Группа :: Безопасность/Сети
Пакет: SuSEfirewall2
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Name: SuSEfirewall2
Version: 3.6_SVNr183
Release: alt1
License: GPL
Group: Security/Networking
Packager: Evgenii Terechkov <evg at altlinux.ru>
Provides: personal-firewall SuSEfirewall
Obsoletes: personal-firewall SuSEfirewall
Summary: Stateful Packet Filter Using iptables and netfilter
Source: %name-%version.tar.bz2
Patch0: %name-alt-main.patch
Patch1: %name-alt-bashizms.patch
Patch2: %name-alt-Makefile.patch
BuildArch: noarch
BuildPreReq: perl-Net-DNS
%description
SuSEfirewall2 implements a packet filter to allow system administrators
to protect their computer and network by restricting the possibility of
other hosts connecting to them. This potentially saves you from
suffering under the design flaws and vulnerabilities that are found in
various daemons.
SuSEfirewall2 uses the iptables and netfilter packet filtering
infrastructure, which allows a flexible rule setup and the creation of
a stateful firewall, because it keeps track of connections and has the
notion of related connections.
For simply protecting a single host from attacks, you can set
SuSEfirewall2 in QUICK mode or use the personal-firewall configuration
file. Note that SuSEfirewall2 now includes the personal-firewall
functionality.
%prep
%setup
%patch0 -p1 -b .orig
%patch1 -p1 -b .orig
%patch2 -p1 -b .orig
%build
%install
%__subst 's|/etc/init.d|%_initdir|' Makefile
%__make DESTDIR="%buildroot" install
# %__install -d -m 755 %buildroot/var/adm/fillup-templates/
# %__install -m 644 %name.sysconfig %buildroot/var/adm/fillup-templates/sysconfig.%name
%__install -m 644 %name.sysconfig %buildroot%_sysconfdir/sysconfig/%name
# %__install -d -m 755 %buildroot%_datadir/susehelp/meta/Manuals/Productivity
# %__install -m 644 %name-doc.desktop %buildroot%_datadir/susehelp/meta/Manuals/Productivity/%name.desktop
%__install -d -m 755 %buildroot%_datadir/%name/services
# %__install -d -m 755 %buildroot%_sysconfdir/NetworkManager/dispatcher.d
# %__install -m 755 %%SOURCE1 %buildroot%_sysconfdir/NetworkManager/dispatcher.d/%name
%postun
# %%insserv_cleanup
%post
##############################################################################################
# # rename old config file #
# if test -e etc/rc.config.d/firewall2.rc.config -a ! -e etc/sysconfig/%name; then #
# sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/%name-custom#' \ #
# < etc/rc.config.d/firewall2.rc.config > etc/sysconfig/%name #
# mv etc/rc.config.d/firewall2.rc.config etc/rc.config.d/firewall2.rc.config.rpmsave #
# fi #
##############################################################################################
######################################################################################################
# # save custom script #
# if test -e etc/rc.config.d/firewall2-custom.rc.config; then #
# mv etc/rc.config.d/firewall2-custom.rc.config etc/rc.config.d/firewall2-custom.rc.config.rpmorig #
# if test -e etc/sysconfig/scripts/%name-custom; then #
# mv -f etc/sysconfig/scripts/%name-custom etc/sysconfig/scripts/%name-custom.rpmnew #
# fi #
# sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/%name-custom#' \ #
# < etc/rc.config.d/firewall2-custom.rc.config.bak > etc/sysconfig/scripts/%name-custom #
# fi #
######################################################################################################
####################################################################################################
# dropvar= #
# # really old #
# dropvar="$dropvar FW_SERVICE_AUTODETECT FW_SERVICE_DNS FW_SERVICE_DHCLIENT" #
# dropvar="$dropvar FW_SERVICE_DHCPD FW_SERVICE_SQUID FW_SERVICE_SAMBA" #
# # obsolete after 9.1 #
# dropvar="$dropvar FW_IPSEC_MARK" #
# # obsolete after 9.2 #
# dropvar="$dropvar FW_ALLOW_FW_TRACEROUTE" #
# dropvar="$dropvar FW_AUTOPROTECT_SERVICES FW_ANTISPOOF FW_PROTECT_FROM_INTERNAL" #
# dropvar="$dropvar FW_QUICKMODE FW_SERVICES_QUICK_TCP FW_SERVICES_QUICK_UDP FW_SERVICES_QUICK_IP" #
####################################################################################################
###########################################################################################
# # #
# # remove FW_LOG because log prefix of <= 9.0 is too long #
# if [ -e etc/sysconfig/%name ] && \ #
# (reset_fw_log=0; . etc/sysconfig/%name && \ #
# set -- $FW_LOG && \ #
# while [ "$#" != 0 ]; do #
# [ "$1" = "--log-prefix" -a "$2" = "SuSE-FW" ] && reset_fw_log=1; shift; #
# done #
# test "$reset_fw_log" != 0); then #
# dropvar="$dropvar FW_LOG" #
# fi #
###########################################################################################
####################################################################################################################################################################
# # %%{remove_and_set -n %name $dropvar} #
# # now merge new sysconfig files #
# # %%{fillup_and_insserv -s %%{name}_init START_FW2 %{name}_setup START_FW2} #
# # convert FW_PROTECT_FROM_INTERNAL #
# if [ -e etc/sysconfig/%name -a -n "$FW_PROTECT_FROM_INTERNAL" -a "$FW_PROTECT_FROM_INTERNAL" != "no" ]; then #
# sed 's/^FW_PROTECT_FROM_INT=.*/FW_PROTECT_FROM_INT="yes"/' < etc/sysconfig/%name > etc/sysconfig/%name.new && mv etc/sysconfig/%name.new etc/sysconfig/%name #
# fi #
####################################################################################################################################################################
# convert old broadcast variables from <= 9.2 if needed
if [ -e %_sysconfdir/sysconfig/%name -a -e %_sysconfdir/sysconfig/scripts/%name-oldbroadcast ]; then
(
. %_sysconfdir/sysconfig/%name
have_old_allow=
have_old_ignore=
if [ -n "$FW_ALLOW_FW_BROADCAST" -a "$FW_ALLOW_FW_BROADCAST" != "int" ]; then
have_old_allow=1
fi
if [ -n "$FW_IGNORE_FW_BROADCAST" -a "$FW_IGNORE_FW_BROADCAST" != "no" ]; then
have_old_ignore=1
fi
if [ -n "$have_old_allow" -o -n "$have_old_ignore" ]; then
alias warning=:
. %_sysconfdir/sysconfig/scripts/%name-oldbroadcast
convert_old_broadcast
fi
sedpattern=
if [ -n "$have_old_allow" ]; then
sedpattern="s/^FW_ALLOW_FW_BROADCAST_INT=.*/FW_ALLOW_FW_BROADCAST_INT=\"$FW_ALLOW_FW_BROADCAST_INT\"/"
sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_EXT=.*/FW_ALLOW_FW_BROADCAST_EXT=\"$FW_ALLOW_FW_BROADCAST_EXT\"/"
sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_DMZ=.*/FW_ALLOW_FW_BROADCAST_DMZ=\"$FW_ALLOW_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$have_old_ignore" ]; then
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_INT=.*/FW_IGNORE_FW_BROADCAST_INT=\"$FW_IGNORE_FW_BROADCAST_INT\"/"
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_EXT=.*/FW_IGNORE_FW_BROADCAST_EXT=\"$FW_IGNORE_FW_BROADCAST_EXT\"/"
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_DMZ=.*/FW_IGNORE_FW_BROADCAST_DMZ=\"$FW_IGNORE_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$sedpattern" ]; then
%__subst "$sedpattern" %_sysconfdir/sysconfig/%name && echo "old broadcast variables converted"
fi
# %%{remove_and_set -n %name FW_IGNORE_FW_BROADCAST FW_ALLOW_FW_BROADCAST}
)
fi
if [ -e %_sysconfdir/sysconfig/%name ] && grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' %_sysconfdir/sysconfig/%name; then
%__subst 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' %_sysconfdir/sysconfig/%name && echo "FW_MASQ_DEV converted"
fi
%files
%config(noreplace) %_sysconfdir/sysconfig/%name
%config(noreplace) %_sysconfdir/sysconfig/%{name}.d/scripts/%name-custom
# %config %_initdir/%{name}_init
# %config %_initdir/%{name}_setup
%_sysconfdir/sysconfig/%name.d
# /services/*
%_datadir/%name/services
%_sysconfdir/sysconfig/%{name}.d/scripts
# %_sysconfdir/sysconfig/scripts/%name-rpcinfo
# %_sysconfdir/sysconfig/scripts/%name-showlog
# %_sysconfdir/sysconfig/scripts/%name-open
# %_sysconfdir/sysconfig/scripts/%name-batch
# %_sysconfdir/sysconfig/scripts/%name-qdisc
# %_sysconfdir/sysconfig/scripts/%name-oldbroadcast
# /sbin/rc%%name
/sbin/%name
# /var/adm/fillup-templates/sysconfig.%name
# %_sysconfdir/NetworkManager
%doc LICENCE EXAMPLES FAQ README
%doc *.html *.css
%doc %name.sysconfig
# %doc %_datadir/susehelp
%changelog
…
Полный changelog можно просмотреть здесь
Version: 3.6_SVNr183
Release: alt1
License: GPL
Group: Security/Networking
Packager: Evgenii Terechkov <evg at altlinux.ru>
Provides: personal-firewall SuSEfirewall
Obsoletes: personal-firewall SuSEfirewall
Summary: Stateful Packet Filter Using iptables and netfilter
Source: %name-%version.tar.bz2
Patch0: %name-alt-main.patch
Patch1: %name-alt-bashizms.patch
Patch2: %name-alt-Makefile.patch
BuildArch: noarch
BuildPreReq: perl-Net-DNS
%description
SuSEfirewall2 implements a packet filter to allow system administrators
to protect their computer and network by restricting the possibility of
other hosts connecting to them. This potentially saves you from
suffering under the design flaws and vulnerabilities that are found in
various daemons.
SuSEfirewall2 uses the iptables and netfilter packet filtering
infrastructure, which allows a flexible rule setup and the creation of
a stateful firewall, because it keeps track of connections and has the
notion of related connections.
For simply protecting a single host from attacks, you can set
SuSEfirewall2 in QUICK mode or use the personal-firewall configuration
file. Note that SuSEfirewall2 now includes the personal-firewall
functionality.
%prep
%setup
%patch0 -p1 -b .orig
%patch1 -p1 -b .orig
%patch2 -p1 -b .orig
%build
%install
%__subst 's|/etc/init.d|%_initdir|' Makefile
%__make DESTDIR="%buildroot" install
# %__install -d -m 755 %buildroot/var/adm/fillup-templates/
# %__install -m 644 %name.sysconfig %buildroot/var/adm/fillup-templates/sysconfig.%name
%__install -m 644 %name.sysconfig %buildroot%_sysconfdir/sysconfig/%name
# %__install -d -m 755 %buildroot%_datadir/susehelp/meta/Manuals/Productivity
# %__install -m 644 %name-doc.desktop %buildroot%_datadir/susehelp/meta/Manuals/Productivity/%name.desktop
%__install -d -m 755 %buildroot%_datadir/%name/services
# %__install -d -m 755 %buildroot%_sysconfdir/NetworkManager/dispatcher.d
# %__install -m 755 %%SOURCE1 %buildroot%_sysconfdir/NetworkManager/dispatcher.d/%name
%postun
# %%insserv_cleanup
%post
##############################################################################################
# # rename old config file #
# if test -e etc/rc.config.d/firewall2.rc.config -a ! -e etc/sysconfig/%name; then #
# sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/%name-custom#' \ #
# < etc/rc.config.d/firewall2.rc.config > etc/sysconfig/%name #
# mv etc/rc.config.d/firewall2.rc.config etc/rc.config.d/firewall2.rc.config.rpmsave #
# fi #
##############################################################################################
######################################################################################################
# # save custom script #
# if test -e etc/rc.config.d/firewall2-custom.rc.config; then #
# mv etc/rc.config.d/firewall2-custom.rc.config etc/rc.config.d/firewall2-custom.rc.config.rpmorig #
# if test -e etc/sysconfig/scripts/%name-custom; then #
# mv -f etc/sysconfig/scripts/%name-custom etc/sysconfig/scripts/%name-custom.rpmnew #
# fi #
# sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/%name-custom#' \ #
# < etc/rc.config.d/firewall2-custom.rc.config.bak > etc/sysconfig/scripts/%name-custom #
# fi #
######################################################################################################
####################################################################################################
# dropvar= #
# # really old #
# dropvar="$dropvar FW_SERVICE_AUTODETECT FW_SERVICE_DNS FW_SERVICE_DHCLIENT" #
# dropvar="$dropvar FW_SERVICE_DHCPD FW_SERVICE_SQUID FW_SERVICE_SAMBA" #
# # obsolete after 9.1 #
# dropvar="$dropvar FW_IPSEC_MARK" #
# # obsolete after 9.2 #
# dropvar="$dropvar FW_ALLOW_FW_TRACEROUTE" #
# dropvar="$dropvar FW_AUTOPROTECT_SERVICES FW_ANTISPOOF FW_PROTECT_FROM_INTERNAL" #
# dropvar="$dropvar FW_QUICKMODE FW_SERVICES_QUICK_TCP FW_SERVICES_QUICK_UDP FW_SERVICES_QUICK_IP" #
####################################################################################################
###########################################################################################
# # #
# # remove FW_LOG because log prefix of <= 9.0 is too long #
# if [ -e etc/sysconfig/%name ] && \ #
# (reset_fw_log=0; . etc/sysconfig/%name && \ #
# set -- $FW_LOG && \ #
# while [ "$#" != 0 ]; do #
# [ "$1" = "--log-prefix" -a "$2" = "SuSE-FW" ] && reset_fw_log=1; shift; #
# done #
# test "$reset_fw_log" != 0); then #
# dropvar="$dropvar FW_LOG" #
# fi #
###########################################################################################
####################################################################################################################################################################
# # %%{remove_and_set -n %name $dropvar} #
# # now merge new sysconfig files #
# # %%{fillup_and_insserv -s %%{name}_init START_FW2 %{name}_setup START_FW2} #
# # convert FW_PROTECT_FROM_INTERNAL #
# if [ -e etc/sysconfig/%name -a -n "$FW_PROTECT_FROM_INTERNAL" -a "$FW_PROTECT_FROM_INTERNAL" != "no" ]; then #
# sed 's/^FW_PROTECT_FROM_INT=.*/FW_PROTECT_FROM_INT="yes"/' < etc/sysconfig/%name > etc/sysconfig/%name.new && mv etc/sysconfig/%name.new etc/sysconfig/%name #
# fi #
####################################################################################################################################################################
# convert old broadcast variables from <= 9.2 if needed
if [ -e %_sysconfdir/sysconfig/%name -a -e %_sysconfdir/sysconfig/scripts/%name-oldbroadcast ]; then
(
. %_sysconfdir/sysconfig/%name
have_old_allow=
have_old_ignore=
if [ -n "$FW_ALLOW_FW_BROADCAST" -a "$FW_ALLOW_FW_BROADCAST" != "int" ]; then
have_old_allow=1
fi
if [ -n "$FW_IGNORE_FW_BROADCAST" -a "$FW_IGNORE_FW_BROADCAST" != "no" ]; then
have_old_ignore=1
fi
if [ -n "$have_old_allow" -o -n "$have_old_ignore" ]; then
alias warning=:
. %_sysconfdir/sysconfig/scripts/%name-oldbroadcast
convert_old_broadcast
fi
sedpattern=
if [ -n "$have_old_allow" ]; then
sedpattern="s/^FW_ALLOW_FW_BROADCAST_INT=.*/FW_ALLOW_FW_BROADCAST_INT=\"$FW_ALLOW_FW_BROADCAST_INT\"/"
sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_EXT=.*/FW_ALLOW_FW_BROADCAST_EXT=\"$FW_ALLOW_FW_BROADCAST_EXT\"/"
sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_DMZ=.*/FW_ALLOW_FW_BROADCAST_DMZ=\"$FW_ALLOW_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$have_old_ignore" ]; then
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_INT=.*/FW_IGNORE_FW_BROADCAST_INT=\"$FW_IGNORE_FW_BROADCAST_INT\"/"
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_EXT=.*/FW_IGNORE_FW_BROADCAST_EXT=\"$FW_IGNORE_FW_BROADCAST_EXT\"/"
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_DMZ=.*/FW_IGNORE_FW_BROADCAST_DMZ=\"$FW_IGNORE_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$sedpattern" ]; then
%__subst "$sedpattern" %_sysconfdir/sysconfig/%name && echo "old broadcast variables converted"
fi
# %%{remove_and_set -n %name FW_IGNORE_FW_BROADCAST FW_ALLOW_FW_BROADCAST}
)
fi
if [ -e %_sysconfdir/sysconfig/%name ] && grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' %_sysconfdir/sysconfig/%name; then
%__subst 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' %_sysconfdir/sysconfig/%name && echo "FW_MASQ_DEV converted"
fi
%files
%config(noreplace) %_sysconfdir/sysconfig/%name
%config(noreplace) %_sysconfdir/sysconfig/%{name}.d/scripts/%name-custom
# %config %_initdir/%{name}_init
# %config %_initdir/%{name}_setup
%_sysconfdir/sysconfig/%name.d
# /services/*
%_datadir/%name/services
%_sysconfdir/sysconfig/%{name}.d/scripts
# %_sysconfdir/sysconfig/scripts/%name-rpcinfo
# %_sysconfdir/sysconfig/scripts/%name-showlog
# %_sysconfdir/sysconfig/scripts/%name-open
# %_sysconfdir/sysconfig/scripts/%name-batch
# %_sysconfdir/sysconfig/scripts/%name-qdisc
# %_sysconfdir/sysconfig/scripts/%name-oldbroadcast
# /sbin/rc%%name
/sbin/%name
# /var/adm/fillup-templates/sysconfig.%name
# %_sysconfdir/NetworkManager
%doc LICENCE EXAMPLES FAQ README
%doc *.html *.css
%doc %name.sysconfig
# %doc %_datadir/susehelp
%changelog
…
Полный changelog можно просмотреть здесь