2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
3 # which is found at http://www.shorewall.net/Anatomy.html
8 Summary: Shoreline Firewall - an iptables-based firewall for Linux systems
9 Summary(pl.UTF-8): Shoreline Firewall - zapora sieciowa oparta na iptables
14 Group: Networking/Utilities
15 Source0: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-%{version}.tar.bz2
16 # Source0-md5: 0e4041810f066deef40bf9e57fa79e96
17 Source1: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-lite-%{version}.tar.bz2
18 # Source1-md5: 330562592f437ab44c438988e499d85b
19 Source2: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-%{version}.tar.bz2
20 # Source2-md5: 4a9a2f55cd40bb2cc17dae0227350c4d
21 Source3: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-lite-%{version}.tar.bz2
22 # Source3-md5: be2a9eb5d1aa5de6162e240b24e921e6
23 Source4: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-init-%{version}.tar.bz2
24 # Source4-md5: 364a305ecba4ec40eedc5cf1a48e08e9
25 Source5: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-core-%{version}.tar.bz2
26 # Source5-md5: 07c7371fd2896e87f373b760561e41a8
27 Source10: %{name}.init
28 Source11: %{name}.logrotate
29 Patch0: %{name}-config.patch
30 Patch1: %{name}-logging.patch
34 Patch5: shell-fix.patch
35 URL: http://www.shorewall.net/
37 BuildRequires: perl(Digest::SHA)
38 BuildRequires: bash >= 4.0
41 Requires: %{name}-core = %{version}-%{release}
44 Requires: perl-modules
45 Requires(post): /sbin/chkconfig
47 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
49 %define _libexecdir %{_prefix}/lib
52 The Shoreline Firewall, more commonly known as "Shorewall", is a
53 Netfilter (iptables) based firewall that can be used on a dedicated
54 firewall system, a multi-function gateway/ router/server or on a
55 standalone GNU/Linux system.
57 %description -l pl.UTF-8
58 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
59 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
60 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
61 wszechstronny i może być wykorzystany jako zapora sieciowa,
62 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
63 i prostotę konfiguracji.
65 %package -n shorewall6
66 Summary: Files for the IPV6 Shorewall Firewall
67 Group: Applications/System
68 Requires: %{name}-core = %{version}-%{release}
71 Provides: shorewall(firewall) = %{version}-%{release}
72 Requires(post): /sbin/chkconfig
74 %description -n shorewall6
75 This package contains the files required for IPV6 functionality of the
76 Shoreline Firewall (shorewall).
79 Summary: Shorewall firewall for compiled rulesets
80 Group: Applications/System
81 Requires: %{name}-core = %{version}-%{release}
84 Provides: shorewall(firewall) = %{version}-%{release}
85 Requires(post): /sbin/chkconfig
88 Shorewall Lite is a companion product to Shorewall that allows network
89 administrators to centralize the configuration of Shorewall-based
90 firewalls. Shorewall Lite runs a firewall script generated by a
91 machine with a Shorewall rule compiler. A machine running Shorewall
92 Lite does not need to have a Shorewall rule compiler installed.
94 %package -n shorewall6-lite
95 Summary: Shorewall firewall for compiled IPV6 rulesets
96 Group: Applications/System
97 Requires: %{name}-core = %{version}-%{release}
100 Provides: shorewall(firewall) = %{version}-%{release}
101 Requires(post): /sbin/chkconfig
103 %description -n shorewall6-lite
104 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
105 firewall) that allows network administrators to centralize the
106 configuration of Shorewall-based firewalls. Shorewall Lite runs a
107 firewall script generated by a machine with a Shorewall rule compiler.
108 A machine running Shorewall Lite does not need to have a Shorewall
109 rule compiler installed.
112 Summary: Core libraries for Shorewall
113 Group: Applications/System
117 This package contains the core libraries for Shorewall.
120 Summary: Initialization functionality and NetworkManager integration for Shorewall
121 Group: Applications/System
122 Requires: %{name} = %{version}-%{release}
123 Requires: NetworkManager
127 Requires: shorewall(firewall) = %{version}-%{release}
128 Requires(post): /sbin/chkconfig
131 This package adds additional initialization functionality to Shorewall
132 in two ways. It allows the firewall to be closed prior to bringing up
133 network devices. This insures that unwanted connections are not
134 allowed between the time that the network comes up and when the
135 firewall is started. It also integrates with NetworkManager and
136 distribution ifup/ifdown systems to allow for 'event-driven' startup
140 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
141 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
142 for i in $targets; do
144 cp -p $i/shorewallrc.{redhat,tld}
145 %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i/shorewallrc.tld
154 # Remove hash-bang from files which are not directly executed as shell
155 # scripts. This silences some rpmlint errors.
156 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
159 rm -rf $RPM_BUILD_ROOT
161 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
162 for i in $targets; do
166 LIBEXECDIR=%{_libexecdir} \
169 DESTDIR=$RPM_BUILD_ROOT ./install.sh
174 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
175 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
176 install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall
179 rm -rf $RPM_BUILD_ROOT
182 /sbin/chkconfig --add shorewall
183 %service shorewall restart "Shorewall"
186 if [ "$1" = "0" ]; then
187 %service shorewall stop
188 /sbin/chkconfig --del shorewall
192 %defattr(644,root,root,755)
193 %doc shorewall/{COPYING,changelog.txt,releasenotes.txt,Samples}
194 %attr(755,root,root) %{_sbindir}/shorewall
195 %dir %{_sysconfdir}/shorewall
196 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
197 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
198 %{_datadir}/shorewall/action.*
199 %{_datadir}/shorewall/actions.std
200 %{_datadir}/shorewall/configfiles/
201 %{_datadir}/shorewall/configpath
202 %{_datadir}/shorewall/helpers
203 %{_datadir}/shorewall/lib.cli-std
204 %{_datadir}/shorewall/lib.core
205 %{_datadir}/shorewall/lib.runtime
206 %{_datadir}/shorewall/macro.*
207 %{_datadir}/shorewall/prog.*
208 %{_datadir}/shorewall/version
209 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
210 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
211 %{perl_vendorlib}/Shorewall
212 %{_mandir}/man5/shorewall*
213 %exclude %{_mandir}/man5/shorewall6*
214 %exclude %{_mandir}/man5/shorewall-lite*
215 %{_mandir}/man8/shorewall*
216 %exclude %{_mandir}/man8/shorewall6*
217 %exclude %{_mandir}/man8/shorewall-lite*
218 %exclude %{_mandir}/man8/shorewall-init*
219 %attr(754,root,root) /etc/rc.d/init.d/shorewall
220 %dir %{_localstatedir}/lib/shorewall
223 %defattr(644,root,root,755)
224 %doc shorewall-lite/{COPYING,changelog.txt,releasenotes.txt}
225 %attr(755,root,root) %{_sbindir}/shorewall-lite
226 %dir %{_sysconfdir}/shorewall-lite
227 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
228 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
229 %{_datadir}/shorewall-lite
230 %{_libexecdir}/shorewall-lite
231 %{_mandir}/man5/shorewall-lite*
232 %{_mandir}/man8/shorewall-lite*
233 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
234 %dir %{_localstatedir}/lib/shorewall-lite
237 %defattr(644,root,root,755)
238 %doc shorewall6/{COPYING,changelog.txt,releasenotes.txt,Samples6}
239 %attr(755,root,root) %{_sbindir}/shorewall6
240 %dir %{_sysconfdir}/shorewall6
241 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
242 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
243 %{_mandir}/man5/shorewall6*
244 %exclude %{_mandir}/man5/shorewall6-lite*
245 %{_mandir}/man8/shorewall6*
246 %exclude %{_mandir}/man8/shorewall6-lite*
247 %{_datadir}/shorewall6
248 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
249 %dir %{_localstatedir}/lib/shorewall6
251 %files -n shorewall6-lite
252 %defattr(644,root,root,755)
253 %doc shorewall6-lite/{COPYING,changelog.txt,releasenotes.txt}
254 %attr(755,root,root) %{_sbindir}/shorewall6-lite
255 %dir %{_sysconfdir}/shorewall6-lite
256 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
257 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
258 %{_mandir}/man5/shorewall6-lite*
259 %{_mandir}/man8/shorewall6-lite*
260 %{_datadir}/shorewall6-lite
261 %dir %{_libexecdir}/shorewall6-lite
262 %{_libexecdir}/shorewall6-lite/shorecap
263 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
264 %dir %{_localstatedir}/lib/shorewall6-lite
267 %defattr(644,root,root,755)
268 %doc shorewall-core/{COPYING,changelog.txt,releasenotes.txt}
269 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
270 %dir %{_datadir}/shorewall/
271 %{_datadir}/shorewall/coreversion
272 %{_datadir}/shorewall/functions
273 %{_datadir}/shorewall/lib.base
274 %{_datadir}/shorewall/lib.cli
275 %{_datadir}/shorewall/lib.common
276 %{_datadir}/shorewall/shorewallrc
277 %dir %{_libexecdir}/shorewall
278 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
281 %defattr(644,root,root,755)
282 %doc shorewall-init/{COPYING,changelog.txt,releasenotes.txt}
283 %attr(755,root,root) %{_sbindir}/shorewall-init
284 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
285 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
286 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
287 %{_mandir}/man8/shorewall-init.8.*
288 %{_datadir}/shorewall-init
289 %dir %{_libexecdir}/shorewall-init
290 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
291 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init