aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/firewalld/README4
-rw-r--r--network/firewalld/README.SLACKWARE20
-rw-r--r--network/firewalld/doinst.sh3
-rw-r--r--network/firewalld/firewalld.SlackBuild20
-rw-r--r--network/firewalld/init.patch11
-rw-r--r--network/firewalld/rc.firewalld56
6 files changed, 110 insertions, 4 deletions
diff --git a/network/firewalld/README b/network/firewalld/README
index 75d957740abed..1821f7afae17a 100644
--- a/network/firewalld/README
+++ b/network/firewalld/README
@@ -1,6 +1,8 @@
-firewalld provides a dynamically managed firewall with support for
+Firewalld provides a dynamically managed firewall with support for
network or firewall zones to define the trust level of network
connections or interfaces. It has support for IPv4, IPv6 firewall
settings and for ethernet bridges and a separation of runtime and
permanent configuration options. It also provides an interface for
services or applications to add ip*tables and ebtables rules directly.
+
+Please read the README.SLACKWARE file for additional information.
diff --git a/network/firewalld/README.SLACKWARE b/network/firewalld/README.SLACKWARE
new file mode 100644
index 0000000000000..a5a7404a61532
--- /dev/null
+++ b/network/firewalld/README.SLACKWARE
@@ -0,0 +1,20 @@
+The package provided by the upstream project already includes
+/etc/init.d/firewalld which will get executed on boot by
+/etc/rc.d/rc.sysvinit. So technically, you don't have to
+use the custom rc.firewalld. I have provided a patch that
+changes /etc/sysconfig/ to /etc/default in order to source
+any custom arguments.
+
+Otherwise, feel free to chmod -x /etc/init.d/firewalld
+and chmod +x /etc/rc.d/rc.firewalld then add it to your
+/etc/rc.d/rc.local like so:
+
+if [ -x /etc/rc.d/rc.firewalld ]; then
+ /etc/rc.d/rc.firewalld start
+fi
+
+and the following to /etc/rc.d/rc.local_shutdown:
+
+if [ -x /etc/rc.d/rc.firewalld ]; then
+ /etc/rc.d/rc.firewalld stop
+fi
diff --git a/network/firewalld/doinst.sh b/network/firewalld/doinst.sh
index 9f4fb5fbe4e29..592ffcdaef976 100644
--- a/network/firewalld/doinst.sh
+++ b/network/firewalld/doinst.sh
@@ -26,7 +26,8 @@ config etc/dbus-1/system.d/FirewallD.conf.new
config etc/firewall/applet.conf.new
config etc/firewalld/firewalld.conf.new
config etc/default/firewalld.new
-preserve_perms etc/rc.d/rc.FireWallD.new
+preserve_perms etc/rc.d/rc.firewalld.new
+preserve_perms etc/rc.d/init.d/firewalld.new
if [ -x /usr/bin/update-desktop-database ]; then
/usr/bin/update-desktop-database -q usr/share/applications >/dev/null 2>&1
diff --git a/network/firewalld/firewalld.SlackBuild b/network/firewalld/firewalld.SlackBuild
index ad54c23725879..b244425797df4 100644
--- a/network/firewalld/firewalld.SlackBuild
+++ b/network/firewalld/firewalld.SlackBuild
@@ -21,10 +21,18 @@
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# ChangeLog
+#
+# Thu Mar 19 12:19:48 UTC 2020
+#
+# * Added patch to change the source file from /etc/sysconfig to /etc/default
+# in the provided /etc/init.d/firewalld file.
+#
PRGNAM=firewalld
VERSION=${VERSION:-0.5.1}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@@ -69,6 +77,10 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+# Let's patch the init.d script to use /etc/default instead of
+# /etc/sysconfig to source arguments.
+patch -p1 < $CWD/init.patch
+
./autogen.sh
CFLAGS="$SLKCFLAGS" \
@@ -95,8 +107,9 @@ mv $PKG/etc/sysconfig/firewalld $PKG/etc/sysconfig/firewalld.new
mv $PKG/etc/sysconfig $PKG/etc/default
mkdir -p $PKG/etc/rc.d
-cat $CWD/rc.FireWallD > $PKG/etc/rc.d/rc.FireWallD.new
+cat $CWD/rc.firewalld > $PKG/etc/rc.d/rc.firewalld.new
+# We don't need systemd here.
rm -rf $PKG/usr/lib/systemd
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
@@ -115,5 +128,8 @@ mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/firewalld/init.patch b/network/firewalld/init.patch
new file mode 100644
index 0000000000000..675dee356fc55
--- /dev/null
+++ b/network/firewalld/init.patch
@@ -0,0 +1,11 @@
+--- firewalld-0.5.1/config/firewalld.init 2020-03-19 08:05:08.660103937 -0400
++++ firewalld-0.5.1-new/config/firewalld.init 2020-03-19 08:10:25.695336773 -0400
+@@ -29,7 +29,7 @@
+ prog="firewalld"
+ #config="/etc/firewalld/firewalld.conf"
+
+-[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
++[ -e /etc/default/$prog ] && . /etc/default/$prog
+
+ lockfile=/var/lock/subsys/$prog
+
diff --git a/network/firewalld/rc.firewalld b/network/firewalld/rc.firewalld
new file mode 100644
index 0000000000000..aa0d91b3dcbf4
--- /dev/null
+++ b/network/firewalld/rc.firewalld
@@ -0,0 +1,56 @@
+#!/bin/sh
+# Start/stop/restart firewalld.
+
+# Start firewalld:
+firewalld_start() {
+ [ -r /etc/default/firewalld ] && source /etc/default/firewalld
+ echo -n "Starting FireWallD daemon: /usr/sbin/firewalld "
+ /usr/sbin/firewalld $FIREWALLD_ARGS
+ echo
+}
+
+# Stop firewalld:
+firewalld_stop() {
+ echo -n "Stopping FireWallD daemon..."
+ if [ -r /var/run/firewalld.pid ]; then
+ kill -HUP $(cat /var/run/firewalld.pid)
+ rm -f /var/run/firewalld.pid
+ else
+ killall -HUP -q firewalld
+ fi
+ echo
+}
+
+# Restart firewalld:
+firewalld_restart() {
+ firewalld_stop
+ sleep 1
+ firewalld_start
+}
+
+# Check if firewalld is running
+firewalld_status() {
+ if [ -e /var/run/firewalld.pid ]; then
+ echo "firewalld is running as pid $(cat /var/run/firewalld.pid)."
+ else
+ echo "firewalld is stopped."
+ exit 1
+ fi
+}
+
+case "$1" in
+'start')
+ firewalld_start
+ ;;
+'stop')
+ firewalld_stop
+ ;;
+'restart')
+ firewalld_restart
+ ;;
+'status')
+ firewalld_status
+ ;;
+*)
+ echo "usage $0 start|stop|restart|status"
+esac