diff options
Diffstat (limited to 'pkgs/tools/networking/shorewall/default.nix')
-rw-r--r-- | pkgs/tools/networking/shorewall/default.nix | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/pkgs/tools/networking/shorewall/default.nix b/pkgs/tools/networking/shorewall/default.nix new file mode 100644 index 00000000000..8e62aa735a4 --- /dev/null +++ b/pkgs/tools/networking/shorewall/default.nix @@ -0,0 +1,130 @@ +{ coreutils +, ebtables +, fetchurl +, gnugrep +, gnused +, iproute +, ipset +, iptables +, perl +, perlPackages +, stdenv +, tree +, utillinux +}: +let + PATH = stdenv.lib.concatStringsSep ":" + [ "${coreutils}/bin" + "${iproute}/bin" + "${iptables}/bin" + "${ipset}/bin" + "${ebtables}/bin" + "${utillinux}/bin" + "${gnugrep}/bin" + "${gnused}/bin" + ]; +in +stdenv.mkDerivation rec { + pname = "shorewall"; + version = "5.2.3.3"; + + srcs = [ + (fetchurl { + url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-core-${version}.tar.bz2"; + sha256 = "1gg2yfxzm3y9qqjrrg5nq2ggi1c6yfxx0s7fvwjw70b185mwa5p5"; + }) + (fetchurl { + url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-${version}.tar.bz2"; + sha256 = "1ka70pa3s0cnvc83rlm57r05cdv9idnxnq0vmxi6nr7razak5f3b"; + }) + (fetchurl { + url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall6-${version}.tar.bz2"; + sha256 = "0mhs4m6agwk082h1n69gnyfsjpycdd8215r4r9rzb3czs5xi087n"; + }) + ]; + sourceRoot = "."; + + buildInputs = [ + coreutils + iproute + ipset + iptables + ebtables + utillinux + gnugrep + gnused + perl + ] ++ (with perlPackages; [ + DigestSHA1 + ]); + prePatch = '' + # Patch configure and install.sh files + patchShebangs . + + # Remove hardcoded PATH + sed -i shorewall-core-${version}/lib.cli \ + -e '/^ *PATH=.*/d' + ''; + configurePhase = '' + shorewall-core-${version}/configure \ + HOST=linux \ + PREFIX=$out \ + CONFDIR=\$PREFIX/etc-example \ + SBINDIR=\$PREFIX/sbin \ + SYSCONFDIR= \ + SHAREDIR=\$PREFIX/share \ + LIBEXECDIR=\$SHAREDIR \ + PERLLIBDIR=\$SHAREDIR/shorewall \ + MANDIR=$out/man \ + VARLIB=/var/lib \ + INITSOURCE= \ + INITDIR= \ + INITFILE= \ + DEFAULT_PAGER= + ''; + installPhase = '' + export DESTDIR=/ + shorewall-core-${version}/install.sh + + ln -s ../shorewall-core-${version}/shorewallrc shorewall-${version}/ + shorewall-${version}/install.sh + + ln -s ../shorewall-core-${version}/shorewallrc shorewall6-${version}/ + shorewall6-${version}/install.sh + + # Patch the example shorewall{,6}.conf in case it is included + # in services.shorewall{,6}.configs + sed -i $out/etc-example/shorewall/shorewall.conf \ + $out/etc-example/shorewall6/shorewall6.conf \ + -e 's|^LOGFILE=.*|LOGFILE=/var/log/shorewall.log|' \ + -e 's|^PATH=.*|PATH=${PATH}|' \ + -e 's|^PERL=.*|PERL=${perl}/bin/perl|' \ + -e 's|^SHOREWALL_SHELL=.*|SHOREWALL_SHELL=${stdenv.shell}|' + sed -i $out/etc-example/shorewall6/shorewall6.conf \ + -e 's|^CONFIG_PATH=.*|CONFIG_PATH=:''${CONFDIR}/shorewall6:''${SHAREDIR}/shorewall6:''${SHAREDIR}/shorewall|' + # FIXME: the default GEOIPDIR=/usr/share/xt_geoip/LE may require attention. + + # Redirect CONFDIR to /etc where services.shorewall{,6}.configs + # will generate the config files. + sed -i $out/share/shorewall/shorewallrc \ + -e 's~^CONFDIR=.*~CONFDIR=/etc~' + ''; + + meta = { + homepage = http://www.shorewall.net/; + description = "An IP gateway/firewall configuration tool for GNU/Linux"; + longDescription = '' + Shorewall is a high-level tool for configuring Netfilter. You describe your + firewall/gateway requirements using entries in a set of configuration + files. Shorewall reads those configuration files and with the help of the + iptables, iptables-restore, ip and tc utilities, Shorewall configures + Netfilter and the Linux networking subsystem to match your requirements. + Shorewall can be used on a dedicated firewall system, a multi-function + gateway/router/server or on a standalone GNU/Linux system. Shorewall does + not use Netfilter's ipchains compatibility mode and can thus take + advantage of Netfilter's connection state tracking capabilities. + ''; + license = stdenv.lib.licenses.gpl2Plus; + platforms = stdenv.lib.platforms.linux; + }; +} |