2 Summary: Fiaif is an Intelligent Firewall for iptables based Linux systems.
3 Summary(pl): Fiaif to inteligentny firewall bazuj±cy na iptables.
8 Group: Networking/Utilities
9 Source0: http://fiaif.fugmann.dhs.org/dist/%{name}_%{version}-%{rel}.tar.gz
10 URL: http://fiaif.fugmann.dhs.org/
12 Requires: iptables, bash >= 2.04, sed, grep, textutils, sh-utils
13 Prereq: /sbin/chkconfig
14 Conflicts: ipmasq, knetfilter, firewall-easy, shorewall, firewall-init
15 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
18 The Goal of FIAIF is to provide a highly customizable script
19 for setting up an iptables based firewall.
21 Unlike many other scripts, FIAIF can be truly customized
22 allowing multiple interfaces (or rather zones). There is no
23 limit on the number of zones. All configuration is done
24 through configuration files. No need to understand the script
27 The script makes heavy use of state-full firewalling, and all
28 RELATED and ESTABLISHED packets are accepted on all chains. If
29 you which to block something out, do not accept it in the
32 The script is written in BASH. Though this is not the optimal
33 program to use, it means that you do not need to install extra
34 interpreters on your firewall. This allows you to have a
35 minimalistic installation on your firewall.
37 Install this package if your machine is ever on the internet.
40 Celem FIAIF jest udostêpnienie wysoce dostosowawczego skryptu
41 zak³adania regu³ ¶ciany ogniowej opartej na netfiltrze.
43 W przeciwieñstwie do innych skryptów, FIAIF umo¿liwia
44 ustawianie regu³ na wielu interfejsach, a raczej strefach. Nie
47 Skrypt mocno u¿ywa zabezpieczeñ typu 'state-full', napisany
48 jest w bashu, co pozwala na zmniejszenie koniecznej instalacji
51 Zainstaluj ten pakiet, gdy twoja maszyna jest na sta³e
52 pod³±czona do internetu.
55 %setup -q -n %{name}-%{version}_%{rel}
59 rm -rf $RPM_BUILD_ROOT
60 %{__make} install DESTDIR=$RPM_BUILD_ROOT
61 %{__make} install-config DESTDIR=$RPM_BUILD_ROOT
62 install -d $RPM_BUILD_ROOT{%{_sbindir},%{_mandir}/man8} \
63 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
64 install src/fiaif $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/fiaif
67 rm -rf $RPM_BUILD_ROOT
70 /sbin/chkconfig --level 345 fiaif on
71 if [ -f /var/state/fiaif/iptables ]; then
72 /etc/rc.d/init.d/fiaif restart >&2
74 echo "Configure fiaif and remove the line 'DONT_START=1'"
75 echo "from /etc/fiaif/fiaif.conf, then execute"
76 echo "'/etc/rc.d/init.d/fiaif start' to start fiaif."
80 if [ "$1" = "0" ]; then
81 if [ -f /var/state/fiaif/iptables ]; then
82 /etc/rc.d/init.d/fiaif stop >&2
84 /sbin/chkconfig --del fiaif
88 %defattr(644,root,root,755)
90 %dir %attr(0700,root,root) %{_sysconfdir}/fiaif/
91 %dir /var/state/fiaif/
92 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.dmz
93 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.ext
94 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.int
95 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/fiaif.conf
96 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/reserved_networks
97 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/private_networks
98 %config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/type_of_services
100 %attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/fiaif
101 %attr(0755,root,root) %{_sbindir}/fiaif-scan
103 %dir %{_datadir}/fiaif
104 %{_datadir}/fiaif/traffic-shaping.sh
105 %{_datadir}/fiaif/functions.sh
106 %{_datadir}/fiaif/zones.sh
107 %{_datadir}/fiaif/iptables.sh
108 %{_datadir}/fiaif/proc-check.sh
109 %{_datadir}/fiaif/sanity_check.sh
110 %{_datadir}/fiaif/constants.sh
112 %{_mandir}/man8/fiaif.8.gz
113 %{_mandir}/man5/zone.conf.5.gz
114 %{_mandir}/man5/fiaif.conf.5.gz
115 %{_mandir}/man8/fiaif-scan.8.gz
117 %doc todo VERSION doc/faq.txt