File SuSEfirewall2.spec of Package SuSEfirewall2
#
# spec file for package SuSEfirewall2 (Version 3.6_SVNr226)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
# icecream 0
Name: SuSEfirewall2
Version: 3.6_SVNr226
Release: 1
License: GPL v2 or later
Group: Productivity/Networking/Security
Provides: personal-firewall SuSEfirewall
Obsoletes: personal-firewall SuSEfirewall
PreReq: %fillup_prereq %insserv_prereq /bin/sed textutils fileutils grep filesystem
Requires: iptables coreutils perl sysconfig
Summary: Stateful Packet Filter Using iptables and netfilter
Source: SuSEfirewall2-%{version}.tar.bz2
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
SuSEfirewall2 implements a packet filter that protects hosts and
routers by limiting which services or networks are accessible on the
host or via the router.
SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.
Authors:
--------
Ludwig Nussel <ludwig.nussel@suse.de>
Marc Heuse
%prep
%setup
# please send patches to lnussel for inclusion in svn first
%build
%install
make DESTDIR="%{buildroot}" install
install -d -m 755 %{buildroot}/var/adm/fillup-templates/
install -m 644 SuSEfirewall2.sysconfig %{buildroot}/var/adm/fillup-templates/sysconfig.SuSEfirewall2
install -d -m 755 %{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity
install -m 644 SuSEfirewall2-doc.desktop \
%{buildroot}%{_datadir}/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop
#
%files
%defattr(-, root, root)
%doc LICENCE EXAMPLES FAQ README
%doc *.html *.css
%doc SuSEfirewall2.sysconfig
%doc %{_datadir}/susehelp
%config(noreplace) /etc/sysconfig/scripts/SuSEfirewall2-custom
%config /etc/init.d/SuSEfirewall2_init
%config /etc/init.d/SuSEfirewall2_setup
/etc/sysconfig/SuSEfirewall2.d/services/*
/etc/sysconfig/scripts/SuSEfirewall2-rpcinfo
/etc/sysconfig/scripts/SuSEfirewall2-showlog
/etc/sysconfig/scripts/SuSEfirewall2-open
/etc/sysconfig/scripts/SuSEfirewall2-batch
/etc/sysconfig/scripts/SuSEfirewall2-qdisc
/etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast
/etc/sysconfig/network/scripts/SuSEfirewall2
/etc/sysconfig/network/scripts/firewall
/etc/sysconfig/network/if-up.d/SuSEfirewall2
/sbin/rcSuSEfirewall2
/sbin/SuSEfirewall2
/var/adm/fillup-templates/sysconfig.SuSEfirewall2
%postun
%insserv_cleanup
%post
# rename old config file
if test -e etc/rc.config.d/firewall2.rc.config -a ! -e etc/sysconfig/SuSEfirewall2; then
sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/SuSEfirewall2-custom#' \
< etc/rc.config.d/firewall2.rc.config > etc/sysconfig/SuSEfirewall2
mv etc/rc.config.d/firewall2.rc.config etc/rc.config.d/firewall2.rc.config.rpmsave
fi
# save custom script
if test -e etc/rc.config.d/firewall2-custom.rc.config; then
mv etc/rc.config.d/firewall2-custom.rc.config etc/rc.config.d/firewall2-custom.rc.config.rpmorig
if test -e etc/sysconfig/scripts/SuSEfirewall2-custom; then
mv -f etc/sysconfig/scripts/SuSEfirewall2-custom etc/sysconfig/scripts/SuSEfirewall2-custom.rpmnew
fi
sed 's#etc/rc.config.d/firewall2-custom.rc.config#etc/sysconfig/scripts/SuSEfirewall2-custom#' \
< etc/rc.config.d/firewall2-custom.rc.config.bak > etc/sysconfig/scripts/SuSEfirewall2-custom
fi
dropvar=
# really old
dropvar="$dropvar FW_SERVICE_AUTODETECT FW_SERVICE_DNS FW_SERVICE_DHCLIENT"
dropvar="$dropvar FW_SERVICE_DHCPD FW_SERVICE_SQUID FW_SERVICE_SAMBA"
# obsolete after 9.1
dropvar="$dropvar FW_IPSEC_MARK"
# obsolete after 9.2
dropvar="$dropvar FW_ALLOW_FW_TRACEROUTE"
dropvar="$dropvar FW_AUTOPROTECT_SERVICES FW_ANTISPOOF FW_PROTECT_FROM_INTERNAL"
dropvar="$dropvar FW_QUICKMODE FW_SERVICES_QUICK_TCP FW_SERVICES_QUICK_UDP FW_SERVICES_QUICK_IP"
#
# remove FW_LOG because log prefix of <= 9.0 is too long
if [ -e etc/sysconfig/SuSEfirewall2 ] && \
(reset_fw_log=0; . etc/sysconfig/SuSEfirewall2 && \
set -- $FW_LOG && \
while [ "$#" != 0 ]; do
[ "$1" = "--log-prefix" -a "$2" = "SuSE-FW" ] && reset_fw_log=1; shift;
done
test "$reset_fw_log" != 0); then
dropvar="$dropvar FW_LOG"
fi
%{remove_and_set -n SuSEfirewall2 $dropvar}
# now merge new sysconfig files
%{fillup_and_insserv SuSEfirewall2_init SuSEfirewall2_setup}
# SuSEfirewall2_init is no longer a boot.d script, need to remove
# and add it again
for i in etc/init.d/boot.d/S??SuSEfirewall2_init; do
if [ -e "$i" ]; then
/sbin/insserv -r -f SuSEfirewall2_init
/sbin/insserv -f SuSEfirewall2_init
break
fi
done
# convert FW_PROTECT_FROM_INTERNAL
if [ -e etc/sysconfig/SuSEfirewall2 \
-a -n "$FW_PROTECT_FROM_INTERNAL" -a "$FW_PROTECT_FROM_INTERNAL" != "no" ]; then
sed 's/^FW_PROTECT_FROM_INT=.*/FW_PROTECT_FROM_INT="yes"/' \
< etc/sysconfig/SuSEfirewall2 \
> etc/sysconfig/SuSEfirewall2.new \
&& mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2
fi
# convert old broadcast variables from <= 9.2 if needed
if [ -e etc/sysconfig/SuSEfirewall2 -a -e etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast ]; then
(
. etc/sysconfig/SuSEfirewall2
have_old_allow=
have_old_ignore=
if [ -n "$FW_ALLOW_FW_BROADCAST" -a "$FW_ALLOW_FW_BROADCAST" != "int" ]; then
have_old_allow=1
fi
if [ -n "$FW_IGNORE_FW_BROADCAST" -a "$FW_IGNORE_FW_BROADCAST" != "no" ]; then
have_old_ignore=1
fi
if [ -n "$have_old_allow" -o -n "$have_old_ignore" ]; then
alias warning=:
. etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast
convert_old_broadcast
fi
sedpattern=
if [ -n "$have_old_allow" ]; then
sedpattern="s/^FW_ALLOW_FW_BROADCAST_INT=.*/FW_ALLOW_FW_BROADCAST_INT=\"$FW_ALLOW_FW_BROADCAST_INT\"/"
sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_EXT=.*/FW_ALLOW_FW_BROADCAST_EXT=\"$FW_ALLOW_FW_BROADCAST_EXT\"/"
sedpattern="$sedpattern;s/^FW_ALLOW_FW_BROADCAST_DMZ=.*/FW_ALLOW_FW_BROADCAST_DMZ=\"$FW_ALLOW_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$have_old_ignore" ]; then
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_INT=.*/FW_IGNORE_FW_BROADCAST_INT=\"$FW_IGNORE_FW_BROADCAST_INT\"/"
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_EXT=.*/FW_IGNORE_FW_BROADCAST_EXT=\"$FW_IGNORE_FW_BROADCAST_EXT\"/"
sedpattern="$sedpattern;s/^FW_IGNORE_FW_BROADCAST_DMZ=.*/FW_IGNORE_FW_BROADCAST_DMZ=\"$FW_IGNORE_FW_BROADCAST_DMZ\"/"
fi
if [ -n "$sedpattern" ]; then
sed "$sedpattern" < etc/sysconfig/SuSEfirewall2 \
> etc/sysconfig/SuSEfirewall2.new \
&& mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2 \
&& echo "old broadcast variables converted"
fi
%{remove_and_set -n SuSEfirewall2 FW_IGNORE_FW_BROADCAST FW_ALLOW_FW_BROADCAST}
)
fi
if [ -e etc/sysconfig/SuSEfirewall2 ] \
&& grep -q '^FW_MASQ_DEV="\$FW_DEV_EXT"$' etc/sysconfig/SuSEfirewall2; then
sed 's/^FW_MASQ_DEV="\$FW_DEV_EXT"$/FW_MASQ_DEV="zone:ext"/' \
< etc/sysconfig/SuSEfirewall2 \
> etc/sysconfig/SuSEfirewall2.new \
&& mv etc/sysconfig/SuSEfirewall2.new etc/sysconfig/SuSEfirewall2 \
&& echo "FW_MASQ_DEV converted"
fi
exit 0
%clean
rm -rf %{buildroot}
%changelog