- now it starts on levels 3,4,5.

[packages/fiaif.git] / fiaif.spec

%define         rel     1
Summary:        Fiaif is an Intelligent Firewall for iptables based Linux systems.
Summary(pl):    Fiaif to inteligentny firewall bazuj±cy na iptables.
Name:           fiaif
Version:        1.3.0
Release:        0.4
License:        GPL
Group:          Networking/Utilities
Source0:        http://fiaif.fugmann.dhs.org/dist/%{name}_%{version}-%{rel}.tar.gz
URL:            http://fiaif.fugmann.dhs.org/
BuildArch:      noarch
Requires:       iptables, bash >= 2.04, sed, grep, textutils, sh-utils
Prereq:         /sbin/chkconfig
Conflicts:      ipmasq, knetfilter, firewall-easy, shorewall, firewall-init
BuildRoot:      %{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The Goal of FIAIF is to provide a highly customizable script for
setting up an iptables based firewall.

Unlike many other scripts, FIAIF can be truly customized allowing
multiple interfaces (or rather zones). There is no limit on the number
of zones. All configuration is done through configuration files. No
need to understand the script behind it all.

The script makes heavy use of state-full firewalling, and all RELATED
and ESTABLISHED packets are accepted on all chains. If you which to
block something out, do not accept it in the first place.

The script is written in BASH. Though this is not the optimal program
to use, it means that you do not need to install extra interpreters on
your firewall. This allows you to have a minimalistic installation on
your firewall.

Install this package if your machine is ever on the internet.

%prep
%setup -q -n %{name}-%{version}_%{rel}
%build

%install
rm -rf $RPM_BUILD_ROOT
%{__make} install DESTDIR=$RPM_BUILD_ROOT
%{__make} install-config DESTDIR=$RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sbindir},%{_mandir}/man8} \
        $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
install src/fiaif $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/fiaif

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add fiaif 
chkconfig --level 345 fiaif on
if [ -f /var/state/fiaif/iptables ]; then
        /etc/rc.d/init.d/fiaif restart >&2
else
        echo "Configure fiaif and remove the line 'DONT_START=1'"
        echo "from /etc/fiaif/fiaif.conf, then execute"
        echo "'/etc/rc.d/init.d/fiaif start' to start fiaif."
fi

%preun
if [ "$1" = "0" ]; then
        if [ -f /var/state/fiaif/iptables ]; then
                /etc/rc.d/init.d/fiaif stop >&2
        fi
        /sbin/chkconfig --del fiaif
fi

%files
%defattr(644,root,root,755)

%dir %attr(0700,root,root) %{_sysconfdir}/fiaif/
%dir /var/state/fiaif/
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.dmz
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.ext
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.int
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/fiaif.conf
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/reserved_networks
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/private_networks
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/type_of_services

%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/fiaif
%attr(0755,root,root) %{_sbindir}/fiaif-scan

%dir %{_datadir}/fiaif
%{_datadir}/fiaif/traffic-shaping.sh
%{_datadir}/fiaif/functions.sh
%{_datadir}/fiaif/zones.sh
%{_datadir}/fiaif/iptables.sh
%{_datadir}/fiaif/proc-check.sh
%{_datadir}/fiaif/sanity_check.sh
%{_datadir}/fiaif/constants.sh

%{_mandir}/man8/fiaif.8.gz
%{_mandir}/man5/zone.conf.5.gz
%{_mandir}/man5/fiaif.conf.5.gz
%{_mandir}/man8/fiaif-scan.8.gz

%doc todo VERSION doc/faq.txt