Overview

File SuSEfirewall2.spec of Package SuSEfirewall2

#
# spec file for package SuSEfirewall2 (Version 3.6_SVNr226)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild
# icecream 0


Name:           SuSEfirewall2
Version:        3.6_SVNr226
Release:        1
License:        GPL v2 or later
Group:          Productivity/Networking/Security
Provides:       personal-firewall SuSEfirewall
Obsoletes:      personal-firewall SuSEfirewall
PreReq:         %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem
Requires:       iptables coreutils perl sysconfig
Summary:        Stateful Packet Filter Using iptables and netfilter
Source:         SuSEfirewall2-%{version}.tar.bz2
BuildArch:      noarch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
SuSEfirewall2 implements a packet filter that protects hosts and
routers by limiting which services or networks are accessible on the
host or via the router.

SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.



Authors:
--------
    Ludwig Nussel <ludwig.nussel@suse.de>
    Marc Heuse

%prep
%setup
# please send patches to lnussel for inclusion in svn first

%build

%install
make DESTDIR="%{buildroot}" install
install -d -m 755 %{buildroot}/var/adm/fillup-templates/
install -m 644 SuSEfirewall2.sysconfig %{buildroot}/var/adm/fillup-templates/sysconfig.SuSEfirewall2
install -d -m 755 %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity
install -m 644 SuSEfirewall2-doc.desktop \
	%{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop
#

%files
%defattr(-, root, root)
%doc LICENCE EXAMPLES FAQ README
%doc *.html *.css
%doc SuSEfirewall2.sysconfig
%doc %{_datadir}/susehelp
%config(noreplace) /etc/sysconfig/scripts/SuSEfirewall2-custom
%config /etc/init.d/SuSEfirewall2_init
%config /etc/init.d/SuSEfirewall2_setup
/etc/sysconfig/SuSEfirewall2.d/services/*
/etc/sysconfig/scripts/SuSEfirewall2-rpcinfo
/etc/sysconfig/scripts/SuSEfirewall2-showlog
/etc/sysconfig/scripts/SuSEfirewall2-open
/etc/sysconfig/scripts/SuSEfirewall2-batch
/etc/sysconfig/scripts/SuSEfirewall2-qdisc
/etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast
/etc/sysconfig/network/scripts/SuSEfirewall2
/etc/sysconfig/network/scripts/firewall
/etc/sysconfig/network/if-up.d/SuSEfirewall2
/sbin/rcSuSEfirewall2
/sbin/SuSEfirewall2
/var/adm/fillup-templates/sysconfig.SuSEfirewall2

%postun
%insserv_cleanup

%post
# rename old config file
if test -e etc/rc.config.d/firewall2.rc.config -a ! -e etc/sysconfig/SuSEfirewall2; then
  sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/SuSEfirewall2-custom#' \
  < etc/rc.config.d/firewall2.rc.config > etc/sysconfig/SuSEfirewall2
  mv etc/rc.config.d/firewall2.rc.config etc/rc.config.d/firewall2.rc.config.rpmsave
fi
# save custom script
if test -e etc/rc.config.d/firewall2-custom.rc.config; then
  mv etc/rc.config.d/firewall2-custom.rc.config etc/rc.config.d/firewall2-custom.rc.config.rpmorig
  if test -e etc/sysconfig/scripts/SuSEfirewall2-custom; then
    mv -f etc/sysconfig/scripts/SuSEfirewall2-custom etc/sysconfig/scripts/SuSEfirewall2-custom.rpmnew
  fi
  sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/SuSEfirewall2-custom#' \
   < etc/rc.config.d/firewall2-custom.rc.config.bak > etc/sysconfig/scripts/SuSEfirewall2-custom
fi
dropvar=
# really old
dropvar="$dropvar FW_SERVICE_AUTODETECT FW_SERVICE_DNS FW_SERVICE_DHCLIENT"
dropvar="$dropvar FW_SERVICE_DHCPD FW_SERVICE_SQUID FW_SERVICE_SAMBA"
# obsolete after 9.1
dropvar="$dropvar FW_IPSEC_MARK"
# obsolete after 9.2
dropvar="$dropvar FW_ALLOW_FW_TRACEROUTE"
dropvar="$dropvar FW_AUTOPROTECT_SERVICES FW_ANTISPOOF FW_PROTECT_FROM_INTERNAL"
dropvar="$dropvar FW_QUICKMODE FW_SERVICES_QUICK_TCP FW_SERVICES_QUICK_UDP FW_SERVICES_QUICK_IP"
#
# remove FW_LOG because log prefix of <= 9.0 is too long
if [ -e etc/sysconfig/SuSEfirewall2 ] && \
 (reset_fw_log=0; . etc/sysconfig/SuSEfirewall2 && \
 set -- $FW_LOG && \
 while [ "$#" != 0 ]; do
	 [ "$1" = "--log-prefix" -a "$2" = "SuSE-FW" ] && reset_fw_log=1; shift;
 done
 test "$reset_fw_log" != 0); then
    dropvar="$dropvar FW_LOG"
fi
%{remove_and_set -n SuSEfirewall2 $dropvar}
# now merge new sysconfig files
%{fillup_and_insserv SuSEfirewall2_init SuSEfirewall2_setup}
# SuSEfirewall2_init is no longer a boot.d script, need to remove
# and add it again
for i in etc/init.d/boot.d/S??SuSEfirewall2_init; do
    if [ -e "$i" ]; then
	/sbin/insserv -r -f SuSEfirewall2_init
	/sbin/insserv -f SuSEfirewall2_init
	break
    fi
done
# convert FW_PROTECT_FROM_INTERNAL
if [ -e etc/sysconfig/SuSEfirewall2 \
    -a -n "$FW_PROTECT_FROM_INTERNAL" -a "$FW_PROTECT_FROM_INTERNAL" != "no" ]; then
    sed 's/^FW_PROTECT_FROM_INT=.*/FW_PROTECT_FROM_INT="yes"/' \
	< etc/sysconfig/SuSEfirewall2 \
	> etc/sysconfig/SuSEfirewall2.new \
	&& mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2
fi
# convert old broadcast variables from <= 9.2 if needed
if [ -e etc/sysconfig/SuSEfirewall2 -a -e etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast ]; then
    (
	. etc/sysconfig/SuSEfirewall2
	have_old_allow=
	have_old_ignore=
	if [ -n "$FW_ALLOW_FW_BROADCAST" -a "$FW_ALLOW_FW_BROADCAST" != "int" ]; then
	    have_old_allow=1
	fi
	if [ -n "$FW_IGNORE_FW_BROADCAST" -a "$FW_IGNORE_FW_BROADCAST" != "no" ]; then
	    have_old_ignore=1
	fi
	if [ -n "$have_old_allow" -o -n "$have_old_ignore" ]; then
	    alias warning=:
	    . etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast
	    convert_old_broadcast
	fi
	sedpattern=
	if [ -n "$have_old_allow" ]; then
	    sedpattern="s/^FW_ALLOW_FW_BROADCAST_INT=.*/FW_ALLOW_FW_BROADCAST_INT=\"$FW_ALLOW_FW_BROADCAST_INT\"/"
	    sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_EXT=.*/FW_ALLOW_FW_BROADCAST_EXT=\"$FW_ALLOW_FW_BROADCAST_EXT\"/"
	    sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_DMZ=.*/FW_ALLOW_FW_BROADCAST_DMZ=\"$FW_ALLOW_FW_BROADCAST_DMZ\"/"
	fi
	if [ -n "$have_old_ignore" ]; then
	    sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_INT=.*/FW_IGNORE_FW_BROADCAST_INT=\"$FW_IGNORE_FW_BROADCAST_INT\"/"
	    sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_EXT=.*/FW_IGNORE_FW_BROADCAST_EXT=\"$FW_IGNORE_FW_BROADCAST_EXT\"/"
	    sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_DMZ=.*/FW_IGNORE_FW_BROADCAST_DMZ=\"$FW_IGNORE_FW_BROADCAST_DMZ\"/"
	fi
	if [ -n "$sedpattern" ]; then
	    sed "$sedpattern" < etc/sysconfig/SuSEfirewall2 \
		> etc/sysconfig/SuSEfirewall2.new \
		&& mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2 \
		&& echo "old broadcast variables converted"
	fi
	%{remove_and_set -n SuSEfirewall2 FW_IGNORE_FW_BROADCAST FW_ALLOW_FW_BROADCAST}
    )
fi
if [ -e etc/sysconfig/SuSEfirewall2 ] \
	&& grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' etc/sysconfig/SuSEfirewall2; then
	sed 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' \
		< etc/sysconfig/SuSEfirewall2 \
		> etc/sysconfig/SuSEfirewall2.new \
		&& mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2 \
		&& echo "FW_MASQ_DEV converted"
fi
exit 0

%clean
rm -rf %{buildroot}

%changelog
openSUSE Build Service is sponsored by
Places