[packages/fiaif.git] / fiaif.spec

Summary:	Fiaif is an Intelligent Firewall for iptables based Linux systems
Summary(pl.UTF-8):	Fiaif - inteligentny firewall bazujący na iptables
Name:		fiaif
Version:	1.22.1
Release:	0.1
License:	GPL
Group:		Networking/Utilities
Source0:	http://www.fiaif.net/dist/%{name}_%{version}.tar.gz
# Source0-md5:	14943ad87923c1f9ae492bc6b36c551e
URL:		http://www.fiaif.net/
BuildRequires:	texlive-fonts-cmsuper
BuildRequires:	texlive-fonts-jknappen
BuildRequires:	texlive-latex-ams
BuildRequires:	texlive-latex-moreverb
BuildRequires:	texlive-latex-psnfss
BuildRequires:	texlive-makeindex
Requires(post,preun):	/sbin/chkconfig
Requires:	bash >= 2.04
Requires:	grep
Requires:	iptables >= 1.2.7a
Requires:	sh-utils
Requires:	textutils
Conflicts:	ipmasq, knetfilter, firewall-easy, shorewall, firewall-init
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
The Goal of FIAIF is to provide a highly customizable script for
setting up an iptables based firewall.

Unlike many other scripts, FIAIF can be truly customized allowing
multiple interfaces (or rather zones). There is no limit on the number
of zones. All configuration is done through configuration files. No
need to understand the script behind it all.

The script makes heavy use of stateful firewalling, and all RELATED
and ESTABLISHED packets are accepted on all chains. If you wish to
block something out, do not accept it in the first place.

The script is written in BASH. Though this is not the optimal program
to use, it means that you do not need to install extra interpreters on
your firewall. This allows you to have a minimalistic installation on
your firewall.

%description -l pl.UTF-8
Celem FIAIF jest udostępnienie wysoce dostosowawczego skryptu
ustawiania reguł ściany ogniowej opartej na netfiltrze.

W przeciwieństwie do innych skryptów, FIAIF umożliwia ustawianie reguł
na wielu interfejsach, a raczej strefach. Nie ma limitu stref. Całą
konfigurację przeprowadza się za pomocą plików konfiguracyjnych. Nie
ma potrzeby rozumienia stojącego za nimi skryptu.

Skrypt mocno używa zabezpieczeń typu stateful, przepuszczając
wszystkie pakiety RELATED i ESTABLISHED na wszystkich łańcuchach.
Żeby coś zablokować, wystarczy nie akceptować tego na początku.

Skrypt napisany jest w bashu, co pozwala na zmniejszenie koniecznej
instalacji na ścianie ogniowej.

%prep
%setup -q

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d

%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT
%{__make} install-config \
	DESTDIR=$RPM_BUILD_ROOT

install prog/fiaif $RPM_BUILD_ROOT/etc/rc.d/init.d/fiaif

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/chkconfig --add fiaif
if [ -f /var/lib/fiaif/iptables ]; then
	/etc/rc.d/init.d/fiaif force-reload >&2
else
	echo "Configure fiaif and remove the line 'DONT_START=1'"
	echo "from /etc/fiaif/fiaif.conf, then execute"
	echo "'/etc/rc.d/init.d/fiaif start' to start fiaif."
fi

%preun
if [ "$1" = "0" ]; then
	if [ -f /var/lib/fiaif/iptables ]; then
		/etc/rc.d/init.d/fiaif stop >&2
	fi
	/sbin/chkconfig --del fiaif
fi

%files
%defattr(644,root,root,755)
%doc doc/faq.txt doc/DHCP.txt doc/reporting_bugs.txt doc/upgrade.txt

%dir %attr(700,root,root) %{_sysconfdir}/fiaif
%dir %attr(700,root,root) /var/lib/fiaif
%attr(600,root,root) %{_sysconfdir}/cron.daily/fiaif
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/zone.dmz
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/zone.ext
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/zone.int
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/fiaif.conf
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/reserved_networks
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/private_networks
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/type_of_services
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/aliases

%attr(754,root,root) /etc/rc.d/init.d/fiaif
%attr(755,root,root) %{_sbindir}/fiaif-scan
%attr(755,root,root) %{_sbindir}/fiaif-getdev
%attr(755,root,root) %{_sbindir}/fiaif-update

%dir %{_datadir}/fiaif
%{_datadir}/fiaif/traffic-shaping.sh
%{_datadir}/fiaif/functions.sh
%{_datadir}/fiaif/zones.sh
%{_datadir}/fiaif/iptables.sh
%{_datadir}/fiaif/proc-check.sh
%{_datadir}/fiaif/sanity_check.sh
%{_datadir}/fiaif/constants.sh
%{_datadir}/fiaif/cleanup_rules.sh
%{_datadir}/fiaif/aliases.sh
%{_datadir}/fiaif/cleanup_rules.awk
%{_datadir}/fiaif/fiaif_rules.awk
%{_datadir}/fiaif/syntax.awk
%{_datadir}/fiaif/zone_rules.awk
%{_datadir}/fiaif/VERSION

%{_mandir}/man8/fiaif.8*
%{_mandir}/man5/zone.conf.5*
%{_mandir}/man5/fiaif.conf.5*
%{_mandir}/man8/fiaif-scan.8*
%{_mandir}/man8/fiaif-getdev.8*
%{_mandir}/man8/fiaif-update.8*
Commit	Line	Data
830c1c32	1	Summary: Fiaif is an Intelligent Firewall for iptables based Linux systems
64e0dfaa	2	Summary(pl.UTF-8): Fiaif - inteligentny firewall bazujący na iptables
1202cd1c	3	Name: fiaif
ffb7ed7e	4	Version: 1.22.1
ffb7ed7e	5	Release: 0.1
1202cd1c	6	License: GPL
1202cd1c	7	Group: Networking/Utilities
617dab16	8	Source0: http://www.fiaif.net/dist/%{name}_%{version}.tar.gz
ffb7ed7e	9	# Source0-md5: 14943ad87923c1f9ae492bc6b36c551e
617dab16	10	URL: http://www.fiaif.net/
ffb7ed7e	11	BuildRequires: texlive-fonts-cmsuper
	12	BuildRequires: texlive-fonts-jknappen
	13	BuildRequires: texlive-latex-ams
	14	BuildRequires: texlive-latex-moreverb
	15	BuildRequires: texlive-latex-psnfss
	16	BuildRequires: texlive-makeindex
830c1c32 JB	17	Requires(post,preun): /sbin/chkconfig
	18	Requires: bash >= 2.04
	19	Requires: grep
3e26edb9	20	Requires: iptables >= 1.2.7a
830c1c32 JB	21	Requires: sh-utils
830c1c32 JB	22	Requires: textutils
1202cd1c	23	Conflicts: ipmasq, knetfilter, firewall-easy, shorewall, firewall-init
830c1c32	24	BuildArch: noarch
1202cd1c	25	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	26
	27	%description
830c1c32 JB	28	The Goal of FIAIF is to provide a highly customizable script for
830c1c32 JB	29	setting up an iptables based firewall.
1202cd1c	30
830c1c32 JB	31	Unlike many other scripts, FIAIF can be truly customized allowing
	32	multiple interfaces (or rather zones). There is no limit on the number
	33	of zones. All configuration is done through configuration files. No
	34	need to understand the script behind it all.
1202cd1c	35
830c1c32 JB	36	The script makes heavy use of stateful firewalling, and all RELATED
	37	and ESTABLISHED packets are accepted on all chains. If you wish to
	38	block something out, do not accept it in the first place.
1202cd1c	39
830c1c32 JB	40	The script is written in BASH. Though this is not the optimal program
	41	to use, it means that you do not need to install extra interpreters on
	42	your firewall. This allows you to have a minimalistic installation on
	43	your firewall.
1202cd1c	44
78cc5b31 JR	45	%description -l pl.UTF-8
	46	Celem FIAIF jest udostępnienie wysoce dostosowawczego skryptu
	47	ustawiania reguł ściany ogniowej opartej na netfiltrze.
cb159eaf	48
78cc5b31 JR	49	W przeciwieństwie do innych skryptów, FIAIF umożliwia ustawianie reguł
	50	na wielu interfejsach, a raczej strefach. Nie ma limitu stref. Całą
	51	konfigurację przeprowadza się za pomocą plików konfiguracyjnych. Nie
	52	ma potrzeby rozumienia stojącego za nimi skryptu.
cb159eaf	53
78cc5b31 JR	54	Skrypt mocno używa zabezpieczeń typu stateful, przepuszczając
	55	wszystkie pakiety RELATED i ESTABLISHED na wszystkich łańcuchach.
	56	Żeby coś zablokować, wystarczy nie akceptować tego na początku.
cb159eaf	57
830c1c32	58	Skrypt napisany jest w bashu, co pozwala na zmniejszenie koniecznej
78cc5b31	59	instalacji na ścianie ogniowej.
cb159eaf	60
1202cd1c	61	%prep
98b77104	62	%setup -q
1202cd1c	63
	64	%install
	65	rm -rf $RPM_BUILD_ROOT
830c1c32	66	install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
a3b646cc PG	67
	68	%{__make} install \
	69	DESTDIR=$RPM_BUILD_ROOT
	70	%{__make} install-config \
	71	DESTDIR=$RPM_BUILD_ROOT
	72
617dab16	73	install prog/fiaif $RPM_BUILD_ROOT/etc/rc.d/init.d/fiaif
1202cd1c	74
	75	%clean
	76	rm -rf $RPM_BUILD_ROOT
	77
	78	%post
830c1c32 JB	79	/sbin/chkconfig --add fiaif
830c1c32 JB	80	if [ -f /var/lib/fiaif/iptables ]; then
fdfa5142	81	/etc/rc.d/init.d/fiaif force-reload >&2
8925f589	82	else
65a03fe8	83	echo "Configure fiaif and remove the line 'DONT_START=1'"
	84	echo "from /etc/fiaif/fiaif.conf, then execute"
	85	echo "'/etc/rc.d/init.d/fiaif start' to start fiaif."
8925f589	86	fi
1202cd1c	87
1202cd1c	88	%preun
8925f589	89	if [ "$1" = "0" ]; then
830c1c32	90	if [ -f /var/lib/fiaif/iptables ]; then
8925f589	91	/etc/rc.d/init.d/fiaif stop >&2
	92	fi
	93	/sbin/chkconfig --del fiaif
	94	fi
1202cd1c	95
	96	%files
	97	%defattr(644,root,root,755)
617dab16	98	%doc doc/faq.txt doc/DHCP.txt doc/reporting_bugs.txt doc/upgrade.txt
1202cd1c	99
830c1c32 JB	100	%dir %attr(700,root,root) %{_sysconfdir}/fiaif
830c1c32 JB	101	%dir %attr(700,root,root) /var/lib/fiaif
399e0b9f	102	%attr(600,root,root) %{_sysconfdir}/cron.daily/fiaif
	103	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/zone.dmz
	104	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/zone.ext
	105	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/zone.int
	106	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/fiaif.conf
	107	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/reserved_networks
	108	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/private_networks
	109	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/type_of_services
	110	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/fiaif/aliases
1202cd1c	111
830c1c32 JB	112	%attr(754,root,root) /etc/rc.d/init.d/fiaif
830c1c32 JB	113	%attr(755,root,root) %{_sbindir}/fiaif-scan
617dab16	114	%attr(755,root,root) %{_sbindir}/fiaif-getdev
617dab16	115	%attr(755,root,root) %{_sbindir}/fiaif-update
1202cd1c	116
	117	%dir %{_datadir}/fiaif
	118	%{_datadir}/fiaif/traffic-shaping.sh
	119	%{_datadir}/fiaif/functions.sh
	120	%{_datadir}/fiaif/zones.sh
	121	%{_datadir}/fiaif/iptables.sh
	122	%{_datadir}/fiaif/proc-check.sh
	123	%{_datadir}/fiaif/sanity_check.sh
	124	%{_datadir}/fiaif/constants.sh
53a26975	125	%{_datadir}/fiaif/cleanup_rules.sh
617dab16	126	%{_datadir}/fiaif/aliases.sh
	127	%{_datadir}/fiaif/cleanup_rules.awk
	128	%{_datadir}/fiaif/fiaif_rules.awk
	129	%{_datadir}/fiaif/syntax.awk
	130	%{_datadir}/fiaif/zone_rules.awk
fdfa5142	131	%{_datadir}/fiaif/VERSION
1202cd1c	132
830c1c32 JB	133	%{_mandir}/man8/fiaif.8*
	134	%{_mandir}/man5/zone.conf.5*
	135	%{_mandir}/man5/fiaif.conf.5*
	136	%{_mandir}/man8/fiaif-scan.8*
617dab16	137	%{_mandir}/man8/fiaif-getdev.8*
617dab16	138	%{_mandir}/man8/fiaif-update.8*