Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[8399] branches/1.0/package/arnofw
|
From: <abe...@us...> - 2017-06-16 17:53:54
|
Revision: 8399
http://sourceforge.net/p/astlinux/code/8399
Author: abelbeck
Date: 2017-06-16 17:53:53 +0000 (Fri, 16 Jun 2017)
Log Message:
-----------
arnofw, version bump to 2.0.2-RC1, also modernize the build system 'arnofw.mk'
Modified Paths:
--------------
branches/1.0/package/arnofw/Config.in
branches/1.0/package/arnofw/arnofw.mk
Removed Paths:
-------------
branches/1.0/package/arnofw/arnofw-0001-HOST_BLOCK_SRC_DROP-HOST_BLOCK_DST_DROP.patch
branches/1.0/package/arnofw/arnofw-0002-EXT_IF_DHCPV6_IPV6.patch
branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch
Modified: branches/1.0/package/arnofw/Config.in
===================================================================
--- branches/1.0/package/arnofw/Config.in 2017-06-15 21:06:10 UTC (rev 8398)
+++ branches/1.0/package/arnofw/Config.in 2017-06-16 17:53:53 UTC (rev 8399)
@@ -1,8 +1,9 @@
config BR2_PACKAGE_ARNOFW
- bool "Arno's Firewall Support"
- default n
- help
- Arno's IPtables Firewall is a complete
- Firewall script.
+ bool "Arno's Firewall Support"
+ default n
+ help
+ Arno's IPtables Firewall is a complete Firewall script.
- http://rocky.molphys.leidenuniv.nl/
+ https://github.com/arno-iptables-firewall/aif/
+
+ http://rocky.eld.leidenuniv.nl/
Deleted: branches/1.0/package/arnofw/arnofw-0001-HOST_BLOCK_SRC_DROP-HOST_BLOCK_DST_DROP.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0001-HOST_BLOCK_SRC_DROP-HOST_BLOCK_DST_DROP.patch 2017-06-15 21:06:10 UTC (rev 8398)
+++ branches/1.0/package/arnofw/arnofw-0001-HOST_BLOCK_SRC_DROP-HOST_BLOCK_DST_DROP.patch 2017-06-16 17:53:53 UTC (rev 8399)
@@ -1,145 +0,0 @@
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index 74ff982..fa872ab 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -886,12 +886,19 @@ setup_default_policies()
- ###########################################################
- iptables -A POST_INPUT_DROP_CHAIN -j DROP
-
-- # The HOST_BLOCK_DROP chain should always DROP
-+ # The HOST_BLOCK_SRC_DROP chain should always DROP
- ###########################################################
-- if [ "$BLOCKED_HOST_LOG" != "0" ]; then
-- iptables -A HOST_BLOCK_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "AIF:Blocked host(s): "
-+ if [ "$BLOCKED_HOST_LOG" = "1" -o "$BLOCKED_HOST_LOG" = "2" ]; then
-+ iptables -A HOST_BLOCK_SRC_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "AIF:Blocked host(s) Inbound: "
- fi
-- iptables -A HOST_BLOCK_DROP -j DROP
-+ iptables -A HOST_BLOCK_SRC_DROP -j DROP
-+
-+ # The HOST_BLOCK_DST_DROP chain should always DROP
-+ ###########################################################
-+ if [ "$BLOCKED_HOST_LOG" = "1" -o "$BLOCKED_HOST_LOG" = "3" ]; then
-+ iptables -A HOST_BLOCK_DST_DROP -m limit --limit 1/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix "AIF:Blocked host(s) Outbound: "
-+ fi
-+ iptables -A HOST_BLOCK_DST_DROP -j DROP
-
- # The LINK_LOCAL_DROP chain should always DROP
- ###########################################################
-@@ -2734,8 +2741,12 @@ setup_ext_input_chain()
-
- # Enable logging of blocked hosts?
- ##################################
-- if [ "$BLOCKED_HOST_LOG" != "0" ]; then
-- echo " Logging of explicitly blocked hosts enabled"
-+ if [ "$BLOCKED_HOST_LOG" = "1" ]; then
-+ echo " Logging of explicitly blocked hosts inbound/outbound enabled"
-+ elif [ "$BLOCKED_HOST_LOG" = "2" ]; then
-+ echo " Logging of explicitly blocked hosts inbound enabled"
-+ elif [ "$BLOCKED_HOST_LOG" = "3" ]; then
-+ echo " Logging of explicitly blocked hosts outbound enabled"
- else
- echo " Logging of explicitly blocked hosts disabled"
- fi
-@@ -4205,14 +4216,14 @@ setup_ipset_netset()
- ipset create -exist ${set_name} hash:net family $family hashsize $hashsize maxelem $maxelem
-
- if [ "$family" = "inet" ]; then
-- ip4tables -A HOST_BLOCK_SRC -m set --match-set ${set_name} src -j HOST_BLOCK_DROP
-+ ip4tables -A HOST_BLOCK_SRC -m set --match-set ${set_name} src -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip4tables -A HOST_BLOCK_DST -m set --match-set ${set_name} dst -j HOST_BLOCK_DROP
-+ ip4tables -A HOST_BLOCK_DST -m set --match-set ${set_name} dst -j HOST_BLOCK_DST_DROP
- fi
- else
-- ip6tables -A HOST_BLOCK_SRC -m set --match-set ${set_name} src -j HOST_BLOCK_DROP
-+ ip6tables -A HOST_BLOCK_SRC -m set --match-set ${set_name} src -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip6tables -A HOST_BLOCK_DST -m set --match-set ${set_name} dst -j HOST_BLOCK_DROP
-+ ip6tables -A HOST_BLOCK_DST -m set --match-set ${set_name} dst -j HOST_BLOCK_DST_DROP
- fi
- fi
- done
-@@ -4378,16 +4389,16 @@ if ipset_check; then
- if [ -n "$BLOCK_HOSTS" -o -n "$BLOCK_HOSTS_FILE" ]; then
- ipset create -exist aif_blocklist hash:net family inet hashsize $hashsize maxelem $maxelem
-
-- ip4tables -A HOST_BLOCK_SRC -m set --match-set aif_blocklist src -j HOST_BLOCK_DROP
-+ ip4tables -A HOST_BLOCK_SRC -m set --match-set aif_blocklist src -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip4tables -A HOST_BLOCK_DST -m set --match-set aif_blocklist dst -j HOST_BLOCK_DROP
-+ ip4tables -A HOST_BLOCK_DST -m set --match-set aif_blocklist dst -j HOST_BLOCK_DST_DROP
- fi
- if [ "$IPV6_SUPPORT" = "1" ]; then
- ipset create -exist aif_blocklistv6 hash:net family inet6 hashsize $hashsize maxelem $maxelem
-
-- ip6tables -A HOST_BLOCK_SRC -m set --match-set aif_blocklistv6 src -j HOST_BLOCK_DROP
-+ ip6tables -A HOST_BLOCK_SRC -m set --match-set aif_blocklistv6 src -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip6tables -A HOST_BLOCK_DST -m set --match-set aif_blocklistv6 dst -j HOST_BLOCK_DROP
-+ ip6tables -A HOST_BLOCK_DST -m set --match-set aif_blocklistv6 dst -j HOST_BLOCK_DST_DROP
- fi
- fi
- fi
-@@ -4551,16 +4562,16 @@ else
- get_numeric_ip_version "$host"
- case $? in
- 4)
-- ip4tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_DROP
-+ ip4tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip4tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DROP
-+ ip4tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DST_DROP
- fi
- ;;
- 6)
- if [ "$IPV6_SUPPORT" = "1" ]; then
-- ip6tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_DROP
-+ ip6tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip6tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DROP
-+ ip6tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DST_DROP
- fi
- fi
- ;;
-@@ -4593,16 +4604,16 @@ else
- get_numeric_ip_version "$host"
- case $? in
- 4)
-- ip4tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_DROP
-+ ip4tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip4tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DROP
-+ ip4tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DST_DROP
- fi
- ;;
- 6)
- if [ "$IPV6_SUPPORT" = "1" ]; then
-- ip6tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_DROP
-+ ip6tables_batch -A HOST_BLOCK_SRC -s $host -j HOST_BLOCK_SRC_DROP
- if [ "$BLOCK_HOSTS_BIDIRECTIONAL" != "0" ]; then
-- ip6tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DROP
-+ ip6tables_batch -A HOST_BLOCK_DST -d $host -j HOST_BLOCK_DST_DROP
- fi
- fi
- ;;
-@@ -5462,7 +5473,8 @@ create_user_chains()
- # General chains
- iptables -N HOST_BLOCK_SRC
- iptables -N HOST_BLOCK_DST
-- iptables -N HOST_BLOCK_DROP
-+ iptables -N HOST_BLOCK_SRC_DROP
-+ iptables -N HOST_BLOCK_DST_DROP
- iptables -N VALID_CHK
- iptables -N RESERVED_NET_CHK
- iptables -N SPOOF_CHK
-@@ -5516,7 +5528,8 @@ flush_user_chains()
- # General chains
- iptables -F HOST_BLOCK_SRC
- iptables -F HOST_BLOCK_DST
-- iptables -F HOST_BLOCK_DROP
-+ iptables -F HOST_BLOCK_SRC_DROP
-+ iptables -F HOST_BLOCK_DST_DROP
- iptables -F VALID_CHK
- iptables -F RESERVED_NET_CHK
- iptables -F SPOOF_CHK
Deleted: branches/1.0/package/arnofw/arnofw-0002-EXT_IF_DHCPV6_IPV6.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0002-EXT_IF_DHCPV6_IPV6.patch 2017-06-15 21:06:10 UTC (rev 8398)
+++ branches/1.0/package/arnofw/arnofw-0002-EXT_IF_DHCPV6_IPV6.patch 2017-06-16 17:53:53 UTC (rev 8399)
@@ -1,39 +0,0 @@
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index 50b024c..1ee713f 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -2698,9 +2698,11 @@ setup_ext_input_chain()
- echo " Enabling support for DHCP-assigned-IP (DHCP client)"
- # Allow this host to be an DHCP client:
- ip4tables -A EXT_INPUT_CHAIN -p udp --sport 67 --dport 68 -j ACCEPT
-+ fi
-+ if [ "$EXT_IF_DHCP_IP" = "1" -o "$EXT_IF_DHCPV6_IPV6" = "1" ]; then
- if [ "$IPV6_SUPPORT" = "1" ]; then
- # Allow this host to be an DHCPv6 client:
-- ip6tables -A EXT_INPUT_CHAIN -p udp --sport 547 --dport 546 -j ACCEPT
-+ ip6tables -A EXT_INPUT_CHAIN -s fe80::/10 -p udp --sport 547 --dport 546 -j ACCEPT
- fi
- fi
-
-diff --git a/etc/arno-iptables-firewall/firewall.conf b/etc/arno-iptables-firewall/firewall.conf
-index e3c8894..766cbdd 100644
---- a/etc/arno-iptables-firewall/firewall.conf
-+++ b/etc/arno-iptables-firewall/firewall.conf
-@@ -39,10 +39,16 @@
- EXT_IF=""
-
- # Enable if THIS machines (dynamically) obtains its IP through (IPv4) DHCP
--# and/or (IPv6) DHCPv6 (from your ISP)
-+# and possibly (IPv6) DHCPv6 (from your ISP)
- # ------------------------------------------------------------------------------
- EXT_IF_DHCP_IP=0
-
-+# Enable if THIS machines (dynamically) obtains its IP through (IPv6) DHCPv6
-+# and not (IPv4) DHCP. Applies only when EXT_IF_DHCP_IP is set to "0".
-+# (IPv6 Only)
-+# ------------------------------------------------------------------------------
-+EXT_IF_DHCPV6_IPV6=0
-+
- # (EXPERT SETTING!) Here you can override your external(!) IPv4 subnet(s).
- # Normally these are (attempted to be) autodetected, so leaving this empty
- # should work for most scenarios. This setting is used when eg. running a DHCP
Deleted: branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch
===================================================================
--- branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch 2017-06-15 21:06:10 UTC (rev 8398)
+++ branches/1.0/package/arnofw/arnofw-0003-flush-ipv6-nat-tables.patch 2017-06-16 17:53:53 UTC (rev 8399)
@@ -1,111 +0,0 @@
-From bee4d9337f40c015091af45a752abb6a7dc7f24d Mon Sep 17 00:00:00 2001
-From: Lonnie Abelbeck <lo...@ab...>
-Date: Tue, 30 May 2017 11:43:49 -0500
-Subject: [PATCH 1/3] changed: better method to truncate/create a file
-
----
- bin/arno-iptables-firewall | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index 1ee713f..592b90b 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -4758,7 +4758,7 @@ plugins_start()
- local plugin_count=0
-
- # Truncate/create file
-- cp -f /dev/null "$PLUGIN_LOAD_FILE"
-+ : > "$PLUGIN_LOAD_FILE"
-
- printf "Checking for (user) plugins in $PLUGIN_BIN_PATH..."
-
-
-From 824e33d67a8d8e636aaf30885698ce1c49d1c044 Mon Sep 17 00:00:00 2001
-From: Lonnie Abelbeck <lo...@ab...>
-Date: Tue, 30 May 2017 12:31:51 -0500
-Subject: [PATCH 2/3] fixed: IPv6 NAT table was not flushed, Issue #36
-
----
- bin/arno-iptables-firewall | 27 +++++++++++++++++++--------
- 1 file changed, 19 insertions(+), 8 deletions(-)
-
-diff --git a/bin/arno-iptables-firewall b/bin/arno-iptables-firewall
-index 592b90b..53408ec 100755
---- a/bin/arno-iptables-firewall
-+++ b/bin/arno-iptables-firewall
-@@ -744,8 +744,10 @@ init_firewall_chains()
- ip6tables -F OUTPUT
- ip6tables -F FORWARD
-
-- # Flush rules in mangle table
-+ # Flush rules in nat/mangle table
- #############################
-+ try_ip6tables -t nat -F
-+ try_ip6tables -t nat -X
- ip6tables -t mangle -F
- ip6tables -t mangle -X
- fi
-@@ -5592,11 +5594,11 @@ stop_firewall()
- ip4tables -F OUTPUT
- ip4tables -F FORWARD
-
-- # Flush rules in the mangle/nat tables
-- ip4tables -t mangle -F
-- ip4tables -t mangle -X
-+ # Flush rules in the nat/mangle tables
- ip4tables -t nat -F
- ip4tables -t nat -X
-+ ip4tables -t mangle -F
-+ ip4tables -t mangle -X
-
- # Attempt to flush all IPv4 chains
- ip4tables -F
-@@ -5613,7 +5615,9 @@ stop_firewall()
- ip6tables -F OUTPUT
- ip6tables -F FORWARD
-
-- # Flush rules in the mangle table
-+ # Flush rules in the nat/mangle table
-+ try_ip6tables -t nat -F
-+ try_ip6tables -t nat -X
- ip6tables -t mangle -F
- ip6tables -t mangle -X
-
-@@ -5662,6 +5666,11 @@ reinit_firewall_chains()
- ip6tables -F OUTPUT
- ip6tables -F FORWARD
-
-+ # Flush builtin IPv6 nat chains
-+ try_ip6tables -t nat -F PREROUTING
-+ try_ip6tables -t nat -F OUTPUT
-+ try_ip6tables -t nat -F POSTROUTING
-+
- # Flush builtin IPv6 mangle chains
- # We don't have to be selective by chain since we don't
- # expect any external, dynamically managed mangle chains
-@@ -5692,10 +5701,10 @@ stop_block_firewall()
- ip4tables -F FORWARD
-
- # Flush nat/mangle table rules
-- ip4tables -t mangle -F
-- ip4tables -t mangle -X
- ip4tables -t nat -F
- ip4tables -t nat -X
-+ ip4tables -t mangle -F
-+ ip4tables -t mangle -X
-
- # Attempt to flush all IPv4 chains
- ip4tables -F
-@@ -5714,7 +5723,9 @@ stop_block_firewall()
- ip6tables -F OUTPUT
- ip6tables -F FORWARD
-
-- # Flush mangle table rules
-+ # Flush nat/mangle table rules
-+ try_ip6tables -t nat -F
-+ try_ip6tables -t nat -X
- ip6tables -t mangle -F
- ip6tables -t mangle -X
-
-
Modified: branches/1.0/package/arnofw/arnofw.mk
===================================================================
--- branches/1.0/package/arnofw/arnofw.mk 2017-06-15 21:06:10 UTC (rev 8398)
+++ branches/1.0/package/arnofw/arnofw.mk 2017-06-16 17:53:53 UTC (rev 8399)
@@ -1,195 +1,127 @@
#############################################################
#
-# Arno's IPtables Firewall Script
+# arnofw
#
#############################################################
-ARNOFW_VER := 2.0.1g
-ARNOFW_ROOT := arno-iptables-firewall
-ARNOFW_SOURCE := $(ARNOFW_ROOT)_$(ARNOFW_VER).tar.gz
-ARNOFW_SITE := http://rocky.eld.leidenuniv.nl/arno-iptables-firewall
-ARNOFW_DIR := $(BUILD_DIR)/$(ARNOFW_ROOT)_$(ARNOFW_VER)
-ARNOFW_CAT := zcat
-ARNOFW_TARGET_BINARY := /usr/sbin/arno-iptables-firewall
-ARNOFW_CONFIG_DIR := /etc/arno-iptables-firewall
-ARNOFW_SCRIPT_DIR := /usr/share/arno-iptables-firewall
-ARNOFW_PLUGIN_CONFIG_DIR := $(ARNOFW_CONFIG_DIR)/plugins
-ARNOFW_PLUGIN_SCRIPT_DIR := $(ARNOFW_SCRIPT_DIR)/plugins
-ARNOFW_CONFIG_SHIM := $(ARNOFW_SCRIPT_DIR)/astlinux.shim
-ARNOFW_CONFIG_SERIAL := $(ARNOFW_CONFIG_DIR)/serial
-$(DL_DIR)/$(ARNOFW_SOURCE):
- $(WGET) -P $(DL_DIR) $(ARNOFW_SITE)/$(ARNOFW_SOURCE)
+ARNOFW_VERSION = 2.0.2-RC1
+ARNOFW_SOURCE = arno-iptables-firewall_$(ARNOFW_VERSION).tar.gz
+ARNOFW_SITE = https://github.com/arno-iptables-firewall/aif/releases/download/$(ARNOFW_VERSION)
-$(ARNOFW_DIR)/.unpacked: $(DL_DIR)/$(ARNOFW_SOURCE)
- $(ARNOFW_CAT) $(DL_DIR)/$(ARNOFW_SOURCE) \
- | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
- touch $(ARNOFW_DIR)/.unpacked
+ARNOFW_CONFIG_DIR = etc/arno-iptables-firewall
+ARNOFW_SCRIPT_DIR = usr/share/arno-iptables-firewall
-$(ARNOFW_DIR)/.patched: $(ARNOFW_DIR)/.unpacked
- toolchain/patch-kernel.sh $(ARNOFW_DIR) package/arnofw/ arnofw-\*.patch
- touch $(ARNOFW_DIR)/.patched
+define ARNOFW_INSTALL_TARGET_CMDS
+ ln -sf /tmp/$(ARNOFW_CONFIG_DIR) $(TARGET_DIR)/$(ARNOFW_CONFIG_DIR)
+ ## Install main script
+ $(INSTALL) -D -m 0755 $(@D)/bin/arno-iptables-firewall $(TARGET_DIR)/usr/sbin/arno-iptables-firewall
+ $(SED) '1 s:^#!/bin/sh:#!/bin/ash:' $(TARGET_DIR)/usr/sbin/arno-iptables-firewall
+ ## Install firewall.conf and supporting files
+ mkdir -p $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)
+ $(INSTALL) -m 0444 package/arnofw/arnofw.serial $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/serial
+ $(INSTALL) -m 0644 $(@D)/etc/arno-iptables-firewall/firewall.conf $(@D)/etc/arno-iptables-firewall/custom-rules \
+ $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)
+ ## Edit the default firewall.conf
+ $(SED) 's:^PLUGIN_BIN_PATH=.*$$:PLUGIN_BIN_PATH="/$(ARNOFW_SCRIPT_DIR)/plugins":' \
+ -e 's:^ENV_FILE=.*$$:ENV_FILE="/$(ARNOFW_SCRIPT_DIR)/environment":' \
+ -e 's:^LOCAL_CONFIG_FILE=.*$$:LOCAL_CONFIG_FILE="/$(ARNOFW_SCRIPT_DIR)/astlinux.shim":' \
+ -e 's:^NAT_LOCAL_REDIRECT=.*$$:NAT_LOCAL_REDIRECT=1:' \
+ -e 's:^IGMP_LOG=.*$$:IGMP_LOG=0:' \
+ -e 's:^RESERVED_NET_LOG=.*$$:RESERVED_NET_LOG=0:' \
+ $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/firewall.conf
+ ## Install plugin scripts and configs
+ mkdir -p $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins
+ $(INSTALL) -m 0644 $(@D)/etc/arno-iptables-firewall/plugins/*.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins
+ cp -a $(@D)/share/arno-iptables-firewall $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)
+ $(INSTALL) -m 0444 package/arnofw/arnofw.wrapper $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/astlinux.shim
+ $(INSTALL) -D -m 0755 package/arnofw/reload-spamhaus-drop $(TARGET_DIR)/usr/sbin/reload-spamhaus-drop
+ $(INSTALL) -D -m 0755 package/arnofw/reload-blocklist-netset $(TARGET_DIR)/usr/sbin/reload-blocklist-netset
+ ## Remove plugin CHANGELOG's
+ rm -f $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/*.CHANGELOG
+ ##
+ ## Remove plugins that we don't use
+ ##
+ rm -f $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/??linux-upnp-igd.plugin
+ rm -f $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/linux-upnp-igd.conf
+ rm -f $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/??traffic-accounting.plugin
+ rm -f $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/traffic-accounting-*
+ rm -f $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/traffic-accounting.conf
+ rm -f $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/??rpc.plugin
+ rm -f $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/rpc.conf
+ ##
+ ## Overwrite the config files with our custom versions
+ ##
+ $(INSTALL) -m 0644 package/arnofw/ipsec-vpn-astlinux.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/ipsec-vpn.conf
+ $(INSTALL) -m 0644 package/arnofw/sip-voip-astlinux.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/sip-voip.conf
+ $(INSTALL) -m 0644 package/arnofw/ipv6-over-ipv4-astlinux.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/ipv6-over-ipv4.conf
+ ##
+ ## Install local version of Adaptive Ban plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/95adaptive-ban.plugin
+ $(INSTALL) -m 0755 package/arnofw/adaptive-ban/adaptive-ban-helper.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/adaptive-ban-helper
+ $(INSTALL) -m 0644 package/arnofw/adaptive-ban/adaptive-ban.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/adaptive-ban.conf
+ ##
+ ## Install local version of DynDNS Host Open plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/dyndns-host-open/50dyndns-host-open.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/50dyndns-host-open.plugin
+ $(INSTALL) -m 0755 package/arnofw/dyndns-host-open/dyndns-host-open-helper.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/dyndns-host-open-helper
+ $(INSTALL) -m 0644 package/arnofw/dyndns-host-open/dyndns-host-open.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/dyndns-host-open.conf
+ ##
+ ## Install local version of DynDNS IPv6 Forward plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-forward/50dyndns-ipv6-forward.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/50dyndns-ipv6-forward.plugin
+ $(INSTALL) -m 0755 package/arnofw/dyndns-ipv6-forward/dyndns-ipv6-forward-helper.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/dyndns-ipv6-forward-helper
+ $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-forward/dyndns-ipv6-forward.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/dyndns-ipv6-forward.conf
+ ##
+ ## Install local version of DynDNS IPv6 Open plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-open/50dyndns-ipv6-open.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/50dyndns-ipv6-open.plugin
+ $(INSTALL) -m 0755 package/arnofw/dyndns-ipv6-open/dyndns-ipv6-open-helper.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/dyndns-ipv6-open-helper
+ $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-open/dyndns-ipv6-open.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/dyndns-ipv6-open.conf
+ ##
+ ## Install local version of Traffic Shaper plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/traffic-shaper/60traffic-shaper.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/60traffic-shaper.plugin
+ $(INSTALL) -m 0644 package/arnofw/traffic-shaper/traffic-shaper-astlinux.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/traffic-shaper.conf
+ ##
+ ## Install local version of OpenVPN Server plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/openvpn-server/50openvpn-server.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/50openvpn-server.plugin
+ $(INSTALL) -m 0644 package/arnofw/openvpn-server/openvpn-server-astlinux.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/openvpn-server.conf
+ ##
+ ## Install local version of Time Schedule Host Block plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/time-schedule-host-block/30time-schedule-host-block.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/30time-schedule-host-block.plugin
+ $(INSTALL) -m 0644 package/arnofw/time-schedule-host-block/time-schedule-host-block.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/time-schedule-host-block.conf
+ ##
+ ## Install local version of SIP User-Agent plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/sip-user-agent/30sip-user-agent.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/30sip-user-agent.plugin
+ $(INSTALL) -m 0644 package/arnofw/sip-user-agent/sip-user-agent.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/sip-user-agent.conf
+ ##
+ ## Install local version of PPTP VPN plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/pptp-vpn/50pptp-vpn.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/50pptp-vpn.plugin
+ $(INSTALL) -m 0644 package/arnofw/pptp-vpn/pptp-vpn-astlinux.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/pptp-vpn.conf
+ ##
+ ## Install local version of miniupnpd plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/miniupnpd/50miniupnpd.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/50miniupnpd.plugin
+ $(INSTALL) -m 0644 package/arnofw/miniupnpd/miniupnpd-astlinux.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/miniupnpd.conf
+ ##
+ ## Install local version of net-prefix-translation plugin
+ ##
+ $(INSTALL) -m 0644 package/arnofw/net-prefix-translation/20net-prefix-translation.plugin.sh $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)/plugins/20net-prefix-translation.plugin
+ $(INSTALL) -m 0644 package/arnofw/net-prefix-translation/net-prefix-translation.conf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)/plugins/net-prefix-translation.conf
+endef
-#
-# the second pattern in the 2nd SED command comments out variables that
-# will be handled by the wrapper instead. this is just to avoid confusion.
-#
-$(TARGET_DIR)$(ARNOFW_TARGET_BINARY): $(ARNOFW_DIR)/.patched
- ln -sf /tmp$(ARNOFW_CONFIG_DIR) $(TARGET_DIR)$(ARNOFW_CONFIG_DIR)
- $(INSTALL) -D -m 0755 $(ARNOFW_DIR)/bin/arno-iptables-firewall \
- $(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
- $(SED) '1 s:^#!/bin/sh:#!/bin/ash:' \
- $(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
- mkdir -p $(TARGET_DIR)/stat$(ARNOFW_CONFIG_DIR)
- $(INSTALL) -m 0444 package/arnofw/arnofw.serial \
- $(TARGET_DIR)/stat$(ARNOFW_CONFIG_SERIAL)
- $(INSTALL) -m 0644 $(ARNOFW_DIR)/etc/arno-iptables-firewall/firewall.conf \
- $(ARNOFW_DIR)/etc/arno-iptables-firewall/custom-rules \
- $(TARGET_DIR)/stat$(ARNOFW_CONFIG_DIR)
- $(SED) 's:^PLUGIN_BIN_PATH="[^"]*":PLUGIN_BIN_PATH="$(ARNOFW_SCRIPT_DIR)/plugins":' \
- -e 's:^ENV_FILE="[^"]*":ENV_FILE="$(ARNOFW_SCRIPT_DIR)/environment":' \
- -e 's:^ENV_FILE=[^"]*$$:ENV_FILE="$(ARNOFW_SCRIPT_DIR)/environment":' \
- -e 's:^LOCAL_CONFIG_FILE="":LOCAL_CONFIG_FILE="$(ARNOFW_CONFIG_SHIM)":' \
- -e 's:^(INT_IF|EXT_IF|MODEM_IF|INTERNAL_NET|NAT|NAT_INTERNAL_NET|EXT_IF_DHCP_IP)=:#&:' \
- -e 's:^NAT_LOCAL_REDIRECT=0$$:NAT_LOCAL_REDIRECT=1:' \
- -e 's:^IGMP_LOG=1$$:IGMP_LOG=0:' \
- -e 's:^RESERVED_NET_LOG=1$$:RESERVED_NET_LOG=0:' \
- $(TARGET_DIR)/stat$(ARNOFW_CONFIG_DIR)/firewall.conf
- mkdir -p $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)
- $(INSTALL) -m 0644 $(ARNOFW_DIR)/etc/arno-iptables-firewall/plugins/*.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)
- cp -a $(ARNOFW_DIR)/share/arno-iptables-firewall \
- $(TARGET_DIR)$(ARNOFW_SCRIPT_DIR)
- $(INSTALL) -m 0444 package/arnofw/arnofw.wrapper \
- $(TARGET_DIR)$(ARNOFW_CONFIG_SHIM)
- $(INSTALL) -D -m 0755 package/arnofw/reload-spamhaus-drop \
- $(TARGET_DIR)/usr/sbin/reload-spamhaus-drop
- $(INSTALL) -D -m 0755 package/arnofw/reload-blocklist-netset \
- $(TARGET_DIR)/usr/sbin/reload-blocklist-netset
- @rm -f $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/*.CHANGELOG
- @echo
- @echo "Remove plugins that don't apply."
- @echo
- rm -f $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/??linux-upnp-igd.plugin \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/linux-upnp-igd.conf
- rm -f $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/??traffic-accounting.plugin \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/traffic-accounting-* \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/traffic-accounting.conf
- rm -f $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/??rpc.plugin \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/rpc.conf
- @echo
- @echo "Clobber the config files from the tarball with our shim-friendly versions."
- @echo
- $(INSTALL) -m 0644 package/arnofw/ipsec-vpn-astlinux.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/ipsec-vpn.conf
- $(INSTALL) -m 0644 package/arnofw/sip-voip-astlinux.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/sip-voip.conf
- $(INSTALL) -m 0644 package/arnofw/ipv6-over-ipv4-astlinux.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/ipv6-over-ipv4.conf
- @echo
- @echo "Install local version of Adaptive Ban plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/adaptive-ban/95adaptive-ban.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/95adaptive-ban.plugin
- $(INSTALL) -m 0755 package/arnofw/adaptive-ban/adaptive-ban-helper.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/adaptive-ban-helper
- $(INSTALL) -m 0644 package/arnofw/adaptive-ban/adaptive-ban.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/adaptive-ban.conf
- @echo
- @echo "Install local version of DynDNS Host Open plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/dyndns-host-open/50dyndns-host-open.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50dyndns-host-open.plugin
- $(INSTALL) -m 0755 package/arnofw/dyndns-host-open/dyndns-host-open-helper.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/dyndns-host-open-helper
- $(INSTALL) -m 0644 package/arnofw/dyndns-host-open/dyndns-host-open.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/dyndns-host-open.conf
- @echo
- @echo "Install local version of DynDNS IPv6 Forward plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-forward/50dyndns-ipv6-forward.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50dyndns-ipv6-forward.plugin
- $(INSTALL) -m 0755 package/arnofw/dyndns-ipv6-forward/dyndns-ipv6-forward-helper.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/dyndns-ipv6-forward-helper
- $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-forward/dyndns-ipv6-forward.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/dyndns-ipv6-forward.conf
- @echo
- @echo "Install local version of DynDNS IPv6 Open plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-open/50dyndns-ipv6-open.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50dyndns-ipv6-open.plugin
- $(INSTALL) -m 0755 package/arnofw/dyndns-ipv6-open/dyndns-ipv6-open-helper.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/dyndns-ipv6-open-helper
- $(INSTALL) -m 0644 package/arnofw/dyndns-ipv6-open/dyndns-ipv6-open.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/dyndns-ipv6-open.conf
- @echo
- @echo "Install local version of Traffic Shaper plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/traffic-shaper/60traffic-shaper.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/60traffic-shaper.plugin
- $(INSTALL) -m 0644 package/arnofw/traffic-shaper/traffic-shaper-astlinux.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/traffic-shaper.conf
- @echo
- @echo "Install local version of OpenVPN Server plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/openvpn-server/50openvpn-server.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50openvpn-server.plugin
- $(INSTALL) -m 0644 package/arnofw/openvpn-server/openvpn-server-astlinux.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/openvpn-server.conf
- @echo
- @echo "Install local version of Time Schedule Host Block plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/time-schedule-host-block/30time-schedule-host-block.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/30time-schedule-host-block.plugin
- $(INSTALL) -m 0644 package/arnofw/time-schedule-host-block/time-schedule-host-block.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/time-schedule-host-block.conf
- @echo
- @echo "Install local version of SIP User-Agent plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/sip-user-agent/30sip-user-agent.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/30sip-user-agent.plugin
- $(INSTALL) -m 0644 package/arnofw/sip-user-agent/sip-user-agent.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/sip-user-agent.conf
- @echo
- @echo "Install local version of PPTP VPN plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/pptp-vpn/50pptp-vpn.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50pptp-vpn.plugin
- $(INSTALL) -m 0644 package/arnofw/pptp-vpn/pptp-vpn-astlinux.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/pptp-vpn.conf
- @echo
- @echo "Install local version of miniupnpd plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/miniupnpd/50miniupnpd.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50miniupnpd.plugin
- $(INSTALL) -m 0644 package/arnofw/miniupnpd/miniupnpd-astlinux.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/miniupnpd.conf
- @echo
- @echo "Install local version of net-prefix-translation plugin."
- @echo
- $(INSTALL) -m 0644 package/arnofw/net-prefix-translation/20net-prefix-translation.plugin.sh \
- $(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/20net-prefix-translation.plugin
- $(INSTALL) -m 0644 package/arnofw/net-prefix-translation/net-prefix-translation.conf \
- $(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/net-prefix-translation.conf
-
-arnofw: $(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
-
-arnofw-clean:
- rm -f $(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
- rm -rf $(TARGET_DIR)$(ARNOFW_CONFIG_DIR) \
- $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR) \
- $(TARGET_DIR)/stat$(ARNOFW_CONFIG_DIR)
+define ARNOFW_CLEAN_CMDS
+ rm -f $(TARGET_DIR)/usr/sbin/arno-iptables-firewall
+ rm -f $(TARGET_DIR)/$(ARNOFW_CONFIG_DIR)
+ rm -rf $(TARGET_DIR)/$(ARNOFW_SCRIPT_DIR)
+ rm -rf $(TARGET_DIR)/stat/$(ARNOFW_CONFIG_DIR)
rm -f $(TARGET_DIR)/usr/sbin/reload-spamhaus-drop
+ rm -f $(TARGET_DIR)/usr/sbin/reload-blocklist-netset
+endef
-arnofw-dirclean:
- rm -rf $(ARNOFW_DIR)
-
-arnofw-source: $(ARNOFW_DIR)/.patched
-
-#############################################################
-#
-# Toplevel Makefile options
-#
-#############################################################
-ifeq ($(strip $(BR2_PACKAGE_ARNOFW)),y)
-TARGETS+=arnofw
-endif
+$(eval $(call GENTARGETS,package,arnofw))
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
