diff options
-rw-r--r-- | .SRCINFO | 35 | ||||
-rw-r--r-- | PKGBUILD | 145 | ||||
-rw-r--r-- | modules.conf | 3 | ||||
-rw-r--r-- | vuurmuur.install | 27 | ||||
-rw-r--r-- | vuurmuur.rc | 114 | ||||
-rw-r--r-- | vuurmuur.script | 88 | ||||
-rw-r--r-- | vuurmuur.service | 13 |
7 files changed, 425 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..b1d18c235b11 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,35 @@ +pkgbase = vuurmuur-devel + pkgdesc = powerful front-end for iptables aimed at system-administrators who need a decent firewall, but dont have netfilter specific knowledge - development release + pkgver = 0.8rc1 + pkgrel = 1 + url = http://www.vuurmuur.org + install = vuurmuur.install + arch = i686 + arch = x86_64 + license = GPL + depends = iptables + depends = ncurses + depends = libjpeg + optdepends = conntrack-tools: for connection tracking + optdepends = iproute2: for traffic shapping + optdepends = iptrafvol: for traffic volume logging + provides = vuurmuur + conflicts = vuurmuur + backup = etc/vuurmuur/config.conf + backup = etc/vuurmuur/modules.conf + backup = etc/vuurmuur/vuurmuur_conf.conf + backup = etc/vuurmuur/plugins/textdir.conf + backup = etc/logrotate.d/vuurmuur + source = ftp://ftp.vuurmuur.org/releases/0.8rc1/Vuurmuur-0.8rc1.tar.gz + source = modules.conf + source = vuurmuur.rc + source = vuurmuur.service + source = vuurmuur.script + md5sums = f5293d074a8cb1e4a68bd5c1272babcd + md5sums = e7e07db3cf65dbb7bebfd6ca3fde0e56 + md5sums = 214161fa924d6817ba6919862af37fbd + md5sums = ba3a1c90289a42c5c29bdf06e0045c5e + md5sums = 718f0384b915db99b2d93ab9792cc92d + +pkgname = vuurmuur-devel + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..708dab661104 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,145 @@ +# vim:set ts=2 sw=2 et ft=sh tw=100: expandtab +# Maintainer: Piotr Rogoża <rogoza dot piotr at gmail dot com> +# Contributor: skydrome <skydrome@i2pmail.org> +# Contributor: Valere Monseur <valere_monseur@hotmail.com> +# Contributor: Phillip Smith <fukawi2@NO-SPAM.gmail.com> +# Contributor: (asper, noob + +pkgname=vuurmuur-devel +_pkgname_short=vuurmuur +_pkgname=Vuurmuur +pkgver=0.8rc1 +pkgrel=1 +pkgdesc='powerful front-end for iptables aimed at system-administrators who need a decent firewall, but dont have netfilter specific knowledge - development release' +arch=('i686' 'x86_64') +url='http://www.vuurmuur.org' +license=('GPL') +install='vuurmuur.install' +depends=('iptables' 'ncurses' 'libjpeg') +optdepends=('conntrack-tools: for connection tracking' + 'iproute2: for traffic shapping' + 'iptrafvol: for traffic volume logging') +provides=(vuurmuur) +conflicts=(vuurmuur) +backup=('etc/vuurmuur/config.conf' + 'etc/vuurmuur/modules.conf' + 'etc/vuurmuur/vuurmuur_conf.conf' + 'etc/vuurmuur/plugins/textdir.conf' + 'etc/logrotate.d/vuurmuur') +source=( +"ftp://ftp.vuurmuur.org/releases/$pkgver/${_pkgname}-${pkgver}.tar.gz" +modules.conf +vuurmuur.rc +vuurmuur.service +vuurmuur.script +) +build() { + cd ${srcdir}/${_pkgname}-${pkgver} + + for archive in libvuurmuur vuurmuur vuurmuur_conf; do + [[ ! -d "$archive" ]] && + tar xzf ${archive}-${pkgver}.tar.gz + done + + msg "building vuurmuur libraries..." + pushd libvuurmuur-${pkgver} + ./configure --prefix=/usr --sysconfdir=/etc + make + popd + + msg "building vuurmuur..." + pushd vuurmuur-${pkgver} + sed -i 's|-rpath|-rpath-link|' configure + LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src \ + -L${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src/.libs \ + -Wl,-rpath=/usr/lib/${_pkgname_short}/plugins" \ + ./configure --prefix=/usr --sysconfdir=/etc \ + --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src" \ + --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src" + make + popd + + msg "building vuurmuur_conf..." + pushd vuurmuur_conf-${pkgver} + sed -i 's|-rpath|-rpath-link|' configure + LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src \ + -L${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src/.libs \ + -Wl,-rpath=/usr/lib/${_pkgname_short}/plugins" \ + ./configure --prefix=/usr --sysconfdir=/etc \ + --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src" \ + --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/src" + make + popd +} + +package() { + cd ${srcdir}/${_pkgname}-${pkgver} + + pushd libvuurmuur-${pkgver} + make DESTDIR=${pkgdir} install + popd + + pushd vuurmuur-${pkgver} + make DESTDIR=${pkgdir} install + popd + + pushd vuurmuur_conf-${pkgver} + make DESTDIR=${pkgdir} install + popd + + # make directory structure + install -dm700 ${pkgdir}/etc/${_pkgname_short} + install -dm700 ${pkgdir}/etc/${_pkgname_short}/plugins + install -dm700 ${pkgdir}/etc/logrotate.d/ + install -dm755 ${pkgdir}/usr/share/${_pkgname_short}/textdir/{interfaces,services,zones,rules} + install -dm700 ${pkgdir}/var/log/${_pkgname_short} + + # install daemon and log + install -Dm755 ${srcdir}/vuurmuur.rc ${pkgdir}/etc/rc.d/${_pkgname_short} + install -Dm644 ${pkgdir}/usr/share/${_pkgname_short}/scripts/vuurmuur-logrotate ${pkgdir}/etc/logrotate.d/${_pkgname_short} + + # install systemd's files + install -Dm755 $srcdir/vuurmuur.script $pkgdir/usr/lib/systemd/scripts/vuurmuur + install -Dm644 $srcdir/vuurmuur.service $pkgdir/usr/lib/systemd/system/vuurmuur.service + + # install configuration + install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/config.conf.sample \ + ${pkgdir}/etc/${_pkgname_short}/config.conf + install -Dm600 ${srcdir}/modules.conf ${pkgdir}/etc/${_pkgname_short}/modules.conf + install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/vuurmuur_conf.conf.sample \ + ${pkgdir}/etc/${_pkgname_short}/${_pkgname_short}_conf.conf + + sed -i ${pkgdir}/etc/${_pkgname_short}/config.conf \ + -e 's|"/sbin/tc|"/usr/sbin/tc|' \ + -e 's|"/sbin/ip6tables|"/usr/sbin/ip6tables|' \ + -e 's|"/sbin/iptables|"/usr/sbin/iptables|' \ + -e 's|"/sbin/ip6tables-restore|"/usr/sbin/ip6tables-restore|' \ + -e 's|"/sbin/iptables-restore|"/usr/sbin/iptables-restore|' \ + -e 's|"/var/log/messages|"/var/log/iptables.log|' + + sed -i ${pkgdir}/etc/${_pkgname_short}/${_pkgname_short}_conf.conf \ + -e 's|"/usr/bin/iptrafvol.pl|"/usr/sbin/iptrafvol.pl|' + + + echo "LOCATION=\"/etc/${_pkgname_short}/textdir\"" > ${pkgdir}/etc/${_pkgname_short}/plugins/textdir.conf + + # default firewall setup in /usr/share + touch ${pkgdir}/usr/share/${_pkgname_short}/textdir/rules/rules.conf + touch ${pkgdir}/usr/share/${_pkgname_short}/textdir/rules/blocklist.conf + + cp -R ${srcdir}/${_pkgname}-${pkgver}/zones/* ${pkgdir}/usr/share/${_pkgname_short}/textdir/zones/ + mv ${pkgdir}/usr/share/${_pkgname_short}/services/* ${pkgdir}/usr/share/${_pkgname_short}/textdir/services/ + + # install licenses + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/lib${_pkgname_short}-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/lib${_pkgname_short}/COPYING + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${_pkgname_short}-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/${_pkgname_short}/COPYING + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${_pkgname_short}_conf-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/${_pkgname_short}_conf/COPYING +} +md5sums=('f5293d074a8cb1e4a68bd5c1272babcd' + 'e7e07db3cf65dbb7bebfd6ca3fde0e56' + '214161fa924d6817ba6919862af37fbd' + 'ba3a1c90289a42c5c29bdf06e0045c5e' + '718f0384b915db99b2d93ab9792cc92d') diff --git a/modules.conf b/modules.conf new file mode 100644 index 000000000000..eda78a03622c --- /dev/null +++ b/modules.conf @@ -0,0 +1,3 @@ +# modules loaded by vuurmuur daemon +# ip_queue => not found +MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp" diff --git a/vuurmuur.install b/vuurmuur.install new file mode 100644 index 000000000000..0f596b8c9c1b --- /dev/null +++ b/vuurmuur.install @@ -0,0 +1,27 @@ +post_install() { + if [[ ! -d /etc/vuurmuur/textdir ]]; then + # copy default firewall setup + cp -R /usr/share/vuurmuur/textdir /etc/vuurmuur/ + + # set permissions and ownership + chown -R root:root /etc/vuurmuur + chmod -R o=rwX,go= /etc/vuurmuur + chown -R root:root /var/log/vuurmuur + chmod -R o=rwX,go= /var/log/vuurmuur + + echo + echo "Default firewall setup has been installed in /etc/vuurmuur/textdir" + echo + echo "You can now setup your network topology and firewall rules using vuurmuur_conf" + echo "Don't forget to add 'vuurmuur' in /etc/rc.conf" + echo + echo "Usefull documentation can be found at http://www.vuurmuur.org" + echo + fi +} + +post_remove () { + echo + echo "Your firewall setup has been left unchanged in /etc/vuurmuur/textdir" + echo +} diff --git a/vuurmuur.rc b/vuurmuur.rc new file mode 100644 index 000000000000..3b4d3e99ecb9 --- /dev/null +++ b/vuurmuur.rc @@ -0,0 +1,114 @@ +#!/bin/bash +# vi: ft=sh + +. /etc/rc.conf +. /etc/rc.d/functions + +# PID file +VUURMUURPID='/run/vuurmuur.pid' +VUURMUURLOGPID='/run/vuurmuur_log.pid' +case $1 in +start) + # initialize + stat_busy "Starting Vuurmuur Firewall" + STATUS="ok" + + # check if vuurmuur is configured + IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l` + if [ $IFNUM = 0 ]; then + stat_busy "Please configure Vuurmuur first by defining at least one interface." + stat_fail + exit 1 + fi + + # load modules + . /etc/vuurmuur/modules.conf + for MODULE in `echo $MODULES_TO_LOAD`; do + /sbin/modprobe $MODULE &>/dev/null + if [ $? != 0 ]; then + stat_busy "Error when loading module $MODULE. Check log files." + stat_fail + exit 1 + fi + done + + # start vuurmuur daemon + if [ ! -f $VUURMUURPID ]; then + /usr/bin/vuurmuur -l + if [ $? != 0 ]; then + stat_busy "Error when starting Vuurmuur daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURPID | cut -d " " -f 1` + stat_busy "Error when starting Vuurmuur daemon. Already running at pid $PID." + STATUS="failed" + fi + + # start vuurmuur log parsing daemon + if [ ! -f $VUURMUURLOGPID ]; then + /usr/bin/vuurmuur_log + if [ $? != 0 ]; then + stat_busy "Error when starting Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + stat_busy "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "ok" ]; then + add_daemon vuurmuur + stat_done + else + stat_fail + exit 1 + fi + ;; + +stop) + # initialize + stat_busy "Stopping Vuurmuur Firewall" + STATUS="ok" + + # stop vuurmuur log parsing daemon + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURLOGPID + else + stat_busy "Error when stopping Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + + # stop vuurmuur daemon + PID=`cat $VUURMUURPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURPID + else + stat_busy "Error when stopping Vuurmuur daemon. Check log files." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "ok" ]; then + rm_daemon vuurmuur + stat_done + else + stat_fail + exit 1 + fi + ;; + +restart) + $0 stop + $0 start + ;; + +*) + echo "Usage: $0 {start|stop|restart}" >&2 + exit 1 + +esac +exit 0 diff --git a/vuurmuur.script b/vuurmuur.script new file mode 100644 index 000000000000..a643d6fbd42f --- /dev/null +++ b/vuurmuur.script @@ -0,0 +1,88 @@ +#!/bin/bash + +VUURMUURPID='/run/vuurmuur.pid' +VUURMUURLOGPID='/run/vuurmuur_log.pid' +start() { + IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l` + if [ $IFNUM = 0 ]; then + echo "Please configure Vuurmuur first by defining at least one interface." + exit 1 + fi + + # load modules + . /etc/vuurmuur/modules.conf + for MODULE in `echo $MODULES_TO_LOAD`; do + /sbin/modprobe $MODULE &>/dev/null + if [ $? != 0 ]; then + echo "Error when loading module $MODULE. Check log files." + exit 1 + fi + done + + # start vuurmuur daemon + if [ ! -f $VUURMUURPID ]; then + /usr/bin/vuurmuur -l + if [ $? != 0 ]; then + echo "Error when starting Vuurmuur daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURPID | cut -d " " -f 1` + echo "Error when starting Vuurmuur daemon. Already running at pid $PID." + STATUS="failed" + fi + + # start vuurmuur log parsing daemon + if [ ! -f $VUURMUURLOGPID ]; then + /usr/bin/vuurmuur_log + if [ $? != 0 ]; then + echo "Error when starting Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + echo "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "failed" ]; then + exit 1 + fi +} +stop() { + # initialize + echo "Stopping Vuurmuur Firewall" + STATUS="ok" + + # stop vuurmuur log parsing daemon + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURLOGPID + else + echo "Error when stopping Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + + # stop vuurmuur daemon + PID=`cat $VUURMUURPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURPID + else + echo "Error when stopping Vuurmuur daemon. Check log files." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "false" ]; then + exit 1 + fi +} +restart() { + $0 stop + $0 start +} + +case $1 in + start|stop|restart) "$1" ;; +esac diff --git a/vuurmuur.service b/vuurmuur.service new file mode 100644 index 000000000000..3defcaa82d75 --- /dev/null +++ b/vuurmuur.service @@ -0,0 +1,13 @@ +# vi: ft=systemd +[Unit] +Description=Powerful front-end for iptables +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/lib/systemd/scripts/vuurmuur start +ExecStop=/usr/lib/systemd/scripts/vuurmuur stop +ExecReload=/usr/lib/systemd/scripts/vuurmuur restart + +[Install] +WantedBy=multi-user.target |