diff options
Diffstat (limited to 'network/arno-iptables-firewall')
8 files changed, 49 insertions, 44 deletions
diff --git a/network/arno-iptables-firewall/CHANGELOG b/network/arno-iptables-firewall/CHANGELOG index 6c59e6c89f..9df084edc3 100644 --- a/network/arno-iptables-firewall/CHANGELOG +++ b/network/arno-iptables-firewall/CHANGELOG @@ -1,9 +1,12 @@ Changes to this SlackBuild since version 2.0.1d ----------------------------------------------- -* Modified patch for configuration script: better behavior of the - script if empty values are entered. -* Updated links to homepage and to source tarball. -* Moved patches and conf.d.readme file to new "files/" directory. -* SlackBuild cleanup. +* 2.0.1e, SBo-1: + - modified patch for configuration script: better behavior of + the script if empty values are entered; + - updated links to homepage and to source tarball; + - moved patches and "conf.d.readme" to new "files/" directory; + - SlackBuild cleanup. +* 2.0.1e, SBo-2: + - better handling of executables; a few adds and edits. diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README index 1ab26e62de..c90b74baf3 100644 --- a/network/arno-iptables-firewall/README +++ b/network/arno-iptables-firewall/README @@ -1,8 +1,8 @@ arno-iptables-firewall is a front-end for iptables. Its configuration script will set up a secure and restrictive firewall by just asking a few questions. This includes configuring internal networks for Internet -access via NAT and network services like http or ssh. Moreover, it -provides many advanced additional features that can be enabled in the +access via NAT and potential network services like http or ssh. Moreover, +it provides many advanced additional features that can be enabled in the well documented configuration file. PLEASE NOTE - The setup script is NOT going to be run automatically @@ -12,7 +12,8 @@ issue the following command: # arno-iptables-firewall-configure To enable firewall startup at boot-time you'll need to create a symlink -as follows (remove the link to disable automatic firewall startup): +as follows (remove the link to disable automatic firewall startup, or +"chmod -x" the startup script for the same result): # ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall # chmod +x /etc/rc.d/rc.arno-iptables-firewall @@ -24,7 +25,7 @@ of the following commands: # arno-iptables-firewall start -IMPORTANT - Here are some security notes from the upstream author: +IMPORTANT - A few security notes from the upstream author: 1) If possible, make sure that the firewall is started before the (ADSL) Internet connection is enabled. For a ppp-interface that doesn't exist diff --git a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild index a3fbecded7..dd26d5775d 100644 --- a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild +++ b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for arno-iptables-firewall -# Copyright 2013-2014 Philip Lacroix <philnx at posteo at de> +# Copyright 2013-2014 Philip Lacroix <philnx at posteo dot de> # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -22,11 +22,13 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# Thanks to Matteo Bernardini and Robby Workman for their valuable remarks. +# Thanks to Matteo Bernardini and Robby Workman for their valuable remarks +# after the first submission of this SlackBuild. PRGNAM=arno-iptables-firewall +SRCNAM=aif VERSION=${VERSION:-2.0.1e} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} CWD=$(pwd) @@ -39,10 +41,10 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf aif-$VERSION +rm -rf $SRCNAM-$VERSION tar xvf $CWD/$VERSION.tar.gz -cd aif-$VERSION +cd $SRCNAM-$VERSION chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ @@ -56,11 +58,11 @@ PRGSHR=$PKG/usr/share/$PRGNAM PRGDOC=$PKG/usr/doc/$PRGNAM-$VERSION PRGMAN=$PKG/usr/man -# Copy firewall, log filter and configuration executables -mkdir -p $PRGBIN -cp -a ./bin/$PRGNAM $PRGBIN/ -cp -a ./configure.sh $PRGBIN/$PRGNAM-configure -cp -a ./bin/arno-fwfilter $PRGBIN/ +# Install configuration, log filter and firewall executables; set +# permissions. +install -m 0755 -D ./configure.sh $PRGBIN/$PRGNAM-configure +install -m 0755 ./bin/arno-fwfilter $PRGBIN/ +install -m 0755 ./bin/$PRGNAM $PRGBIN/ # Patch the configuration script. We need this in order to be able to # run the script from outside the source directory as well. We're going @@ -81,7 +83,7 @@ cp -a ./bin/arno-fwfilter $PRGBIN/ # in order to start up the firewall at boot-time in a proper way. patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff -# Copy and compress man pages +# Copy and compress man pages. mkdir -p $PRGMAN cp -a ./share/man/* $PRGMAN/ find $PRGMAN -type f -exec gzip -9 {} \; @@ -108,11 +110,10 @@ ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/ # Install startup script and set permissions; apply patch to fix path # to the executable file and make comments more consistent with the # Slackware system. -mkdir -p $PKG/etc/rc.d/ -install -m 0644 ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM +install -m 0644 -D ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff -# Copy documentation, include third-party sample files. +# Copy documentation, including third-party sample files. mkdir -p $PRGDOC/contrib for doc in README CHANGELOG gpl_license.txt ; do cp -a ./${doc} $PRGDOC/ diff --git a/network/arno-iptables-firewall/arno-iptables-firewall.info b/network/arno-iptables-firewall/arno-iptables-firewall.info index 22a9e6c652..949313ff8b 100644 --- a/network/arno-iptables-firewall/arno-iptables-firewall.info +++ b/network/arno-iptables-firewall/arno-iptables-firewall.info @@ -7,4 +7,4 @@ DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" MAINTAINER="Philip Lacroix" -EMAIL="philnx at posteo dot de" +EMAIL="philnx at bluebottle dot com" diff --git a/network/arno-iptables-firewall/conf.d.readme b/network/arno-iptables-firewall/conf.d.readme deleted file mode 100644 index e64d1b133e..0000000000 --- a/network/arno-iptables-firewall/conf.d.readme +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/arno-iptables-firewall/conf.d/ - -Files with a .conf extension in this directory will be sourced by the -environment file. - diff --git a/network/arno-iptables-firewall/files/patch-configuration-script.diff b/network/arno-iptables-firewall/files/patch-configuration-script.diff index de7aec5dbd..dacac17330 100644 --- a/network/arno-iptables-firewall/files/patch-configuration-script.diff +++ b/network/arno-iptables-firewall/files/patch-configuration-script.diff @@ -19,13 +19,13 @@ --- > else 86a92,94 -> # This is needed in order to allow function change_conf_var() +> # This is needed in order to allow the function change_conf_var() > # to remove values for previously set open ports. > change_conf_var "$2" "$3" "" 216a225,231 > else -> # Remove previously set values related to the internal interface -> # if no internal interface is entered with this script. +> # Remove previously set values related to the internal interface, if +> # no internal interface is entered with this script. > change_conf_var "$FIREWALL_CONF" "INT_IF" "" > change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" "" > change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" "" @@ -92,8 +92,8 @@ > echo "** **" > echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **" > echo "** **" -> echo "** Simply delete the link if you wish to disable firewall startup **" -> echo "** at boot-time. **" +> echo "** Delete the link if you wish to disable firewall startup at boot- **" +> echo "** time, or \"chmod -x\" the startup script for the same result. **" > echo "-------------------------------------------------------------------------------" > echo "" 277d293 diff --git a/network/arno-iptables-firewall/files/patch-startup-script.diff b/network/arno-iptables-firewall/files/patch-startup-script.diff index c4b947d4e7..c31514e260 100644 --- a/network/arno-iptables-firewall/files/patch-startup-script.diff +++ b/network/arno-iptables-firewall/files/patch-startup-script.diff @@ -6,19 +6,24 @@ < # Provides: arno-iptables-firewall --- > # Provides: rc.arno-iptables-firewall -16,20c16,21 +15,21c15,23 +< ############################################################################################ < # You should put this script in eg. "/etc/init.d/" . # < # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it # < # If you want to run it upon boot, either add an entry in your "/etc/rc.d/rc.local" or # < # (for eg. Debian) in "/etc/rcS.d/" create a symlink to the arno-iptables-firewall script # < # ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script"). # +< ############################################################################################ --- -> # You should put this script in "/etc/rc.d/". # -> # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. # -> # If you want to run it upon boot, either create an "/etc/rc.d/rc.firewall" symlink to the # -> # present script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") or # -> # edit the network system startup script "/etc/rc.d/rc.inet2" by renaming both occurrences # -> # of "rc.firewall" to match this script's name (i.e. "rc.arno-iptables-firewall"). # +> ################################################################################ +> # You should put this script in "/etc/rc.d/". # +> # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. # +> # If you want to run it upon boot, either create an "rc.firewall" link to this # +> # script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") # +> # or edit the network system startup script "/etc/rc.d/rc.inet2", by renaming # +> # both occurrences of "rc.firewall" to match the name ot this script, that is, # +> # "rc.arno-iptables-firewall". # +> ################################################################################ 24c25 < PROGRAM="/usr/local/sbin/arno-iptables-firewall" --- diff --git a/network/arno-iptables-firewall/slack-desc b/network/arno-iptables-firewall/slack-desc index 89cec36c72..e6bdb751a9 100644 --- a/network/arno-iptables-firewall/slack-desc +++ b/network/arno-iptables-firewall/slack-desc @@ -11,9 +11,9 @@ arno-iptables-firewall: arno-iptables-firewall: arno-iptables-firewall is a front-end for iptables. Its configuration arno-iptables-firewall: script will setup a secure and restrictive firewall by just asking a arno-iptables-firewall: few questions. This includes the configuration of internal networks -arno-iptables-firewall: for Internet access via NAT and network services like http or ssh. -arno-iptables-firewall: Moreover, it provides many advanced additional features that can be -arno-iptables-firewall: enabled in the well documented configuration file. +arno-iptables-firewall: for Internet access via NAT and potential network services like http +arno-iptables-firewall: or ssh. Moreover, it provides many advanced additional features that +arno-iptables-firewall: can be enabled in the well documented configuration file. arno-iptables-firewall: arno-iptables-firewall: https://github.com/arno-iptables-firewall/aif arno-iptables-firewall: |