Add shorewall6-lite

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
SVN-Revision: 18735

diff --git a/ipv6/shorewall6-lite/Makefile b/ipv6/shorewall6-lite/Makefile
new file mode 100644 (file)
index 0000000..1a7275a
--- /dev/null
+++ b/ipv6/shorewall6-lite/Makefile
@@ -0,0 +1,66 @@
+# 
+# Copyright (C) 2008 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=shorewall6-lite
+PKG_VERSION:=4.2.11.2
+PKG_VERSION_DIR:=4.2.11
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \
+       http://www1.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \
+       http://slovakia.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \
+       http://shorewall.de/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \
+       http://www.shorewall.com.au/4.2/shorewall-$(PKG_VERSION_DIR)/ \
+       http://shorewall.infohiiway.com/pub/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/ \
+       http://www.shorewall.com.ar/pub/shorewall/shorewall/4.2/shorewall-$(PKG_VERSION_DIR)/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_MD5SUM:=ade665881a4bb0b5592276e8d90c4681
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shorewall6-lite
+  SECTION:=ipv6
+  CATEGORY:=IPv6
+  DEPENDS:=+ip +ip6tables +ip6tables-utils
+  TITLE:=Shorewall6 Lite
+  URL:=http://www.shorewall.net/
+  SUBMENU:=firewall
+endef
+
+define Package/shorewall6-lite/description
+       Shoreline Firewall 6 Lite is an iptables-based firewall for Linux systems.
+endef
+
+define Package/shorewall6-lite/conffiles
+/etc/shorewall6-lite/shorewall6-lite.conf
+/etc/shorewall6-lite/vardir
+endef
+
+define Build/Compile
+       rm -rf $(PKG_INSTALL_DIR)
+       mkdir -p $(PKG_INSTALL_DIR)
+       PREFIX=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh
+endef
+
+define Package/shorewall6-lite/install
+       $(INSTALL_DIR) $(1)/sbin
+       $(INSTALL_DIR) $(1)/etc/init.d
+       $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+       $(INSTALL_DIR) $(1)/etc/shorewall6-lite
+       $(INSTALL_DIR) $(1)/usr/share
+       $(INSTALL_BIN) ./files/shorewall-lite.init $(1)/etc/init.d/shorewall6-lite
+       $(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall6-lite
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/shorewall6-lite $(1)/sbin
+       $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall6-lite $(1)/usr/share
+       $(INSTALL_BIN) ./files/hostname $(1)/usr/share/shorewall6-lite
+       $(CP) $(PKG_INSTALL_DIR)/etc/shorewall6-lite $(1)/etc
+       $(CP) ./files/vardir $(1)/etc/shorewall6-lite
+endef
+
+$(eval $(call BuildPackage,shorewall6-lite))

diff --git a/ipv6/shorewall6-lite/files/hostname b/ipv6/shorewall6-lite/files/hostname
new file mode 100644 (file)
index 0000000..42e1643
--- /dev/null
+++ b/ipv6/shorewall6-lite/files/hostname
@@ -0,0 +1,2 @@
+#!/bin/sh
+cat /proc/sys/kernel/hostname

diff --git a/ipv6/shorewall6-lite/files/hotplug_iface b/ipv6/shorewall6-lite/files/hotplug_iface
new file mode 100644 (file)
index 0000000..58ecbf9
--- /dev/null
+++ b/ipv6/shorewall6-lite/files/hotplug_iface
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# should restart shorewall when an interface comes up
+
+[ ifup = "$ACTION" ] && {
+       /etc/init.d/shorewall6-lite restart
+}
+
+[ ifdown = "$ACTION" ] && {
+       # might need to restore some routing
+       /etc/init.d/shorewall6-lite restart
+}

diff --git a/ipv6/shorewall6-lite/files/shorewall-lite.init b/ipv6/shorewall6-lite/files/shorewall-lite.init
new file mode 100644 (file)
index 0000000..ca24bbc
--- /dev/null
+++ b/ipv6/shorewall6-lite/files/shorewall-lite.init
@@ -0,0 +1,20 @@
+#!/bin/sh /etc/rc.common
+
+START=46
+start() {
+       touch /var/log/messages
+       mkdir -p /var/lock/subsys
+       /sbin/shorewall6-lite -qq start -f
+}
+
+stop() {
+       /sbin/shorewall6-lite -qq stop
+}
+
+restart() {
+       if [ -f /etc/shorewall6-lite/state/restore ] ; then
+               /sbin/shorewall6-lite -qq restore
+       else
+               /sbin/shorewall6-lite -qq restart
+       fi
+}

diff --git a/ipv6/shorewall6-lite/files/vardir b/ipv6/shorewall6-lite/files/vardir
new file mode 100644 (file)
index 0000000..e7a9030
--- /dev/null
+++ b/ipv6/shorewall6-lite/files/vardir
@@ -0,0 +1,2 @@
+# move state dir out of ram
+VARDIR=/etc/shorewall6-lite/state

diff --git a/ipv6/shorewall6-lite/patches/100-hostname.patch b/ipv6/shorewall6-lite/patches/100-hostname.patch
new file mode 100644 (file)
index 0000000..f901cb6
--- /dev/null
+++ b/ipv6/shorewall6-lite/patches/100-hostname.patch
@@ -0,0 +1,11 @@
+--- a/shorewall6-lite
++++ b/shorewall6-lite
+@@ -153,7 +153,7 @@
+ 
+     export VERBOSE
+ 
+-    [ -n "${HOSTNAME:=$(hostname)}" ]
++    [ -n "${HOSTNAME:=$(${SHAREDIR}/hostname)}" ]
+ 
+ }
+ 

diff --git a/ipv6/shorewall6-lite/patches/110-MODULESDIR.patch b/ipv6/shorewall6-lite/patches/110-MODULESDIR.patch
new file mode 100644 (file)
index 0000000..12f6f8d
--- /dev/null
+++ b/ipv6/shorewall6-lite/patches/110-MODULESDIR.patch
@@ -0,0 +1,20 @@
+--- a/lib.base
++++ b/lib.base
+@@ -260,7 +260,7 @@
+ 
+     [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
+ 
+-    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter
++    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)
+     MODULES=$(lsmod | cut -d ' ' -f1)
+ 
+     for directory in $(split $MODULESDIR); do
+@@ -296,7 +296,7 @@
+     [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
+ 
+     [ -z "$MODULESDIR" ] && \
+-      MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter
++      MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)
+ 
+     for directory in $(split $MODULESDIR); do
+       [ -d $directory ] && moduledirectories="$moduledirectories $directory"

diff --git a/ipv6/shorewall6-lite/patches/120-LOGFILE.patch b/ipv6/shorewall6-lite/patches/120-LOGFILE.patch
new file mode 100644 (file)
index 0000000..60d6f03
--- /dev/null
+++ b/ipv6/shorewall6-lite/patches/120-LOGFILE.patch
@@ -0,0 +1,20 @@
+--- a/shorewall6-lite  2009-12-05 22:35:20.000000000 -0500
++++ b/shorewall6-lite  2009-12-05 22:35:27.000000000 -0500
+@@ -95,7 +95,7 @@
+ 
+     if ( ps ax 2> /dev/null | grep -v grep |  qt grep 'syslogd.*-C' ) ; then
+       LOGREAD="logread | tac"
+-    elif [ -f $LOGFILE ]; then
++    elif [ -r $LOGFILE ]; then
+       LOGREAD="tac $LOGFILE"
+     else
+       echo "LOGFILE ($LOGFILE) does not exist!" >&2
+--- a/shorewall6-lite.conf     2009-12-05 22:37:43.000000000 -0500
++++ b/shorewall6-lite.conf     2009-12-05 22:37:51.000000000 -0500
+@@ -46,4 +46,6 @@
+ 
+ RESTOREFILE=
+ 
++LOGFILE=/dev/null
++
+ #LAST LINE -- DO NOT REMOVE