From 82c7fab9a616a77c9a9737606aafe8f010a0db5a Mon Sep 17 00:00:00 2001
From: "W. van den Akker" <wvdakker@wilsoft.nl>
Date: Mon, 13 Nov 2017 08:06:50 +0100
Subject: [PATCH] Shorewall6: Add full package.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
---
 net/shorewall6/Makefile                       | 74 +++++++++++++++++++
 net/shorewall6/files/hostname                 |  3 +
 net/shorewall6/files/hotplug_iface            | 13 ++++
 net/shorewall6/files/shorewall6.init          | 32 ++++++++
 net/shorewall6/files/vardir                   |  2 +
 .../patches/010-update_install_sh.patch       | 23 ++++++
 net/shorewall6/patches/120-logfile.patch      | 22 ++++++
 7 files changed, 169 insertions(+)
 create mode 100644 net/shorewall6/Makefile
 create mode 100644 net/shorewall6/files/hostname
 create mode 100644 net/shorewall6/files/hotplug_iface
 create mode 100644 net/shorewall6/files/shorewall6.init
 create mode 100644 net/shorewall6/files/vardir
 create mode 100644 net/shorewall6/patches/010-update_install_sh.patch
 create mode 100644 net/shorewall6/patches/120-logfile.patch

diff --git a/net/shorewall6/Makefile b/net/shorewall6/Makefile
new file mode 100644
index 0000000000..23638a9115
--- /dev/null
+++ b/net/shorewall6/Makefile
@@ -0,0 +1,74 @@
+#
+# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2017 Willem van den Akker <wvdakker@wilsoft.nl>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=shorewall6
+PKG_VERSION:=5.1.8.1
+PKG_DIRECTORY:=5.1
+PKG_MAINVERSION:=5.1.8
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/$(PKG_DIRECTORY)/shorewall-$(PKG_MAINVERSION)/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_HASH:=fde5b7a9eb0d4241ef3dfb8392b93f86a974c76cec8b05bd946bc12f509aca8e
+PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
+PKG_LICENSE:=GPL-2.0+
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shorewall6
+    SECTION:=net
+    CATEGORY:=Network
+    DEPENDS:=+ip +ip6tables +kmod-ipt-hashlimit +kmod-ipt-raw6 +iptables-mod-hashlimit +shorewall-core \
+		+perl +perlbase-autoloader +perlbase-autouse +perlbase-dynaloader +perlbase-digest \
+		+perlbase-findbin +perlbase-getopt +perlbase-hash
+    TITLE:=Shorewall6 Central Administration System
+    URL:=http://www.shorewall.net/
+    SUBMENU:=Firewall
+endef
+
+define Package/shorewall6/description
+	The Shoreline Firewall, is high-level tool for configuring Netfilter.
+
+	Shorewall allows for central administration of multiple IPv6 firewalls.
+	This is the full Shorewall product which will compile Shorewall scripts
+	It is not recommended to run it on a low memory system.
+
+	Note: This is the IPv6 implementation of Shorewall.
+	      This full Shorewal packages also installs Perl which can make the image big (about +2M).
+endef
+
+CONFIGURE_ARGS += \
+	vendor=openwrt
+
+define Package/shorewall6/conffiles
+/etc/shorewall6/
+endef
+
+define Build/Compile
+	DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh
+endef
+
+define Package/shorewall6/install
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_DIR) $(1)/etc/shorewall6/
+	$(INSTALL_DIR) $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/share/shorewall6/
+	$(INSTALL_BIN) ./files/hostname $(1)/etc/shorewall6/
+	$(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall6
+	$(INSTALL_BIN) ./files/shorewall6.init $(1)/etc/init.d/shorewall6
+	$(INSTALL_BIN) ./files/vardir $(1)/etc/shorewall6/
+	$(CP) $(PKG_INSTALL_DIR)/etc/shorewall6/. $(1)/etc/shorewall6/
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/shorewall6 $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall6/. $(1)/usr/share/shorewall6/
+endef
+
+$(eval $(call BuildPackage,shorewall6))
diff --git a/net/shorewall6/files/hostname b/net/shorewall6/files/hostname
new file mode 100644
index 0000000000..29c736ec6f
--- /dev/null
+++ b/net/shorewall6/files/hostname
@@ -0,0 +1,3 @@
+#!/bin/sh
+uci get system.@system[0].hostname
+
diff --git a/net/shorewall6/files/hotplug_iface b/net/shorewall6/files/hotplug_iface
new file mode 100644
index 0000000000..aaa03e8a92
--- /dev/null
+++ b/net/shorewall6/files/hotplug_iface
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# should restart shorewall when an interface comes up
+
+case "$ACTION" in
+    ifup)
+        /etc/init.d/shorewall6 restart
+        ;;
+    ifdown)
+        # might need to restore some routing
+        /etc/init.d/shorewall6 restart
+        ;;
+esac
diff --git a/net/shorewall6/files/shorewall6.init b/net/shorewall6/files/shorewall6.init
new file mode 100644
index 0000000000..5f74de386c
--- /dev/null
+++ b/net/shorewall6/files/shorewall6.init
@@ -0,0 +1,32 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=50
+
+load_params () {
+    . /usr/share/shorewall/shorewallrc
+}
+
+start_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS start $STARTOPTIONS
+}
+
+stop_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS stop $STOPOPTIONS
+}
+
+restart_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS restart $RESTARTOPTIONS
+}
+
+reload_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall -6 $OPTIONS reload $RESTARTOPTIONS
+}
diff --git a/net/shorewall6/files/vardir b/net/shorewall6/files/vardir
new file mode 100644
index 0000000000..f9a55a81e2
--- /dev/null
+++ b/net/shorewall6/files/vardir
@@ -0,0 +1,2 @@
+VARDIR=/tmp/state
+
diff --git a/net/shorewall6/patches/010-update_install_sh.patch b/net/shorewall6/patches/010-update_install_sh.patch
new file mode 100644
index 0000000000..948c365a0e
--- /dev/null
+++ b/net/shorewall6/patches/010-update_install_sh.patch
@@ -0,0 +1,23 @@
+Index: shorewall6-5.1.4.1/install.sh
+===================================================================
+--- shorewall6-5.1.4.1.orig/install.sh	2017-05-26 17:39:12.000000000 +0200
++++ shorewall6-5.1.4.1/install.sh	2017-06-06 21:22:46.124285327 +0200
+@@ -213,6 +213,8 @@
+ 		BUILD=suse
+ 	    elif [ -f /etc/arch-release ] ; then
+ 		BUILD=archlinux
++	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
++		BUILD=openwrt
+ 	    else
+ 		BUILD=linux
+ 	    fi
+@@ -264,6 +266,9 @@
+     archlinux)
+ 	echo "Installing ArchLinux-specific configuration..."
+ 	;;
++    openwrt)
++	echo "Installing OpenWRT-specific configuration..."
++	;;
+     linux)
+ 	;;
+     *)
diff --git a/net/shorewall6/patches/120-logfile.patch b/net/shorewall6/patches/120-logfile.patch
new file mode 100644
index 0000000000..3f7d41fc03
--- /dev/null
+++ b/net/shorewall6/patches/120-logfile.patch
@@ -0,0 +1,22 @@
+Index: shorewall6-5.1.4.1/configfiles/shorewall6.conf
+===================================================================
+--- shorewall6-5.1.4.1.orig/configfiles/shorewall6.conf	2017-10-05 11:28:34.893849703 +0200
++++ shorewall6-5.1.4.1/configfiles/shorewall6.conf	2017-10-05 11:29:13.047785350 +0200
+@@ -34,7 +34,7 @@
+ #			       L O G G I N G
+ ###############################################################################
+ 
+-LOG_LEVEL="info"
++LOG_LEVEL="warn"
+ 
+ BLACKLIST_LOG_LEVEL=
+ 
+@@ -98,7 +98,7 @@
+ 
+ SHOREWALL_SHELL=/bin/sh
+ 
+-SUBSYSLOCK=/var/lock/subsys/shorewall6
++SUBSYSLOCK=/var/lock/shorewall6
+ 
+ TC=
+