Arch Linux

BlueRaven

Member

Registered: 2004-10-28

Posts: 14

[NEW] Shorewall

As promised, here it is!!!
I already posted the complete tarball to /incoming, hope it will get included sooner or later. ;-)

PKGBUILD:

pkgname=shorewall
pkgver=2.0.10
pkgrel=1
pkgdesc="A high-level tool for configuring Netfilter"
url="http://www.shorewall.net"
#license="GPL2"
depends=('bash' 'gawk' 'iproute' 'iptables' 'iputils')
makedepends=('sed')
#conflicts=()
#replaces=()
backup=('etc/shorewall/accounting' 'etc/shorewall/actions' 'etc/shorewall/blacklist'
        'etc/shorewall/ecn' 'etc/shorewall/hosts' 'etc/shorewall/init'
        'etc/shorewall/initdone' 'etc/shorewall/interfaces' 'etc/shorewall/maclist'
        'etc/shorewall/masq' 'etc/shorewall/modules' 'etc/shorewall/nat'
        'etc/shorewall/netmap' 'etc/shorewall/params' 'etc/shorewall/policy'
        'etc/shorewall/proxyarp' 'etc/shorewall/routestopped' 'etc/shorewall/rules'
        'etc/shorewall/shorewall.conf' 'etc/shorewall/start' 'etc/shorewall/stop'
        'etc/shorewall/stopped' 'etc/shorewall/tcrules' 'etc/shorewall/tos'
        'etc/shorewall/tunnels' 'etc/shorewall/zones')
install=('shorewall.install')
source=(http://shorewall.net/pub/$pkgname/2.0/$pkgname-$pkgver/$pkgname-$pkgver.tgz
        shorewall shorewall.startup_disabled)
md5sums=('985ce9215ea9cc0299f0b5450fdbe05e' '899b988cf0ba1d25201a18230edfbc9e'
         '1b94ccf7960d9d3253a112c73dac0e30')

build() {
  cd $startdir/src/$pkgname-$pkgver
  DEST=/etc/rc.d PREFIX=$startdir/pkg ./install.sh

  # We want Arch-style init script! :-)
  #
  install -D -m755 ../shorewall $startdir/pkg/etc/rc.d/shorewall

  # Edit the default shorewall.conf file and remove lockfile directory
  # (not needed as Arch does not use lock files for initscripts).
  #
  sed -i /^SUBSYSLOCK/cSUBSYSLOCK="" $startdir/pkg/etc/shorewall/shorewall.conf

  # Create the startup_disabled file, so the user HAS to review
  # his new/upgraded config files before (re)starting Shorewall.
  #
  install -D -m600 ../shorewall.startup_disabled $startdir/pkg/etc/shorewall/startup_disabled
}

Install file (shorewall.install):

# arg 1:  the new package version
post_install() {
  echo
  echo "Remember to remove /etc/shorewall/startup_disabled"
  echo "AFTER you have finished configuring Shorewall."
  echo
}

# arg 1:  the new package version
# arg 2:  the old package version
post_upgrade() {
  echo
  echo "Remember to remove /etc/shorewall/startup_disabled"
  echo "AFTER you have reviewed Shorewall configuration files."
  echo
}

# arg 1:  the old package version
pre_remove() {
  /bin/true
}

# arg 1:  the old package version
post_remove() {
  [ -d /var/lib/shorewall ] && rm -rf /var/lib/shorewall
}

op=$1
shift
$op $*

Init script (shorewall):

#!/bin/bash

. /etc/rc.conf
. /etc/rc.d/functions

case "$1" in
  start)
    stat_busy "Starting Shorewall"
    /sbin/shorewall -q -f start &> /dev/null
    if [ $? -gt 0 ]; then
      stat_fail
    else
      add_daemon shorewall
      stat_done
    fi
    ;;
  stop)
    stat_busy "Stopping Shorewall"
    /sbin/shorewall -q stop &> /dev/null
    if [ $? -gt 0 ]; then
      stat_fail
    else
      rm_daemon shorewall
      stat_done
    fi
    ;;
  restart)
    stat_busy "Restarting Shorewall"
    /sbin/shorewall -q restart &> /dev/null
    if [ $? -gt 0 ]; then
      rm_daemon shorewall
      stat_fail
    else
      stat_done
    fi
    ;;
  *)
    echo "usage: $0 {start|stop|restart}"  
esac
exit 0

shorewall.startup_disabled:

###########################################################
# REMOVE THIS FILE AFTER YOU HAVE CONFIGURED SHOREWALL!!! #
###########################################################

oscar

Member

From: Kiruna, Sweden

Registered: 2004-08-13

Posts: 457

Re: [NEW] Shorewall

wtf is shorewall?
I've read some papers on your homepage, but I still haven't understood the point of it

---

To err is human... to really foul up requires the root password.

dtw

Forum Fellow

From: UK

Registered: 2004-08-03

Posts: 4,439

Website

Re: [NEW] Shorewall

AFAIK it's an iptables configurator/frontend - like gShield.  IMHO these things are a goodsend as configuring IP tables by hand is not something you want to mess up!

badger

Member

From: Melb

Registered: 2004-07-21

Posts: 76

Re: [NEW] Shorewall

Hey, thank's a lot- I'll try it out.

cheers

celeron2002

Member

From: Santiago, Chile.

Registered: 2004-02-18

Posts: 150

Re: [NEW] Shorewall

this is good, i will try it in the night

---

irc.bsd.cl #linux
irc.freenode.org #archlinux-es

delmonico

Member

Registered: 2004-06-27

Posts: 82

Re: [NEW] Shorewall

AFAIK it's an iptables configurator/frontend - like gShield.  IMHO these things are a goodsend as configuring IP tables by hand is not something you want to mess up!

Youre right using shorewall you can easily set up firewalls based on netfilter without using iptables yourself. It's installed on current Mandrake Distributions and I use it on my server - its really good

LB06

Member

From: The Netherlands

Registered: 2003-10-29

Posts: 435

Re: [NEW] Shorewall

I really loved Shorewall (haven't used it for a while because of my hardware router). It's simple and it's very powerful. It can do almost everything iptables can, but it is a lot easier to learn and to understand.