You are not logged in.
As promised, here it is!!!
I already posted the complete tarball to /incoming, hope it will get included sooner or later. ;-)
PKGBUILD:
pkgname=shorewall
pkgver=2.0.10
pkgrel=1
pkgdesc="A high-level tool for configuring Netfilter"
url="http://www.shorewall.net"
#license="GPL2"
depends=('bash' 'gawk' 'iproute' 'iptables' 'iputils')
makedepends=('sed')
#conflicts=()
#replaces=()
backup=('etc/shorewall/accounting' 'etc/shorewall/actions' 'etc/shorewall/blacklist'
'etc/shorewall/ecn' 'etc/shorewall/hosts' 'etc/shorewall/init'
'etc/shorewall/initdone' 'etc/shorewall/interfaces' 'etc/shorewall/maclist'
'etc/shorewall/masq' 'etc/shorewall/modules' 'etc/shorewall/nat'
'etc/shorewall/netmap' 'etc/shorewall/params' 'etc/shorewall/policy'
'etc/shorewall/proxyarp' 'etc/shorewall/routestopped' 'etc/shorewall/rules'
'etc/shorewall/shorewall.conf' 'etc/shorewall/start' 'etc/shorewall/stop'
'etc/shorewall/stopped' 'etc/shorewall/tcrules' 'etc/shorewall/tos'
'etc/shorewall/tunnels' 'etc/shorewall/zones')
install=('shorewall.install')
source=(http://shorewall.net/pub/$pkgname/2.0/$pkgname-$pkgver/$pkgname-$pkgver.tgz
shorewall shorewall.startup_disabled)
md5sums=('985ce9215ea9cc0299f0b5450fdbe05e' '899b988cf0ba1d25201a18230edfbc9e'
'1b94ccf7960d9d3253a112c73dac0e30')
build() {
cd $startdir/src/$pkgname-$pkgver
DEST=/etc/rc.d PREFIX=$startdir/pkg ./install.sh
# We want Arch-style init script! :-)
#
install -D -m755 ../shorewall $startdir/pkg/etc/rc.d/shorewall
# Edit the default shorewall.conf file and remove lockfile directory
# (not needed as Arch does not use lock files for initscripts).
#
sed -i /^SUBSYSLOCK/cSUBSYSLOCK="" $startdir/pkg/etc/shorewall/shorewall.conf
# Create the startup_disabled file, so the user HAS to review
# his new/upgraded config files before (re)starting Shorewall.
#
install -D -m600 ../shorewall.startup_disabled $startdir/pkg/etc/shorewall/startup_disabled
}
Install file (shorewall.install):
# arg 1: the new package version
post_install() {
echo
echo "Remember to remove /etc/shorewall/startup_disabled"
echo "AFTER you have finished configuring Shorewall."
echo
}
# arg 1: the new package version
# arg 2: the old package version
post_upgrade() {
echo
echo "Remember to remove /etc/shorewall/startup_disabled"
echo "AFTER you have reviewed Shorewall configuration files."
echo
}
# arg 1: the old package version
pre_remove() {
/bin/true
}
# arg 1: the old package version
post_remove() {
[ -d /var/lib/shorewall ] && rm -rf /var/lib/shorewall
}
op=$1
shift
$op $*
Init script (shorewall):
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
case "$1" in
start)
stat_busy "Starting Shorewall"
/sbin/shorewall -q -f start &> /dev/null
if [ $? -gt 0 ]; then
stat_fail
else
add_daemon shorewall
stat_done
fi
;;
stop)
stat_busy "Stopping Shorewall"
/sbin/shorewall -q stop &> /dev/null
if [ $? -gt 0 ]; then
stat_fail
else
rm_daemon shorewall
stat_done
fi
;;
restart)
stat_busy "Restarting Shorewall"
/sbin/shorewall -q restart &> /dev/null
if [ $? -gt 0 ]; then
rm_daemon shorewall
stat_fail
else
stat_done
fi
;;
*)
echo "usage: $0 {start|stop|restart}"
esac
exit 0
shorewall.startup_disabled:
###########################################################
# REMOVE THIS FILE AFTER YOU HAVE CONFIGURED SHOREWALL!!! #
###########################################################
Offline
wtf is shorewall?
I've read some papers on your homepage, but I still haven't understood the point of it
To err is human... to really foul up requires the root password.
Offline
AFAIK it's an iptables configurator/frontend - like gShield. IMHO these things are a goodsend as configuring IP tables by hand is not something you want to mess up!
Offline
Hey, thank's a lot- I'll try it out.
cheers
Offline
this is good, i will try it in the night
irc.bsd.cl #linux
irc.freenode.org #archlinux-es
Offline
AFAIK it's an iptables configurator/frontend - like gShield. IMHO these things are a goodsend as configuring IP tables by hand is not something you want to mess up!
Youre right using shorewall you can easily set up firewalls based on netfilter without using iptables yourself. It's installed on current Mandrake Distributions and I use it on my server - its really good
Offline
I really loved Shorewall (haven't used it for a while because of my hardware router). It's simple and it's very powerful. It can do almost everything iptables can, but it is a lot easier to learn and to understand.
Offline