arno-iptables-firewall

3 files changed, 108 insertions, 0 deletions

diff --git a/pcr/arno-iptables-firewall/PKGBUILD b/pcr/arno-iptables-firewall/PKGBUILD
new file mode 100644
index 000000000..f0def1909
--- /dev/null
+++ b/pcr/arno-iptables-firewall/PKGBUILD
@@ -0,0 +1,69 @@
+# Contributor (Arch)     : Jaroslav Lichtblau <dragonlord@aur.archlinux.org>
+# Contributor (Arch)     : Arto Puranen <purcher@gmail.com>
+# Maintainer  (Parabola) : Aurélien DESBRIÈRES <aurelien@hackers.camp>
+
+pkgname=arno-iptables-firewall
+pkgver=2.0.1d
+pkgrel=2
+pkgdesc="A secure stateful firewall for both single and multi-homed machine"
+arch=('any')
+url=(http://rocky.eld.leidenuniv.nl/joomla/)
+license=('GPL')
+depends=('iptables' 'iproute2')
+makedepends=('patch')
+backup=(etc/${pkgname}/firewall.conf
+        etc/${pkgname}/custom-rules
+        etc/${pkgname}/plugins/dmz-dnat.conf
+        etc/${pkgname}/plugins/dsl-ppp-modem.conf
+        etc/${pkgname}/plugins/dyndns-host-open.conf
+        etc/${pkgname}/plugins/ids-protection.conf
+        etc/${pkgname}/plugins/ipsec-vpn.conf
+        etc/${pkgname}/plugins/ipv6-over-ipv4.conf
+        etc/${pkgname}/plugins/linux-upnp-igd.conf
+        etc/${pkgname}/plugins/mac-address-filter.conf
+        etc/${pkgname}/plugins/multiroute.conf
+        etc/${pkgname}/plugins/sip-voip.conf
+        etc/${pkgname}/plugins/ssh-brute-force-protection.conf
+        etc/${pkgname}/plugins/traffic-accounting.conf
+        etc/${pkgname}/plugins/traffic-shaper.conf
+        etc/${pkgname}/plugins/transparent-dnat.conf
+        etc/${pkgname}/plugins/transparent-proxy.conf)
+source=(http://rocky.eld.leidenuniv.nl/${pkgname}/${pkgname}_${pkgver}.tar.gz
+        ${pkgname}.patch \
+        ${pkgname}.service)
+
+package() {
+  cd ${srcdir}/${pkgname}_${pkgver}
+
+# patch
+  patch -Np0 -i ${srcdir}/${pkgname}.patch
+
+# conf files
+  install -d -m 0755 etc/${pkgname}/plugins/ ${pkgdir}/etc/${pkgname}/plugins/
+  for i in `find etc/${pkgname} -type f`; do install -T -m 0600 $i ${pkgdir}/$i ;done
+  install -D -m 0644 share/${pkgname}/environment ${pkgdir}/usr/share/${pkgname}/environment
+
+# plugins
+  install -d -m 0755 share/${pkgname}/plugins/ ${pkgdir}/usr/share/${pkgname}/plugins/
+  for i in share/${pkgname}/plugins/*plugin; do install -T -m 0644 $i ${pkgdir}/usr/$i ;done
+  install -D -m 0744 share/${pkgname}/plugins/dyndns-host-open-helper \
+    ${pkgdir}/usr/share/${pkgname}/plugins/dyndns-host-open-helper
+  install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-helper \
+    ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-helper
+  install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-log-rotate \
+    ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-log-rotate
+  install -D -m 0744 share/${pkgname}/plugins/traffic-accounting-show \
+    ${pkgdir}/usr/share/${pkgname}/plugins/traffic-accounting-show
+
+# binary
+  install -D -m 0744 bin/${pkgname} ${pkgdir}/usr/bin/${pkgname}
+  install -D -m 0744 bin/arno-fwfilter ${pkgdir}/usr/bin/arno-fwfilter
+  install -D -m 0744 contrib/adsl-failover ${pkgdir}/usr/bin/adsl-failover
+
+# man files
+  install -D -m 0644 share/man/man1/arno-fwfilter.1 ${pkgdir}/usr/share/man/man1/arno-fwfilter.1 
+  install -D -m 0644 share/man/man8/${pkgname}.8 ${pkgdir}/usr/share/man/man8/${pkgname}.8
+
+# systemd script
+  install -D -m 0644 ${srcdir}/${pkgname}.service ${pkgdir}/usr/lib/systemd/system/${pkgname}.service
+}
diff --git a/pcr/arno-iptables-firewall/arno-iptables-firewall.patch b/pcr/arno-iptables-firewall/arno-iptables-firewall.patch
new file mode 100644
index 000000000..298d0c0b8
--- /dev/null
+++ b/pcr/arno-iptables-firewall/arno-iptables-firewall.patch
@@ -0,0 +1,25 @@
+--- etc/arno-iptables-firewall/firewall.conf	2010-12-30 13:17:02.000000000 +0100
++++ etc/arno-iptables-firewall/firewall.conf	2011-01-22 21:10:39.000000000 +0100
+@@ -233,18 +233,18 @@
+ # 'whereis iptables' to manually locate it), required for (default) IPv4 support
+ # -----------------------------------------------------------------------------
+-IP4TABLES="/sbin/iptables"
++IP4TABLES="/usr/bin/iptables"
+ 
+ # (EXPERT SETTING!) Location of the ip6tables-binary (use 'locate ip6tables' or
+ # 'whereis ip6tables' to manually locate it), required for IPv6 support
+ # -----------------------------------------------------------------------------
+-IP6TABLES="/sbin/ip6tables"
++IP6TABLES="/usr/bin/ip6tables"
+ 
+ # (EXPERT SETTING!) Location of the environment file
+ # -----------------------------------------------------------------------------
+-ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
++ENV_FILE="/usr/share/arno-iptables-firewall/environment"
+ 
+ # (EXPERT SETTING!) Location of plugin binary & config files
+ # -----------------------------------------------------------------------------
+-PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
++PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
+ PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
+ 
diff --git a/pcr/arno-iptables-firewall/arno-iptables-firewall.service b/pcr/arno-iptables-firewall/arno-iptables-firewall.service
new file mode 100644
index 000000000..2d81c9869
--- /dev/null
+++ b/pcr/arno-iptables-firewall/arno-iptables-firewall.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=A secure stateful firewall for both single and multi-homed machine
+Before=network.target
+Wants=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/arno-iptables-firewall start
+ExecStop=/usr/bin/arno-iptables-firewall stop
+ExecReload=/usr/bin/arno-iptables-firewall force-reload
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target