]>
Commit | Line | Data |
---|---|---|
1 | # TODO | |
2 | # - pldize initscript | |
3 | # - unbash initscript | |
4 | # - recheck deps | |
5 | # - update configure not to require tools at build time | |
6 | Summary: Simple and powerful firewall and traffic shaping languages | |
7 | Name: firehol | |
8 | Version: 3.0.1 | |
9 | Release: 0.1 | |
10 | License: GPL v2+ | |
11 | Group: Applications/Networking | |
12 | Source0: https://firehol.org/download/firehol/releases/v%{version}/%{name}-%{version}.tar.xz | |
13 | # Source0-md5: afee409b698ad0707340112ff0e811b2 | |
14 | Source1: %{name}.service | |
15 | Source2: fireqos.service | |
16 | URL: https://firehol.org/ | |
17 | BuildRequires: graphviz | |
18 | BuildRequires: hostname | |
19 | BuildRequires: iprange >= 1.0.2 | |
20 | BuildRequires: iproute2 | |
21 | BuildRequires: iptables | |
22 | BuildRequires: procps | |
23 | BuildRequires: screen | |
24 | BuildRequires: systemd-devel | |
25 | BuildRequires: tar >= 1:1.22 | |
26 | BuildRequires: unzip | |
27 | BuildRequires: wget | |
28 | BuildRequires: whois | |
29 | BuildRequires: xz | |
30 | Requires(post,preun): /sbin/chkconfig | |
31 | Requires: coreutils | |
32 | Requires: gawk >= 3.0 | |
33 | Requires: grep >= 2.4.2 | |
34 | Requires: gzip | |
35 | Requires: hostname | |
36 | Requires: iproute2 >= 2.2.4 | |
37 | Requires: ipset | |
38 | Requires: iptables >= 1.2.4 | |
39 | Requires: kmod | |
40 | Requires: less | |
41 | Requires: procps | |
42 | Requires: rc-scripts | |
43 | Requires: sed | |
44 | Requires: uname(release) >= 2.4 | |
45 | Requires: util-linux >= 2.11 | |
46 | BuildArch: noarch | |
47 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
48 | ||
49 | %description | |
50 | FireHOL is a generic firewall generator, meaning that you can design | |
51 | any kind of local or routing stateful packet filtering firewalls with | |
52 | ease. Install FireHOL if you want an easy way to configure stateful | |
53 | packet filtering firewalls on Linux hosts and routers. | |
54 | ||
55 | FireHOL uses an extremely simple but powerful way to define firewall | |
56 | rules which it turns into complete stateful iptables firewalls. | |
57 | ||
58 | You can run FireHOL with the 'helpme' argument, to get a configuration | |
59 | file for the system run, which you can modify according to your needs. | |
60 | The default configuration file will allow only client traffic on all | |
61 | interfaces. | |
62 | ||
63 | %prep | |
64 | %setup -q | |
65 | ||
66 | %build | |
67 | # grep -E 'AX_NEED_PROG|AX_CHECK_PROG' configure.ac |sort -u|sed -rne 's/.+\(\[([^]]+)\], \[([^]]+)\].+/echo \1=`PATH=$PATH:\/usr\/sbin which \2` \\\\/p'|sh | |
68 | %configure \ | |
69 | BASH_SHELL_PATH=/bin/bash \ | |
70 | BRIDGE=/sbin/bridge \ | |
71 | CAT=/bin/cat \ | |
72 | CHMOD=/bin/chmod \ | |
73 | CHOWN=/bin/chown \ | |
74 | CP=/bin/cp \ | |
75 | CURL=/usr/bin/curl \ | |
76 | CUT=/usr/bin/cut \ | |
77 | DATE=/bin/date \ | |
78 | DIFF=/usr/bin/diff \ | |
79 | DIRNAME=/usr/bin/dirname \ | |
80 | ENV=/usr/bin/env \ | |
81 | EXPR=/usr/bin/expr \ | |
82 | FIND=/usr/bin/find \ | |
83 | FLOCK=/usr/bin/flock \ | |
84 | FOLD=/usr/bin/fold \ | |
85 | FUNZIP=/usr/bin/funzip \ | |
86 | GAWK=/usr/bin/gawk \ | |
87 | GIT=/usr/bin/git \ | |
88 | HEAD=/usr/bin/head \ | |
89 | HOSTNAMECMD=/bin/hostname \ | |
90 | IP6TABLES=/usr/sbin/ip6tables \ | |
91 | IP6TABLES_RESTORE=/usr/sbin/ip6tables-restore \ | |
92 | IP6TABLES_SAVE=/usr/sbin/ip6tables-save \ | |
93 | IP=/sbin/ip \ | |
94 | IPRANGE=/usr/bin/iprange \ | |
95 | IPSET=/usr/sbin/ipset \ | |
96 | IPTABLES=/usr/sbin/iptables \ | |
97 | IPTABLES_RESTORE=/usr/sbin/iptables-restore \ | |
98 | IPTABLES_SAVE=/usr/sbin/iptables-save \ | |
99 | LN=/bin/ln \ | |
100 | LOGGER=/usr/bin/logger \ | |
101 | LS=/bin/ls \ | |
102 | LSMOD=/sbin/lsmod \ | |
103 | MKDIR=/bin/mkdir \ | |
104 | MKTEMP=/bin/mktemp \ | |
105 | MODPROBE=/sbin/insmod \ | |
106 | MODPROBE=/sbin/modprobe \ | |
107 | MORE=/bin/more \ | |
108 | MV=/bin/mv \ | |
109 | NEATO=/usr/bin/neato \ | |
110 | PING6=/usr/bin/ping6 \ | |
111 | PING=/usr/bin/ping \ | |
112 | RENICE=/usr/bin/renice \ | |
113 | RM=/bin/rm \ | |
114 | RMMOD=/sbin/rmmod \ | |
115 | SCREEN=/usr/bin/screen \ | |
116 | SEQ=/usr/bin/seq \ | |
117 | SH=/bin/sh \ | |
118 | SLEEP=/bin/sleep \ | |
119 | SORT=/bin/sort \ | |
120 | SS=/sbin/ss \ | |
121 | STTY=/bin/stty \ | |
122 | SYSCTL=/sbin/sysctl \ | |
123 | TAIL=/usr/bin/tail \ | |
124 | TAR=/bin/tar \ | |
125 | TC=/sbin/tc \ | |
126 | TCPDUMP=/usr/sbin/tcpdump \ | |
127 | TOUCH=/bin/touch \ | |
128 | TPUT=/usr/bin/tput \ | |
129 | TR=/usr/bin/tr \ | |
130 | TRACEROUTE=/usr/bin/traceroute \ | |
131 | UNAME=/bin/uname \ | |
132 | UNIQ=/usr/bin/uniq \ | |
133 | UNZIP=/usr/bin/unzip \ | |
134 | WC=/usr/bin/wc \ | |
135 | WGET=/usr/bin/wget \ | |
136 | WHOIS=/usr/bin/whois \ | |
137 | ZCAT=/bin/zcat \ | |
138 | %{nil} | |
139 | ||
140 | %{__make} | |
141 | ||
142 | %install | |
143 | rm -rf $RPM_BUILD_ROOT | |
144 | %{__make} install \ | |
145 | DESTDIR=$RPM_BUILD_ROOT | |
146 | ||
147 | # Hack for documentation without crufts. | |
148 | rm -frv $RPM_BUILD_ROOT%{_docdir} | |
149 | find examples/ -name "Makefile*" -delete -print | |
150 | ||
151 | # Install systemd units. | |
152 | install -d $RPM_BUILD_ROOT%{systemdunitdir} | |
153 | cp -p %{SOURCE1} %{SOURCE2} $RPM_BUILD_ROOT%{systemdunitdir} | |
154 | ||
155 | # Install runtime directories. | |
156 | install -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/services | |
157 | install -d $RPM_BUILD_ROOT%{_localstatedir}/spool/firehol | |
158 | ||
159 | # Ghost configurations. | |
160 | touch $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/firehol.conf \ | |
161 | $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/fireqos.conf | |
162 | ||
163 | %clean | |
164 | rm -rf $RPM_BUILD_ROOT | |
165 | ||
166 | %post | |
167 | /sbin/chkconfig --add firehol | |
168 | %service firehol restart | |
169 | %systemd_post firehol.service | |
170 | %systemd_post fireqos.service | |
171 | ||
172 | %preun | |
173 | if [ "$1" = 0 ]; then | |
174 | %service firehol stop | |
175 | /sbin/chkconfig --del firehol | |
176 | fi | |
177 | %systemd_preun firehol.service | |
178 | %systemd_preun fireqos.service | |
179 | ||
180 | %postun | |
181 | %systemd_reload | |
182 | ||
183 | %files | |
184 | %defattr(644,root,root,755) | |
185 | %doc README THANKS examples | |
186 | %doc doc/firehol/firehol-manual.{pdf,html} | |
187 | %doc doc/fireqos/fireqos-manual.{pdf,html} | |
188 | %dir %{_sysconfdir}/firehol | |
189 | %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/firehol.conf | |
190 | %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/fireqos.conf | |
191 | %{_sysconfdir}/%{name}/*.example | |
192 | %dir %{_sysconfdir}/%{name}/services | |
193 | %{_sysconfdir}/%{name}/services/*.example | |
194 | %attr(755,root,root) %{_sbindir}/firehol | |
195 | %attr(755,root,root) %{_sbindir}/fireqos | |
196 | %{_mandir}/man1/*.1* | |
197 | %{_mandir}/man5/*.5* | |
198 | %{systemdunitdir}/firehol.service | |
199 | %{systemdunitdir}/fireqos.service | |
200 | %{_localstatedir}/spool/%{name} |