diff options
| author | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
|---|---|---|
| committer | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
| commit | f97ff910471fb3ae2c8ea69befecaae8cbf6dbea (patch) | |
| tree | 297ea34dee3ae68d71ca4a5175d1d478ce69be76 /pcr/vuurmuur | |
| parent | 9cce2f098d5d77a2748952e1221127b9f0614566 (diff) | |
+ barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork snort vuurmuur xtables-addons
Diffstat (limited to 'pcr/vuurmuur')
| -rw-r--r-- | pcr/vuurmuur/PKGBUILD | 139 | ||||
| -rw-r--r-- | pcr/vuurmuur/modules.conf | 3 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.install | 27 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.rc | 114 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.script | 88 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.service | 13 |
6 files changed, 384 insertions, 0 deletions
diff --git a/pcr/vuurmuur/PKGBUILD b/pcr/vuurmuur/PKGBUILD new file mode 100644 index 000000000..8aed82655 --- /dev/null +++ b/pcr/vuurmuur/PKGBUILD @@ -0,0 +1,139 @@ +# vim:set ts=2 sw=2 et ft=sh tw=100: expandtab +# Contributor: Piotr Rogoża <rogoza dot piotr at gmail dot com> +# Contributor: skydrome <skydrome@i2pmail.org> +# Contributor: Valere Monseur <valere_monseur@hotmail.com> +# Contributor: Phillip Smith <fukawi2@NO-SPAM.gmail.com> +# Contributor: (asper, noob +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO> + +pkgname=vuurmuur +_pkgname=Vuurmuur +pkgver=0.7 +pkgrel=1 +pkgdesc='powerful front-end for iptables aimed at system-administrators who need a decent firewall, but dont have netfilter specific knowledge' +arch=('i686' 'x86_64') +url='http://www.vuurmuur.org' +license=('GPL') +install='vuurmuur.install' +depends=('iptables' 'ncurses' 'libjpeg') +optdepends=('conntrack-tools: for connection tracking' + 'iproute2: for traffic shapping' + 'iptrafvol: for traffic volume logging') +conflicts=(vuurmuur-devel) +backup=('etc/vuurmuur/config.conf' + 'etc/vuurmuur/modules.conf' + 'etc/vuurmuur/vuurmuur_conf.conf' + 'etc/vuurmuur/plugins/textdir.conf' + 'etc/logrotate.d/vuurmuur') +source=( +ftp://ftp.vuurmuur.org/releases/$pkgver/${_pkgname}-$pkgver.tar.gz +modules.conf +vuurmuur.rc +vuurmuur.service +vuurmuur.script +) +build() { + cd ${srcdir}/${_pkgname}-${pkgver} + + for archive in libvuurmuur vuurmuur vuurmuur_conf; do + [[ ! -d "$archive" ]] && + tar xzf ${archive}-${pkgver}.tar.gz + done + + msg "building vuurmuur libraries..." + pushd libvuurmuur-${pkgver} + ./configure --prefix=/usr --sysconfdir=/etc + make + popd + + msg "building vuurmuur..." + pushd vuurmuur-${pkgver} + sed -i 's|-rpath|-rpath-link|' configure + LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src \ + -L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src/.libs \ + -Wl,-rpath=/usr/lib/${pkgname}/plugins" \ + ./configure --prefix=/usr --sysconfdir=/etc \ + --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" \ + --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" + make + popd + + msg "building vuurmuur_conf..." + pushd vuurmuur_conf-${pkgver} + sed -i 's|-rpath|-rpath-link|' configure + LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src \ + -L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src/.libs \ + -Wl,-rpath=/usr/lib/${pkgname}/plugins" \ + ./configure --prefix=/usr --sysconfdir=/etc \ + --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" \ + --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" + make + popd +} + +package() { + cd ${srcdir}/${_pkgname}-${pkgver} + + pushd libvuurmuur-${pkgver} + make DESTDIR=${pkgdir} install + popd + + pushd vuurmuur-${pkgver} + make DESTDIR=${pkgdir} install + popd + + pushd vuurmuur_conf-${pkgver} + make DESTDIR=${pkgdir} install + popd + + # make directory structure + install -dm700 ${pkgdir}/etc/${pkgname} + install -dm700 ${pkgdir}/etc/${pkgname}/plugins + install -dm700 ${pkgdir}/etc/logrotate.d/ + install -dm755 ${pkgdir}/usr/share/${pkgname}/textdir/{interfaces,services,zones,rules} + install -dm700 ${pkgdir}/var/log/${pkgname} + + # install daemon and log + install -Dm755 ${srcdir}/vuurmuur.rc ${pkgdir}/etc/rc.d/${pkgname} + install -Dm644 ${pkgdir}/usr/share/${pkgname}/scripts/vuurmuur-logrotate ${pkgdir}/etc/logrotate.d/${pkgname} + + # install systemd's files + install -Dm755 $srcdir/vuurmuur.script $pkgdir/usr/lib/systemd/scripts/vuurmuur + install -Dm644 $srcdir/vuurmuur.service $pkgdir/usr/lib/systemd/system/vuurmuur.service + + # install configuration + install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/config.conf.sample \ + ${pkgdir}/etc/${pkgname}/config.conf + install -Dm600 ${srcdir}/modules.conf ${pkgdir}/etc/${pkgname}/modules.conf + install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/vuurmuur_conf.conf.sample \ + ${pkgdir}/etc/${pkgname}/${pkgname}_conf.conf + + sed -i ${pkgdir}/etc/${pkgname}/config.conf \ + -e 's|"/sbin/tc|"/usr/sbin/tc|' \ + -e 's|"/sbin/ip6tables|"/usr/sbin/ip6tables|' \ + -e 's|"/sbin/iptables|"/usr/sbin/iptables|' \ + -e 's|"/sbin/ip6tables-restore|"/usr/sbin/ip6tables-restore|' \ + -e 's|"/sbin/iptables-restore|"/usr/sbin/iptables-restore|' \ + -e 's|"/var/log/messages|"/var/log/iptables.log|' + + sed -i ${pkgdir}/etc/${pkgname}/${pkgname}_conf.conf \ + -e 's|"/usr/bin/iptrafvol.pl|"/usr/sbin/iptrafvol.pl|' + + + echo "LOCATION=\"/etc/${pkgname}/textdir\"" > ${pkgdir}/etc/${pkgname}/plugins/textdir.conf + + # default firewall setup in /usr/share + touch ${pkgdir}/usr/share/${pkgname}/textdir/rules/rules.conf + touch ${pkgdir}/usr/share/${pkgname}/textdir/rules/blocklist.conf + + cp -R ${srcdir}/${_pkgname}-${pkgver}/zones/* ${pkgdir}/usr/share/${pkgname}/textdir/zones/ + mv ${pkgdir}/usr/share/${pkgname}/services/* ${pkgdir}/usr/share/${pkgname}/textdir/services/ + + # install licenses + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/lib${pkgname}/COPYING + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${pkgname}-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/${pkgname}/COPYING + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${pkgname}_conf-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/${pkgname}_conf/COPYING +} diff --git a/pcr/vuurmuur/modules.conf b/pcr/vuurmuur/modules.conf new file mode 100644 index 000000000..eda78a036 --- /dev/null +++ b/pcr/vuurmuur/modules.conf @@ -0,0 +1,3 @@ +# modules loaded by vuurmuur daemon +# ip_queue => not found +MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp" diff --git a/pcr/vuurmuur/vuurmuur.install b/pcr/vuurmuur/vuurmuur.install new file mode 100644 index 000000000..0f596b8c9 --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.install @@ -0,0 +1,27 @@ +post_install() { + if [[ ! -d /etc/vuurmuur/textdir ]]; then + # copy default firewall setup + cp -R /usr/share/vuurmuur/textdir /etc/vuurmuur/ + + # set permissions and ownership + chown -R root:root /etc/vuurmuur + chmod -R o=rwX,go= /etc/vuurmuur + chown -R root:root /var/log/vuurmuur + chmod -R o=rwX,go= /var/log/vuurmuur + + echo + echo "Default firewall setup has been installed in /etc/vuurmuur/textdir" + echo + echo "You can now setup your network topology and firewall rules using vuurmuur_conf" + echo "Don't forget to add 'vuurmuur' in /etc/rc.conf" + echo + echo "Usefull documentation can be found at http://www.vuurmuur.org" + echo + fi +} + +post_remove () { + echo + echo "Your firewall setup has been left unchanged in /etc/vuurmuur/textdir" + echo +} diff --git a/pcr/vuurmuur/vuurmuur.rc b/pcr/vuurmuur/vuurmuur.rc new file mode 100644 index 000000000..3b4d3e99e --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.rc @@ -0,0 +1,114 @@ +#!/bin/bash +# vi: ft=sh + +. /etc/rc.conf +. /etc/rc.d/functions + +# PID file +VUURMUURPID='/run/vuurmuur.pid' +VUURMUURLOGPID='/run/vuurmuur_log.pid' +case $1 in +start) + # initialize + stat_busy "Starting Vuurmuur Firewall" + STATUS="ok" + + # check if vuurmuur is configured + IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l` + if [ $IFNUM = 0 ]; then + stat_busy "Please configure Vuurmuur first by defining at least one interface." + stat_fail + exit 1 + fi + + # load modules + . /etc/vuurmuur/modules.conf + for MODULE in `echo $MODULES_TO_LOAD`; do + /sbin/modprobe $MODULE &>/dev/null + if [ $? != 0 ]; then + stat_busy "Error when loading module $MODULE. Check log files." + stat_fail + exit 1 + fi + done + + # start vuurmuur daemon + if [ ! -f $VUURMUURPID ]; then + /usr/bin/vuurmuur -l + if [ $? != 0 ]; then + stat_busy "Error when starting Vuurmuur daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURPID | cut -d " " -f 1` + stat_busy "Error when starting Vuurmuur daemon. Already running at pid $PID." + STATUS="failed" + fi + + # start vuurmuur log parsing daemon + if [ ! -f $VUURMUURLOGPID ]; then + /usr/bin/vuurmuur_log + if [ $? != 0 ]; then + stat_busy "Error when starting Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + stat_busy "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "ok" ]; then + add_daemon vuurmuur + stat_done + else + stat_fail + exit 1 + fi + ;; + +stop) + # initialize + stat_busy "Stopping Vuurmuur Firewall" + STATUS="ok" + + # stop vuurmuur log parsing daemon + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURLOGPID + else + stat_busy "Error when stopping Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + + # stop vuurmuur daemon + PID=`cat $VUURMUURPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURPID + else + stat_busy "Error when stopping Vuurmuur daemon. Check log files." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "ok" ]; then + rm_daemon vuurmuur + stat_done + else + stat_fail + exit 1 + fi + ;; + +restart) + $0 stop + $0 start + ;; + +*) + echo "Usage: $0 {start|stop|restart}" >&2 + exit 1 + +esac +exit 0 diff --git a/pcr/vuurmuur/vuurmuur.script b/pcr/vuurmuur/vuurmuur.script new file mode 100644 index 000000000..a643d6fbd --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.script @@ -0,0 +1,88 @@ +#!/bin/bash + +VUURMUURPID='/run/vuurmuur.pid' +VUURMUURLOGPID='/run/vuurmuur_log.pid' +start() { + IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l` + if [ $IFNUM = 0 ]; then + echo "Please configure Vuurmuur first by defining at least one interface." + exit 1 + fi + + # load modules + . /etc/vuurmuur/modules.conf + for MODULE in `echo $MODULES_TO_LOAD`; do + /sbin/modprobe $MODULE &>/dev/null + if [ $? != 0 ]; then + echo "Error when loading module $MODULE. Check log files." + exit 1 + fi + done + + # start vuurmuur daemon + if [ ! -f $VUURMUURPID ]; then + /usr/bin/vuurmuur -l + if [ $? != 0 ]; then + echo "Error when starting Vuurmuur daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURPID | cut -d " " -f 1` + echo "Error when starting Vuurmuur daemon. Already running at pid $PID." + STATUS="failed" + fi + + # start vuurmuur log parsing daemon + if [ ! -f $VUURMUURLOGPID ]; then + /usr/bin/vuurmuur_log + if [ $? != 0 ]; then + echo "Error when starting Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + echo "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "failed" ]; then + exit 1 + fi +} +stop() { + # initialize + echo "Stopping Vuurmuur Firewall" + STATUS="ok" + + # stop vuurmuur log parsing daemon + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURLOGPID + else + echo "Error when stopping Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + + # stop vuurmuur daemon + PID=`cat $VUURMUURPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURPID + else + echo "Error when stopping Vuurmuur daemon. Check log files." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "false" ]; then + exit 1 + fi +} +restart() { + $0 stop + $0 start +} + +case $1 in + start|stop|restart) "$1" ;; +esac diff --git a/pcr/vuurmuur/vuurmuur.service b/pcr/vuurmuur/vuurmuur.service new file mode 100644 index 000000000..3defcaa82 --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.service @@ -0,0 +1,13 @@ +# vi: ft=systemd +[Unit] +Description=Powerful front-end for iptables +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/lib/systemd/scripts/vuurmuur start +ExecStop=/usr/lib/systemd/scripts/vuurmuur stop +ExecReload=/usr/lib/systemd/scripts/vuurmuur restart + +[Install] +WantedBy=multi-user.target |