2 Summary: Fiaif is an Intelligent Firewall for iptables based Linux systems
3 Summary(pl): Fiaif - inteligentny firewall bazuj±cy na iptables
8 Group: Networking/Utilities
9 Source0: http://fiaif.fugmann.dhs.org/dist/%{name}_%{version}-%{rel}.tar.gz
10 URL: http://fiaif.fugmann.dhs.org/
11 Requires(post,preun): /sbin/chkconfig
12 Requires: bash >= 2.04
14 Requires: iptables >= 1.2.7a
18 Conflicts: ipmasq, knetfilter, firewall-easy, shorewall, firewall-init
20 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
23 The Goal of FIAIF is to provide a highly customizable script for
24 setting up an iptables based firewall.
26 Unlike many other scripts, FIAIF can be truly customized allowing
27 multiple interfaces (or rather zones). There is no limit on the number
28 of zones. All configuration is done through configuration files. No
29 need to understand the script behind it all.
31 The script makes heavy use of stateful firewalling, and all RELATED
32 and ESTABLISHED packets are accepted on all chains. If you wish to
33 block something out, do not accept it in the first place.
35 The script is written in BASH. Though this is not the optimal program
36 to use, it means that you do not need to install extra interpreters on
37 your firewall. This allows you to have a minimalistic installation on
41 Celem FIAIF jest udostêpnienie wysoce dostosowawczego skryptu
42 ustawiania regu³ ¶ciany ogniowej opartej na netfiltrze.
44 W przeciwieñstwie do innych skryptów, FIAIF umo¿liwia ustawianie regu³
45 na wielu interfejsach, a raczej strefach. Nie ma limitu stref. Ca³±
46 konfiguracjê przeprowadza siê za pomoc± plików konfiguracyjnych. Nie
47 ma potrzeby rozumienia stoj±cego za nimi skryptu.
49 Skrypt mocno u¿ywa zabezpieczeñ typu stateful, przepuszczaj±c
50 wszystkie pakiety RELATED i ESTABLISHED na wszystkich ³añcuchach.
51 ¯eby co¶ zablokowaæ, wystarczy nie akceptowaæ tego na pocz±tku.
53 Skrypt napisany jest w bashu, co pozwala na zmniejszenie koniecznej
54 instalacji na ¶cianie ogniowej.
57 %setup -q -n %{name}-%{version}_%{rel}
60 rm -rf $RPM_BUILD_ROOT
61 %{__make} install DESTDIR=$RPM_BUILD_ROOT
62 %{__make} install-config DESTDIR=$RPM_BUILD_ROOT
64 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
65 install src/fiaif $RPM_BUILD_ROOT/etc/rc.d/init.d/fiaif
68 rm -rf $RPM_BUILD_ROOT
71 /sbin/chkconfig --add fiaif
72 if [ -f /var/lib/fiaif/iptables ]; then
73 /etc/rc.d/init.d/fiaif force-reload >&2
75 echo "Configure fiaif and remove the line 'DONT_START=1'"
76 echo "from /etc/fiaif/fiaif.conf, then execute"
77 echo "'/etc/rc.d/init.d/fiaif start' to start fiaif."
81 if [ "$1" = "0" ]; then
82 if [ -f /var/lib/fiaif/iptables ]; then
83 /etc/rc.d/init.d/fiaif stop >&2
85 /sbin/chkconfig --del fiaif
89 %defattr(644,root,root,755)
90 %doc todo doc/faq.txt doc/DHCP.txt doc/reporting_bugs.txt
92 %dir %attr(700,root,root) %{_sysconfdir}/fiaif
93 %dir %attr(700,root,root) /var/lib/fiaif
94 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.dmz
95 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.ext
96 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.int
97 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/fiaif.conf
98 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/reserved_networks
99 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/private_networks
100 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/type_of_services
102 %attr(754,root,root) /etc/rc.d/init.d/fiaif
103 %attr(755,root,root) %{_sbindir}/fiaif-scan
105 %dir %{_datadir}/fiaif
106 %{_datadir}/fiaif/traffic-shaping.sh
107 %{_datadir}/fiaif/functions.sh
108 %{_datadir}/fiaif/zones.sh
109 %{_datadir}/fiaif/iptables.sh
110 %{_datadir}/fiaif/proc-check.sh
111 %{_datadir}/fiaif/sanity_check.sh
112 %{_datadir}/fiaif/constants.sh
113 %{_datadir}/fiaif/cleanup_rules.sh
114 %{_datadir}/fiaif/VERSION
116 %{_mandir}/man8/fiaif.8*
117 %{_mandir}/man5/zone.conf.5*
118 %{_mandir}/man5/fiaif.conf.5*
119 %{_mandir}/man8/fiaif-scan.8*