vuurmuur.paketlendi
This commit is contained in:
parent
d3719344c1
commit
fcf5c3c40b
|
@ -0,0 +1,18 @@
|
||||||
|
# Description: kernel paket filtresi tarafından günlüğe kaydedilen paketlere arabirim sağlayan bir kullanıcı alanı kütüphanesi.
|
||||||
|
# URL: http://netfilter.org/projects/libnetfilter_log/
|
||||||
|
# Packager: milisarge
|
||||||
|
# Depends on: libnfnetlink
|
||||||
|
|
||||||
|
name=libnetfilter_log
|
||||||
|
version=1.0.1
|
||||||
|
release=1
|
||||||
|
source=(http://www.netfilter.org/projects/$name/files/$name-$version.tar.bz2)
|
||||||
|
|
||||||
|
build() {
|
||||||
|
cd $name-$version
|
||||||
|
./configure \
|
||||||
|
--prefix=/usr \
|
||||||
|
--disable-static
|
||||||
|
make
|
||||||
|
make DESTDIR=$PKG install
|
||||||
|
}
|
|
@ -0,0 +1,110 @@
|
||||||
|
From 7a1a07c0028a1c88cd7716a058697c552a563b24 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Felix Janda <felix.janda@posteo.de>
|
||||||
|
Date: Sat, 16 May 2015 14:49:07 +0200
|
||||||
|
Subject: include: Sync with kernel headers
|
||||||
|
|
||||||
|
Signed-off-by: Felix Janda <felix.janda@posteo.de>
|
||||||
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
---
|
||||||
|
include/libnfnetlink/linux_nfnetlink.h | 44 ++++-----------------------
|
||||||
|
include/libnfnetlink/linux_nfnetlink_compat.h | 12 ++++----
|
||||||
|
2 files changed, 12 insertions(+), 44 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/libnfnetlink/linux_nfnetlink.h b/include/libnfnetlink/linux_nfnetlink.h
|
||||||
|
index 76a8550..44a38d6 100644
|
||||||
|
--- a/include/libnfnetlink/linux_nfnetlink.h
|
||||||
|
+++ b/include/libnfnetlink/linux_nfnetlink.h
|
||||||
|
@@ -25,9 +25,9 @@ enum nfnetlink_groups {
|
||||||
|
/* General form of address family dependent message.
|
||||||
|
*/
|
||||||
|
struct nfgenmsg {
|
||||||
|
- u_int8_t nfgen_family; /* AF_xxx */
|
||||||
|
- u_int8_t version; /* nfnetlink version */
|
||||||
|
- u_int16_t res_id; /* resource id */
|
||||||
|
+ __u8 nfgen_family; /* AF_xxx */
|
||||||
|
+ __u8 version; /* nfnetlink version */
|
||||||
|
+ __be16 res_id; /* resource id */
|
||||||
|
};
|
||||||
|
|
||||||
|
#define NFNETLINK_V0 0
|
||||||
|
@@ -46,40 +46,8 @@ struct nfgenmsg {
|
||||||
|
#define NFNL_SUBSYS_CTNETLINK_EXP 2
|
||||||
|
#define NFNL_SUBSYS_QUEUE 3
|
||||||
|
#define NFNL_SUBSYS_ULOG 4
|
||||||
|
-#define NFNL_SUBSYS_COUNT 5
|
||||||
|
+#define NFNL_SUBSYS_OSF 5
|
||||||
|
+#define NFNL_SUBSYS_IPSET 6
|
||||||
|
+#define NFNL_SUBSYS_COUNT 7
|
||||||
|
|
||||||
|
-#ifdef __KERNEL__
|
||||||
|
-
|
||||||
|
-#include <linux/netlink.h>
|
||||||
|
-#include <linux/capability.h>
|
||||||
|
-#include <net/netlink.h>
|
||||||
|
-
|
||||||
|
-struct nfnl_callback
|
||||||
|
-{
|
||||||
|
- int (*call)(struct sock *nl, struct sk_buff *skb,
|
||||||
|
- struct nlmsghdr *nlh, struct nlattr *cda[]);
|
||||||
|
- const struct nla_policy *policy; /* netlink attribute policy */
|
||||||
|
- const u_int16_t attr_count; /* number of nlattr's */
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
-struct nfnetlink_subsystem
|
||||||
|
-{
|
||||||
|
- const char *name;
|
||||||
|
- __u8 subsys_id; /* nfnetlink subsystem ID */
|
||||||
|
- __u8 cb_count; /* number of callbacks */
|
||||||
|
- const struct nfnl_callback *cb; /* callback for individual types */
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
-extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n);
|
||||||
|
-extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
|
||||||
|
-
|
||||||
|
-extern int nfnetlink_has_listeners(unsigned int group);
|
||||||
|
-extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group,
|
||||||
|
- int echo);
|
||||||
|
-extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
|
||||||
|
-
|
||||||
|
-#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
|
||||||
|
- MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
|
||||||
|
-
|
||||||
|
-#endif /* __KERNEL__ */
|
||||||
|
#endif /* _NFNETLINK_H */
|
||||||
|
diff --git a/include/libnfnetlink/linux_nfnetlink_compat.h b/include/libnfnetlink/linux_nfnetlink_compat.h
|
||||||
|
index e145176..74b9e55 100644
|
||||||
|
--- a/include/libnfnetlink/linux_nfnetlink_compat.h
|
||||||
|
+++ b/include/libnfnetlink/linux_nfnetlink_compat.h
|
||||||
|
@@ -1,6 +1,8 @@
|
||||||
|
#ifndef _NFNETLINK_COMPAT_H
|
||||||
|
#define _NFNETLINK_COMPAT_H
|
||||||
|
-#ifndef __KERNEL__
|
||||||
|
+
|
||||||
|
+#include <linux/types.h>
|
||||||
|
+
|
||||||
|
/* Old nfnetlink macros for userspace */
|
||||||
|
|
||||||
|
/* nfnetlink groups: Up to 32 maximum */
|
||||||
|
@@ -18,10 +20,9 @@
|
||||||
|
* ! nfnetlink use the same attributes methods. - J. Schulist.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-struct nfattr
|
||||||
|
-{
|
||||||
|
- u_int16_t nfa_len;
|
||||||
|
- u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
|
||||||
|
+struct nfattr {
|
||||||
|
+ __u16 nfa_len;
|
||||||
|
+ __u16 nfa_type; /* we use 15 bits for the type, and the highest
|
||||||
|
* bit to indicate whether the payload is nested */
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -57,5 +58,4 @@ struct nfattr
|
||||||
|
+ NLMSG_ALIGN(sizeof(struct nfgenmsg))))
|
||||||
|
#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
|
||||||
|
|
||||||
|
-#endif /* ! __KERNEL__ */
|
||||||
|
#endif /* _NFNETLINK_COMPAT_H */
|
||||||
|
--
|
||||||
|
cgit v0.12
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Description: Netfilter kernel/userspace iletişim kütüphnesi
|
||||||
|
# URL: http://www.netfilter.org/projects/libnfnetlink/index.html
|
||||||
|
# Packager: milisarge
|
||||||
|
# Depends on:
|
||||||
|
|
||||||
|
name=libnfnetlink
|
||||||
|
version=1.0.1
|
||||||
|
release=1
|
||||||
|
source=(http://www.netfilter.org/projects/$name/files/$name-$version.tar.bz2
|
||||||
|
sync_with_kernel_headers.patch)
|
||||||
|
|
||||||
|
build() {
|
||||||
|
cd $name-$version
|
||||||
|
patch -p1 -i $SRC/sync_with_kernel_headers.patch
|
||||||
|
./configure --prefix=/usr
|
||||||
|
make
|
||||||
|
make DESTDIR=$PKG install
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
# modules loaded by vuurmuur daemon
|
||||||
|
# ip_queue => not found
|
||||||
|
MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp"
|
|
@ -0,0 +1,110 @@
|
||||||
|
# Description: iptables ayarlamaları için güçlü bir arayüz uygulaması
|
||||||
|
# URL: http://www.vuurmuur.org
|
||||||
|
# Packager: milisarge
|
||||||
|
# Depends on: libnetfilter_log iptables libjpeg-turbo
|
||||||
|
|
||||||
|
name=vuurmuur
|
||||||
|
_name=Vuurmuur
|
||||||
|
version=0.7
|
||||||
|
release=1
|
||||||
|
source=(ftp://ftp.vuurmuur.org/releases/$version/$_name-$version.tar.gz
|
||||||
|
modules.conf
|
||||||
|
vuurmuur_servis.rc
|
||||||
|
)
|
||||||
|
|
||||||
|
build() {
|
||||||
|
cd ${SRC}/${_name}-${version}
|
||||||
|
|
||||||
|
for archive in libvuurmuur vuurmuur vuurmuur_conf; do
|
||||||
|
[[ ! -d "$archive" ]] &&
|
||||||
|
tar xzf ${archive}-${version}.tar.gz
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "vuurmuur kütüphaneleri derleniyor..."
|
||||||
|
pushd libvuurmuur-${version}
|
||||||
|
./configure --prefix=/usr --sysconfdir=/etc
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
|
||||||
|
echo "vuurmuur derleniyor..."
|
||||||
|
pushd vuurmuur-${version}
|
||||||
|
sed -i 's|-rpath|-rpath-link|' configure
|
||||||
|
LDFLAGS+="-L${SRC}/${_name}-${version}/lib${name}-${version}/src \
|
||||||
|
-L${SRC}/${_name}-${version}/lib${name}-${version}/src/.libs \
|
||||||
|
-Wl,-rpath=/usr/lib/${name}/plugins" \
|
||||||
|
./configure --prefix=/usr --sysconfdir=/etc \
|
||||||
|
--with-libvuurmuur-includes="${SRC}/${_name}-${version}/lib${name}-${version}/src" \
|
||||||
|
--with-libvuurmuur-libraries="${SRC}/${_name}-${version}/lib${name}-${version}/src"
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
|
||||||
|
echo "vuurmuur_conf derleniyor..."
|
||||||
|
pushd vuurmuur_conf-${version}
|
||||||
|
sed -i 's|-rpath|-rpath-link|' configure
|
||||||
|
LDFLAGS+="-L${SRC}/${_name}-${version}/lib${name}-${version}/src \
|
||||||
|
-L${SRC}/${_name}-${version}/lib${name}-${version}/src/.libs \
|
||||||
|
-Wl,-rpath=/usr/lib/${name}/plugins" \
|
||||||
|
./configure --prefix=/usr --sysconfdir=/etc \
|
||||||
|
--with-libvuurmuur-includes="${SRC}/${_name}-${version}/lib${name}-${version}/src" \
|
||||||
|
--with-libvuurmuur-libraries="${SRC}/${_name}-${version}/lib${name}-${version}/src"
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
pushd libvuurmuur-${version}
|
||||||
|
make DESTDIR=${PKG} install
|
||||||
|
popd
|
||||||
|
|
||||||
|
pushd vuurmuur-${version}
|
||||||
|
make DESTDIR=${PKG} install
|
||||||
|
popd
|
||||||
|
|
||||||
|
pushd vuurmuur_conf-${version}
|
||||||
|
make DESTDIR=${PKG} install
|
||||||
|
popd
|
||||||
|
|
||||||
|
# dizin yapısı
|
||||||
|
install -dm700 ${PKG}/etc/${name}
|
||||||
|
install -dm700 ${PKG}/etc/${name}/plugins
|
||||||
|
install -dm700 ${PKG}/etc/logrotate.d/
|
||||||
|
install -dm755 ${PKG}/usr/share/${name}/textdir/{interfaces,services,zones,rules}
|
||||||
|
install -dm700 ${PKG}/var/log/${name}
|
||||||
|
|
||||||
|
# daemon ve log
|
||||||
|
install -Dm755 ${SRC}/vuurmuur_servis.rc ${PKG}/etc/rc.d/init.d/${name}
|
||||||
|
install -Dm644 ${PKG}/usr/share/${name}/scripts/vuurmuur-logrotate ${PKG}/etc/logrotate.d/${name}
|
||||||
|
|
||||||
|
# ayarlar /etc
|
||||||
|
install -Dm600 ${PKG}/usr/share/vuurmuur/config/config.conf.sample \
|
||||||
|
${PKG}/etc/${name}/config.conf
|
||||||
|
install -Dm600 ${SRC}/modules.conf ${PKG}/etc/${name}/modules.conf
|
||||||
|
install -Dm600 ${PKG}/usr/share/vuurmuur/config/vuurmuur_conf.conf.sample \
|
||||||
|
${PKG}/etc/${name}/${name}_conf.conf
|
||||||
|
|
||||||
|
sed -i ${PKG}/etc/${name}/config.conf \
|
||||||
|
-e 's|"/sbin/tc|"/usr/sbin/tc|' \
|
||||||
|
-e 's|"/sbin/ip6tables|"/usr/sbin/ip6tables|' \
|
||||||
|
-e 's|"/sbin/iptables|"/usr/sbin/iptables|' \
|
||||||
|
-e 's|"/sbin/ip6tables-restore|"/usr/sbin/ip6tables-restore|' \
|
||||||
|
-e 's|"/sbin/iptables-restore|"/usr/sbin/iptables-restore|' \
|
||||||
|
-e 's|"/var/log/messages|"/var/log/iptables.log|'
|
||||||
|
|
||||||
|
sed -i ${PKG}/etc/${name}/${name}_conf.conf \
|
||||||
|
-e 's|"/usr/bin/iptrafvol.pl|"/usr/sbin/iptrafvol.pl|'
|
||||||
|
|
||||||
|
|
||||||
|
echo "LOCATION=\"/etc/${name}/textdir\"" > ${PKG}/etc/${name}/plugins/textdir.conf
|
||||||
|
|
||||||
|
# default firewall setup in /usr/share
|
||||||
|
touch ${PKG}/usr/share/${name}/textdir/rules/rules.conf
|
||||||
|
touch ${PKG}/usr/share/${name}/textdir/rules/blocklist.conf
|
||||||
|
|
||||||
|
cp -R ${SRC}/${_name}-${version}/zones/* ${PKG}/usr/share/${name}/textdir/zones/
|
||||||
|
mv ${PKG}/usr/share/${name}/services/* ${PKG}/usr/share/${name}/textdir/services/
|
||||||
|
|
||||||
|
# install licenses
|
||||||
|
install -Dm644 ${SRC}/${_name}-${version}/lib${name}-${version}/COPYING \
|
||||||
|
${PKG}/usr/share/licenses/lib${name}/COPYING
|
||||||
|
install -Dm644 ${SRC}/${_name}-${version}/${name}-${version}/COPYING \
|
||||||
|
${PKG}/usr/share/licenses/${name}/COPYING
|
||||||
|
install -Dm644 ${SRC}/${_name}-${version}/${name}_conf-${version}/COPYING \
|
||||||
|
${PKG}/usr/share/licenses/${name}_conf/COPYING
|
||||||
|
}
|
|
@ -0,0 +1,114 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# vi: ft=sh
|
||||||
|
|
||||||
|
. /etc/rc.conf
|
||||||
|
. /etc/rc.d/functions
|
||||||
|
|
||||||
|
# PID file
|
||||||
|
VUURMUURPID='/run/vuurmuur.pid'
|
||||||
|
VUURMUURLOGPID='/run/vuurmuur_log.pid'
|
||||||
|
case $1 in
|
||||||
|
start)
|
||||||
|
# initialize
|
||||||
|
stat_busy "Starting Vuurmuur Firewall"
|
||||||
|
STATUS="ok"
|
||||||
|
|
||||||
|
# check if vuurmuur is configured
|
||||||
|
IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l`
|
||||||
|
if [ $IFNUM = 0 ]; then
|
||||||
|
stat_busy "Please configure Vuurmuur first by defining at least one interface."
|
||||||
|
stat_fail
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# load modules
|
||||||
|
. /etc/vuurmuur/modules.conf
|
||||||
|
for MODULE in `echo $MODULES_TO_LOAD`; do
|
||||||
|
/sbin/modprobe $MODULE &>/dev/null
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
stat_busy "Error when loading module $MODULE. Check log files."
|
||||||
|
stat_fail
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# start vuurmuur daemon
|
||||||
|
if [ ! -f $VUURMUURPID ]; then
|
||||||
|
/usr/bin/vuurmuur -l
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
stat_busy "Error when starting Vuurmuur daemon. Check log files."
|
||||||
|
STATUS="failed"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
PID=`cat $VUURMUURPID | cut -d " " -f 1`
|
||||||
|
stat_busy "Error when starting Vuurmuur daemon. Already running at pid $PID."
|
||||||
|
STATUS="failed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# start vuurmuur log parsing daemon
|
||||||
|
if [ ! -f $VUURMUURLOGPID ]; then
|
||||||
|
/usr/bin/vuurmuur_log
|
||||||
|
if [ $? != 0 ]; then
|
||||||
|
stat_busy "Error when starting Vuurmuur log parsing daemon. Check log files."
|
||||||
|
STATUS="failed"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
|
||||||
|
stat_busy "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID."
|
||||||
|
STATUS="failed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# finalize
|
||||||
|
if [ $STATUS = "ok" ]; then
|
||||||
|
add_daemon vuurmuur
|
||||||
|
stat_done
|
||||||
|
else
|
||||||
|
stat_fail
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
stop)
|
||||||
|
# initialize
|
||||||
|
stat_busy "Stopping Vuurmuur Firewall"
|
||||||
|
STATUS="ok"
|
||||||
|
|
||||||
|
# stop vuurmuur log parsing daemon
|
||||||
|
PID=`cat $VUURMUURLOGPID | cut -d " " -f 1`
|
||||||
|
if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
|
||||||
|
rm -f $VUURMUURLOGPID
|
||||||
|
else
|
||||||
|
stat_busy "Error when stopping Vuurmuur log parsing daemon. Check log files."
|
||||||
|
STATUS="failed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# stop vuurmuur daemon
|
||||||
|
PID=`cat $VUURMUURPID | cut -d " " -f 1`
|
||||||
|
if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then
|
||||||
|
rm -f $VUURMUURPID
|
||||||
|
else
|
||||||
|
stat_busy "Error when stopping Vuurmuur daemon. Check log files."
|
||||||
|
STATUS="failed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# finalize
|
||||||
|
if [ $STATUS = "ok" ]; then
|
||||||
|
rm_daemon vuurmuur
|
||||||
|
stat_done
|
||||||
|
else
|
||||||
|
stat_fail
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
restart)
|
||||||
|
$0 stop
|
||||||
|
$0 start
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 {start|stop|restart}" >&2
|
||||||
|
exit 1
|
||||||
|
|
||||||
|
esac
|
||||||
|
exit 0
|
Loading…
Reference in New Issue