%define rel 1
-Summary: Fiaif is an Intelligent Firewall for iptables based Linux systems.
-Summary(pl): Fiaif to inteligentny firewall bazuj±cy na iptables.
+Summary: Fiaif is an Intelligent Firewall for iptables based Linux systems
+Summary(pl): Fiaif - inteligentny firewall bazuj±cy na iptables
Name: fiaif
Version: 1.3.0
Release: 0.6
License: GPL
Group: Networking/Utilities
Source0: http://fiaif.fugmann.dhs.org/dist/%{name}_%{version}-%{rel}.tar.gz
+Patch0: %{name}-FHS.patch
+Patch1: %{name}-chkconfig.patch
URL: http://fiaif.fugmann.dhs.org/
-BuildArch: noarch
-Requires: iptables, bash >= 2.04, sed, grep, textutils, sh-utils
-Prereq: /sbin/chkconfig
+Requires(post,preun): /sbin/chkconfig
+Requires: bash >= 2.04
+Requires: grep
+Requires: iptables
+Requires: sed
+Requires: sh-utils
+Requires: textutils
Conflicts: ipmasq, knetfilter, firewall-easy, shorewall, firewall-init
+BuildArch: noarch
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
-The Goal of FIAIF is to provide a highly customizable script
-for setting up an iptables based firewall.
+The Goal of FIAIF is to provide a highly customizable script for
+setting up an iptables based firewall.
-Unlike many other scripts, FIAIF can be truly customized
-allowing multiple interfaces (or rather zones). There is no
-limit on the number of zones. All configuration is done
-through configuration files. No need to understand the script
-behind it all.
+Unlike many other scripts, FIAIF can be truly customized allowing
+multiple interfaces (or rather zones). There is no limit on the number
+of zones. All configuration is done through configuration files. No
+need to understand the script behind it all.
-The script makes heavy use of state-full firewalling, and all
-RELATED and ESTABLISHED packets are accepted on all chains. If
-you which to block something out, do not accept it in the
-first place.
+The script makes heavy use of stateful firewalling, and all RELATED
+and ESTABLISHED packets are accepted on all chains. If you wish to
+block something out, do not accept it in the first place.
-The script is written in BASH. Though this is not the optimal
-program to use, it means that you do not need to install extra
-interpreters on your firewall. This allows you to have a
-minimalistic installation on your firewall.
-
-Install this package if your machine is ever on the internet.
+The script is written in BASH. Though this is not the optimal program
+to use, it means that you do not need to install extra interpreters on
+your firewall. This allows you to have a minimalistic installation on
+your firewall.
%description -l pl
-Celem FIAIF jest udostêpnienie wysoce dostosowawczego skryptu
-zak³adania regu³ ¶ciany ogniowej opartej na netfiltrze.
+Celem FIAIF jest udostêpnienie wysoce dostosowawczego skryptu
+ustawiania regu³ ¶ciany ogniowej opartej na netfiltrze.
-W przeciwieñstwie do innych skryptów, FIAIF umo¿liwia
-ustawianie regu³ na wielu interfejsach, a raczej strefach. Nie
-ma limitu stref.
+W przeciwieñstwie do innych skryptów, FIAIF umo¿liwia ustawianie regu³
+na wielu interfejsach, a raczej strefach. Nie ma limitu stref. Ca³±
+konfiguracjê przeprowadza siê za pomoc± plików konfiguracyjnych. Nie
+ma potrzeby rozumienia stoj±cego za nimi skryptu.
-Skrypt mocno u¿ywa zabezpieczeñ typu 'state-full', napisany
-jest w bashu, co pozwala na zmniejszenie koniecznej instalacji
-na ¶cianie ogniowej.
+Skrypt mocno u¿ywa zabezpieczeñ typu stateful, przepuszczaj±c
+wszystkie pakiety RELATED i ESTABLISHED na wszystkich ³añcuchach.
+¯eby co¶ zablokowaæ, wystarczy nie akceptowaæ tego na pocz±tku.
-Zainstaluj ten pakiet, gdy twoja maszyna jest na sta³e
-pod³±czona do internetu.
+Skrypt napisany jest w bashu, co pozwala na zmniejszenie koniecznej
+instalacji na ¶cianie ogniowej.
%prep
%setup -q -n %{name}-%{version}_%{rel}
-%build
+%patch0 -p1
+%patch1 -p1
%install
rm -rf $RPM_BUILD_ROOT
%{__make} install DESTDIR=$RPM_BUILD_ROOT
%{__make} install-config DESTDIR=$RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_mandir}/man8} \
- $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
-install src/fiaif $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/fiaif
+
+install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install src/fiaif $RPM_BUILD_ROOT/etc/rc.d/init.d/fiaif
%clean
rm -rf $RPM_BUILD_ROOT
%post
-/sbin/chkconfig --level 345 fiaif on
-if [ -f /var/state/fiaif/iptables ]; then
+/sbin/chkconfig --add fiaif
+if [ -f /var/lib/fiaif/iptables ]; then
/etc/rc.d/init.d/fiaif restart >&2
else
echo "Configure fiaif and remove the line 'DONT_START=1'"
%preun
if [ "$1" = "0" ]; then
- if [ -f /var/state/fiaif/iptables ]; then
+ if [ -f /var/lib/fiaif/iptables ]; then
/etc/rc.d/init.d/fiaif stop >&2
fi
/sbin/chkconfig --del fiaif
%files
%defattr(644,root,root,755)
+%doc todo VERSION doc/faq.txt
-%dir %attr(0700,root,root) %{_sysconfdir}/fiaif/
-%dir /var/state/fiaif/
+%dir %attr(700,root,root) %{_sysconfdir}/fiaif
+%dir %attr(700,root,root) /var/lib/fiaif
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.dmz
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.ext
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/zone.int
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/private_networks
%config(noreplace) %verify(not size mtime md5) %attr(0600,root,root) %{_sysconfdir}/fiaif/type_of_services
-%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/fiaif
-%attr(0755,root,root) %{_sbindir}/fiaif-scan
+%attr(754,root,root) /etc/rc.d/init.d/fiaif
+%attr(755,root,root) %{_sbindir}/fiaif-scan
%dir %{_datadir}/fiaif
%{_datadir}/fiaif/traffic-shaping.sh
%{_datadir}/fiaif/sanity_check.sh
%{_datadir}/fiaif/constants.sh
-%{_mandir}/man8/fiaif.8.gz
-%{_mandir}/man5/zone.conf.5.gz
-%{_mandir}/man5/fiaif.conf.5.gz
-%{_mandir}/man8/fiaif-scan.8.gz
-
-%doc todo VERSION doc/faq.txt
+%{_mandir}/man8/fiaif.8*
+%{_mandir}/man5/zone.conf.5*
+%{_mandir}/man5/fiaif.conf.5*
+%{_mandir}/man8/fiaif-scan.8*