From f3eeaed2a3dfea5313a482d1641731be4a3477e9 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Thu, 14 Jun 2018 23:01:20 +0000 Subject: [PATCH] - based on PLD spec, version 5.2.0.4 for TLD, not tested, release 0.1 --- init.patch | 21 ++++ man.patch | 36 ++++++ shorewall-config.patch | 21 ++++ shorewall.init | 71 +++++++++++ shorewall.spec | 268 +++++++++++++++++++++++++++++++++++++++++ tld.patch | 113 +++++++++++++++++ 6 files changed, 530 insertions(+) create mode 100644 init.patch create mode 100644 man.patch create mode 100644 shorewall-config.patch create mode 100755 shorewall.init create mode 100644 shorewall.spec create mode 100644 tld.patch diff --git a/init.patch b/init.patch new file mode 100644 index 0000000..f6dc9ee --- /dev/null +++ b/init.patch @@ -0,0 +1,21 @@ +diff -ur shorewall-5.2.0.4.orig/shorewall-init-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall-init-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall-init-5.2.0.4/install.sh 2018-06-14 22:28:59.725127653 +0000 ++++ shorewall-5.2.0.4/shorewall-init-5.2.0.4/install.sh 2018-06-14 22:31:22.419126046 +0000 +@@ -318,12 +318,13 @@ + install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644 + [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service + echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service" +- [ -n "$DESTDIR" -o $configure -eq 0 ] && make_parent_directory ${DESTDIR}${SBINDIR} 0755 +- install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0700 +- [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT +- echo "CLI installed as ${DESTDIR}${SBINDIR}/$PRODUCT" + fi + ++[ -n "$DESTDIR" -o $configure -eq 0 ] && make_parent_directory ${DESTDIR}${SBINDIR} 0755 ++install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0700 ++[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT ++echo "CLI installed as ${DESTDIR}${SBINDIR}/$PRODUCT" ++ + # + # Create /usr/share/shorewall-init if needed + # diff --git a/man.patch b/man.patch new file mode 100644 index 0000000..0ba48c3 --- /dev/null +++ b/man.patch @@ -0,0 +1,36 @@ +diff -ur shorewall-5.2.0.4.orig/shorewall-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall-5.2.0.4/install.sh 2018-06-14 22:07:06.867142434 +0000 ++++ shorewall-5.2.0.4/shorewall-5.2.0.4/install.sh 2018-06-14 22:13:13.101138311 +0000 +@@ -1191,10 +1191,10 @@ + shorewall-accounting.5 shorewall-ipsets.5 shorewall-providers.5 shorewall-tcclasses.5 \ + shorewall-actions.5 shorewall-maclist.5 shorewall-tcdevices.5 \ + shorewall-mangle.5 shorewall-proxyndp.5 shorewall-tcfilters.5 \ +- shorewall-blacklist.5 shorewall-masq.5 shorewall-routes.5 shorewall-tcinterfaces.5 \ +- shorewall-blrules.5 shorewall-modules.5 shorewall-routestopped.5 shorewall-tcpri.5 \ +- shorewall-conntrack.5 shorewall-nat.5 shorewall-rtrules.5 shorewall-tcrules.5 \ +- shorewall-nesting.5 shorewall-rules.5 shorewall-tos.5 \ ++ shorewall-routes.5 shorewall-tcinterfaces.5 \ ++ shorewall-blrules.5 shorewall-modules.5 shorewall-tcpri.5 \ ++ shorewall-conntrack.5 shorewall-nat.5 shorewall-rtrules.5 \ ++ shorewall-nesting.5 shorewall-rules.5 \ + shorewall-exclusion.5 shorewall-netmap.5 shorewall-secmarks.5 shorewall-tunnels.5 \ + shorewall-hosts.5 shorewall-params.5 shorewall-snat.5 shorewall-vardir.5 \ + shorewall-interfaces.5 shorewall-policy.5 shorewall-stoppedrules.5 shorewall-zones.5 +diff -ur shorewall-5.2.0.4.orig/shorewall6-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall6-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall6-5.2.0.4/install.sh 2018-06-14 22:07:06.867142434 +0000 ++++ shorewall-5.2.0.4/shorewall6-5.2.0.4/install.sh 2018-06-14 22:13:13.101138311 +0000 +@@ -1191,10 +1191,10 @@ + shorewall-accounting.5 shorewall-ipsets.5 shorewall-providers.5 shorewall-tcclasses.5 \ + shorewall-actions.5 shorewall-maclist.5 shorewall-tcdevices.5 \ + shorewall-mangle.5 shorewall-proxyndp.5 shorewall-tcfilters.5 \ +- shorewall-blacklist.5 shorewall-masq.5 shorewall-routes.5 shorewall-tcinterfaces.5 \ +- shorewall-blrules.5 shorewall-modules.5 shorewall-routestopped.5 shorewall-tcpri.5 \ +- shorewall-conntrack.5 shorewall-nat.5 shorewall-rtrules.5 shorewall-tcrules.5 \ +- shorewall-nesting.5 shorewall-rules.5 shorewall-tos.5 \ ++ shorewall-routes.5 shorewall-tcinterfaces.5 \ ++ shorewall-blrules.5 shorewall-modules.5 shorewall-tcpri.5 \ ++ shorewall-conntrack.5 shorewall-nat.5 shorewall-rtrules.5 \ ++ shorewall-nesting.5 shorewall-rules.5 \ + shorewall-exclusion.5 shorewall-netmap.5 shorewall-secmarks.5 shorewall-tunnels.5 \ + shorewall-hosts.5 shorewall-params.5 shorewall-snat.5 shorewall-vardir.5 \ + shorewall-interfaces.5 shorewall-policy.5 shorewall-stoppedrules.5 shorewall-zones.5 diff --git a/shorewall-config.patch b/shorewall-config.patch new file mode 100644 index 0000000..e2f5d79 --- /dev/null +++ b/shorewall-config.patch @@ -0,0 +1,21 @@ +diff -ur shorewall-5.2.0.4.orig/shorewall-5.2.0.4/configfiles/shorewall.conf shorewall-5.2.0.4/shorewall-5.2.0.4/configfiles/shorewall.conf +--- shorewall-5.2.0.4.orig/shorewall-5.2.0.4/configfiles/shorewall.conf 2018-05-18 17:18:09.000000000 +0000 ++++ shorewall-5.2.0.4/shorewall-5.2.0.4/configfiles/shorewall.conf 2018-06-14 21:47:03.135155987 +0000 +@@ -49,7 +49,7 @@ + + LOGALLNEW= + +-LOGFILE=/var/log/messages ++LOGFILE=/var/log/kernel + + LOGFORMAT="%s %s " + +@@ -101,7 +101,7 @@ + + RESTOREFILE=restore + +-SHOREWALL_SHELL=/bin/sh ++SHOREWALL_SHELL=/bin/bash + + SUBSYSLOCK=/var/lock/subsys/shorewall + diff --git a/shorewall.init b/shorewall.init new file mode 100755 index 0000000..e725f39 --- /dev/null +++ b/shorewall.init @@ -0,0 +1,71 @@ +#!/bin/sh +# +# shorewall The Shoreline Firewall (Shorewall) Packet Filtering Firewall +# +# chkconfig: 2345 10 89 +# +# description: Packet filtering firewall +# + +# Source function library +. /etc/rc.d/init.d/functions +. /usr/share/shorewall/functions + +# Get network config +. /etc/sysconfig/network + +# Check that networking is up +if is_yes "${NETWORKING}"; then + if [ ! -f /var/lock/subsys/network ]; then + msg_network_down shorewall + exit 1 + fi +else + exit 0 +fi + +start() { + if [ -f /var/lock/subsys/shorewall ]; then + msg_already_running shorewall + return + fi + + msg_starting "Shorewall" + deltext; ok + # FIXME: use daemon and handle OK/FAIL + exec /sbin/shorewall -q start >/dev/null + touch /var/lock/subsys/shorewall +} + +stop() { + if [ ! -f /var/lock/subsys/shorewall ]; then + msg_not_running shorewall + return + fi + + msg_stopping "Shorewall" + deltext; ok + # FIXME: use killproc or handle OK/FAIL manually + exec /sbin/shorewall stop >/dev/null + rm -f /var/lock/subsys/shorewall >/dev/null 2>&1 +} + +# See how we were called +case "$1" in + start) + ;; + stop) + ;; + status) + status shorewall + exec /sbin/shorewall status + exit $? + ;; + restart) + stop + start + ;; + *) + msg_usage "$0 {start|stop|restart|status}" + exit 3 +esac diff --git a/shorewall.spec b/shorewall.spec new file mode 100644 index 0000000..938f8fc --- /dev/null +++ b/shorewall.spec @@ -0,0 +1,268 @@ +# NOTE: +# A very helpful document for packaging Shorewall is "Anatomy of Shorewall 4.0" +# which is found at http://www.shorewall.net/Anatomy.html +# TODO +# - rc-script inits +Summary: Shoreline Firewall - an iptables-based firewall for Linux systems +Summary(pl.UTF-8): Shoreline Firewall - zapora sieciowa oparta na iptables +Name: shorewall +Version: 5.2.0.4 +Release: 0.1 +License: GPL +Group: Networking/Utilities +Source0: http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-%{version}.tar.bz2 +# Source0-md5: b8702d14846f890d263f5ea2447b5bed +Source1: http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-lite-%{version}.tar.bz2 +# Source1-md5: 0dd43f44f7555418ae2f153fbf7ce1ef +Source2: http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-%{version}.tar.bz2 +# Source2-md5: 14c87b9880bc69c82792854af45335e6 +Source3: http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}6-lite-%{version}.tar.bz2 +# Source3-md5: 9f03407f5f7dac39f286bdaf3ec051e8 +Source4: http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-init-%{version}.tar.bz2 +# Source4-md5: cf6b2a6c1a8827a99c1b3e717d42ccff +Source5: http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.0/%{name}-core-%{version}.tar.bz2 +# Source5-md5: be73e2f76b2438e7813f62873a50c203 +Source10: %{name}.init +Patch0: %{name}-config.patch +Patch1: tld.patch +Patch2: man.patch +Patch3: init.patch +URL: http://www.shorewall.net/ +BuildRequires: perl +BuildRequires: perl(Digest::SHA) +BuildRequires: bash >= 4.0 +BuildRequires: sed +Requires: %{name}-core = %{version}-%{release} +Requires: iproute2 +Requires: iptables +Requires(post): /sbin/chkconfig +BuildArch: noarch +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%define _libexecdir %{_prefix}/lib + +%description +The Shoreline Firewall, more commonly known as "Shorewall", is a +Netfilter (iptables) based firewall that can be used on a dedicated +firewall system, a multi-function gateway/ router/server or on a +standalone GNU/Linux system. + +%description -l pl.UTF-8 +Pakiet Shoreline Firewall, nazywany zwykle Shorewall, jest zaporą +sieciową opartą na wbudowanych w jądro Linuksa mechanizmach +filtrowania pakietów sieciowych (iptables). Shorewall jest bardzo +wszechstronny i może być wykorzystany jako zapora sieciowa, +wielofunkcyjna brama lub router. Pakiet ten łączy w sobie elastyczność +i prostotę konfiguracji. + +%package -n shorewall6 +Summary: Files for the IPV6 Shorewall Firewall +Group: Applications/System +Requires: %{name}-core = %{version}-%{release} +Requires: iproute2 +Requires: iptables +Provides: shorewall(firewall) = %{version}-%{release} +Requires(post): /sbin/chkconfig + +%description -n shorewall6 +This package contains the files required for IPV6 functionality of the +Shoreline Firewall (shorewall). + +%package lite +Summary: Shorewall firewall for compiled rulesets +Group: Applications/System +Requires: %{name}-core = %{version}-%{release} +Requires: iproute2 +Requires: iptables +Provides: shorewall(firewall) = %{version}-%{release} +Requires(post): /sbin/chkconfig + +%description lite +Shorewall Lite is a companion product to Shorewall that allows network +administrators to centralize the configuration of Shorewall-based +firewalls. Shorewall Lite runs a firewall script generated by a +machine with a Shorewall rule compiler. A machine running Shorewall +Lite does not need to have a Shorewall rule compiler installed. + +%package -n shorewall6-lite +Summary: Shorewall firewall for compiled IPV6 rulesets +Group: Applications/System +Requires: %{name}-core = %{version}-%{release} +Requires: iproute2 +Requires: iptables +Provides: shorewall(firewall) = %{version}-%{release} +Requires(post): /sbin/chkconfig + +%description -n shorewall6-lite +Shorewall6 Lite is a companion product to Shorewall6 (the IPV6 +firewall) that allows network administrators to centralize the +configuration of Shorewall-based firewalls. Shorewall Lite runs a +firewall script generated by a machine with a Shorewall rule compiler. +A machine running Shorewall Lite does not need to have a Shorewall +rule compiler installed. + +%package core +Summary: Core libraries for Shorewall +Group: Applications/System + +%description core +This package contains the core libraries for Shorewall. + +%package init +Summary: Initialization functionality and NetworkManager integration for Shorewall +Group: Applications/System +Requires: %{name} = %{version}-%{release} +Requires: NetworkManager +Requires: iproute2 +Requires: iptables +Requires: logrotate +Requires: shorewall(firewall) = %{version}-%{release} +Requires(post): /sbin/chkconfig + +%description init +This package adds additional initialization functionality to Shorewall +in two ways. It allows the firewall to be closed prior to bringing up +network devices. This insures that unwanted connections are not +allowed between the time that the network comes up and when the +firewall is started. It also integrates with NetworkManager and +distribution ifup/ifdown systems to allow for 'event-driven' startup +and shutdown. + +%prep +%setup -qcT -a0 -a1 -a2 -a3 -a4 -a5 +targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init" +for i in $targets; do + cp -p $i-%{version}/shorewallrc.{redhat,tld} + %{__sed} -i -r -e 's!RedHat/Fedora!TLD !; s/^HOST\=redhat/HOST\=tld/; /^(SERVICEDIR|SERVICEFILE)/d;' $i-%{version}/shorewallrc.tld +done +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +# Remove hash-bang from files which are not directly executed as shell +# scripts. This silences some rpmlint errors. +find -name 'lib.*' | xargs sed -i -e '/\#\!\/bin\/sh/d' + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT/etc/rc.d/init.d +install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/shorewall + +targets="shorewall-core shorewall shorewall-lite shorewall6 shorewall6-lite shorewall-init" +for i in $targets; do + cd $i-%{version} + ./configure \ + VENDOR=tld \ + LIBEXECDIR=%{_libexecdir} \ + SBINDIR=%{_sbindir} + + DESTDIR=$RPM_BUILD_ROOT ./install.sh + + cd - +done + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(644,root,root,755) +%doc shorewall-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples} +%attr(755,root,root) %{_sbindir}/shorewall +%dir %{_sysconfdir}/shorewall +%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall/* +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall +%{_datadir}/shorewall/action.* +%{_datadir}/shorewall/actions.std +%{_datadir}/shorewall/configfiles/ +%{_datadir}/shorewall/configpath +%{_datadir}/shorewall/helpers +%{_datadir}/shorewall/lib.cli-std +%{_datadir}/shorewall/lib.core +%{_datadir}/shorewall/lib.runtime +%{_datadir}/shorewall/macro.* +%{_datadir}/shorewall/modules* +%{_datadir}/shorewall/prog.* +%{_datadir}/shorewall/version +%attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl +%attr(755,root,root) %{_libexecdir}/shorewall/getparams +%{perl_vendorlib}/Shorewall +%{_mandir}/man5/shorewall* +%exclude %{_mandir}/man5/shorewall6* +%exclude %{_mandir}/man5/shorewall-lite* +%{_mandir}/man8/shorewall* +%exclude %{_mandir}/man8/shorewall6* +%exclude %{_mandir}/man8/shorewall-lite* +%exclude %{_mandir}/man8/shorewall-init* +%attr(754,root,root) /etc/rc.d/init.d/shorewall +%dir %{_localstatedir}/lib/shorewall + +%files lite +%defattr(644,root,root,755) +%doc shorewall-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt} +%attr(755,root,root) %{_sbindir}/shorewall-lite +%dir %{_sysconfdir}/shorewall-lite +%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall-lite/shorewall-lite.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall-lite +%{_datadir}/shorewall-lite +%{_libexecdir}/shorewall-lite +%{_mandir}/man5/shorewall-lite* +%{_mandir}/man8/shorewall-lite* +%attr(754,root,root) /etc/rc.d/init.d/shorewall-lite +%dir %{_localstatedir}/lib/shorewall-lite + +%files -n shorewall6 +%defattr(644,root,root,755) +%doc shorewall6-%{version}/{COPYING,changelog.txt,releasenotes.txt,Samples6} +%attr(755,root,root) %{_sbindir}/shorewall6 +%dir %{_sysconfdir}/shorewall6 +%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6/* +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6 +%{_mandir}/man5/shorewall6* +%exclude %{_mandir}/man5/shorewall6-lite* +%{_mandir}/man8/shorewall6* +%exclude %{_mandir}/man8/shorewall6-lite* +%{_datadir}/shorewall6 +%attr(754,root,root) /etc/rc.d/init.d/shorewall6 +%dir %{_localstatedir}/lib/shorewall6 + +%files -n shorewall6-lite +%defattr(644,root,root,755) +%doc shorewall6-lite-%{version}/{COPYING,changelog.txt,releasenotes.txt} +%attr(755,root,root) %{_sbindir}/shorewall6-lite +%dir %{_sysconfdir}/shorewall6-lite +%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/shorewall6-lite +%{_mandir}/man5/shorewall6-lite* +%{_mandir}/man8/shorewall6-lite* +%{_datadir}/shorewall6-lite +%dir %{_libexecdir}/shorewall6-lite +%{_libexecdir}/shorewall6-lite/shorecap +%attr(754,root,root) /etc/rc.d/init.d/shorewall6-lite +%dir %{_localstatedir}/lib/shorewall6-lite + +%files core +%defattr(644,root,root,755) +%doc shorewall-core-%{version}/{COPYING,changelog.txt,releasenotes.txt} +%dir %{_datadir}/shorewall/ +%{_datadir}/shorewall/coreversion +%{_datadir}/shorewall/functions +%{_datadir}/shorewall/lib.base +%{_datadir}/shorewall/lib.cli +%{_datadir}/shorewall/lib.common +%{_datadir}/shorewall/shorewallrc +%dir %{_libexecdir}/shorewall +%attr(755,root,root) %{_libexecdir}/shorewall/wait4ifup + +%files init +%defattr(644,root,root,755) +%doc shorewall-init-%{version}/{COPYING,changelog.txt,releasenotes.txt} +%attr(755,root,root) %{_sbindir}/shorewall-init +%attr(755,root,root) %{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/shorewall-init +/etc/logrotate.d/shorewall-init +%{_mandir}/man8/shorewall-init.8.* +%{_datadir}/shorewall-init +%dir %{_libexecdir}/shorewall-init +%attr(755,root,root) %{_libexecdir}/shorewall-init/ifupdown +%attr(754,root,root) /etc/rc.d/init.d/shorewall-init diff --git a/tld.patch b/tld.patch new file mode 100644 index 0000000..2f78cb3 --- /dev/null +++ b/tld.patch @@ -0,0 +1,113 @@ +diff -ur shorewall-5.2.0.4.orig/shorewall-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall-5.2.0.4/install.sh 2018-05-18 18:46:49.000000000 +0000 ++++ shorewall-5.2.0.4/shorewall-5.2.0.4/install.sh 2018-06-14 21:55:53.138150020 +0000 +@@ -215,6 +215,8 @@ + BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt_release ] ; then + BUILD=openwrt ++ elif [ -f /etc/tld-release ] ; then ++ BUILD=tld + else + BUILD=linux + fi +@@ -269,6 +271,9 @@ + openwrt) + echo "Installing OpenWRT-specific configuration..." + ;; ++ tld) ++ echo "Installing TLD-specific configuration..." ++ ;; + linux) + ;; + *) +diff -ur shorewall-5.2.0.4.orig/shorewall6-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall6-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall6-5.2.0.4/install.sh 2018-05-18 18:46:49.000000000 +0000 ++++ shorewall-5.2.0.4/shorewall6-5.2.0.4/install.sh 2018-06-14 21:56:25.519149655 +0000 +@@ -215,6 +215,8 @@ + BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt_release ] ; then + BUILD=openwrt ++ elif [ -f /etc/tld-release ] ; then ++ BUILD=tld + else + BUILD=linux + fi +@@ -269,6 +271,9 @@ + openwrt) + echo "Installing OpenWRT-specific configuration..." + ;; ++ tld) ++ echo "Installing TLD-specific configuration..." ++ ;; + linux) + ;; + *) +diff -ur shorewall-5.2.0.4.orig/shorewall6-lite-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall6-lite-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall6-lite-5.2.0.4/install.sh 2018-05-18 18:46:50.000000000 +0000 ++++ shorewall-5.2.0.4/shorewall6-lite-5.2.0.4/install.sh 2018-06-14 21:53:33.408151593 +0000 +@@ -266,6 +266,9 @@ + openwrt) + echo "Installing OpenWRT-specific configuration..." + ;; ++ tld) ++ echo "Installing TLD-specific configuration..." ++ ;; + linux) + ;; + *) +diff -ur shorewall-5.2.0.4.orig/shorewall-core-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall-core-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall-core-5.2.0.4/install.sh 2018-05-18 18:46:49.000000000 +0000 ++++ shorewall-5.2.0.4/shorewall-core-5.2.0.4/install.sh 2018-06-14 21:57:08.268149174 +0000 +@@ -190,6 +190,8 @@ + BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt_release ] ; then + BUILD=openwrt ++ elif [ -f /etc/tld-release ] ; then ++ BUILD=tld + else + BUILD=linux + fi +@@ -238,7 +240,7 @@ + apple) + echo "Installing Mac-specific configuration..."; + ;; +- debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt) ++ debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt|tld) + ;; + *) + fatal_error "Unknown HOST \"$HOST\"" +diff -ur shorewall-5.2.0.4.orig/shorewall-init-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall-init-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall-init-5.2.0.4/install.sh 2018-05-18 18:46:49.000000000 +0000 ++++ shorewall-5.2.0.4/shorewall-init-5.2.0.4/install.sh 2018-06-14 21:54:45.169150785 +0000 +@@ -201,6 +201,8 @@ + BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt_release ]; then + BUILD=openwrt ++ elif [ -f /etc/tld-release ] ; then ++ BUILD=tld + else + BUILD=linux + fi +@@ -253,6 +255,9 @@ + openwrt) + echo "Installing Openwrt-specific configuration..." + ;; ++ tld) ++ echo "Installing TLD-specific configuration..." ++ ;; + linux) + fatal_error "Shorewall-init is not supported on this system" + ;; +diff -ur shorewall-5.2.0.4.orig/shorewall-lite-5.2.0.4/install.sh shorewall-5.2.0.4/shorewall-lite-5.2.0.4/install.sh +--- shorewall-5.2.0.4.orig/shorewall-lite-5.2.0.4/install.sh 2018-05-18 18:46:50.000000000 +0000 ++++ shorewall-5.2.0.4/shorewall-lite-5.2.0.4/install.sh 2018-06-14 21:52:59.958151970 +0000 +@@ -266,6 +266,9 @@ + openwrt) + echo "Installing OpenWRT-specific configuration..." + ;; ++ tld) ++ echo "Installing TLD-specific configuration..." ++ ;; + linux) + ;; + *) -- 2.46.0