[network: security] gShield (firewall builder)

IceRAM · 2004-05-14 16:49:31

gShield is an iptables firewall for use with the modern series of the Linux kernel. It is easily configurable, and supports a wide range of features.

Features:
- configurable public service access
- access control lists
- routable protection
- port-forwarding
- transparent proxies
- and more!

This package just wraps this very usefull bash script (together with configuration files).

PKGBUILD:

# Maintainer: Mircea Ionut Bardac <dev [at] mircea (dot) bardac (dot) net>
pkgname=gshield
pkgver=2.8
pkgrel=2
pkgdesc="gShield is an iptables firewall script tool for use with the modern series of the Linux kernel."
url="http://muse.linuxmafia.org/gshield/"
backup=(etc/firewall/gShield.conf 
        etc/firewall/conf/{NATS,client_hosts,global_content_drop,no_log_ports,black_listed_hosts,
        client_services,highport_access,open_ports,blocked_addresses,closed_ports,http_string_drop,
        pptp_allowed_hosts,blocked_outgoing,forwards,multicast,reserved_addresses} 
        etc/firewall/routables/{routable.rules,routable_hosts,routables.conf} 
       )
depends=('iptables' 'perl' 'bash')
install=$pkgname.install
source=(ftp://muse.linuxmafia.org/pub/gShield/v2/gShield-$pkgver.tgz)
md5sums=('46521eb1ffef68d5a9c45727a99e2baa')

build() {
  cd $startdir/src/gShield-$pkgver
  chmod +x tools/gforward.pl
  chmod +x tools/gshield.pump
  chmod +x tools/tracker.pl
  mkdir -p $startdir/pkg/etc/firewall
  cp -r * $startdir/pkg/etc/firewall
}

gshield.install:

# arg 1:  the new package version
post_install() {
  echo
  echo "HOWTO:"
  echo "1. edit 'gShield.conf' in /etc/firewall"
  echo "2. (optional): edit files in '/etc/firewall/conf/' and in '/etc/firewall/routables/' appropriately"
  echo "3. run '/etc/rc.d/iptables stop' if you're running 'iptables' daemon that comes with Arch"
  echo "4. run 'gShield.rc' in /etc/firewall to generate the firewall rules"
  echo "5. run 'iptables-save > /etc/iptables/iptables.rules' to save the rules"
  echo "6. run '/etc/rc.d/iptables start' to start the firewall"
  echo "7. add 'iptables' to the DAEMONS=('...') line in '/etc/rc.conf' if it isn't already there"
  echo
}

# arg 1:  the new package version
# arg 2:  the old package version
post_upgrade() {
  echo
  echo "HOWTO:"
  echo "1. edit 'gShield.conf' in /etc/firewall"
  echo "2. (optional): edit files in '/etc/firewall/conf/' and in '/etc/firewall/routables/' appropriately"
  echo "3. run '/etc/rc.d/iptables stop' if you're running 'iptables' daemon that comes with Arch"
  echo "4. run 'gShield.rc' in /etc/firewall to generate the firewall rules"
  echo "5. run 'iptables-save > /etc/iptables/iptables.rules' to save the rules"
  echo "6. run '/etc/rc.d/iptables start' to start the firewall"
  echo "7. add 'iptables' to the DAEMONS=('...') line in '/etc/rc.conf' if it isn't already there"
  echo
}

# arg 1:  the old package version
pre_remove() {
  /bin/true
}

# arg 1:  the old package version
post_remove() {
  /bin/true
}

op=$1
shift

$op $*

The built package can be found here here.
The sources can be found here.

It installs in /etc/firewall, according to the README. It can called directly on boot, but I preffer to save the iptables generated by it with 'iptables-save' and load them with the default iptables daemon.

Any comments are welcomed.

Fixed: pkgname must be all lowercase (also, gShield.install was renamed to gshield.install)

IceRAM · 2004-06-09 09:42:06

Updated the previous post for PKGBUILD-2.
I've changed the .install file by adding a usefull HOWTO.

Enjoy.

zeppelin · 2004-06-09 19:05:03

thanks IceRAM. have you tried firestarter? is this better
thx

IceRAM · 2004-06-09 22:32:47

THE difference:
- gShield is a console script.
- firestarter needs gnome...

I haven't looked at the firestarter config files, but... as far as I can see from the webpages.. I think that gShield is more complete.

IceRAM · 2004-06-10 18:30:34

P.S. I wouldn't use graphical apps to configure important parts of my system (such as the firewall) - I need to have control even if X does not work, etc.

Note: gShield is now in <incoming>.

alkat · 2004-10-17 12:50:35

hi,

i tried installing gshield using what i found here:
http://mircea.bardac.net/packs/gShield-2.8-2.pkg.tar.gz
http://mircea.bardac.net/packs/src/gshield

but it doesn't work. it stop saying:
==> Validating source files with MD5sums
gShield-2.8.tgz ... FAILED
==> ERROR: One or more files did not pass the validity check!

what am i doing wrong?

note that this is the first time i try installing a package without using pacman from the net...

.a.

Mr Green · 2004-10-17 13:25:56

check package md5 sum with

md5sum <package.tar.gz>

then edit PKGBUILD....

Give it another go .....

HTH

alkat · 2004-10-17 20:40:48

Mr Green wrote:

check package md5 sum with
md5sum <package.tar.gz>
then edit PKGBUILD....
Give it another go .....
HTH

ok, now i have this problem:
/usr/bin/makepkg: line 552: build: command not found

.a.

Mr Green · 2004-10-18 08:15:15

Check PKGBUILD have you got a } on the end ?

Arch Linux

#1 2004-05-14 16:49:31

[network: security] gShield (firewall builder)

#2 2004-06-09 09:42:06

Re: [network: security] gShield (firewall builder)

#3 2004-06-09 19:05:03

Re: [network: security] gShield (firewall builder)

#4 2004-06-09 22:32:47

Re: [network: security] gShield (firewall builder)

#5 2004-06-10 18:30:34

Re: [network: security] gShield (firewall builder)

#6 2004-10-17 12:50:35

Re: [network: security] gShield (firewall builder)

#7 2004-10-17 13:25:56

Re: [network: security] gShield (firewall builder)

#8 2004-10-17 20:40:48

Re: [network: security] gShield (firewall builder)

#9 2004-10-18 08:15:15

Re: [network: security] gShield (firewall builder)

Board footer