shorewall_code/Shorewall/shorewall.spec

383 lines
15 KiB
RPMSpec
Raw Normal View History

%define name shorewall
%define version 3.3.0
%define release 1
%define prefix /usr
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
Version: %{version}
Release: %{release}
Prefix: %{prefix}
License: GPL
Packager: Tom Eastep <teastep@shorewall.net>
Group: Networking/Utilities
Source: %{name}-%{version}.tgz
URL: http://www.shorewall.net/
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
Requires: iptables iproute
%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
%prep
%setup
%build
%install
export PREFIX=$RPM_BUILD_ROOT ; \
export OWNER=`id -n -u` ; \
export GROUP=`id -n -g` ;\
./install.sh
%clean
rm -rf $RPM_BUILD_ROOT
%post
if [ $1 -eq 1 ]; then
if [ -x /sbin/insserv ]; then
/sbin/insserv /etc/rc.d/shorewall
elif [ -x /sbin/chkconfig ]; then
/sbin/chkconfig --add shorewall;
fi
fi
%preun
if [ $1 = 0 ]; then
if [ -x /sbin/insserv ]; then
/sbin/insserv -r /etc/init.d/shorewall
elif [ -x /sbin/chkconfig ]; then
/sbin/chkconfig --del shorewall
fi
rm -f /etc/shorewall/startup_disabled
fi
%files
%defattr(0644,root,root,0755)
%attr(0544,root,root) /etc/init.d/shorewall
%attr(0755,root,root) %dir /etc/shorewall
%attr(0755,root,root) %dir /usr/share/shorewall
%attr(0755,root,root) %dir /usr/share/shorewall/configfiles
%attr(0700,root,root) %dir /var/lib/shorewall
%attr(0644,root,root) %config(noreplace) /etc/shorewall/shorewall.conf
%attr(0600,root,root) %config(noreplace) /etc/shorewall/zones
%attr(0600,root,root) %config(noreplace) /etc/shorewall/policy
%attr(0600,root,root) %config(noreplace) /etc/shorewall/interfaces
%attr(0600,root,root) %config(noreplace) /etc/shorewall/ipsec
%attr(0600,root,root) %config(noreplace) /etc/shorewall/rules
%attr(0600,root,root) %config(noreplace) /etc/shorewall/nat
%attr(0600,root,root) %config(noreplace) /etc/shorewall/netmap
%attr(0644,root,root) %config(noreplace) /etc/shorewall/params
%attr(0600,root,root) %config(noreplace) /etc/shorewall/proxyarp
%attr(0600,root,root) %config(noreplace) /etc/shorewall/routestopped
%attr(0600,root,root) %config(noreplace) /etc/shorewall/maclist
%attr(0600,root,root) %config(noreplace) /etc/shorewall/masq
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tcrules
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tos
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tunnels
%attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts
%attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist
%attr(0600,root,root) %config(noreplace) /etc/shorewall/init
%attr(0600,root,root) %config(noreplace) /etc/shorewall/initdone
%attr(0600,root,root) %config(noreplace) /etc/shorewall/start
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stop
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stopped
%attr(0600,root,root) %config(noreplace) /etc/shorewall/ecn
%attr(0600,root,root) %config(noreplace) /etc/shorewall/accounting
%attr(0600,root,root) %config(noreplace) /etc/shorewall/actions
%attr(0600,root,root) %config(noreplace) /etc/shorewall/continue
%attr(0600,root,root) %config(noreplace) /etc/shorewall/started
%attr(0600,root,root) %config(noreplace) /etc/shorewall/providers
%attr(0600,root,root) %config(noreplace) /etc/shorewall/route_rules
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tcclasses
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tcdevices
%attr(0600,root,root) /etc/shorewall/Makefile
%attr(0555,root,root) /sbin/shorewall
%attr(0644,root,root) /usr/share/shorewall/version
%attr(0644,root,root) /usr/share/shorewall/actions.std
%attr(0644,root,root) /usr/share/shorewall/action.Drop
%attr(0644,root,root) /usr/share/shorewall/action.Limit
%attr(0644,root,root) /usr/share/shorewall/action.Reject
%attr(0644,root,root) /usr/share/shorewall/action.template
%attr(0555,root,root) /usr/share/shorewall/clib.accounting
%attr(0555,root,root) /usr/share/shorewall/clib.ecn
%attr(0555,root,root) /usr/share/shorewall/clib.maclist
%attr(0555,root,root) /usr/share/shorewall/clib.macros
%attr(0555,root,root) /usr/share/shorewall/clib.providers
%attr(0555,root,root) /usr/share/shorewall/clib.proxyarp
%attr(0555,root,root) /usr/share/shorewall/clib.tcrules
%attr(0555,root,root) /usr/share/shorewall/clib.tos
%attr(0555,root,root) /usr/share/shorewall/clib.tunnels
%attr(0555,root,root) /usr/share/shorewall/compiler
%attr(0444,root,root) /usr/share/shorewall/functions
%attr(0555,root,root) /usr/share/shorewall/firewall
%attr(0555,root,root) /usr/share/shorewall/help
%attr(0555,root,root) /usr/share/shorewall/lib.base
%attr(0555,root,root) /usr/share/shorewall/lib.tc
%attr(0555,root,root) /usr/share/shorewall/lib.tcrules
%attr(0644,root,root) /usr/share/shorewall/Limit
%attr(0644,root,root) /usr/share/shorewall/macro.AllowICMPs
%attr(0644,root,root) /usr/share/shorewall/macro.Amanda
%attr(0644,root,root) /usr/share/shorewall/macro.Auth
%attr(0644,root,root) /usr/share/shorewall/macro.BitTorrent
%attr(0644,root,root) /usr/share/shorewall/macro.CVS
%attr(0644,root,root) /usr/share/shorewall/macro.Distcc
%attr(0644,root,root) /usr/share/shorewall/macro.DNS
%attr(0644,root,root) /usr/share/shorewall/macro.DropDNSrep
%attr(0644,root,root) /usr/share/shorewall/macro.DropUPnP
%attr(0644,root,root) /usr/share/shorewall/macro.Edonkey
%attr(0644,root,root) /usr/share/shorewall/macro.FTP
%attr(0644,root,root) /usr/share/shorewall/macro.Gnutella
%attr(0644,root,root) /usr/share/shorewall/macro.HTTP
%attr(0644,root,root) /usr/share/shorewall/macro.HTTPS
%attr(0644,root,root) /usr/share/shorewall/macro.ICQ
%attr(0644,root,root) /usr/share/shorewall/macro.IMAP
%attr(0644,root,root) /usr/share/shorewall/macro.IMAPS
%attr(0644,root,root) /usr/share/shorewall/macro.LDAP
%attr(0644,root,root) /usr/share/shorewall/macro.LDAPS
%attr(0644,root,root) /usr/share/shorewall/macro.MySQL
%attr(0644,root,root) /usr/share/shorewall/macro.NNTP
%attr(0644,root,root) /usr/share/shorewall/macro.NNTPS
%attr(0644,root,root) /usr/share/shorewall/macro.NTP
%attr(0644,root,root) /usr/share/shorewall/macro.NTPbrd
%attr(0644,root,root) /usr/share/shorewall/macro.PCA
%attr(0644,root,root) /usr/share/shorewall/macro.Ping
%attr(0644,root,root) /usr/share/shorewall/macro.POP3
%attr(0644,root,root) /usr/share/shorewall/macro.POP3S
%attr(0644,root,root) /usr/share/shorewall/macro.PostgreSQL
%attr(0644,root,root) /usr/share/shorewall/macro.Rdate
%attr(0644,root,root) /usr/share/shorewall/macro.Rsync
%attr(0644,root,root) /usr/share/shorewall/macro.SMB
%attr(0644,root,root) /usr/share/shorewall/macro.SMBBI
%attr(0644,root,root) /usr/share/shorewall/macro.SMBswat
%attr(0644,root,root) /usr/share/shorewall/macro.SMTP
%attr(0644,root,root) /usr/share/shorewall/macro.SMTPS
%attr(0644,root,root) /usr/share/shorewall/macro.SNMP
%attr(0644,root,root) /usr/share/shorewall/macro.SPAMD
%attr(0644,root,root) /usr/share/shorewall/macro.SSH
%attr(0644,root,root) /usr/share/shorewall/macro.Submission
%attr(0644,root,root) /usr/share/shorewall/macro.SVN
%attr(0644,root,root) /usr/share/shorewall/macro.Syslog
%attr(0644,root,root) /usr/share/shorewall/macro.Telnet
%attr(0644,root,root) /usr/share/shorewall/macro.template
%attr(0644,root,root) /usr/share/shorewall/macro.Trcrt
%attr(0644,root,root) /usr/share/shorewall/macro.VNC
%attr(0644,root,root) /usr/share/shorewall/macro.VNCL
%attr(0644,root,root) /usr/share/shorewall/macro.Web
%attr(0644,root,root) /usr/share/shorewall/macro.Webmin
%attr(0644,root,root) /usr/share/shorewall/macro.Whois
%attr(0644,root,root) /usr/share/shorewall/modules
%attr(0644,root,root) /usr/share/shorewall/prog.footer
%attr(0644,root,root) /usr/share/shorewall/prog.header
%attr(0644,root,root) /usr/share/shorewall/rfc1918
%attr(0644,root,root) /usr/share/shorewall/configpath
%attr(0644,root,root) /usr/share/shorewall/xmodules
%attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf
%attr(0644,root,root) /usr/share/shorewall/configfiles/zones
%attr(0644,root,root) /usr/share/shorewall/configfiles/policy
%attr(0644,root,root) /usr/share/shorewall/configfiles/interfaces
%attr(0644,root,root) /usr/share/shorewall/configfiles/ipsec
%attr(0644,root,root) /usr/share/shorewall/configfiles/rules
%attr(0644,root,root) /usr/share/shorewall/configfiles/nat
%attr(0644,root,root) /usr/share/shorewall/configfiles/netmap
%attr(0644,root,root) /usr/share/shorewall/configfiles/params
%attr(0644,root,root) /usr/share/shorewall/configfiles/proxyarp
%attr(0644,root,root) /usr/share/shorewall/configfiles/routestopped
%attr(0644,root,root) /usr/share/shorewall/configfiles/maclist
%attr(0644,root,root) /usr/share/shorewall/configfiles/masq
%attr(0644,root,root) /usr/share/shorewall/configfiles/tcrules
%attr(0644,root,root) /usr/share/shorewall/configfiles/tos
%attr(0644,root,root) /usr/share/shorewall/configfiles/tunnels
%attr(0644,root,root) /usr/share/shorewall/configfiles/hosts
%attr(0644,root,root) /usr/share/shorewall/configfiles/blacklist
%attr(0644,root,root) /usr/share/shorewall/configfiles/init
%attr(0644,root,root) /usr/share/shorewall/configfiles/initdone
%attr(0644,root,root) /usr/share/shorewall/configfiles/start
%attr(0644,root,root) /usr/share/shorewall/configfiles/stop
%attr(0644,root,root) /usr/share/shorewall/configfiles/stopped
%attr(0644,root,root) /usr/share/shorewall/configfiles/ecn
%attr(0644,root,root) /usr/share/shorewall/configfiles/accounting
%attr(0644,root,root) /usr/share/shorewall/configfiles/actions
%attr(0644,root,root) /usr/share/shorewall/configfiles/continue
%attr(0644,root,root) /usr/share/shorewall/configfiles/started
%attr(0644,root,root) /usr/share/shorewall/configfiles/providers
%attr(0644,root,root) /usr/share/shorewall/configfiles/route_rules
%attr(0644,root,root) /usr/share/shorewall/configfiles/tcclasses
%attr(0644,root,root) /usr/share/shorewall/configfiles/tcdevices
%attr(0644,root,root) /usr/share/shorewall/configfiles/Makefile
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples
%changelog
* Wed Aug 09 2006 Tom Eastep tom@shorewall.net
- Updated to 3.3.0-1
* Wed Aug 02 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.2-1
* Fri Jul 21 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.1-1
* Sat Jul 08 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-1
* Thu Jun 29 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0RC6
* Mon Jun 19 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0RC5
* Sun Jun 18 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0RC4
* Fri Jun 09 2006 Tom Eastep tom@shorewall.net
- Allow Shorewall and Shorewall-lite to coexist
* Wed Jun 07 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0RC2
* Tue May 30 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0RC1
* Mon May 29 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0Beta8
* Thu May 11 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0Beta6
* Fri May 05 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0Beta7
* Wed Apr 26 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0Beta5
* Fri Apr 14 2006 Tom Eastep tom@shorewall.net
- Renamed rtrules to route_rules
* Sun Apr 02 2006 Tom Eastep tom@shorewall.net
- Added rtrules file
- Updated to 3.2.0-0Beta4
* Mon Mar 27 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0Beta3
* Sat Mar 25 2006 Tom Eastep tom@shorewall.net
- Remove '%config' from Makefile
* Thu Mar 23 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0Beta2
* Thu Mar 09 2006 Tom Eastep tom@shorewall.net
- Updated to 3.2.0-0Beta1
* Sat Mar 04 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.9-1
- Added debian and redhat prog header/footers
* Wed Mar 01 2006 Tom Eastep tom@shorewall.net
- Moved shorecap to /usr/share/shorewall
* Fri Feb 24 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.8-1
* Fri Feb 10 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.7-1
* Fri Feb 10 2006 Tom Eastep tom@shorewall.net
- Added shorecap
- Updated to 3.1.6-1
* Fri Feb 03 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.5-1
- Added new program header/footer files
* Sun Jan 29 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.4-1
- Added new Macros
* Fri Jan 20 2006 Tom Eastep tom@shorewall.net
- Change permissions for compile by ordinary user
* Fri Jan 20 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.3-1
* Tue Jan 17 2006 Tom Eastep tom@shorewall.net
- Added program skeleton Files
* Sun Jan 15 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.2-1
* Thu Jan 12 2006 Tom Eastep tom@shorewall.net
- Updated to 3.1.1-1
* Sat Dec 24 2005 Tom Eastep tom@shorewall.net
- Updated to 3.1.0-1
* Thu Dec 15 2005 Tom Eastep tom@shorewall.net
- Add Limit action
* Mon Dec 12 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.3-1
* Tue Nov 22 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.2-1
* Thu Nov 17 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.1-1
* Wed Nov 03 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.0-1
* Wed Nov 02 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.0-0RC3
Sat Oct 22 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.0-0RC2
* Mon Oct 17 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.0-0RC1
* Sun Oct 09 2005 Tom Eastep tom@shorewall.net
- Updated to 3.0.0-0Beta1
* Fri Oct 07 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.7-1
* Tue Oct 04 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.7-1
* Sat Sep 17 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.6-1
* Tue Aug 30 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.4-1
* Fri Aug 26 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.3-1
* Tue Aug 16 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.2-1
* Sun Aug 07 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.1-1
* Tue Jul 26 2005 Tom Eastep tom@shorewall.net
- Fix omissions/errors
Large merge of function from EXPERIMENTAL to HEAD. 1) Elimination of the "shorewall monitor" command. 2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into a single /etc/shorewall/zones file. This is done in an upwardly-compatible way so that current users can continue to use their existing files. 3) Support has been added for the arp_ignore interface option. 4) DROPINVALID has been removed from shorewall.conf. Behavior is as if DROPINVALID=No was specified. 5) The 'nobogons' option and BOGON_LOG_LEVEL are removed. 6) Error and warning messages have been made easier to spot by using capitalization (e.g., ERROR: and WARNING:). 7) The /etc/shorewall/policy file now contains a new connection policy and a policy for ESTABLISHED packets. Useful for users of snort-inline who want to pass all packets to the QUEUE target. 8) A new 'critical' option has been added to /etc/shorewall/routestopped. Shorewall insures communication between the firewall and 'critical' hosts throughout start, restart, stop and clear. Useful for diskless firewall's with NFS-mounted file systems, LDAP servers, Crossbow, etc. 9) Macros. Macros are very similar to actions but are easier to use, allow parameter substitution and are more efficient. Almost all of the standard actions have been converted to macros in the EXPERIMENTAL branch. 10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No. 11) If you have 'make' installed on your firewall, then when you use the '-f' option to 'shorewall start' (as happens when you reboot), if your /etc/shorewall/ directory contains files that were modified after Shorewall was last restarted then Shorewall is started using the config files rather than using the saved configuration. git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 01:08:09 +02:00
* Mon Jul 25 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.0-1
- Add macros and convert most actions to macros
* Thu Jun 02 2005 Tom Eastep tom@shorewall.net
- Updated to 2.4.0-1
* Sun May 30 2005 Tom Eastep tom@shorewall.net
- Updated to 2.4.0-0RC2
* Thu May 19 2005 Tom Eastep tom@shorewall.net
- Updated to 2.4.0-0RC1
* Thu May 19 2005 Tom Eastep tom@shorewall.net
- Updated to 2.3.2-1
* Sun May 15 2005 Tom Eastep tom@shorewall.net
- Updated to 2.3.1-1
* Mon Apr 11 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.4-1
* Fri Apr 08 2005 Tom Eastep tom@shorewall.net
- Added /etc/shorewall/started
* Tue Apr 05 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.3-1
* Mon Mar 07 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.2-1
* Mon Jan 24 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.1-1
* Mon Jan 24 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-1
* Mon Jan 17 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0RC5
* Thu Jan 06 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0RC4
* Thu Dec 30 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0RC3
* Fri Dec 24 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0RC2
* Sun Dec 19 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0RC1
- Added ipsecvpn file
* Sat Dec 11 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta8
* Mon Nov 29 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta7
* Fri Nov 26 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta6
* Fri Nov 26 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta5
* Fri Nov 19 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta4
* Tue Nov 09 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta3
* Tue Nov 02 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta2
* Fri Oct 22 2004 Tom Eastep tom@shorewall.net
- Updated to 2.2.0-0Beta1