Shorewall6: Add full package.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
2017-11-13 08:06:50 +01:00 · 2017-11-13 08:06:50 +01:00 · 82c7fab9a6
parent 47889003d9
commit 82c7fab9a6
7 changed files with 169 additions and 0 deletions
--- a/net/shorewall6/Makefile
+++ b/net/shorewall6/Makefile
@ -0,0 +1,74 @@
+#
+# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2017 Willem van den Akker <wvdakker@wilsoft.nl>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=shorewall6
+PKG_VERSION:=5.1.8.1
+PKG_DIRECTORY:=5.1
+PKG_MAINVERSION:=5.1.8
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/$(PKG_DIRECTORY)/shorewall-$(PKG_MAINVERSION)/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_HASH:=fde5b7a9eb0d4241ef3dfb8392b93f86a974c76cec8b05bd946bc12f509aca8e
+PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
+PKG_LICENSE:=GPL-2.0+
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shorewall6
+    SECTION:=net
+    CATEGORY:=Network
+    DEPENDS:=+ip +ip6tables +kmod-ipt-hashlimit +kmod-ipt-raw6 +iptables-mod-hashlimit +shorewall-core \
+		+perl +perlbase-autoloader +perlbase-autouse +perlbase-dynaloader +perlbase-digest \
+		+perlbase-findbin +perlbase-getopt +perlbase-hash
+    TITLE:=Shorewall6 Central Administration System
+    URL:=http://www.shorewall.net/
+    SUBMENU:=Firewall
+endef
+
+define Package/shorewall6/description
+	The Shoreline Firewall, is high-level tool for configuring Netfilter.
+
+	Shorewall allows for central administration of multiple IPv6 firewalls.
+	This is the full Shorewall product which will compile Shorewall scripts
+	It is not recommended to run it on a low memory system.
+
+	Note: This is the IPv6 implementation of Shorewall.
+	      This full Shorewal packages also installs Perl which can make the image big (about +2M).
+endef
+
+CONFIGURE_ARGS += \
+	vendor=openwrt
+
+define Package/shorewall6/conffiles
+/etc/shorewall6/
+endef
+
+define Build/Compile
+	DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh
+endef
+
+define Package/shorewall6/install
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_DIR) $(1)/etc/shorewall6/
+	$(INSTALL_DIR) $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/share/shorewall6/
+	$(INSTALL_BIN) ./files/hostname $(1)/etc/shorewall6/
+	$(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall6
+	$(INSTALL_BIN) ./files/shorewall6.init $(1)/etc/init.d/shorewall6
+	$(INSTALL_BIN) ./files/vardir $(1)/etc/shorewall6/
+	$(CP) $(PKG_INSTALL_DIR)/etc/shorewall6/. $(1)/etc/shorewall6/
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/shorewall6 $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall6/. $(1)/usr/share/shorewall6/
+endef
+
+$(eval $(call BuildPackage,shorewall6))
--- a/net/shorewall6/files/hostname
+++ b/net/shorewall6/files/hostname
@ -0,0 +1,3 @@
+#!/bin/sh
+uci get system.@system[0].hostname
+
--- a/net/shorewall6/files/hotplug_iface
+++ b/net/shorewall6/files/hotplug_iface
@ -0,0 +1,13 @@
+#!/bin/sh
+
+# should restart shorewall when an interface comes up
+
+case "$ACTION" in
+    ifup)
+        /etc/init.d/shorewall6 restart
+        ;;
+    ifdown)
+        # might need to restore some routing
+        /etc/init.d/shorewall6 restart
+        ;;
+esac
--- a/net/shorewall6/files/shorewall6.init
+++ b/net/shorewall6/files/shorewall6.init
@ -0,0 +1,32 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=50
+
+load_params () {
+    . /usr/share/shorewall/shorewallrc
+}
+
+start_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS start $STARTOPTIONS
+}
+
+stop_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS stop $STOPOPTIONS
+}
+
+restart_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS restart $RESTARTOPTIONS
+}
+
+reload_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS reload $RESTARTOPTIONS
+}
--- a/net/shorewall6/files/vardir
+++ b/net/shorewall6/files/vardir
@ -0,0 +1,2 @@
+VARDIR=/tmp/state
+
--- a/net/shorewall6/patches/010-update_install_sh.patch
+++ b/net/shorewall6/patches/010-update_install_sh.patch
@ -0,0 +1,23 @@
+Index: shorewall6-5.1.4.1/install.sh
+===================================================================
+--- shorewall6-5.1.4.1.orig/install.sh	2017-05-26 17:39:12.000000000 +0200
+++ shorewall6-5.1.4.1/install.sh	2017-06-06 21:22:46.124285327 +0200
+@@ -213,6 +213,8 @@
+ 		BUILD=suse
+ 	    elif [ -f /etc/arch-release ] ; then
+ 		BUILD=archlinux
+	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
+		BUILD=openwrt
+ 	    else
+ 		BUILD=linux
+ 	    fi
+@@ -264,6 +266,9 @@
+     archlinux)
+ 	echo "Installing ArchLinux-specific configuration..."
+ 	;;
+    openwrt)
+	echo "Installing OpenWRT-specific configuration..."
+	;;
+     linux)
+ 	;;
+     *)
--- a/net/shorewall6/patches/120-logfile.patch
+++ b/net/shorewall6/patches/120-logfile.patch
@ -0,0 +1,22 @@
+Index: shorewall6-5.1.4.1/configfiles/shorewall6.conf
+===================================================================
+--- shorewall6-5.1.4.1.orig/configfiles/shorewall6.conf	2017-10-05 11:28:34.893849703 +0200
+++ shorewall6-5.1.4.1/configfiles/shorewall6.conf	2017-10-05 11:29:13.047785350 +0200
+@@ -34,7 +34,7 @@
+ #			       L O G G I N G
+ ###############################################################################
+ 
+-LOG_LEVEL="info"
+LOG_LEVEL="warn"
+ 
+ BLACKLIST_LOG_LEVEL=
+ 
+@@ -98,7 +98,7 @@
+ 
+ SHOREWALL_SHELL=/bin/sh
+ 
+-SUBSYSLOCK=/var/lock/subsys/shorewall6
+SUBSYSLOCK=/var/lock/shorewall6
+ 
+ TC=
+