milislinux
/
milis
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vuurmuur.paketlendi

This commit is contained in:
milisarge 2017-04-18 18:41:47 +03:00
parent d3719344c1
commit fcf5c3c40b
6 changed files with 373 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
talimatname/genel/libnetfilter_log/talimat Normal file
View File

@ -0,0 +1,18 @@
# Description: kernel paket filtresi tarafından günlüğe kaydedilen paketlere arabirim sağlayan bir kullanıcı alanı kütüphanesi.
# URL: http://netfilter.org/projects/libnetfilter_log/
# Packager: milisarge
# Depends on: libnfnetlink
name=libnetfilter_log
version=1.0.1
release=1
source=(http://www.netfilter.org/projects/$name/files/$name-$version.tar.bz2)
build() {
cd $name-$version
./configure \
--prefix=/usr \
--disable-static
make
make DESTDIR=$PKG install
}

110
talimatname/genel/libnfnetlink/sync_with_kernel_headers.patch Normal file
View File

@ -0,0 +1,110 @@
From 7a1a07c0028a1c88cd7716a058697c552a563b24 Mon Sep 17 00:00:00 2001
From: Felix Janda <felix.janda@posteo.de>
Date: Sat, 16 May 2015 14:49:07 +0200
Subject: include: Sync with kernel headers
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/libnfnetlink/linux_nfnetlink.h | 44 ++++-----------------------
include/libnfnetlink/linux_nfnetlink_compat.h | 12 ++++----
2 files changed, 12 insertions(+), 44 deletions(-)
diff --git a/include/libnfnetlink/linux_nfnetlink.h b/include/libnfnetlink/linux_nfnetlink.h
index 76a8550..44a38d6 100644
--- a/include/libnfnetlink/linux_nfnetlink.h
+++ b/include/libnfnetlink/linux_nfnetlink.h
@@ -25,9 +25,9 @@ enum nfnetlink_groups {
/* General form of address family dependent message.
*/
struct nfgenmsg {
- u_int8_t nfgen_family; /* AF_xxx */
- u_int8_t version; /* nfnetlink version */
- u_int16_t res_id; /* resource id */
+ __u8 nfgen_family; /* AF_xxx */
+ __u8 version; /* nfnetlink version */
+ __be16 res_id; /* resource id */
};
#define NFNETLINK_V0 0
@@ -46,40 +46,8 @@ struct nfgenmsg {
#define NFNL_SUBSYS_CTNETLINK_EXP 2
#define NFNL_SUBSYS_QUEUE 3
#define NFNL_SUBSYS_ULOG 4
-#define NFNL_SUBSYS_COUNT 5
+#define NFNL_SUBSYS_OSF 5
+#define NFNL_SUBSYS_IPSET 6
+#define NFNL_SUBSYS_COUNT 7
-#ifdef __KERNEL__
-
-#include <linux/netlink.h>
-#include <linux/capability.h>
-#include <net/netlink.h>
-
-struct nfnl_callback
-{
- int (*call)(struct sock *nl, struct sk_buff *skb,
- struct nlmsghdr *nlh, struct nlattr *cda[]);
- const struct nla_policy *policy; /* netlink attribute policy */
- const u_int16_t attr_count; /* number of nlattr's */
-};
-
-struct nfnetlink_subsystem
-{
- const char *name;
- __u8 subsys_id; /* nfnetlink subsystem ID */
- __u8 cb_count; /* number of callbacks */
- const struct nfnl_callback *cb; /* callback for individual types */
-};
-
-extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n);
-extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
-
-extern int nfnetlink_has_listeners(unsigned int group);
-extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group,
- int echo);
-extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
-
-#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
- MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
-
-#endif /* __KERNEL__ */
#endif /* _NFNETLINK_H */
diff --git a/include/libnfnetlink/linux_nfnetlink_compat.h b/include/libnfnetlink/linux_nfnetlink_compat.h
index e145176..74b9e55 100644
--- a/include/libnfnetlink/linux_nfnetlink_compat.h
+++ b/include/libnfnetlink/linux_nfnetlink_compat.h
@@ -1,6 +1,8 @@
#ifndef _NFNETLINK_COMPAT_H
#define _NFNETLINK_COMPAT_H
-#ifndef __KERNEL__
+
+#include <linux/types.h>
+
/* Old nfnetlink macros for userspace */
/* nfnetlink groups: Up to 32 maximum */
@@ -18,10 +20,9 @@
* ! nfnetlink use the same attributes methods. - J. Schulist.
*/
-struct nfattr
-{
- u_int16_t nfa_len;
- u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
+struct nfattr {
+ __u16 nfa_len;
+ __u16 nfa_type; /* we use 15 bits for the type, and the highest
* bit to indicate whether the payload is nested */
};
@@ -57,5 +58,4 @@ struct nfattr
+ NLMSG_ALIGN(sizeof(struct nfgenmsg))))
#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
-#endif /* ! __KERNEL__ */
#endif /* _NFNETLINK_COMPAT_H */
--
cgit v0.12

18
talimatname/genel/libnfnetlink/talimat Normal file
View File

@ -0,0 +1,18 @@
# Description: Netfilter kernel/userspace iletişim kütüphnesi
# URL: http://www.netfilter.org/projects/libnfnetlink/index.html
# Packager: milisarge
# Depends on:
name=libnfnetlink
version=1.0.1
release=1
source=(http://www.netfilter.org/projects/$name/files/$name-$version.tar.bz2
sync_with_kernel_headers.patch)
build() {
cd $name-$version
patch -p1 -i $SRC/sync_with_kernel_headers.patch
./configure --prefix=/usr
make
make DESTDIR=$PKG install
}

3
talimatname/genel/vuurmuur/modules.conf Normal file
View File

@ -0,0 +1,3 @@
# modules loaded by vuurmuur daemon
# ip_queue => not found
MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp"

110
talimatname/genel/vuurmuur/talimat Normal file
View File

@ -0,0 +1,110 @@
# Description: iptables ayarlamaları için güçlü bir arayüz uygulaması
# URL: http://www.vuurmuur.org
# Packager: milisarge
# Depends on: libnetfilter_log iptables libjpeg-turbo
name=vuurmuur
_name=Vuurmuur
version=0.7
release=1
source=(ftp://ftp.vuurmuur.org/releases/$version/$_name-$version.tar.gz
modules.conf
vuurmuur_servis.rc
)
build() {
cd ${SRC}/${_name}-${version}
for archive in libvuurmuur vuurmuur vuurmuur_conf; do
[[ ! -d "$archive" ]] &&
tar xzf ${archive}-${version}.tar.gz
done
echo "vuurmuur kütüphaneleri derleniyor..."
pushd libvuurmuur-${version}
./configure --prefix=/usr --sysconfdir=/etc
make
popd
echo "vuurmuur derleniyor..."
pushd vuurmuur-${version}
sed -i 's|-rpath|-rpath-link|' configure
LDFLAGS+="-L${SRC}/${_name}-${version}/lib${name}-${version}/src \
-L${SRC}/${_name}-${version}/lib${name}-${version}/src/.libs \
-Wl,-rpath=/usr/lib/${name}/plugins" \
./configure --prefix=/usr --sysconfdir=/etc \
--with-libvuurmuur-includes="${SRC}/${_name}-${version}/lib${name}-${version}/src" \
--with-libvuurmuur-libraries="${SRC}/${_name}-${version}/lib${name}-${version}/src"
make
popd
echo "vuurmuur_conf derleniyor..."
pushd vuurmuur_conf-${version}
sed -i 's|-rpath|-rpath-link|' configure
LDFLAGS+="-L${SRC}/${_name}-${version}/lib${name}-${version}/src \
-L${SRC}/${_name}-${version}/lib${name}-${version}/src/.libs \
-Wl,-rpath=/usr/lib/${name}/plugins" \
./configure --prefix=/usr --sysconfdir=/etc \
--with-libvuurmuur-includes="${SRC}/${_name}-${version}/lib${name}-${version}/src" \
--with-libvuurmuur-libraries="${SRC}/${_name}-${version}/lib${name}-${version}/src"
make
popd
pushd libvuurmuur-${version}
make DESTDIR=${PKG} install
popd
pushd vuurmuur-${version}
make DESTDIR=${PKG} install
popd
pushd vuurmuur_conf-${version}
make DESTDIR=${PKG} install
popd
# dizin yapısı
install -dm700 ${PKG}/etc/${name}
install -dm700 ${PKG}/etc/${name}/plugins
install -dm700 ${PKG}/etc/logrotate.d/
install -dm755 ${PKG}/usr/share/${name}/textdir/{interfaces,services,zones,rules}
install -dm700 ${PKG}/var/log/${name}
# daemon ve log
install -Dm755 ${SRC}/vuurmuur_servis.rc ${PKG}/etc/rc.d/init.d/${name}
install -Dm644 ${PKG}/usr/share/${name}/scripts/vuurmuur-logrotate ${PKG}/etc/logrotate.d/${name}
# ayarlar /etc
install -Dm600 ${PKG}/usr/share/vuurmuur/config/config.conf.sample \
${PKG}/etc/${name}/config.conf
install -Dm600 ${SRC}/modules.conf ${PKG}/etc/${name}/modules.conf
install -Dm600 ${PKG}/usr/share/vuurmuur/config/vuurmuur_conf.conf.sample \
${PKG}/etc/${name}/${name}_conf.conf
sed -i ${PKG}/etc/${name}/config.conf \
-e 's|"/sbin/tc|"/usr/sbin/tc|' \
-e 's|"/sbin/ip6tables|"/usr/sbin/ip6tables|' \
-e 's|"/sbin/iptables|"/usr/sbin/iptables|' \
-e 's|"/sbin/ip6tables-restore|"/usr/sbin/ip6tables-restore|' \
-e 's|"/sbin/iptables-restore|"/usr/sbin/iptables-restore|' \
-e 's|"/var/log/messages|"/var/log/iptables.log|'
sed -i ${PKG}/etc/${name}/${name}_conf.conf \
-e 's|"/usr/bin/iptrafvol.pl|"/usr/sbin/iptrafvol.pl|'
echo "LOCATION=\"/etc/${name}/textdir\"" > ${PKG}/etc/${name}/plugins/textdir.conf
# default firewall setup in /usr/share
touch ${PKG}/usr/share/${name}/textdir/rules/rules.conf
touch ${PKG}/usr/share/${name}/textdir/rules/blocklist.conf
cp -R ${SRC}/${_name}-${version}/zones/* ${PKG}/usr/share/${name}/textdir/zones/
mv ${PKG}/usr/share/${name}/services/* ${PKG}/usr/share/${name}/textdir/services/
# install licenses
install -Dm644 ${SRC}/${_name}-${version}/lib${name}-${version}/COPYING \
${PKG}/usr/share/licenses/lib${name}/COPYING
install -Dm644 ${SRC}/${_name}-${version}/${name}-${version}/COPYING \
${PKG}/usr/share/licenses/${name}/COPYING
install -Dm644 ${SRC}/${_name}-${version}/${name}_conf-${version}/COPYING \
${PKG}/usr/share/licenses/${name}_conf/COPYING
}

114
talimatname/genel/vuurmuur/vuurmuur_servis.rc Normal file
View File

@ -0,0 +1,114 @@
#!/bin/bash
# vi: ft=sh
. /etc/rc.conf
. /etc/rc.d/functions
# PID file
VUURMUURPID='/run/vuurmuur.pid'
VUURMUURLOGPID='/run/vuurmuur_log.pid'
case $1 in
start)
# initialize
stat_busy "Starting Vuurmuur Firewall"
STATUS="ok"
# check if vuurmuur is configured
IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l`
if [ $IFNUM = 0 ]; then
stat_busy "Please configure Vuurmuur first by defining at least one interface."
stat_fail
exit 1
fi
# load modules
. /etc/vuurmuur/modules.conf
for MODULE in `echo $MODULES_TO_LOAD`; do
/sbin/modprobe $MODULE &>/dev/null
if [ $? != 0 ]; then
stat_busy "Error when loading module $MODULE. Check log files."
stat_fail
exit 1
fi
done
# start vuurmuur daemon
if [ ! -f $VUURMUURPID ]; then
/usr/bin/vuurmuur -l
if [ $? != 0 ]; then
stat_busy "Error when starting Vuurmuur daemon. Check log files."
STATUS="failed"
fi
else
PID=`cat $VUURMUURPID | cut -d " " -f 1`
stat_busy "Error when starting Vuurmuur daemon. Already running at pid $PID."
STATUS="failed"
fi
# start vuurmuur log parsing daemon
if [ ! -f $VUURMUURLOGPID ]; then
/usr/bin/vuurmuur_log
if [ $? != 0 ]; then
stat_busy "Error when starting Vuurmuur log parsing daemon. Check log files."
STATUS="failed"
fi
else
PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
stat_busy "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID."
STATUS="failed"
fi
# finalize
if [ $STATUS = "ok" ]; then
add_daemon vuurmuur
stat_done
else
stat_fail
exit 1
fi
;;
stop)
# initialize
stat_busy "Stopping Vuurmuur Firewall"
STATUS="ok"
# stop vuurmuur log parsing daemon
PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
rm -f $VUURMUURLOGPID
else
stat_busy "Error when stopping Vuurmuur log parsing daemon. Check log files."
STATUS="failed"
fi
# stop vuurmuur daemon
PID=`cat $VUURMUURPID | cut -d " " -f 1`
if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
rm -f $VUURMUURPID
else
stat_busy "Error when stopping Vuurmuur daemon. Check log files."
STATUS="failed"
fi
# finalize
if [ $STATUS = "ok" ]; then
rm_daemon vuurmuur
stat_done
else
stat_fail
exit 1
fi
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}" >&2
exit 1
esac
exit 0