Репозиторий Sisyphus
Последнее обновление: 4 июня 2020 | Пакетов: 17570 | Посещений: 18689321
en ru br
Репозитории ALT
5.1: 3.6_SVNr195-alt1
4.1: 3.6_SVNr183-alt1
www.altlinux.org/Changes

Группа :: Безопасность/Сети
Пакет: SuSEfirewall2

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Name: SuSEfirewall2
Version: 3.6_SVNr183
Release: alt1
License: GPL
Group: Security/Networking
Packager: Evgenii Terechkov <evg at altlinux.ru>

Provides: personal-firewall SuSEfirewall
Obsoletes: personal-firewall SuSEfirewall

Summary: Stateful Packet Filter Using iptables and netfilter

Source: %name-%version.tar.bz2

Patch0: %name-alt-main.patch
Patch1: %name-alt-bashizms.patch
Patch2: %name-alt-Makefile.patch

BuildArch: noarch

BuildPreReq: perl-Net-DNS

%description
SuSEfirewall2 implements a packet filter to allow system administrators
to protect their computer and network by restricting the possibility of
other hosts connecting to them. This potentially saves you from
suffering under the design flaws and vulnerabilities that are found in
various daemons.

SuSEfirewall2 uses the iptables and netfilter packet filtering
infrastructure, which allows a flexible rule setup and the creation of
a stateful firewall, because it keeps track of connections and has the
notion of related connections.

For simply protecting a single host from attacks, you can set
SuSEfirewall2 in QUICK mode or use the personal-firewall configuration
file. Note that SuSEfirewall2 now includes the personal-firewall
functionality.

%prep
%setup
%patch0 -p1 -b .orig
%patch1 -p1 -b .orig
%patch2 -p1 -b .orig

%build
%install
%__subst 's|/etc/init.d|%_initdir|' Makefile
%__make DESTDIR="%buildroot" install

# %__install -d -m 755 %buildroot/var/adm/fillup-templates/

# %__install -m 644 %name.sysconfig %buildroot/var/adm/fillup-templates/sysconfig.%name
%__install -m 644  %name.sysconfig %buildroot%_sysconfdir/sysconfig/%name
# %__install -d -m 755 %buildroot%_datadir/susehelp/meta/Manuals/Productivity
# %__install -m 644 %name-doc.desktop %buildroot%_datadir/susehelp/meta/Manuals/Productivity/%name.desktop
%__install -d -m 755 %buildroot%_datadir/%name/services
# %__install -d -m 755 %buildroot%_sysconfdir/NetworkManager/dispatcher.d
# %__install -m 755 %%SOURCE1 %buildroot%_sysconfdir/NetworkManager/dispatcher.d/%name

%postun
# %%insserv_cleanup

%post
##############################################################################################
# # rename old config file                                                                   #
# if test -e etc/rc.config.d/firewall2.rc.config -a ! -e etc/sysconfig/%name; then           #
#   sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/%name-custom#' \ #
#   < etc/rc.config.d/firewall2.rc.config > etc/sysconfig/%name                              #
#   mv etc/rc.config.d/firewall2.rc.config etc/rc.config.d/firewall2.rc.config.rpmsave       #
# fi                                                                                         #
##############################################################################################

######################################################################################################

# # save custom script                                                                               #
# if test -e etc/rc.config.d/firewall2-custom.rc.config; then                                        #
#   mv etc/rc.config.d/firewall2-custom.rc.config etc/rc.config.d/firewall2-custom.rc.config.rpmorig #
#   if test -e etc/sysconfig/scripts/%name-custom; then                                              #
#     mv -f etc/sysconfig/scripts/%name-custom etc/sysconfig/scripts/%name-custom.rpmnew             #
#   fi                                                                                               #
#   sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/%name-custom#' \         #
#    < etc/rc.config.d/firewall2-custom.rc.config.bak > etc/sysconfig/scripts/%name-custom           #
# fi                                                                                                 #
######################################################################################################

####################################################################################################

# dropvar=                                                                                         #
# # really old                                                                                     #
# dropvar="$dropvar FW_SERVICE_AUTODETECT FW_SERVICE_DNS FW_SERVICE_DHCLIENT"                      #
# dropvar="$dropvar FW_SERVICE_DHCPD FW_SERVICE_SQUID FW_SERVICE_SAMBA"                            #
# # obsolete after 9.1                                                                             #
# dropvar="$dropvar FW_IPSEC_MARK"                                                                 #
# # obsolete after 9.2                                                                             #
# dropvar="$dropvar FW_ALLOW_FW_TRACEROUTE"                                                        #
# dropvar="$dropvar FW_AUTOPROTECT_SERVICES FW_ANTISPOOF FW_PROTECT_FROM_INTERNAL"                 #
# dropvar="$dropvar FW_QUICKMODE FW_SERVICES_QUICK_TCP FW_SERVICES_QUICK_UDP FW_SERVICES_QUICK_IP" #
####################################################################################################

###########################################################################################

# #                                                                                       #
# # remove FW_LOG because log prefix of <= 9.0 is too long                                #
# if [ -e etc/sysconfig/%name ] && \                                                      #
#  (reset_fw_log=0; . etc/sysconfig/%name && \                                            #
#  set -- $FW_LOG && \                                                                    #
#  while [ "$#" != 0 ]; do                                                                #
# [ "$1" = "--log-prefix" -a "$2" = "SuSE-FW" ] && reset_fw_log=1; shift;          #
#  done                                                                                   #
#  test "$reset_fw_log" != 0); then                                                       #
#     dropvar="$dropvar FW_LOG"                                                           #
# fi                                                                                      #
###########################################################################################

####################################################################################################################################################################

# # %%{remove_and_set -n %name $dropvar}                                                                                                                           #
# # now merge new sysconfig files                                                                                                                                  #
# # %%{fillup_and_insserv -s %%{name}_init START_FW2 %{name}_setup START_FW2}                                                                                      #
# # convert FW_PROTECT_FROM_INTERNAL                                                                                                                               #
# if [ -e etc/sysconfig/%name -a -n "$FW_PROTECT_FROM_INTERNAL" -a "$FW_PROTECT_FROM_INTERNAL" != "no" ]; then                                                     #
#     sed 's/^FW_PROTECT_FROM_INT=.*/FW_PROTECT_FROM_INT="yes"/' < etc/sysconfig/%name > etc/sysconfig/%name.new && mv etc/sysconfig/%name.new etc/sysconfig/%name #
# fi                                                                                                                                                               #
####################################################################################################################################################################

# convert old broadcast variables from <= 9.2 if needed

if [ -e %_sysconfdir/sysconfig/%name -a -e %_sysconfdir/sysconfig/scripts/%name-oldbroadcast ]; then
   (
. %_sysconfdir/sysconfig/%name
have_old_allow=
have_old_ignore=
if [ -n "$FW_ALLOW_FW_BROADCAST" -a "$FW_ALLOW_FW_BROADCAST" != "int" ]; then
   have_old_allow=1
fi
if [ -n "$FW_IGNORE_FW_BROADCAST" -a "$FW_IGNORE_FW_BROADCAST" != "no" ]; then
   have_old_ignore=1
fi
if [ -n "$have_old_allow" -o -n "$have_old_ignore" ]; then
   alias warning=:
   . %_sysconfdir/sysconfig/scripts/%name-oldbroadcast
   convert_old_broadcast
fi
sedpattern=
if [ -n "$have_old_allow" ]; then
   sedpattern="s/^FW_ALLOW_FW_BROADCAST_INT=.*/FW_ALLOW_FW_BROADCAST_INT=\"$FW_ALLOW_FW_BROADCAST_INT\"/"
   sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_EXT=.*/FW_ALLOW_FW_BROADCAST_EXT=\"$FW_ALLOW_FW_BROADCAST_EXT\"/"
   sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_DMZ=.*/FW_ALLOW_FW_BROADCAST_DMZ=\"$FW_ALLOW_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$have_old_ignore" ]; then
   sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_INT=.*/FW_IGNORE_FW_BROADCAST_INT=\"$FW_IGNORE_FW_BROADCAST_INT\"/"
   sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_EXT=.*/FW_IGNORE_FW_BROADCAST_EXT=\"$FW_IGNORE_FW_BROADCAST_EXT\"/"
   sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_DMZ=.*/FW_IGNORE_FW_BROADCAST_DMZ=\"$FW_IGNORE_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$sedpattern" ]; then
   %__subst "$sedpattern" %_sysconfdir/sysconfig/%name && echo "old broadcast variables converted"
fi
# %%{remove_and_set -n %name FW_IGNORE_FW_BROADCAST FW_ALLOW_FW_BROADCAST}
   )
fi

if [ -e %_sysconfdir/sysconfig/%name ] && grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' %_sysconfdir/sysconfig/%name; then
  %__subst 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' %_sysconfdir/sysconfig/%name && echo "FW_MASQ_DEV converted"
fi

%files
%config(noreplace) %_sysconfdir/sysconfig/%name
%config(noreplace) %_sysconfdir/sysconfig/%{name}.d/scripts/%name-custom
# %config %_initdir/%{name}_init
# %config %_initdir/%{name}_setup
%_sysconfdir/sysconfig/%name.d
# /services/*
%_datadir/%name/services
%_sysconfdir/sysconfig/%{name}.d/scripts
# %_sysconfdir/sysconfig/scripts/%name-rpcinfo
# %_sysconfdir/sysconfig/scripts/%name-showlog
# %_sysconfdir/sysconfig/scripts/%name-open
# %_sysconfdir/sysconfig/scripts/%name-batch
# %_sysconfdir/sysconfig/scripts/%name-qdisc
# %_sysconfdir/sysconfig/scripts/%name-oldbroadcast
# /sbin/rc%%name
/sbin/%name
# /var/adm/fillup-templates/sysconfig.%name
# %_sysconfdir/NetworkManager

%doc LICENCE EXAMPLES FAQ README
%doc *.html *.css
%doc %name.sysconfig
# %doc %_datadir/susehelp

%changelog

Полный changelog можно просмотреть здесь

 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin