Shorewall: Add full package.

Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>

7 files changed, 170 insertions, 0 deletions

diff --git a/net/shorewall/Makefile b/net/shorewall/Makefile
new file mode 100644
index 000000000..fbe384f24
--- /dev/null
+++ b/net/shorewall/Makefile
@@ -0,0 +1,75 @@
+#
+# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2017 Willem van den Akker <wvdakker@wilsoft.nl>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=shorewall
+PKG_VERSION:=5.1.8.1
+PKG_DIRECTORY:=5.1
+PKG_MAINVERSION:=5.1.8
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/$(PKG_DIRECTORY)/shorewall-$(PKG_MAINVERSION)/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_HASH:=0ba4f22394d988a5714637444c248e542d5897e41ab5770907edf38e422fe2ff
+PKG_MAINTAINER:=Willem van den Akker <wvdakker@wilsoft.nl>
+PKG_LICENSE:=GPL-2.0+
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/shorewall
+    SECTION:=devel
+    CATEGORY:=Network
+    DEPENDS:=+ip +iptables +kmod-ipt-hashlimit +kmod-ipt-raw +iptables-mod-hashlimit +shorewall-core \
+		+perl +perlbase-autoloader +perlbase-autouse +perlbase-dynaloader +perlbase-digest \
+		+perlbase-findbin +perlbase-getopt +perlbase-hash
+    TITLE:=Shorewall Central Administration System
+    URL:=http://www.shorewall.net/
+    SUBMENU:=Firewall
+endef
+
+define Package/shorewall/description
+	The Shoreline Firewall, is high-level tool for configuring Netfilter.
+
+	Shorewall allows for central administration of multiple IPv4 firewalls.
+	This is the full Shorewall product which will compile Shorewall scripts.
+	It is not recommended to run it on a low memory system.
+
+	Note: This is the IPv4 implementation of Shorewall.
+	      This full Shorewal packages also installs Perl which can make the image big (about +2M).
+endef
+
+CONFIGURE_ARGS += \
+	vendor=openwrt
+
+define Build/Compile
+	DESTDIR=$(PKG_INSTALL_DIR) $(PKG_BUILD_DIR)/install.sh
+endef
+
+define Package/shorewall/conffiles
+/etc/shorewall/
+endef
+
+define Package/shorewall/install
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface/
+	$(INSTALL_DIR) $(1)/etc/shorewall/
+	$(INSTALL_DIR) $(1)/usr/lib/shorewall/
+	$(INSTALL_DIR) $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/usr/share/shorewall/
+	$(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall
+	$(INSTALL_BIN) ./files/hostname $(1)/etc/shorewall/
+	$(INSTALL_BIN) ./files/shorewall.init $(1)/etc/init.d/shorewall
+	$(INSTALL_BIN) ./files/vardir $(1)/etc/shorewall/
+	$(CP) $(PKG_INSTALL_DIR)/etc/shorewall/. $(1)/etc/shorewall/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/shorewall/. $(1)/usr/lib/shorewall/
+	$(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall/. $(1)/usr/share/shorewall/
+endef
+
+$(eval $(call BuildPackage,shorewall))
diff --git a/net/shorewall/files/hostname b/net/shorewall/files/hostname
new file mode 100644
index 000000000..29c736ec6
--- /dev/null
+++ b/net/shorewall/files/hostname
@@ -0,0 +1,3 @@
+#!/bin/sh
+uci get system.@system[0].hostname
+
diff --git a/net/shorewall/files/hotplug_iface b/net/shorewall/files/hotplug_iface
new file mode 100644
index 000000000..f787424c1
--- /dev/null
+++ b/net/shorewall/files/hotplug_iface
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# should restart shorewall when an interface comes up
+
+case "$ACTION" in
+    ifup)
+        /etc/init.d/shorewall restart
+        ;;
+    ifdown)
+        # might need to restore some routing
+        /etc/init.d/shorewall restart
+        ;;
+esac
diff --git a/net/shorewall/files/shorewall.init b/net/shorewall/files/shorewall.init
new file mode 100644
index 000000000..ef2f00aae
--- /dev/null
+++ b/net/shorewall/files/shorewall.init
@@ -0,0 +1,32 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=50
+
+load_params () {
+    . /usr/share/shorewall/shorewallrc
+}
+
+start_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall $OPTIONS start $STARTOPTIONS
+}
+
+stop_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall $OPTIONS stop $STOPOPTIONS
+}
+
+restart_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall $OPTIONS restart $RESTARTOPTIONS
+}
+
+reload_service() {
+    load_params
+    
+    ${SBINDIR}/shorewall $OPTIONS reload $RESTARTOPTIONS
+}
diff --git a/net/shorewall/files/vardir b/net/shorewall/files/vardir
new file mode 100644
index 000000000..f9a55a81e
--- /dev/null
+++ b/net/shorewall/files/vardir
@@ -0,0 +1,2 @@
+VARDIR=/tmp/state
+
diff --git a/net/shorewall/patches/010-update_install_sh.patch b/net/shorewall/patches/010-update_install_sh.patch
new file mode 100644
index 000000000..bd9e97103
--- /dev/null
+++ b/net/shorewall/patches/010-update_install_sh.patch
@@ -0,0 +1,23 @@
+Index: shorewall-5.1.4.1/install.sh
+===================================================================
+--- shorewall-5.1.4.1.orig/install.sh	2017-05-26 17:39:12.000000000 +0200
++++ shorewall-5.1.4.1/install.sh	2017-06-06 19:26:46.152686822 +0200
+@@ -213,6 +213,8 @@
+ 		BUILD=suse
+ 	    elif [ -f /etc/arch-release ] ; then
+ 		BUILD=archlinux
++    	    elif [ -f ${CONFDIR}/openwrt_release ] ; then
++		BUILD=openwrt
+ 	    else
+ 		BUILD=linux
+ 	    fi
+@@ -264,6 +266,9 @@
+     archlinux)
+ 	echo "Installing ArchLinux-specific configuration..."
+ 	;;
++    openwrt)
++	echo "Installing OpenWRT-specific configuration..."
++	;;
+     linux)
+ 	;;
+     *)
diff --git a/net/shorewall/patches/120-logfile.patch b/net/shorewall/patches/120-logfile.patch
new file mode 100644
index 000000000..e36019dc8
--- /dev/null
+++ b/net/shorewall/patches/120-logfile.patch
@@ -0,0 +1,22 @@
+Index: shorewall-5.1.4.1/configfiles/shorewall.conf
+===================================================================
+--- shorewall-5.1.4.1.orig/configfiles/shorewall.conf	2017-10-05 11:18:41.586275516 +0200
++++ shorewall-5.1.4.1/configfiles/shorewall.conf	2017-10-05 11:26:11.825609382 +0200
+@@ -33,7 +33,7 @@
+ #			       L O G G I N G
+ ###############################################################################
+ 
+-LOG_LEVEL="info"
++LOG_LEVEL="warn"
+ 
+ BLACKLIST_LOG_LEVEL=
+ 
+@@ -101,7 +101,7 @@
+ 
+ SHOREWALL_SHELL=/bin/sh
+ 
+-SUBSYSLOCK=/var/lock/subsys/shorewall
++SUBSYSLOCK=/var/lock/shorewall
+ 
+ TC=
+