This patch updates shorewall-lite to current stable release 4.5.6.2 Please note:
The new package shorewall-core 4.5.6.2 is required by this shorewall-lite version and perlbase-digest. Signed-off-by: Edy Corak [email protected]
Index: Makefile =================================================================== --- Makefile (Revision 33177) +++ Makefile (Arbeitskopie) @@ -1,5 +1,5 @@ # -# Copyright (C) 2008-2011 OpenWrt.org +# Copyright (C) 2008-2012 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,33 +8,39 @@ include $(TOPDIR)/rules.mk PKG_NAME:=shorewall-lite -PKG_VERSION:=4.4.27.3 -PKG_DIRECTORY:=4.4.27 -PKG_RELEASE:=4 +PKG_VERSION:=4.5.6.2 +PKG_DIRECTORY:=4.5.6 +PKG_RELEASE:=3 -PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.4/shorewall-$(PKG_DIRECTORY)/ \ - http://www1.shorewall.net/pub/shorewall/4.4/shorewall-$(PKG_DIRECTORY)/ \ - http://slovakia.shorewall.net/pub/shorewall/4.4/shorewall-$(PKG_DIRECTORY)/ \ - http://shorewall.de/pub/shorewall/4.4/shorewall-$(PKG_DIRECTORY)/ \ - http://www.shorewall.com.au/4.4/shorewall-$(PKG_DIRECTORY)/ \ - http://shorewall.infohiiway.com/pub/shorewall/4.4/shorewall-$(PKG_DIRECTORY)/ \ - http://www.shorewall.com.ar/pub/shorewall/shorewall/4.4/shorewall-$(PKG_DIRECTORY)/ +PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.5/shorewall-$(PKG_DIRECTORY)/ \ + http://www1.shorewall.net/pub/shorewall/4.5/shorewall-$(PKG_DIRECTORY)/ \ + http://slovakia.shorewall.net/pub/shorewall/4.5/shorewall-$(PKG_DIRECTORY)/ \ + http://shorewall.de/pub/shorewall/4.5/shorewall-$(PKG_DIRECTORY)/ \ + http://www.shorewall.com.au/4.5/shorewall-$(PKG_DIRECTORY)/ \ + http://shorewall.infohiiway.com/pub/shorewall/4.5/shorewall-$(PKG_DIRECTORY)/ \ + http://www.shorewall.com.ar/pub/shorewall/shorewall/4.5/shorewall-$(PKG_DIRECTORY)/ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_MD5SUM:=40be496c0d512d885b7b0f64204bc235 +PKG_MD5SUM:=270b746494e42a09bbf95aaa53f029df include $(INCLUDE_DIR)/package.mk define Package/shorewall-lite SECTION:=net CATEGORY:=Network - DEPENDS:=+ip +iptables + DEPENDS:=+ip +iptables +shorewall-core +perlbase-digest TITLE:=Shorewall Lite URL:=http://www.shorewall.net/ SUBMENU:=Firewall endef define Package/shorewall-lite/description - Shoreline Firewall Lite is an iptables-based firewall for Linux systems. + The Shoreline Firewall, is high-level tool for configuring Netfilter. + + Shorewall allows for central administration of multiple IPv4 firewalls + through use of Shorewall lite. The full Shorewall product is installed + on a central administrative system where compiled Shorewall scripts are + generated. These scripts are copied to the firewall systems where they + run under the control of Shorewall-lite. endef define Package/shorewall-lite/conffiles @@ -42,8 +48,11 @@ /etc/shorewall-lite/vardir endef +CONFIGURE_ARGS += \ + vendor=linux + define Build/Compile - PREFIX=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh + DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh endef define Package/shorewall-lite/install @@ -51,12 +60,13 @@ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/lsm/script.d $(INSTALL_DIR) $(1)/etc/hotplug.d/iface - $(INSTALL_DIR) $(1)/etc/shorewall-lite + $(INSTALL_DIR) $(1)/etc/shorewall-lite/state $(INSTALL_DIR) $(1)/usr/share $(INSTALL_BIN) ./files/shorewall-lite.init $(1)/etc/init.d/shorewall-lite $(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall-lite - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/shorewall-lite $(1)/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/shorewall-lite $(1)/sbin $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall-lite $(1)/usr/share + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/shorewall-lite/shorecap $(1)/usr/share/shorewall-lite $(INSTALL_BIN) ./files/hostname $(1)/usr/share/shorewall-lite $(INSTALL_BIN) ./files/lsm_script $(1)/etc/lsm/script.d/45_shorewall-lite $(CP) $(PKG_INSTALL_DIR)/etc/shorewall-lite $(1)/etc Index: files/lsm_script =================================================================== --- files/lsm_script (Revision 33177) +++ files/lsm_script (Arbeitskopie) @@ -6,6 +6,8 @@ # License: GPLv2 # +DATE=$(/bin/date) + STATE=${1} NAME=${2} CHECKIP=${3} @@ -21,23 +23,55 @@ AVG_RTT=${13} if [ -f /usr/share/shorewall-lite/lib.base ]; then - VARDIR=/var/lib/shorewall-lite - STATEDIR=/etc/shorewall-lite + VARDIR=/etc/shorewall-lite/state + STATEDIR=/etc/shorewall-lite else - VARDIR=/var/lib/shorewall - STATEDIR=/etc/shorewall + VARDIR=/var/lib/shorewall + STATEDIR=/etc/shorewall fi [ -f ${STATEDIR}/vardir ] && . ${STATEDIR}/vardir +cat <<EOM | ssmtp ${WARN_EMAIL} +Subject: "LSM: ${NAME} ${STATE}, DEV ${DEVICE}" + +Hi, + +Your connection ${NAME} has changed it's state to ${STATE} at ${DATE}. + +Following parameters were passed: + +newstate = ${STATE} +name = ${NAME} +checkip = ${CHECKIP} +device = ${DEVICE} +warn_email = ${WARN_EMAIL} + +Packet counters: + +replied = ${REPLIED} packets replied +waiting = ${WAITING} packets waiting for reply +timeout = ${TIMEOUT} packets that have timed out (= packet loss) +reply_late = ${REPLY_LATE} packets that received a reply after timeout +cons_rcvd = ${CONS_RCVD} consecutively received replies in sequence +cons_wait = ${CONS_WAIT} consecutive packets waiting for reply +cons_miss = ${CONS_MISS} consecutive packets that have timed out +avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this + +Your LSM Daemon + +EOM + if [ ${STATE} = up ]; then - echo 0 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier - ${VARDIR}/firewall enable ${DEVICE} + echo 0 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier + ${VARDIR}/firewall enable ${DEVICE} else - echo 1 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier - ${VARDIR}/firewall disable ${DEVICE} + echo 1 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier + ${VARDIR}/firewall disable ${DEVICE} fi -/sbin/shorewall-lite show routing >> /var/log/lsm +/sbin/shorewall-lite show routing > /var/log/lsm exit 0 + +#EOF Index: patches/110-MODULESDIR.patch =================================================================== --- patches/110-MODULESDIR.patch (Revision 33177) +++ patches/110-MODULESDIR.patch (Arbeitskopie) @@ -1,20 +0,0 @@ ---- a/lib.common 2012-01-21 14:21:50.000000000 +0100 -+++ b/lib.common 2012-06-03 11:52:35.115967105 +0200 -@@ -328,7 +328,7 @@ - - [ -z "$MODULESDIR" ] && \ - uname=$(uname -r) && \ -- MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset -+ MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset:/lib/modules/$uname - - [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1) - -@@ -367,7 +367,7 @@ - - [ -z "$MODULESDIR" ] && \ - uname=$(uname -r) && \ -- MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset -+ MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset:/lib/modules/$uname - - for directory in $(split $MODULESDIR); do - [ -d $directory ] && moduledirectories="$moduledirectories $directory" Index: patches/100-shorewallrc.default.patch =================================================================== --- patches/100-shorewallrc.default.patch (Revision 0) +++ patches/100-shorewallrc.default.patch (Revision 0) @@ -0,0 +1,26 @@ +--- a/shorewallrc.default 2012-08-08 17:42:31.000000000 +0200 ++++ b/shorewallrc.default 2012-08-13 11:53:38.479048989 +0200 +@@ -2,7 +2,7 @@ + # Default Shorewall 4.5 rc file + # + HOST=linux #Generic Linux +-BUILD= #Default is to detect the build system ++BUILD=linux #Default is to detect the build system + PREFIX=/usr #Top-level directory for shared files, libraries, etc. + SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. + LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +@@ -10,7 +10,7 @@ + CONFDIR=/etc #Directory where subsystem configurations are installed + SBINDIR=/sbin #Directory where system administration programs are installed + MANDIR=${PREFIX}/man #Directory where manpages are installed. +-INITDIR=etc/init.d #Directory where SysV init scripts are installed. ++INITDIR=/etc/init.d #Directory where SysV init scripts are installed. + INITFILE=$PRODUCT #Name of the product's installed SysV init script + INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script + ANNOTATED= #If non-zero, annotated configuration files are installed +@@ -18,4 +18,4 @@ + SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR + SYSCONFDIR= #Directory where SysV init parameter files are installed + SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +-VARDIR=/var/lib #Directory where product variable data is stored. ++VARDIR=/etc/shorewall-lite/state #Directory where product variable data is stored. Index: patches/120-LOGFILE.patch =================================================================== --- patches/120-LOGFILE.patch (Revision 33177) +++ patches/120-LOGFILE.patch (Arbeitskopie) @@ -1,5 +1,5 @@ ---- a/shorewall-lite.conf 2012-01-20 16:30:06.000000000 +0100 -+++ b/shorewall-lite.conf 2012-06-03 11:46:48.389503776 +0200 +--- a/shorewall-lite.conf 2012-08-08 16:29:23.000000000 +0200 ++++ b/shorewall-lite.conf 2012-08-13 11:11:11.687938395 +0200 @@ -28,7 +28,7 @@ # L O G G I N G ###############################################################################
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
