diff options
Diffstat (limited to 'net-firewall/ufw')
| -rw-r--r-- | net-firewall/ufw/Manifest | 19 | ||||
| -rw-r--r-- | net-firewall/ufw/files/rsyslog/ufw.logrotate | 13 | ||||
| -rw-r--r-- | net-firewall/ufw/files/syslog-ng/syslog-ng.example | 13 | ||||
| -rw-r--r-- | net-firewall/ufw/files/syslog-ng/ufw.logrotate | 12 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.31.1-move-path.patch | 177 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch | 46 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch | 17 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch | 15 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.35-bash-completion.patch | 17 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-0.35-move-path.patch | 179 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw-2.initd | 136 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw.confd | 5 | ||||
| -rw-r--r-- | net-firewall/ufw/files/ufw.service | 15 | ||||
| -rw-r--r-- | net-firewall/ufw/metadata.xml | 14 | ||||
| -rw-r--r-- | net-firewall/ufw/ufw-0.34_pre805-r2.ebuild | 185 | ||||
| -rw-r--r-- | net-firewall/ufw/ufw-0.35-r1.ebuild | 195 |
16 files changed, 1058 insertions, 0 deletions
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest new file mode 100644 index 000000000000..8b482e6c9f93 --- /dev/null +++ b/net-firewall/ufw/Manifest @@ -0,0 +1,19 @@ +AUX rsyslog/ufw.logrotate 178 SHA256 02d1a00ca68446fbe056a4c3aede319f77b3262e26092cc04ea46de8923d03f8 SHA512 d381a34b23d8656c316af69c07d49042d6c4def4cea3e51367210bce20681376fd0259a95b6b9403171c5d80732927a8880f3d401e13e6f76b505324eecb146b WHIRLPOOL 10b63f8966ad7ad0894a18216a0102fc8a102b14c8f9fb468a4a8d61ae13b1ec3176c7bb9ffb852f8aaa4ac7874584a8f8f5a2d6e98fa3fb56f5945e9bd99139 +AUX syslog-ng/syslog-ng.example 381 SHA256 70a795c1b20e2cdef38565d74b9de042c6666f860a2fd1b3bdc6f31dd451bc68 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e WHIRLPOOL 44874c68257b6f9a53e7fd1affc6ccf2492d9ec09a4700a17239fb3e413e2dcf2ede87eafb1e253d965c27a1c5ead36c413c8c84ec3ed55f5cf2191b927aacbe +AUX syslog-ng/ufw.logrotate 269 SHA256 cddd86613bde19b45f0f935c65bb43721f69aefc14e7d629612b23ea3b5c5c97 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d WHIRLPOOL 5da4f8c615667d829ea4eb318ec01b712adf69002dcf8c3df7deba8fa3e49e426b1c00e468805ba571ed2f2ce05fa81b7e2ac83e7231de3f3305d6ce190264e5 +AUX ufw-0.31.1-move-path.patch 7071 SHA256 88a7b20696b731bac01b3c5d88b0353842b1228d3239cfebe1f2a47c1bdb6768 SHA512 66382ded35437e563c874dc01417a2735a2aa136a1e670fd3707c3311516a6d9a0e62a20679a4f5dcaa2edc0225535cf2410d7f86676b1e10eb309ecc3e24bc2 WHIRLPOOL 89e3165900def8380cade3eb62fc351be9e43c8055f4b71c356f3aa5356b0c57154e18485d94e0ca86462da7c55b1b4755de379a88f1958d313b93c0ec723715 +AUX ufw-0.33-dont-check-iptables.patch 1659 SHA256 8a3ae20d399e83aa9c779dfed1f65d99b277263681b1a3e7e9e86143d5fabd0a SHA512 8f92d4b79f1caf01cb97ec64014c7607a410fb0a36e5e87376707c026d714a060ae554591b6e5b3834b671acd4145dcca68a9373aa41051ef60c9dd409dd008d WHIRLPOOL 8f897654bde85d84b17dc32507c5a469fe04eb2201acb55bfd02a76346620399dbcb9c7d0ce19f48285f6eec5de0a5d96420483d6a0b7a4c31a41fa329f91180 +AUX ufw-0.34_pre805-bash-completion.patch 255 SHA256 673ee8092b1a41a78bfbfe68ab6f97665b821861b5be44fda3cecf5e3ab57acb SHA512 e3fceb0cbf683b82e9d9aa0aa0c41b1cde9aee59b6dd2d06ca80de0b980231fd999bdff3b2705f7ff8e90c9f2cc84a4ee11b34530630cf77a170ecfbf028550f WHIRLPOOL a267de2cc5615fdb9eac29fdcd4fade22ec3fc54bb6823c91965b0c7e668dbf4e19dc8d5f6fb8fca2be3700f4ac2c7bb71ee27f20d07b3fa1c1d528273ade63f +AUX ufw-0.34_pre805-shebang.patch 675 SHA256 4348689359f3d80c1bcfe66d12710578ba31a5382bf078242b84e86f7233e38d SHA512 8954f679a993d65cb880ffce09b448626fd64dea93257f0faa97b8bec76dcbbda4fb0d19408655d6db387066a0ac94b962dca2e5febcc5b5685e9b16b97b4cad WHIRLPOOL 44c83c5e1795fa0db7ed40d1440df7b4220b869bd42a294ba0d8262fbb2b2e114154d0ce9a22e100db8ad7c1cd402eefacfe854679e7caecda4a251d98720f03 +AUX ufw-0.35-bash-completion.patch 259 SHA256 11748e3da794896fa3204fe28f84d15abece17d265b29b960267050ec28d9806 SHA512 9a59ff192e6fb3365c8585b984f4743a05f7cb18ae581a8b79c4afe39e43f12d993febf1319e1ee810483d610d970649e75c4b9dde891be728869b69c80b4709 WHIRLPOOL eedae7fb0a16317d04f215213b25750214e941001cfe81851b0a10546c65964a5a16a7a672d4937f4ed30fcfd737aed37d5bc220cac82b33695e4eed28338000 +AUX ufw-0.35-move-path.patch 7386 SHA256 a4eb14379372bf575a9a007ea965ddfbf0e9fdb3f6f911f980e90eab7b4c2d50 SHA512 eac6e0c96e7b0e501b3792671a21306049f40869fafc1d9c579c2424fb32b91987a846b3562c30513326433031ff46bc4df2bbb5706f7af18e6216f8f2b7546f WHIRLPOOL d62dc665951555bda2b228cac1ff983a45c52a451c9c32ec425698618d28d1bc8e1641bc2b4adc0cccd46ee545681226e1a016330c77d8e0a6124f7fc728dcbf +AUX ufw-2.initd 2611 SHA256 7d668989a96d47cb5a9f71ae2e6000b469be6d1786f9cf3809b28461d42308ea SHA512 f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80 WHIRLPOOL 6e0924b89c7faf9a5aea81da0369283a54d90abd6f1113ec2c3093707f6ddcd2f87e53076edd9e53b14691c0dda9607a6cfca49c12cb06efb707d142e8160b0c +AUX ufw.confd 219 SHA256 069aa7382b40aecebf26ef53f3f4c49890314e0357925c84b3c15f1d0b913be0 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7 WHIRLPOOL e6c4537392921c63f8a57fab7ea269fbeea846468ef8968816d988556557495e8abb77aee9d60648a1483a599683613cf5ea832cbcf498a8828baa9abcd31752 +AUX ufw.service 329 SHA256 1c600d9b9425485a0536fdf77a39fbf94bfcaade686789d6c4f3f1aac08ffe69 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7 WHIRLPOOL a00069a5582b9c52b5ff9a9c88b03294140dd06596ea0fbcbd0e7f6de016b1eed97840728c932a82f18762c84c9e8849f86ee504b49931420f2d097bb9b0ebd6 +DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829 +DIST ufw-0.35.tar.gz 375310 SHA256 662f865bc83bf8aa1a40a6fe578bc2ce796ff60a1be2c1103def7db1b91f8509 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc WHIRLPOOL 789b163bf9cc3b27f231024f33a68d3637ca26cf71f202b438abbf16a2725485ba787b811a040d03d4f99fb8c510f8f9a25154e03d2387d3fb0f03a7c4624de7 +EBUILD ufw-0.34_pre805-r2.ebuild 5375 SHA256 71aef78be97fd63ddd8722041dfbaf87456059c99441bde8dcc608ef2e83ff59 SHA512 63d693768d88d6503cd50ce18bbdd048ed94f44d943e5d36e4523c0ee4918db37ba14616ecbd57df018d6144396285e1c34495813f456035c3a1bb42a6472951 WHIRLPOOL 29b288384da513ec8abcbb98b362fb1a2da899181f6311798484ff2c630ab62a3099b968a7e177cba14b5c2150fed78613ddeb264ff16b470a5c3e6d7ae0349c +EBUILD ufw-0.35-r1.ebuild 5641 SHA256 ddd8b30244d01fc6b139aa0c63d436363507e7915322d7cd1499c5de2228d0db SHA512 094d8bb245be93148de7d5139fc161f0688dc1d57b4dd57476db4076b3b45b744105cf3b39de4243fe5eb0b77965535fa4f7d5a0cd86a301a368c962d789a393 WHIRLPOOL 3dc02f7068e213f40202f92f9911b604a2c5e5d4c916abb715d6cf7775b905e600af052af149a7e05afb9895c0925af885d7b8e7922674804754b2f3f6198fbc +MISC ChangeLog 4651 SHA256 ca318d9d1b269d1582973cefec02747c0f3cddd7f8d477fc510cfb44bdada85c SHA512 b7256be9c482f474d5f82619f0dc5a3a9cf6e73fde582fb6fd0c46f07bb4e20e364b6f99fdf3d33d1d23fc7dfe5177c5acf2a096e2bdea09a486fe1e9009c2ed WHIRLPOOL b4889960738fed92941a4a9edeff3bcf4f8e48baf27ad739491dd9bfe74b01a16c88e533f94e5661b262a7372d51783cf0a90d5ae035c5ef4eb7e03fea1f0b01 +MISC ChangeLog-2015 4596 SHA256 6455b96eb0344e530635c59ed1b27be852adce2aa9ff63fb087c100b8706be3a SHA512 ca1fe76a2d6a1e02983f51cd4807360d5cf9c2a4db0ec383fe4cb256e3c0327214dcc67091eb94df6d0786bd8f7d391aa23c2a3096c954c26a1a331fac2fa184 WHIRLPOOL 656dcd650383507ac7a02cba12e67fa5e27502741a029275fb057c0af9efb7228bf2c6afc3da328ad26809c8033db3f034d241faf28dd048d26e0ec3429eb514 +MISC metadata.xml 537 SHA256 61416b9746e6ad9d4881ce56816be62d3f1e1f576f4e968eb9839ccb9bc9e52a SHA512 0fa137bf55e1506664168d3e56387c989ce0c7d5a8a0f8c36ce596e5f95a449e3bc35114188b786ebe5fc60d750c4240fafb4ca761f2e29000c23f9c01b5addc WHIRLPOOL 6c563c75a3687e706231ce922242a7c505a715746bb2c02c7d3a34284daa65644152182f600e73a37d3bec1d78cfb8a4d4eb5770e52b835edb61fb5aa1ccb841 diff --git a/net-firewall/ufw/files/rsyslog/ufw.logrotate b/net-firewall/ufw/files/rsyslog/ufw.logrotate new file mode 100644 index 000000000000..f88ca8265bea --- /dev/null +++ b/net-firewall/ufw/files/rsyslog/ufw.logrotate @@ -0,0 +1,13 @@ +/var/log/ufw.log +{ + rotate 5 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/rsyslog reload >/dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/syslog-ng/syslog-ng.example b/net-firewall/ufw/files/syslog-ng/syslog-ng.example new file mode 100644 index 000000000000..41f7ce39cef7 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/syslog-ng.example @@ -0,0 +1,13 @@ +# This is an example rule for app-admin/syslog-ng to separate ufw logs +# from /var/log/messages. +# Place those lines before "log" entries in /etc/syslog-ng/syslog-ng.conf. + +filter f_ufw { match("\\[UFW " value("MESSAGE")); }; +destination ufwfile { file("/var/log/ufw.log"); }; +log { + source(src); + filter(f_ufw); + destination(ufwfile); + destination(console_all); + flags(final); +}; diff --git a/net-firewall/ufw/files/syslog-ng/ufw.logrotate b/net-firewall/ufw/files/syslog-ng/ufw.logrotate new file mode 100644 index 000000000000..5080aa1bfa38 --- /dev/null +++ b/net-firewall/ufw/files/syslog-ng/ufw.logrotate @@ -0,0 +1,12 @@ +# logrotate snippet for ufw +# requires app-admin/syslog-ng +# copy the file into /etc/logrotate.d +/var/log/ufw.log { + missingok + rotate 5 + notifempty + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} diff --git a/net-firewall/ufw/files/ufw-0.31.1-move-path.patch b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch new file mode 100644 index 000000000000..24d00ea68ccd --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch @@ -0,0 +1,177 @@ +diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8 +--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before[6].rules +@@ -41,7 +41,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. It supports the following arguments: + .TP +diff -Naur ufw-0.31.orig/README ufw-0.31/README +--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100 +@@ -58,7 +58,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example. Consult +@@ -72,9 +72,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script ++/usr/share/ufw/ufw-init start script + + + Usage +@@ -149,7 +149,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -247,7 +247,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -290,7 +290,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py +--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100 +@@ -54,7 +54,8 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ # real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -116,7 +117,7 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir +@@ -127,8 +128,14 @@ + self.copy_file('conf/user.rules', user_rules) + self.copy_file('conf/user6.rules', user6_rules) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -199,13 +206,18 @@ + + subprocess.call(["sed", + "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ file]) ++ ++ subprocess.call(["sed", ++ "-i", + "s%#VERSION#%" + ufw_version + "%g", + file]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for file in [ before_rules, after_rules, \ +diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py +--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100 +@@ -22,7 +22,7 @@ + import sys + import time + +-from ufw.common import UFWError, UFWRule, config_dir, state_dir ++from ufw.common import UFWError, UFWRule, config_dir, state_dir, share_dir + from ufw.util import warn, debug, msg, cmd, cmd_pipe + import ufw.backend + +@@ -40,7 +40,7 @@ + files['rules6'] = os.path.join(state_dir, 'user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(state_dir, 'ufw-init') ++ files['init'] = os.path.join(share_dir, 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files) + +diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init +--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100 +@@ -18,8 +18,8 @@ + # + set -e + +-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then +- . "#STATE_PREFIX#/ufw-init-functions" ++if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then ++ . "#SHARE_DIR#/ufw-init-functions" + else + echo "Could not find $s (aborting)" + exit 1 +@@ -56,7 +56,7 @@ + flush_builtins || exit "$?" + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch new file mode 100644 index 000000000000..b7eae3595cb5 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch @@ -0,0 +1,46 @@ +diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py +--- ufw-0.32/setup.py 2012-07-06 17:46:29.000000000 +0200 ++++ ufw-0.32.new/setup.py 2012-07-30 15:28:31.874547818 +0200 +@@ -225,41 +225,7 @@ + os.unlink(os.path.join('staging', 'ufw-init')) + os.unlink(os.path.join('staging', 'ufw-init-functions')) + +-iptables_exe = '' +-iptables_dir = '' +- +-for e in ['iptables']: +- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ +- '/usr/local/bin']: +- if e == "iptables": +- if os.path.exists(os.path.join(dir, e)): +- iptables_dir = dir +- iptables_exe = os.path.join(iptables_dir, "iptables") +- print("Found '%s'" % iptables_exe) +- else: +- continue +- +- if iptables_exe != "": +- break +- +- +-if iptables_exe == '': +- print("ERROR: could not find required binary 'iptables'", file=sys.stderr) +- sys.exit(1) +- +-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: +- if not os.path.exists(os.path.join(iptables_dir, e)): +- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) +- sys.exit(1) +- +-(rc, out) = cmd([iptables_exe, '-V']) +-if rc != 0: +- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ +- (iptables_exe)) +-version = re.sub('^v', '', re.split('\s', str(out))[1]) +-print("Found '%s' version '%s'" % (iptables_exe, version)) +-if version < "1.4": +- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) ++iptables_dir = '/sbin' + + setup (name='ufw', + version=ufw_version, diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch new file mode 100644 index 000000000000..dc922435de10 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch @@ -0,0 +1,17 @@ +--- shell-completion/bash ++++ shell-completion/bash +@@ -52,7 +52,6 @@ + echo "numbered verbose" + } + +-have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -83,5 +82,5 @@ + fi + } + +-[ "$have" ] && complete -F _ufw ufw ++complete -F _ufw ufw + diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch new file mode 100644 index 000000000000..991f4c826ece --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch @@ -0,0 +1,15 @@ +--- a/setup.py ++++ b/setup.py +@@ -107,12 +107,6 @@ class Install(_install, object): + for f in [ script, manpage, manpage_f ]: + self.mkpath(os.path.dirname(f)) + +- # update the interpreter to that of the one the user specified for setup +- print("Updating staging/ufw to use %s" % (sys.executable)) +- subprocess.call(["sed", +- "-i", +- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", +- 'staging/ufw']) + self.copy_file('staging/ufw', script) + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) diff --git a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch new file mode 100644 index 000000000000..fde635ddc335 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch @@ -0,0 +1,17 @@ +--- a/shell-completion/bash ++++ b/shell-completion/bash +@@ -52,7 +52,6 @@ + echo "numbered verbose" + } + +-have ufw && + _ufw() + { + cur=${COMP_WORDS[COMP_CWORD]} +@@ -83,5 +82,5 @@ + fi + } + +-[ "$have" ] && complete -F _ufw ufw ++complete -F _ufw ufw + diff --git a/net-firewall/ufw/files/ufw-0.35-move-path.patch b/net-firewall/ufw/files/ufw-0.35-move-path.patch new file mode 100644 index 000000000000..58af77215085 --- /dev/null +++ b/net-firewall/ufw/files/ufw-0.35-move-path.patch @@ -0,0 +1,179 @@ +diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8 +--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100 +@@ -18,7 +18,7 @@ + parameters and configuration of IPv6. The framework consists of the following + files: + .TP +-#STATE_PREFIX#/ufw\-init ++#SHARE_DIR#/ufw\-init + initialization script + .TP + #CONFIG_PREFIX#/ufw/before[6].rules +@@ -41,7 +41,7 @@ + + .SH "BOOT INITIALIZATION" + .PP +-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a ++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a + standard SysV style initscript used by the \fBufw\fR command and should not be + modified. It supports the following arguments: + .TP +diff -Naur ufw-0.31.orig/README ufw-0.31/README +--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100 +@@ -58,7 +58,7 @@ + on your needs, this can be as simple as adding the following to a startup + script (eg rc.local for systems that use it): + +-# /lib/ufw/ufw-init start ++# /usr/share/ufw/ufw-init start + + For systems that use SysV initscripts, an example script is provided in + doc/initscript.example. See doc/upstart.example for an Upstart example. Consult +@@ -72,9 +72,9 @@ + /etc/defaults/ufw high level configuration + /etc/ufw/before[6].rules rules evaluated before UI added rules + /etc/ufw/after[6].rules rules evaluated after UI added rules +-/lib/ufw/user[6].rules UI added rules (not to be modified) ++/etc/ufw/user/user[6].rules UI added rules (not to be modified) + /etc/ufw/sysctl.conf kernel network tunables +-/lib/ufw/ufw-init start script ++/usr/share/ufw/ufw-init start script + + + Usage +@@ -149,7 +149,7 @@ + that the primary chains don't move around other non-ufw rules and chains. To + completely flush the built-in chains with this configuration, you can use: + +-# /lib/ufw/ufw-init flush-all ++# /usr/share/ufw/ufw-init flush-all + + Alternately, ufw may also take full control of the firewall by setting + MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in +@@ -247,7 +247,7 @@ + + Remote Management + ----------------- +-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so + ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is + 'enabled' it will insert rules into the existing chains, and therefore not + flush the chains (but will when modifying a rule or changing the default +@@ -290,7 +290,7 @@ + + Distributions + ------------- +-While it certainly ok to use /lib/ufw/ufw-init as the initscript for ++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for + ufw, this script is meant to be used by ufw itself, and therefore not + particularly user friendly. See doc/initscript.example for a simple + implementation that can be adapted to your distribution. +diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py +--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100 +@@ -54,7 +54,8 @@ + return + + real_confdir = os.path.join('/etc') +- real_statedir = os.path.join('/lib', 'ufw') ++ # real_statedir = os.path.join('/lib', 'ufw') ++ real_statedir = os.path.join('/etc', 'ufw', 'user') + real_prefix = self.prefix + if self.home != None: + real_confdir = self.home + real_confdir +@@ -116,7 +117,7 @@ + self.copy_file('doc/ufw.8', manpage) + self.copy_file('doc/ufw-framework.8', manpage_f) + +- # Install state files and helper scripts ++ # Install state files + statedir = real_statedir + if self.root != None: + statedir = self.root + real_statedir +@@ -127,8 +128,14 @@ + self.copy_file('conf/user.rules', user_rules) + self.copy_file('conf/user6.rules', user6_rules) + +- init_helper = os.path.join(statedir, 'ufw-init') +- init_helper_functions = os.path.join(statedir, 'ufw-init-functions') ++ # Install helper scripts ++ sharedir = real_sharedir ++ if self.root != None: ++ sharedir = self.root + real_sharedir ++ self.mkpath(sharedir) ++ ++ init_helper = os.path.join(sharedir, 'ufw-init') ++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions') + self.copy_file('src/ufw-init', init_helper) + self.copy_file('src/ufw-init-functions', init_helper_functions) + +@@ -199,13 +206,18 @@ + + subprocess.call(["sed", + "-i", ++ "s%#SHARE_DIR#%" + real_sharedir + "%g", ++ f]) ++ ++ subprocess.call(["sed", ++ "-i", + "s%#VERSION#%" + ufw_version + "%g", + f]) + + # Install pristine copies of rules files +- sharedir = real_sharedir +- if self.root != None: +- sharedir = self.root + real_sharedir ++ #sharedir = real_sharedir ++ #if self.root != None: ++ # sharedir = self.root + real_sharedir + rulesdir = os.path.join(sharedir, 'iptables') + self.mkpath(rulesdir) + for file in [ before_rules, after_rules, \ +diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py +--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100 +@@ -38,6 +38,7 @@ + files = {} + config_dir = _findpath(ufw.common.config_dir, datadir) + state_dir = _findpath(ufw.common.state_dir, datadir) ++ share_dir = _findpath(ufw.common.share_dir, datadir) + + files['rules'] = os.path.join(config_dir, 'ufw/user.rules') + files['before_rules'] = os.ppath.join(config_dir, 'ufw/before.rules') +@@ -45,7 +46,7 @@ + files['rules6'] = os.path.join(state_dir, 'user6.rules') + files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') + files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') +- files['init'] = os.path.join(_findpath(state_dir, rootdir), 'ufw-init') ++ files['init'] = os.path.join(_findpath(share_dir, rootdir), 'ufw-init') + + ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files) + +diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init +--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100 ++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100 +@@ -18,10 +18,10 @@ + # + set -e + +-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then +- . "${rootdir}#STATE_PREFIX#/ufw-init-functions" ++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then ++ . "${rootdir}#SHARE_DIR#/ufw-init-functions" + else +- echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)" ++ echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)" + exit 1 + fi + +@@ -56,7 +56,7 @@ + flush_builtins || exit "$?" + ;; + *) +- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" ++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" + exit 1 + ;; + esac diff --git a/net-firewall/ufw/files/ufw-2.initd b/net-firewall/ufw/files/ufw-2.initd new file mode 100644 index 000000000000..bccd83ddb3a2 --- /dev/null +++ b/net-firewall/ufw/files/ufw-2.initd @@ -0,0 +1,136 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before net + provide firewall +} + +start() { + ebegin "Starting ufw" + _source_file || { eend $?; return $?; } + + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Avoid "Firewall already started, use 'force-reload'" message that + # appears if `ufw enable' had been run before start(). + if _status_quiet; then + eend 0 + return + fi + + # The ufw_start function does the same: if ufw is disabled using `ufw disable', + # ufw_start would not start ufw and return 0, so let's handle this case. + case $enabled_in_cfg in + 0) + ufw_start + ret=$? + eend $ret "Failed to start ufw." + ;; + 1) + # see /etc/conf.d/<name> + if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then + ret=1 + eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first." + else + ret=0 + eend 0 + fi + ;; + 2) + ret=1 + eend $ret "Failed to start ufw." + ;; + esac + + return $ret +} + +stop() { + ebegin "Stopping ufw" + _source_file || { eend $?; return $?; } + local enabled_in_cfg ret + _check_if_enabled_in_cfg + enabled_in_cfg=$? + + # Same as above (unless --force is passed to ufw_stop). + case $enabled_in_cfg in + 0) + ufw_stop + ret=$? + ;; + 1) + einfo "INFO: ufw is configured to be disabled" + ufw_stop --force + ret=$? + ;; + 2) + ret=1 + ;; + esac + + eend $ret "Failed to stop ufw." + return $ret +} + +_status_quiet() { + # return values: 0 - started, 1 - stopped, 2 - error + # Does not execute _source_file. + local ret + ufw_status > /dev/null + ret=$? + # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions. + case $ret in + 0) return 0 ;; + 3) return 1 ;; + *) return 2 ;; + esac +} + +_source_file() { + local sourced_f="/usr/share/ufw/ufw-init-functions" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 1 + fi + + local _path=$PATH + if ! . "$sourced_f"; then + # PATH can be broken here, fix it... + PATH=$_path + eerror "Error sourcing file $sourced_f" + return 1 + fi + + if [ -z "$PATH" ]; then + PATH=$_path + else + PATH="${PATH}:${_path}" + fi + return 0 +} + +_check_if_enabled_in_cfg() { + # Check if user has enabled the firewall with "ufw enable". + # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error. + + local sourced_f="/etc/ufw/ufw.conf" + if [ ! -f "$sourced_f" ]; then + eerror "Cannot find file $sourced_f!" + return 2 + fi + + if ! . "$sourced_f"; then + eerror "Error sourcing file $sourced_f" + return 2 + fi + + if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then + return 0 + else + return 1 + fi +} diff --git a/net-firewall/ufw/files/ufw.confd b/net-firewall/ufw/files/ufw.confd new file mode 100644 index 000000000000..900d3bf67bd4 --- /dev/null +++ b/net-firewall/ufw/files/ufw.confd @@ -0,0 +1,5 @@ +# If equals to "yes", warnings that firewall is disabled +# (using `ufw disable') will be suppressed and the service +# will be considered started. +# Default if unset or another value is "no". +ufw_nonfatal_if_disabled=no diff --git a/net-firewall/ufw/files/ufw.service b/net-firewall/ufw/files/ufw.service new file mode 100644 index 000000000000..9d6972036a05 --- /dev/null +++ b/net-firewall/ufw/files/ufw.service @@ -0,0 +1,15 @@ +[Unit] +Description=Uncomplicated Firewall +DefaultDependencies=no +Before=network.target sysinit.target +After=systemd-sysctl.service +ConditionPathExists=|/etc/ufw/ufw.conf + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/share/ufw/ufw-init start +ExecStop=/usr/share/ufw/ufw-init stop + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml new file mode 100644 index 000000000000..b8103d2da1af --- /dev/null +++ b/net-firewall/ufw/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <longdescription lang="en"> + The Uncomplicated Firewall (ufw) is a frontend for iptables and is + particularly well-suited for host-based firewalls. It provides a framework + for managing netfilter, as well as an easy to use command-line interface for + manipulating the firewall. +</longdescription> + <upstream> + <remote-id type="launchpad">ufw</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild new file mode 100644 index 000000000000..ec748222d329 --- /dev/null +++ b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild @@ -0,0 +1,185 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python{2_7,3_4} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="https://launchpad.net/ufw" +SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ia64 ppc ppc64 sparc ~x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.31.1-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${P}-shebang.patch + # Fix bash completions, bug #526300 + "${FILESDIR}"/${P}-bash-completion.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + fi + if [[ -z ${REPLACING_VERSIONS} ]] \ + || [[ ${REPLACING_VERSIONS} < 0.34 ]]; + then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} diff --git a/net-firewall/ufw/ufw-0.35-r1.ebuild b/net-firewall/ufw/ufw-0.35-r1.ebuild new file mode 100644 index 000000000000..d5b5aa280a4d --- /dev/null +++ b/net-firewall/ufw/ufw-0.35-r1.ebuild @@ -0,0 +1,195 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) +DISTUTILS_IN_SOURCE_BUILD=1 + +inherit bash-completion-r1 eutils linux-info distutils-r1 systemd + +DESCRIPTION="A program used to manage a netfilter firewall" +HOMEPAGE="https://launchpad.net/ufw" +SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 ia64 ppc ppc64 ~sparc x86" +IUSE="examples ipv6" + +DEPEND="sys-devel/gettext" +RDEPEND=">=net-firewall/iptables-1.4[ipv6?] + !<kde-misc/kcm-ufw-0.4.2 + !<net-firewall/ufw-frontends-0.3.2 +" + +# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982 +RESTRICT="test" + +PATCHES=( + # Remove unnecessary build time dependency on net-firewall/iptables. + "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch + # Move files away from /lib/ufw. + "${FILESDIR}"/${PN}-0.35-move-path.patch + # Remove shebang modification. + "${FILESDIR}"/${PN}-0.34_pre805-shebang.patch + # Fix bash completions, bug #526300 + "${FILESDIR}"/${P}-bash-completion.patch +) + +pkg_pretend() { + local CONFIG_CHECK="~PROC_FS + ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL + ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT + ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE" + + if kernel_is -ge 2 6 39; then + CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE" + else + CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE" + fi + + # https://bugs.launchpad.net/ufw/+bug/1076050 + if kernel_is -ge 3 4; then + CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG" + else + CONFIG_CHECK+=" ~IP_NF_TARGET_LOG" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG" + fi + + CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT" + use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT" + + check_extra_config + + # Check for default, useful optional features. + if ! linux_config_exists; then + ewarn "Cannot determine configuration of your kernel." + return + fi + + local nf_nat_ftp_ok="yes" + local nf_conntrack_ftp_ok="yes" + local nf_conntrack_netbios_ns_ok="yes" + + linux_chkconfig_present \ + NF_NAT_FTP || nf_nat_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no" + linux_chkconfig_present \ + NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no" + + # This is better than an essay for each unset option... + if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \ + || [[ ${nf_conntrack_netbios_ns_ok} = no ]] + then + echo + local mod_msg="Kernel options listed below are not set. They are not" + mod_msg+=" mandatory, but they are often useful." + mod_msg+=" If you don't need some of them, please remove relevant" + mod_msg+=" module name(s) from IPT_MODULES in" + mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw." + mod_msg+=" Otherwise ufw may fail to start!" + ewarn "${mod_msg}" + if [[ ${nf_nat_ftp_ok} = no ]]; then + ewarn "NF_NAT_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_ftp_ok} = no ]]; then + ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP." + fi + if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then + ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support." + fi + fi +} + +python_prepare_all() { + # Set as enabled by default. User can enable or disable + # the service by adding or removing it to/from a runlevel. + sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \ + || die "sed failed (ufw.conf)" + + sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die + + # If LINGUAS is set install selected translations only. + if [[ -n ${LINGUAS+set} ]]; then + _EMPTY_LOCALE_LIST="yes" + pushd locales/po > /dev/null || die + + local lang + for lang in *.po; do + if ! has "${lang%.po}" ${LINGUAS}; then + rm "${lang}" || die + else + _EMPTY_LOCALE_LIST="no" + fi + done + + popd > /dev/null || die + else + _EMPTY_LOCALE_LIST="no" + fi + + distutils-r1_python_prepare_all +} + +python_install_all() { + newconfd "${FILESDIR}"/ufw.confd ufw + newinitd "${FILESDIR}"/ufw-2.initd ufw + systemd_dounit "${FILESDIR}/ufw.service" + + exeinto /usr/share/${PN} + doexe tests/check-requirements + + # users normally would want it + insinto /usr/share/doc/${PF}/logging/syslog-ng + doins "${FILESDIR}"/syslog-ng/* + + insinto /usr/share/doc/${PF}/logging/rsyslog + doins "${FILESDIR}"/rsyslog/* + doins doc/rsyslog.example + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins examples/* + fi + newbashcomp shell-completion/bash ${PN} + + [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo + + distutils-r1_python_install_all + python_replicate_script "${D}usr/sbin/ufw" +} + +pkg_postinst() { + local print_check_req_warn + print_check_req_warn=false + + if [[ -z ${REPLACING_VERSIONS} ]]; then + echo + elog "To enable ufw, add it to boot sequence and activate it:" + elog "-- # rc-update add ufw boot" + elog "-- # /etc/init.d/ufw start" + echo + elog "If you want to keep ufw logs in a separate file, take a look at" + elog "/usr/share/doc/${PF}/logging." + print_check_req_warn=true + else + for rv in ${REPLACING_VERSIONS}; do + local major=${rv%%.*} + local minor=${rv#${major}.} + if [[ ${major} -eq 0 && ${minor} -lt 34 ]]; then + print_check_req_warn=true + fi + done + fi + if $print_check_req_warn; then + echo + elog "/usr/share/ufw/check-requirements script is installed." + elog "It is useful for debugging problems with ufw. However one" + elog "should keep in mind that the script assumes IPv6 is enabled" + elog "on kernel and net-firewall/iptables, and fails when it's not." + fi + echo + ewarn "Note: once enabled, ufw blocks also incoming SSH connections by" + ewarn "default. See README, Remote Management section for more information." +} |