diff options
-rw-r--r-- | network/firewalld/README | 4 | ||||
-rw-r--r-- | network/firewalld/README.SLACKWARE | 20 | ||||
-rw-r--r-- | network/firewalld/doinst.sh | 3 | ||||
-rw-r--r-- | network/firewalld/firewalld.SlackBuild | 20 | ||||
-rw-r--r-- | network/firewalld/init.patch | 11 | ||||
-rw-r--r-- | network/firewalld/rc.firewalld | 56 |
6 files changed, 110 insertions, 4 deletions
diff --git a/network/firewalld/README b/network/firewalld/README index 75d957740abed..1821f7afae17a 100644 --- a/network/firewalld/README +++ b/network/firewalld/README @@ -1,6 +1,8 @@ -firewalld provides a dynamically managed firewall with support for +Firewalld provides a dynamically managed firewall with support for network or firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add ip*tables and ebtables rules directly. + +Please read the README.SLACKWARE file for additional information. diff --git a/network/firewalld/README.SLACKWARE b/network/firewalld/README.SLACKWARE new file mode 100644 index 0000000000000..a5a7404a61532 --- /dev/null +++ b/network/firewalld/README.SLACKWARE @@ -0,0 +1,20 @@ +The package provided by the upstream project already includes +/etc/init.d/firewalld which will get executed on boot by +/etc/rc.d/rc.sysvinit. So technically, you don't have to +use the custom rc.firewalld. I have provided a patch that +changes /etc/sysconfig/ to /etc/default in order to source +any custom arguments. + +Otherwise, feel free to chmod -x /etc/init.d/firewalld +and chmod +x /etc/rc.d/rc.firewalld then add it to your +/etc/rc.d/rc.local like so: + +if [ -x /etc/rc.d/rc.firewalld ]; then + /etc/rc.d/rc.firewalld start +fi + +and the following to /etc/rc.d/rc.local_shutdown: + +if [ -x /etc/rc.d/rc.firewalld ]; then + /etc/rc.d/rc.firewalld stop +fi diff --git a/network/firewalld/doinst.sh b/network/firewalld/doinst.sh index 9f4fb5fbe4e29..592ffcdaef976 100644 --- a/network/firewalld/doinst.sh +++ b/network/firewalld/doinst.sh @@ -26,7 +26,8 @@ config etc/dbus-1/system.d/FirewallD.conf.new config etc/firewall/applet.conf.new config etc/firewalld/firewalld.conf.new config etc/default/firewalld.new -preserve_perms etc/rc.d/rc.FireWallD.new +preserve_perms etc/rc.d/rc.firewalld.new +preserve_perms etc/rc.d/init.d/firewalld.new if [ -x /usr/bin/update-desktop-database ]; then /usr/bin/update-desktop-database -q usr/share/applications >/dev/null 2>&1 diff --git a/network/firewalld/firewalld.SlackBuild b/network/firewalld/firewalld.SlackBuild index ad54c23725879..b244425797df4 100644 --- a/network/firewalld/firewalld.SlackBuild +++ b/network/firewalld/firewalld.SlackBuild @@ -21,10 +21,18 @@ # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# ChangeLog +# +# Thu Mar 19 12:19:48 UTC 2020 +# +# * Added patch to change the source file from /etc/sysconfig to /etc/default +# in the provided /etc/init.d/firewalld file. +# PRGNAM=firewalld VERSION=${VERSION:-0.5.1} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -69,6 +77,10 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; +# Let's patch the init.d script to use /etc/default instead of +# /etc/sysconfig to source arguments. +patch -p1 < $CWD/init.patch + ./autogen.sh CFLAGS="$SLKCFLAGS" \ @@ -95,8 +107,9 @@ mv $PKG/etc/sysconfig/firewalld $PKG/etc/sysconfig/firewalld.new mv $PKG/etc/sysconfig $PKG/etc/default mkdir -p $PKG/etc/rc.d -cat $CWD/rc.FireWallD > $PKG/etc/rc.d/rc.FireWallD.new +cat $CWD/rc.firewalld > $PKG/etc/rc.d/rc.firewalld.new +# We don't need systemd here. rm -rf $PKG/usr/lib/systemd find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ @@ -115,5 +128,8 @@ mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/firewalld/init.patch b/network/firewalld/init.patch new file mode 100644 index 0000000000000..675dee356fc55 --- /dev/null +++ b/network/firewalld/init.patch @@ -0,0 +1,11 @@ +--- firewalld-0.5.1/config/firewalld.init 2020-03-19 08:05:08.660103937 -0400 ++++ firewalld-0.5.1-new/config/firewalld.init 2020-03-19 08:10:25.695336773 -0400 +@@ -29,7 +29,7 @@ + prog="firewalld" + #config="/etc/firewalld/firewalld.conf" + +-[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog ++[ -e /etc/default/$prog ] && . /etc/default/$prog + + lockfile=/var/lock/subsys/$prog + diff --git a/network/firewalld/rc.firewalld b/network/firewalld/rc.firewalld new file mode 100644 index 0000000000000..aa0d91b3dcbf4 --- /dev/null +++ b/network/firewalld/rc.firewalld @@ -0,0 +1,56 @@ +#!/bin/sh +# Start/stop/restart firewalld. + +# Start firewalld: +firewalld_start() { + [ -r /etc/default/firewalld ] && source /etc/default/firewalld + echo -n "Starting FireWallD daemon: /usr/sbin/firewalld " + /usr/sbin/firewalld $FIREWALLD_ARGS + echo +} + +# Stop firewalld: +firewalld_stop() { + echo -n "Stopping FireWallD daemon..." + if [ -r /var/run/firewalld.pid ]; then + kill -HUP $(cat /var/run/firewalld.pid) + rm -f /var/run/firewalld.pid + else + killall -HUP -q firewalld + fi + echo +} + +# Restart firewalld: +firewalld_restart() { + firewalld_stop + sleep 1 + firewalld_start +} + +# Check if firewalld is running +firewalld_status() { + if [ -e /var/run/firewalld.pid ]; then + echo "firewalld is running as pid $(cat /var/run/firewalld.pid)." + else + echo "firewalld is stopped." + exit 1 + fi +} + +case "$1" in +'start') + firewalld_start + ;; +'stop') + firewalld_stop + ;; +'restart') + firewalld_restart + ;; +'status') + firewalld_status + ;; +*) + echo "usage $0 start|stop|restart|status" +esac |