LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File perl-Fwctl.spec of Package perl-Fwctl (Project devel:languages:perl:CPAN)

# spec file for package perl-Fwctl (Version 0.28)
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# norootforbuild

Name:		perl-Fwctl
Version:        0.28
Release:	0
License:        GPL or GPLv2 or GPLv3
Group:          Development/Libraries/Perl
Summary:        Interface to Linux packet filtering firewall
Source:         http://search.cpan.org/CPAN/authors/id/F/FR/FRAJULAC/Fwctl-%{version}.tar.gz
Url:            http://search.cpan.org/dist/Fwctl
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:	perl
Requires:	perl = %(eval "`%{__perl} -V:version`"; echo $version)
Provides:	perl-Fwctl-RuleSet
Provides:	perl-IPChains-PortFW
Provides:	perl-Fwctl-Services-all
Provides:	perl-Fwctl-Services-ftp
Provides:	perl-Fwctl-Services-lpd
Provides:	perl-Fwctl-Services-ntp
Provides:	perl-Fwctl-Services-rsh
Provides:	perl-Fwctl-Services-dhcp
Provides:	perl-Fwctl-Services-http
Provides:	perl-Fwctl-Services-ping
Provides:	perl-Fwctl-Services-pptp
Provides:	perl-Fwctl-Services-snmp
Provides:	perl-Fwtcl-Services-tftp
Provides:	perl-Fwctl-Services-ipsec
Provides:	perl-Fwctl-Services-timed
Provides:	perl-Fwctl-Services-ip_pkt
Provides:	perl-Fwctl-Services-syslog
Provides:	perl-Fwctl-Services-hylafax
Provides:	perl-Fwctl-Services-netbios
Provides:	perl-Fwctl-Services-portmap
Provides:	perl-Fwctl-Services-udp_pkt
Provides:	perl-Fwctl-Services-icmp_pkt
Provides:	perl-Fwctl-Services-redirect
Provides:	perl-Fwctl-Services-pcanywhere
Provides:	perl-Fwctl-Services-traceroute
Provides:	perl-Fwctl-Services-tcp_service
Provides:	perl-Fwctl-Services-udp_service
Provides:	perl-Fwctl-Services-name_service
Provides:	perl-Fwctl-Services-traffic_control
%if 0%{?fedora_version} || 0%{?centos_version} || 0%{?rhel_version}
BuildRequires: 	perl-ExtUtils-MakeMaker
BuildRequires: 	perl-Module-Build
BuildRequires: 	perl-CPAN

BuildArch:  noarch

Requires:	perl-IPChains
Requires:	perl-Net-IPv4Addr >= 0.09

Fwctl is a module to configure the Linux kernel packet filtering
firewall using higher level abstraction than rules on input, output and
forward chains. It supports masquerading and accounting as well.Why
Fwctl ? Well, say you are the kind of paranoid firewall administrator
which likes his firewall's rules tight. Very tight. Say the kind, that
likes to distinguish between a SYN and ACK packet when accepting a TCP
connection (anybody configuring packet filters should care about that
last point), or like to specify the interface name on each rules.
(Whether this is really need, or such a stance is relevant, is not the
point.) How would such an administrator proceed ? First of all you deny
everything on all interfaces and on all chains (input, forward and
output) and turn on logging. Now starting from this configuration (in
which Fwctl puts the firewall on initialization), say you want to enable
ping from the internal network to the internal ip. What rules do you
need ? You need a rule on the input chain to accept the echo-request
packet and a rule on the output chain to accept the echo-reply request.
Right ? Well, what about the loopback. For sure, when we say from local
net to local ip, this imply local ip to local ip ? Then you add a rule
to the output chain with the loopback interface, and a rule on the input
rule to the loopback chain. And we didn't even start forwarding yet !
Add masquerading to the lot and multi connections protocols like FTP and
you got something unmanageable. So you start accepting things you
shouldn't to get your job done and in the end your filters look like
emmenthal.Fwctl handles all the complexity of this, so that when you say

%setup -q -n Fwctl-%{version}

if [ -f Build.PL ]; then
    %{__perl} Build.PL --installdirs vendor
    %{__perl} Makefile.PL INSTALLDIRS=vendor
if [ -f Build.PL ]; then
    ./Build build flags=%{?_smp_mflags}
    %{__make} %{?_smp_mflags}

if [ -f Build.PL ]; then
    ./Build pure_install --destdir %{buildroot}
    %{__make} pure_install PERL_INSTALL_ROOT=%{buildroot}

find %{buildroot} -type f -name .packlist -exec rm -f {} ';'

find %{buildroot} -depth -type d -exec rmdir {} 2>/dev/null ';'

find %{buildroot}/%{perl_vendorlib} -type d > %{_tmppath}/file.list.%{name}
find %{buildroot} -type f >> %{_tmppath}/file.list.%{name}

%{__sed} -i -e 's|^%{buildroot}||g' %{_tmppath}/file.list.%{name}

%{__sed} -i -r -e 's|(/share/man/man[1-9]/.*\.[1-9]pm)$|\1.gz|; 
    s|(/share/man/man[1-9]/.*)(\.[1-9])$|\1\2.gz|' %{_tmppath}/file.list.%{name}

%{_fixperms} %{buildroot}/*

if [ -f Build.PL ]; then
    ./Build test
    %{__make} test

[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && %{__rm} -rf $RPM_BUILD_ROOT

%files -f %{_tmppath}/file.list.%{name}