An IPv6 enabled and capable Shoreline Firewall. %package ipv6 Summary: IPv6 capable Shorewall Group: System/Servers Requires: %{name} = %{version}-%{release} Requires: iptables-ipv6 Requires: iproute2 Requires(post): rpm-helper Requires(preun): rpm-helper %description ipv6 An IPv6 enabled and capable Shoreline Firewall. %package ipv6-lite Summary: Lite version of ipv6 shorewall Group: System/Servers Requires: %{name}-ipv6 = %{version}-%{release} Requires(post): rpm-helper Requires(preun): rpm-helper %description ipv6-lite Shorewall IPv6 Lite is a companion product to Shorewall IPv6 that allows network administrators to centralize the configuration of Shorewall-based firewalls. %package lite Summary: Lite version of shorewall Group: System/Servers Requires: %{name} = %{version}-%{release} Requires(post): rpm-helper Requires(preun): rpm-helper %description lite Shorewall Lite is a companion product to Shorewall that allows network administrators to centralize the configuration of Shorewall-based firewalls. %package doc Summary: Firewall scripts Group: System/Servers %description doc The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. This package contains the docs. %prep %setup -q -c -n %{name}-%{version} %setup -q -T -D -a 1 %setup -q -T -D -a 2 %setup -q -T -D -a 3 %setup -q -T -D -a 4 %setup -q -T -D -a 6 pushd %{name}-%{version_main} %patch4 -p1 -b .allow-netmask-0 popd %build # (tpg) we do nothing here %install mkdir -p %{buildroot}%{_unitdir} export PREFIX=%{buildroot} export OWNER=`id -n -u` export GROUP=`id -n -g` export CONFDIR=%{_sysconfdir}/%{name} pushd %{name}-core-%{version_main} ./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir} DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat popd pushd %{name}-%{version_main} # (blino) enable startup (new setting as of 2.1.3) perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name}.conf # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name}.conf # blank Internal option perl -pi -e 's/TC_ENABLED=Internal/TC_ENABLED=/' configfiles/%{name}.conf # (tpg) do the optimizations perl -pi -e 's/OPTIMIZE=.*/OPTIMIZE=1/' configfiles/%{name}.conf # (tpg) set config path perl -pi -e 's#CONFIG_PATH=.*#CONFIG_PATH=configfiles/%{/g_sysconfdir}/%{name}#' configpath # (lmenut) mga kernel modules are compressed by default (mga #1147) perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name}.conf # (alien) have accounting by default in the mangle table perl -pi -e 's#ACCOUNTING_TABLE=.*#ACCOUNTING_TABLE=mangle#' configfiles/%{name}.conf ./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir} # let's do the install DESTDIR=%{buildroot} ./install.sh shorewallrc.redhat install -m 644 *.service %{buildroot}%{_unitdir} popd #(tpg) IPv6 pushd %{name6}-%{ipv6_ver} # (blino) enable startup (new setting as of 2.1.3) perl -pi -e 's/STARTUP_ENABLED=.*/STARTUP_ENABLED=Yes/' configfiles/%{name6}.conf # Keep synced with net.ipv4.ip_forward var in /etc/sysctl.conf perl -pi -e 's/IP_FORWARDING=.*/IP_FORWARDING=Keep/' configfiles/%{name6}.conf # (lmenut) mga kernel modules are compressed by default (mga #1147) perl -pi -e 's#MODULE_SUFFIX=.*#MODULE_SUFFIX="ko ko.xz ko.gz"#' configfiles/%{name6}.conf ./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir} DESTDIR=%{buildroot} ./install.sh install -m 644 *.service %{buildroot}%{_unitdir} popd pushd %{name6}-lite-%{ipv6_lite_ver} ./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir} DESTDIR=%{buildroot} ./install.sh install -m 644 *.service %{buildroot}%{_unitdir} popd pushd %{name}-lite-%{version_lite} ./configure.pl SYSTEMD=%{_unitdir} SBINDIR=%{_sbindir} LIBEXEC=%{_libexecdir} DESTDIR=%{buildroot} ./install.sh install -m 644 *.service %{buildroot}%{_unitdir} popd # Suppress automatic replacement of "echo" by "gprintf" in the shorewall # startup script by RPM. This automatic replacement is broken. export DONT_GPRINTIFY=1 #(tpg) looks like these files are needed touch %{buildroot}/%{_var}/lib/shorewall/{chains,nat,proxyarp,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore} touch %{buildroot}/%{_var}/lib/shorewall-lite/firewall #(tpg) ipv6 touch %{buildroot}/%{_var}/lib/%{name6}/{chains,restarted,zones,restore-base,restore-tail,state,.modules,.modulesdir,.iptables-restore-input,.start,.restart,.restore} touch %{buildroot}/%{_var}/lib/%{name6}-lite/firewall #remove unused files because of %exclude misbehaviour rm -f %{buildroot}%{_datadir}/%{name6}/configfiles/* rm -f %{buildroot}%{_datadir}/shorewall/configfiles/* # Remove sysv init files rm -rf %{buildroot}%{_initrddir} %post if [ "$1" -ge 1 ] ; then perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name}/%{name}.conf fi %_post_service shorewall %create_ghostfile %{_var}/lib/%{name}/chains root root 644 %create_ghostfile %{_var}/lib/%{name}/nat root root 644 %create_ghostfile %{_var}/lib/%{name}/proxyarp root root 644 %create_ghostfile %{_var}/lib/%{name}/restarted root root 644 %create_ghostfile %{_var}/lib/%{name}/zones root root 644 %create_ghostfile %{_var}/lib/%{name}/restore-base root root 644 %create_ghostfile %{_var}/lib/%{name}/restore-tail root root 644 %create_ghostfile %{_var}/lib/%{name}/state root root 644 %create_ghostfile %{_var}/lib/%{name}/.modules root root 644 %create_ghostfile %{_var}/lib/%{name}/.modulesdir root root 644 %create_ghostfile %{_var}/lib/%{name}/.iptables-restore-input root root 644 %create_ghostfile %{_var}/lib/%{name}/.restart root root 700 %create_ghostfile %{_var}/lib/%{name}/.restore root root 700 %create_ghostfile %{_var}/lib/%{name}/.start root root 700 %preun %_preun_service %{name} if [ $1 = 0 ] ; then rm -f %{_sysconfdir}/%{name}/startup_disabled rm -f %{_var}/lib/%{name}/* fi %post lite %_post_service %{name}-lite %create_ghostfile %{_var}/lib/%{name}-lite/firewall root root 644 %preun lite %_preun_service %{name}-lite %post ipv6 if [ $1 > 1 ] ; then perl -pi -e 's#MODULE_SUFFIX=ko$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf perl -pi -e 's#MODULE_SUFFIX=\"ko ko.gz\"$#MODULE_SUFFIX="ko ko.xz ko.gz"#' %{_sysconfdir}/%{name6}/%{name6}.conf fi %_post_service %{name6} %create_ghostfile %{_var}/lib/%{name6}/chains root root 644 %create_ghostfile %{_var}/lib/%{name6}/restarted root root 644 %create_ghostfile %{_var}/lib/%{name6}/zones root root 644 %create_ghostfile %{_var}/lib/%{name6}/restore-base root root 644 %create_ghostfile %{_var}/lib/%{name6}/restore-tail root root 644 %create_ghostfile %{_var}/lib/%{name6}/state root root 644 %create_ghostfile %{_var}/lib/%{name6}/.modules root root 644 %create_ghostfile %{_var}/lib/%{name6}/.modulesdir root root 644 %create_ghostfile %{_var}/lib/%{name6}/.iptables-restore-input root root 644 %create_ghostfile %{_var}/lib/%{name6}/.restart root root 700 %create_ghostfile %{_var}/lib/%{name6}/.restore root root 700 %create_ghostfile %{_var}/lib/%{name6}/.start root root 700 %preun ipv6 %_preun_service %{name6} if [ $1 = 0 ] ; then rm -f %{_sysconfdir}/%{name6}/startup_disabled rm -f %{_var}/lib/%{name6}/* fi %post ipv6-lite %_post_service %{name6}-lite %create_ghostfile %{_var}/lib/%{name6}-lite/firewall root root 644 %preun ipv6-lite %_preun_service %{name6}-lite %files %doc %{name}-%{version_main}/{changelog.txt,releasenotes.txt,Samples} %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %dir %{_datadir}/%{name} %dir %attr(755,root,root) %{_var}/lib/%{name} %ghost %{_var}/lib/%{name}/* %ghost %{_var}/lib/%{name}/.??* %config %{_sysconfdir}/logrotate.d/%{name} %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{name} #%attr(755,root,root) %{_sbindir}/%{name} %attr(755,root,root) /sbin/%{name} %{_datadir}/%{name}/action* %{_datadir}/%{name}/configpath %{_datadir}/%{name}/functions #%{_datadir}/%{name}/getparams %{_datadir}/%{name}/helpers %{_datadir}/%{name}/lib.* %{_datadir}/%{name}/macro.* %{_datadir}/%{name}/modules* %{_datadir}/%{name}/version #%{_datadir}/%{name}/wait4ifup %{_mandir}/man5/%{name}-accounting.5.* %{_mandir}/man5/%{name}-actions.5.* %{_mandir}/man5/%{name}-blacklist.5.* %{_mandir}/man5/%{name}-ecn.5.* %{_mandir}/man5/%{name}-exclusion.5.* %{_mandir}/man5/%{name}-hosts.5.* %{_mandir}/man5/%{name}-interfaces.5.* %{_mandir}/man5/%{name}-ipsets.5.* %{_mandir}/man5/%{name}-maclist.5.* %{_mandir}/man5/%{name}-masq.5.* %{_mandir}/man5/%{name}-modules.5.* %{_mandir}/man5/%{name}-nat.5.* %{_mandir}/man5/%{name}-nesting.5.* #%{_mandir}/man5/%{name}-notrack.5.* %{_mandir}/man5/%{name}-netmap.5.* %{_mandir}/man5/%{name}-params.5.* %{_mandir}/man5/%{name}-policy.5.* %{_mandir}/man5/%{name}-providers.5.* %{_mandir}/man5/%{name}-proxyarp.5.* #%{_mandir}/man5/%{name}-route_rules.5.* %{_mandir}/man5/%{name}-routes.5.* %{_mandir}/man5/%{name}-routestopped.5.* %{_mandir}/man5/%{name}-rules.5.* %{_mandir}/man5/%{name}-secmarks.5.* %{_mandir}/man5/%{name}-tcclasses.5.* %{_mandir}/man5/%{name}-tcinterfaces.5.* %{_mandir}/man5/%{name}-tcpri.5.* %{_mandir}/man5/%{name}-tcdevices.5.* %{_mandir}/man5/%{name}-tcfilters.5.* %{_mandir}/man5/%{name}-tcrules.5.* %{_mandir}/man5/%{name}-tos.5.* %{_mandir}/man5/%{name}-tunnels.5.* %{_mandir}/man5/%{name}-vardir.5.* %{_mandir}/man5/%{name}-zones.5.* %{_mandir}/man5/%{name}.conf.5.* %{_mandir}/man8/%{name}.8.* %{_mandir}/man8/%{name}-init.8.* %{_mandir}/man5/%{name}-blrules.5.* %{_mandir}/man5/%{name}-conntrack.5.* %{_mandir}/man5/%{name}-rtrules.5.* %{_mandir}/man5/%{name}-stoppedrules.5.* #%dir %{_datadir}/shorewall/Shorewall %{_datadir}/perl5/vendor_perl/Shorewall/*.pm #%{_datadir}/shorewall/compiler.pl %{_datadir}/shorewall/prog.footer #%{_datadir}/shorewall/prog.header %{_datadir}/shorewall/coreversion %{_unitdir}/shorewall.service %files ipv6 %doc %{name6}-%{ipv6_ver}/{changelog.txt,releasenotes.txt,tunnel,ipsecvpn,Samples6} %config(noreplace) %{_sysconfdir}/sysconfig/%{name6} %dir %{_sysconfdir}/%{name6} %dir %{_datadir}/%{name6} %dir %attr(755,root,root) %{_var}/lib/%{name6} %ghost %{_var}/lib/%{name6}/* %ghost %{_var}/lib/%{name6}/.??* %config(noreplace) %{_sysconfdir}/%{name6}/* %config %{_sysconfdir}/logrotate.d/%{name6} %attr(755,root,root) %{_sbindir}/%{name6} %{_datadir}/%{name6}/action* #%{_datadir}/%{name}/prog.footer6 #%{_datadir}/%{name}/prog.header6 %{_datadir}/%{name6}/configpath %{_datadir}/%{name6}/functions %{_datadir}/%{name6}/helpers %{_datadir}/%{name6}/lib.* %{_datadir}/%{name6}/macro.* %{_datadir}/%{name6}/modules* %{_datadir}/%{name6}/version #%{_datadir}/%{name6}/wait4ifup %{_mandir}/man5/%{name6}-accounting.5.* %{_mandir}/man5/%{name6}-actions.5.* %{_mandir}/man5/%{name6}-blacklist.5.* %{_mandir}/man5/%{name6}-exclusion.5.* %{_mandir}/man5/%{name6}-hosts.5.* %{_mandir}/man5/%{name6}-interfaces.5.* %{_mandir}/man5/%{name6}-ipsets.5.* %{_mandir}/man5/%{name6}-maclist.5.* %{_mandir}/man5/%{name6}-modules.5.* %{_mandir}/man5/%{name6}-nesting.5.* #%{_mandir}/man5/%{name6}-notrack.5.* %{_mandir}/man5/%{name6}-params.5.* %{_mandir}/man5/%{name6}-policy.5.* %{_mandir}/man5/%{name6}-providers.5.* %{_mandir}/man5/%{name6}-proxyndp.5.* #%{_mandir}/man5/%{name6}-route_rules.5.* %{_mandir}/man5/%{name6}-routes.5.* %{_mandir}/man5/%{name6}-routestopped.5.* %{_mandir}/man5/%{name6}-rules.5.* %{_mandir}/man5/%{name6}-secmarks.5.* %{_mandir}/man5/%{name6}-tcclasses.5.* %{_mandir}/man5/%{name6}-tcdevices.5.* %{_mandir}/man5/%{name6}-tcfilters.5.* %{_mandir}/man5/%{name6}-tcinterfaces.5.* %{_mandir}/man5/%{name6}-tcpri.5.* %{_mandir}/man5/%{name6}-tcrules.5.* %{_mandir}/man5/%{name6}-tos.5.* %{_mandir}/man5/%{name6}-tunnels.5.* %{_mandir}/man5/%{name6}-vardir.5.* %{_mandir}/man5/%{name6}-zones.5.* %{_mandir}/man5/%{name6}.conf.5.* %{_mandir}/man8/%{name6}.8.* %{_mandir}/man5/%{name6}-blrules.5.* %{_mandir}/man5/%{name6}-conntrack.5.* %{_mandir}/man5/%{name6}-rtrules.5.* %{_mandir}/man5/%{name6}-stoppedrules.5.* %{_mandir}/man5/%{name6}-netmap.5.* %{_unitdir}/shorewall6.service %files lite %doc %{name}-lite-%{version_lite}/*.txt %config(noreplace) %{_sysconfdir}/sysconfig/%{name}-lite %dir %{_datadir}/%{name}-lite %dir %attr(755,root,root) %{_var}/lib/%{name}-lite %ghost %{_var}/lib/%{name}-lite/* %config(noreplace) %{_sysconfdir}/%{name}-lite/* %config %{_sysconfdir}/logrotate.d/%{name}-lite %attr(755,root,root) %{_sbindir}/%{name}-lite %{_datadir}/%{name}-lite/configpath %{_datadir}/%{name}-lite/functions %{_datadir}/%{name}-lite/helpers %{_datadir}/%{name}-lite/lib.* %{_datadir}/%{name}-lite/modules* #%{_datadir}/%{name}-lite/shorecap %{_datadir}/%{name}-lite/version #%{_datadir}/%{name}-lite/wait4ifup %{_mandir}/man5/%{name}-lite* %{_mandir}/man8/%{name}-lite* %{_unitdir}/shorewall-lite.service %files ipv6-lite %doc %{name6}-lite-%{ipv6_lite_ver}/*.txt %config(noreplace) %{_sysconfdir}/sysconfig/%{name6}-lite %dir %{_datadir}/%{name6}-lite %dir %attr(755,root,root) %{_var}/lib/%{name6}-lite %ghost %{_var}/lib/%{name6}-lite/* %config(noreplace) %{_sysconfdir}/%{name6}-lite/* %config %{_sysconfdir}/logrotate.d/%{name6}-lite %attr(755,root,root) %{_sbindir}/%{name6}-lite %{_datadir}/%{name6}-lite/configpath %{_datadir}/%{name6}-lite/functions %{_datadir}/%{name6}-lite/helpers %{_datadir}/%{name6}-lite/lib.* %{_datadir}/%{name6}-lite/modules* #%{_datadir}/%{name6}-lite/shorecap %{_datadir}/%{name6}-lite/version #%{_datadir}/%{name6}-lite/wait4ifup %{_mandir}/man5/%{name6}-lite* %{_mandir}/man8/%{name6}-lite* %{_unitdir}/shorewall6-lite.service %files doc %doc %{name}-docs-html-%{version}/* %files core %doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt} %dir %{_datadir}/shorewall/ %{_datadir}/shorewall/coreversion %{_datadir}/shorewall/functions %{_datadir}/shorewall/lib.base %{_datadir}/shorewall/lib.cli %{_datadir}/shorewall/lib.common %{_datadir}/shorewall/shorewallrc #%dir %{_libexecdir}/shorewall #%{_libexecdir}/shorewall/wait4ifup