diff options
author | Tony Vroon <chainsaw@gentoo.org> | 2010-04-13 13:33:32 +0000 |
---|---|---|
committer | Tony Vroon <chainsaw@gentoo.org> | 2010-04-13 13:33:32 +0000 |
commit | 68f3d1c0e9e58f2bd70098254f84f43874550e95 (patch) | |
tree | d60e4ce82f6ef68fc4de573ab56792e7621370c5 /net-firewall | |
parent | Updated init script with simplified dependencies addresses security bug #2889... (diff) | |
download | gentoo-2-68f3d1c0e9e58f2bd70098254f84f43874550e95.tar.gz gentoo-2-68f3d1c0e9e58f2bd70098254f84f43874550e95.tar.bz2 gentoo-2-68f3d1c0e9e58f2bd70098254f84f43874550e95.zip |
Updated init script with simplified dependencies addresses security bug #288992 by Hugo Mildenberger.
(Portage version: 2.1.8.3/cvs/Linux x86_64)
Diffstat (limited to 'net-firewall')
-rw-r--r-- | net-firewall/shorewall-common/ChangeLog | 9 | ||||
-rw-r--r-- | net-firewall/shorewall-common/files/shorewall.initd2 | 79 | ||||
-rw-r--r-- | net-firewall/shorewall-common/shorewall-common-4.2.11-r1.ebuild | 99 |
3 files changed, 186 insertions, 1 deletions
diff --git a/net-firewall/shorewall-common/ChangeLog b/net-firewall/shorewall-common/ChangeLog index 3101e21e46eb..f5a76d2981e0 100644 --- a/net-firewall/shorewall-common/ChangeLog +++ b/net-firewall/shorewall-common/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/shorewall-common # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall-common/ChangeLog,v 1.33 2010/03/16 14:23:02 chainsaw Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall-common/ChangeLog,v 1.34 2010/04/13 13:33:31 chainsaw Exp $ + +*shorewall-common-4.2.11-r1 (13 Apr 2010) + + 13 Apr 2010; <chainsaw@gentoo.org> +shorewall-common-4.2.11-r1.ebuild, + +files/shorewall.initd2: + Updated init script with simplified dependencies addresses security bug + #288992 by Hugo Mildenberger. 16 Mar 2010; <chainsaw@gentoo.org> metadata.xml: Taking over maintainership from Vieri who is stepping down due to time diff --git a/net-firewall/shorewall-common/files/shorewall.initd2 b/net-firewall/shorewall-common/files/shorewall.initd2 new file mode 100644 index 000000000000..249bc48e02e5 --- /dev/null +++ b/net-firewall/shorewall-common/files/shorewall.initd2 @@ -0,0 +1,79 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall-common/files/shorewall.initd2,v 1.1 2010/04/13 13:33:32 chainsaw Exp $ + +opts="start stop restart clear reset refresh check" + +depend() { + before net + provide firewall +} + +start() { + ebegin "Starting firewall" + /sbin/shorewall -f start 1>/dev/null + eend $? +} + +stop() { + ebegin "Stopping firewall" + /sbin/shorewall stop 1>/dev/null + eend $? +} + +restart() { + # shorewall comes with its own control script that includes a + # restart function, so refrain from calling svc_stop/svc_start + # here. Note that this comment is required to fix bug 55576; + # runscript.sh greps this script... (09 Jul 2004 agriffis) + ebegin "Restarting firewall" + /sbin/shorewall status >/dev/null + if [ $? != 0 ] ; then + svc_start + else + if [ -f /var/lib/shorewall/restore ] ; then + /sbin/shorewall restore + else + /sbin/shorewall restart 1>/dev/null + fi + fi + eend $? +} + +clear() { + # clear will remove all the rules and bring the system to an unfirewalled + # state. (21 Nov 2004 eldad) + + ebegin "Clearing all firewall rules and setting policy to ACCEPT" + /sbin/shorewall clear + eend $? +} + +reset() { + # reset the packet and byte counters in the firewall + + ebegin "Resetting the packet and byte counters in the firewall" + /sbin/shorewall reset + eend $? +} + +refresh() { + # refresh the rules involving the broadcast addresses of firewall + # interfaces, the black list, traffic control rules and + # ECN control rules + + ebegin "Refreshing firewall rules" + /sbin/shorewall refresh + eend $? +} + +check() { + # perform cursory validation of the zones, interfaces, hosts, rules + # and policy files. CAUTION: does not parse and validate the generated + # iptables commands. + + ebegin "Checking configuration files" + /sbin/shorewall check + eend $? +} diff --git a/net-firewall/shorewall-common/shorewall-common-4.2.11-r1.ebuild b/net-firewall/shorewall-common/shorewall-common-4.2.11-r1.ebuild new file mode 100644 index 000000000000..a37b82c1f547 --- /dev/null +++ b/net-firewall/shorewall-common/shorewall-common-4.2.11-r1.ebuild @@ -0,0 +1,99 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall-common/shorewall-common-4.2.11-r1.ebuild,v 1.1 2010/04/13 13:33:31 chainsaw Exp $ + +EAPI="2" + +inherit eutils versionator + +# Select version (stable, RC, Beta): +MY_PV_TREE=$(get_version_component_range 1-2) # for devel versions use "development/$(get_version_component_range 1-2)" +MY_P_BETA="" # stable or experimental (eg. "-RC1" or "-Beta4") +MY_PV_BASE=$(get_version_component_range 1-3) + +MY_PN="${PN/-common/}" +MY_P="${MY_PN}-${MY_PV_BASE}${MY_P_BETA}" +MY_P_DOCS="${MY_P/${MY_PN}/${MY_PN}-docs-html}" + +DESCRIPTION="Shoreline Firewall is an iptables-based firewall for Linux." +HOMEPAGE="http://www.shorewall.net/" +SRC_URI="http://www1.shorewall.net/pub/${MY_PN}/${MY_PV_TREE}/${MY_P}/${P}${MY_P_BETA}.tar.bz2 + doc? ( http://www1.shorewall.net/pub/${MY_PN}/${MY_PV_TREE}/${MY_P}/${MY_P_DOCS}.tar.bz2 )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc" + +DEPEND=">=net-firewall/iptables-1.2.4 + sys-apps/iproute2[-minimal] + !<net-firewall/shorewall-4.0 + !>=net-firewall/shorewall-4.4.0" +RDEPEND="${DEPEND}" + +src_compile() { + einfo "Nothing to compile." +} + +src_install() { + keepdir /var/lib/shorewall + + cd "${WORKDIR}/${P}${MY_P_BETA}" + PREFIX="${D}" ./install.sh || die "install.sh failed" + newinitd "${FILESDIR}"/shorewall.initd2 shorewall || die "doinitd failed" + + dodoc changelog.txt releasenotes.txt || die + + if use doc; then + cd "${WORKDIR}/${MY_P_DOCS}" + # install documentation + dohtml -r * + ## dosym Documentation_Index.html "/usr/share/doc/${PF}/html/index.htm" + # install samples + cp -pR "${S}${MY_P_BETA}/Samples" "${D}/usr/share/doc/${PF}" + fi +} + +pkg_postinst() { + elog + if use doc ; then + elog "Documentation is available at /usr/share/doc/${PF}/html." + elog "Please read the Release Notes in /usr/share/doc/${PF}." + elog "Samples are available at /usr/share/doc/${PF}/Samples." + else + elog "Documentation is available at http://www.shorewall.net" + fi + elog "There are man pages for shorewall(8) and for each configuration file." + elog + elog "Bridging configuration has changed with kernel 2.6.20+." + elog "Check the documentation." + elog + elog "Do not blindly start shorewall, edit the files in /etc/shorewall first" + elog "At the very least, you must change 'STARTUP_ENABLED' in shorewall.conf" + elog + elog "Be aware that version ${MY_PV_TREE} differs substantially from previous releases." + elog "Information on upgrading is available at:" + elog "http://www.shorewall.net/upgrade_issues.htm" + elog + elog "There is a 'shorewall compile' command to generate scripts to run" + elog "on systems with Shorewall Lite installed." + elog "Please refer to http://www.shorewall.net/CompiledPrograms.html" + elog "It is advised to copy the /usr/share/shorewall/configfiles dir to your" + elog "own 'export directories'. However, whenever you upgrade Shorewall you" + elog "should check for changes in configfiles and manually update your exports." + elog "Alternatively, if you only have one Shorewall-Lite system in your network" + elog "then you can use the configfiles dir but set CONFIG_PROTECT appropriately" + elog "in /etc/make.conf (man make.conf)." + elog + elog "Known problems:" + elog "http://shorewall.net/pub/${MY_PN}/${MY_PV_TREE}/${MY_P}/known_problems.txt" + elog + elog "Whether upgrading or installing you should run shorewall check," + elog "correct any errors found and run shorewall restart|start." + elog + elog "${PN} requires a compiler." + elog "You can choose to emerge shorewall-shell and/or shorewall-perl." + elog + elog "${PN} will be removed in the future." + elog "Please consider emerging the latest version of ${MY_PN}." +} |