#!/bin/bash # # arno-iptables-firewall is free software; you can redistribute it and/or modify it under the # terms of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or any later version. # # arno-iptables-firewall is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place - Suite 330, Boston, MA 02111-1307, USA # # SlackBuild for arno-iptables-firewall # http://rocky.eld.leidenuniv.nl/page/iptables/iptframe.htm # # Author: Luis ( luis at riseup d0t net ) # # Look for slackbuildrc if [ -f ~/.slackbuildrc ]; then source ~/.slackbuildrc elif [ -f /etc/slackbuildrc ]; then source /etc/slackbuildrc fi # Set variables CWD="$(pwd)" SRC_NAME="arno-iptables-firewall" PKG_NAME="arno-iptables-firewall" ARCH="noarch" SRC_VERSION=${VERSION:=1.8.8h} PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')" BUILD=${BUILD:=1ls} SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME TMP=${TMP:=/tmp} PKG=${PKG:=$TMP/package-$PKG_NAME} REPOS=${REPOS:=$TMP} PREFIX=${PREFIX:=/usr} PKG_SRC="$TMP/${SRC_NAME}_$SRC_VERSION" CONF_OPTIONS=${CONF_OPTIONS:=} NUMJOBS=${NUMJOBS:=-j4} # Set error codes (used by createpkg) ERROR_WGET=31; ERROR_MAKE=32; ERROR_INSTALL=33 ERROR_MD5=34; ERROR_CONF=35; ERROR_HELP=36 ERROR_TAR=37; ERROR_MKPKG=38; ERROR_GPG=39 ERROR_PATCH=40; ERROR_VCS=41; ERROR_MKDIR=42 # Clean up any leftovers of previous builds rm -rf "$PKG_SRC" 2> /dev/null rm -rf "$PKG" 2> /dev/null # Create directories if necessary mkdir -p "$SRC_DIR" || exit $ERROR_MKDIR mkdir -p "$PKG" || exit $ERROR_MKDIR mkdir -p "$REPOS" || exit $ERROR_MKDIR # Dowload source if necessary SRC="${SRC_NAME}_$SRC_VERSION.tar.gz" URL="http://rocky.eld.leidenuniv.nl/iptables-firewall/$SRC" if [ ! -s "$SRC_DIR/$SRC" ] || ! gzip -t "$SRC_DIR/$SRC" 2> /dev/null; then wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET fi # Untar cd "$TMP" tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR cd "$PKG_SRC" # Install mkdir -p "$PKG/etc/rc.d" || exit $ERROR_MKDIR mkdir -p "$PKG/etc/logrotate.d" || exit $ERROR_MKDIR mkdir -p "$PKG/$PREFIX/bin" || exit $ERROR_MKDIR mkdir -p "$PKG/$PREFIX/man/man1" || exit $ERROR_MKDIR mkdir -p "$PKG/$PREFIX/man/man8" || exit $ERROR_MKDIR cp -a arno-iptables-firewall "$PKG/etc/rc.d/rc.firewall.new" cp -a etc/arno-iptables-firewall "$PKG/etc" cp -a Slackware/syslog.conf "$PKG/etc/syslog.conf.new" cp -a "$CWD/syslog.new" "$PKG/etc/logrotate.d" cp -a arno-fwfilter "$PKG/$PREFIX/bin" cp -a man/arno-fwfilter.1 "$PKG/$PREFIX/man/man1" cp -a man/arno-iptables-firewall.8 "$PKG/$PREFIX/man/man8" mv -f "$PKG/etc/arno-iptables-firewall/firewall.conf" \ "$PKG/etc/arno-iptables-firewall/firewall.conf.new" mv -f "$PKG/etc/arno-iptables-firewall/plugins/ssh-brute-force-protection.conf" \ "$PKG/etc/arno-iptables-firewall/plugins/ssh-brute-force-protection.conf.new" # Compress and link manpages if [ -d "$PKG/$PREFIX/man" ]; then ( cd "$PKG/$PREFIX/man" for manpagedir in $(find . -type d -name "man*") ; do ( cd $manpagedir for eachpage in $( find . -type l -maxdepth 1) ; do ln -s $( readlink $eachpage ).gz $eachpage.gz rm $eachpage done gzip -9 *.? ) done ) fi # Install documentation DOCS="CHANGELOG README gpl_license.txt" mkdir -p "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" || exit $ERROR_MKDIR cp -a $DOCS "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" # Add package description (slack-desc) mkdir -p "$PKG/install" || exit $ERROR_MKDIR cat << EODESC > "$PKG/install/slack-desc" # HOW TO EDIT THIS FILE: # The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' # on the right side marks the last column you can put a character in. You must # make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler----------------------------------------| arno-iptables-firewall: arno-iptables-firewall (Arno's iptables firewall) arno-iptables-firewall: arno-iptables-firewall: A highly customizable iptables firewall script, arno-iptables-firewall: featuring stealth scan detection, extensive user- arno-iptables-firewall: definable logging, masquerading and port forwarding arno-iptables-firewall: (NAT), protection against SYN/ICMP flooding, etc. arno-iptables-firewall: It also includes a filter script (arno-fwfilter) to arno-iptables-firewall: make its logs more easily readable. arno-iptables-firewall: arno-iptables-firewall: For more information, http://rocky.eld.leidenuniv.nl/ arno-iptables-firewall: EODESC # Add a post-installation script (doinst.sh) cat << EOSCRIPT > "$PKG/install/doinst.sh" config() { NEW="\$1" OLD="\$(dirname \$NEW)/\$(basename \$NEW .new)" # If there's no config file by that name, mv it over: if [ ! -r \$OLD ]; then mv \$NEW \$OLD elif [ "\$(cat \$OLD | md5sum)" = "\$(cat \$NEW | md5sum)" ]; then # toss the redundant copy rm \$NEW fi # Otherwise, we leave the .new copy for the admin to consider... } config etc/rc.d/rc.firewall.new config etc/arno-iptables-firewall/firewall.conf.new config etc/arno-iptables-firewall/plugins/ssh-brute-force-protection.conf.new config etc/syslog.conf.new config etc/logrotate.d/syslog.new echo echo " Remember to check the .new files (if any), specially:" echo echo " /etc/rc.d/rc.firewall.new" echo " /etc/arno-iptables-firewall/firewall.conf.new" echo " /etc/syslog.conf.new" echo " /etc/logrotate.d/syslog.new" echo echo " Also, firewall.conf *has* to be properly configured for" echo " this firewall to work." echo EOSCRIPT # Build the package cd "$PKG" makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG # Delete source and build directories if requested if [ "$CLEANUP" == "yes" ]; then rm -rf "$PKG_SRC" "$PKG" fi