2 # A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0"
3 # which is found at http://www.shorewall.net/Anatomy.html
8 Summary: Shoreline Firewall - an iptables-based firewall for Linux systems
9 Summary(pl.UTF-8): Shoreline Firewall - zapora sieciowa oparta na iptables
14 Group: Networking/Utilities
15 Source0: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-%{version}.tar.bz2
16 # Source0-md5: 0e4041810f066deef40bf9e57fa79e96
17 Source1: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-lite-%{version}.tar.bz2
18 # Source1-md5: 330562592f437ab44c438988e499d85b
19 Source2: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-%{version}.tar.bz2
20 # Source2-md5: 4a9a2f55cd40bb2cc17dae0227350c4d
21 Source3: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}6-lite-%{version}.tar.bz2
22 # Source3-md5: be2a9eb5d1aa5de6162e240b24e921e6
23 Source4: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-init-%{version}.tar.bz2
24 # Source4-md5: 364a305ecba4ec40eedc5cf1a48e08e9
25 Source5: http://www.shorewall.net/pub/shorewall/5.2/shorewall-%{ver}/%{name}-core-%{version}.tar.bz2
26 # Source5-md5: 07c7371fd2896e87f373b760561e41a8
27 Source10: %{name}.init
28 Source11: %{name}.logrotate
29 Patch0: %{name}-config.patch
30 Patch1: %{name}-logging.patch
34 Patch5: shell-fix.patch
36 URL: http://www.shorewall.net/
38 BuildRequires: perl(Digest::SHA)
39 BuildRequires: bash >= 4.0
42 Requires: %{name}-core = %{version}-%{release}
45 Requires: perl-modules
46 Requires(post): /sbin/chkconfig
48 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
50 %define _libexecdir %{_prefix}/lib
53 The Shoreline Firewall, more commonly known as "Shorewall", is a
54 Netfilter (iptables) based firewall that can be used on a dedicated
55 firewall system, a multi-function gateway/ router/server or on a
56 standalone GNU/Linux system.
58 %description -l pl.UTF-8
59 Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą
60 sieciową opartą na wbudowanych w jądro Linuksa mechanizmach
61 filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo
62 wszechstronny i może być wykorzystany jako zapora sieciowa,
63 wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność
64 i prostotę konfiguracji.
66 %package -n shorewall6
67 Summary: Files for the IPV6 Shorewall Firewall
68 Group: Applications/System
69 Requires: %{name}-core = %{version}-%{release}
72 Provides: shorewall(firewall) = %{version}-%{release}
73 Requires(post): /sbin/chkconfig
75 %description -n shorewall6
76 This package contains the files required for IPV6 functionality of the
77 Shoreline Firewall (shorewall).
80 Summary: Shorewall firewall for compiled rulesets
81 Group: Applications/System
82 Requires: %{name}-core = %{version}-%{release}
85 Provides: shorewall(firewall) = %{version}-%{release}
86 Requires(post): /sbin/chkconfig
89 Shorewall Lite is a companion product to Shorewall that allows network
90 administrators to centralize the configuration of Shorewall-based
91 firewalls. Shorewall Lite runs a firewall script generated by a
92 machine with a Shorewall rule compiler. A machine running Shorewall
93 Lite does not need to have a Shorewall rule compiler installed.
95 %package -n shorewall6-lite
96 Summary: Shorewall firewall for compiled IPV6 rulesets
97 Group: Applications/System
98 Requires: %{name}-core = %{version}-%{release}
101 Provides: shorewall(firewall) = %{version}-%{release}
102 Requires(post): /sbin/chkconfig
104 %description -n shorewall6-lite
105 Shorewall6 Lite is a companion product to Shorewall6 (the IPV6
106 firewall) that allows network administrators to centralize the
107 configuration of Shorewall-based firewalls. Shorewall Lite runs a
108 firewall script generated by a machine with a Shorewall rule compiler.
109 A machine running Shorewall Lite does not need to have a Shorewall
110 rule compiler installed.
113 Summary: Core libraries for Shorewall
114 Group: Applications/System
118 This package contains the core libraries for Shorewall.
121 Summary: Initialization functionality and NetworkManager integration for Shorewall
122 Group: Applications/System
123 Requires: %{name} = %{version}-%{release}
124 Requires: NetworkManager
128 Requires: shorewall(firewall) = %{version}-%{release}
129 Requires(post): /sbin/chkconfig
132 This package adds additional initialization functionality to Shorewall
133 in two ways. It allows the firewall to be closed prior to bringing up
134 network devices. This insures that unwanted connections are not
135 allowed between the time that the network comes up and when the
136 firewall is started. It also integrates with NetworkManager and
137 distribution ifup/ifdown systems to allow for 'event-driven' startup
141 %setup -qcT -a0 -a1 -a2 -a3 -a4 -a5
142 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
143 for i in $targets; do
145 cp -p $i/shorewallrc.{redhat,tld}
146 %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i/shorewallrc.tld
156 # Remove hash-bang from files which are not directly executed as shell
157 # scripts. This silences some rpmlint errors.
158 find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d'
161 rm -rf $RPM_BUILD_ROOT
163 targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init"
164 for i in $targets; do
168 LIBEXECDIR=%{_libexecdir} \
171 DESTDIR=$RPM_BUILD_ROOT ./install.sh
176 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
177 install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall
178 install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/logrotate.d/shorewall
181 rm -rf $RPM_BUILD_ROOT
184 /sbin/chkconfig --add shorewall
185 %service shorewall restart "Shorewall"
188 if [ "$1" = "0" ]; then
189 %service shorewall stop
190 /sbin/chkconfig --del shorewall
194 %defattr(644,root,root,755)
195 %doc shorewall/{COPYING,changelog.txt,releasenotes.txt,Samples}
196 %attr(755,root,root) %{_sbindir}/shorewall
197 %dir %{_sysconfdir}/shorewall
198 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/*
199 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-init
200 %{_datadir}/shorewall/action.*
201 %{_datadir}/shorewall/actions.std
202 %{_datadir}/shorewall/configfiles/
203 %{_datadir}/shorewall/configpath
204 %{_datadir}/shorewall/helpers
205 %{_datadir}/shorewall/lib.cli-std
206 %{_datadir}/shorewall/lib.core
207 %{_datadir}/shorewall/lib.runtime
208 %{_datadir}/shorewall/macro.*
209 %{_datadir}/shorewall/prog.*
210 %{_datadir}/shorewall/version
211 %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl
212 %attr(755,root,root) %{_libexecdir}/shorewall/getparams
213 %{perl_vendorlib}/Shorewall
214 %{_mandir}/man5/shorewall*
215 %exclude %{_mandir}/man5/shorewall6*
216 %exclude %{_mandir}/man5/shorewall-lite*
217 %{_mandir}/man8/shorewall*
218 %exclude %{_mandir}/man8/shorewall6*
219 %exclude %{_mandir}/man8/shorewall-lite*
220 %exclude %{_mandir}/man8/shorewall-init*
221 %attr(754,root,root) /etc/rc.d/init.d/shorewall
222 %dir %{_localstatedir}/lib/shorewall
225 %defattr(644,root,root,755)
226 %doc shorewall-lite/{COPYING,changelog.txt,releasenotes.txt}
227 %attr(755,root,root) %{_sbindir}/shorewall-lite
228 %dir %{_sysconfdir}/shorewall-lite
229 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf
230 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite-init
231 %{_datadir}/shorewall-lite
232 %{_libexecdir}/shorewall-lite
233 %{_mandir}/man5/shorewall-lite*
234 %{_mandir}/man8/shorewall-lite*
235 %attr(754,root,root) /etc/rc.d/init.d/shorewall-lite
236 %dir %{_localstatedir}/lib/shorewall-lite
239 %defattr(644,root,root,755)
240 %doc shorewall6/{COPYING,changelog.txt,releasenotes.txt,Samples6}
241 %attr(755,root,root) %{_sbindir}/shorewall6
242 %dir %{_sysconfdir}/shorewall6
243 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/*
244 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-init
245 %{_mandir}/man5/shorewall6*
246 %exclude %{_mandir}/man5/shorewall6-lite*
247 %{_mandir}/man8/shorewall6*
248 %exclude %{_mandir}/man8/shorewall6-lite*
249 %{_datadir}/shorewall6
250 %attr(754,root,root) /etc/rc.d/init.d/shorewall6
251 %dir %{_localstatedir}/lib/shorewall6
253 %files -n shorewall6-lite
254 %defattr(644,root,root,755)
255 %doc shorewall6-lite/{COPYING,changelog.txt,releasenotes.txt}
256 %attr(755,root,root) %{_sbindir}/shorewall6-lite
257 %dir %{_sysconfdir}/shorewall6-lite
258 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
259 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite-init
260 %{_mandir}/man5/shorewall6-lite*
261 %{_mandir}/man8/shorewall6-lite*
262 %{_datadir}/shorewall6-lite
263 %dir %{_libexecdir}/shorewall6-lite
264 %{_libexecdir}/shorewall6-lite/shorecap
265 %attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite
266 %dir %{_localstatedir}/lib/shorewall6-lite
269 %defattr(644,root,root,755)
270 %doc shorewall-core/{COPYING,changelog.txt,releasenotes.txt}
271 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall
272 %dir %{_datadir}/shorewall/
273 %{_datadir}/shorewall/coreversion
274 %{_datadir}/shorewall/functions
275 %{_datadir}/shorewall/lib.base
276 %{_datadir}/shorewall/lib.cli
277 %{_datadir}/shorewall/lib.common
278 %{_datadir}/shorewall/shorewallrc
279 %dir %{_libexecdir}/shorewall
280 %attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup
283 %defattr(644,root,root,755)
284 %doc shorewall-init/{COPYING,changelog.txt,releasenotes.txt}
285 %attr(755,root,root) %{_sbindir}/shorewall-init
286 %attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
287 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init
288 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-ifupdown
289 %{_mandir}/man8/shorewall-init.8.*
290 %{_datadir}/shorewall-init
291 %dir %{_libexecdir}/shorewall-init
292 %attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown
293 %attr(754,root,root) /etc/rc.d/init.d/shorewall-init