network/arno-iptables-firewall: Added (a front-end for iptables).

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>

network/arno-iptables-firewall/README

@@ -0,0 +1,41 @@
+arno-iptables-firewall is a front-end for iptables. Its configuration
+script will setup a secure and restrictive firewall by just asking a
+few questions. This includes configuring internal networks for Internet
+access via NAT and network services like http or ssh. Moreover, it 
+provides many advanced additional features that can be enabled in the
+well documented configuration file.
+
+PLEASE NOTE - The setup script is NOT going to be run automatically
+after your package is installed. In order to do that, you'll have to
+issue the following command:
+
+# arno-iptables-firewall-configure
+
+To enable firewall startup at boot-time you'll need to create a symlink
+as follows (remove the link to disable automatic firewall startup):
+
+# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
+# chmod +x /etc/rc.d/rc.arno-iptables-firewall
+
+When everything is ready you can start the firewall manually with one
+of the following commands:
+
+# /etc/rc.d/rc.arno-iptables-firewall start
+
+# arno-iptables-firewall start
+
+IMPORTANT - Here are some security notes from the upstream author:
+
+1) If possible, make sure that the firewall is started before the (ADSL)
+Internet connection is enabled. For a ppp-interface that doesn't exist
+yet you can use the wildcard device called "ppp+" (but you can only use
+ppp+ if there aren't any other ppp interfaces).
+
+2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't
+really understand what they mean. Changing them anyway could have a big
+impact on the security of your machine.
+
+3) A lot of people complain that their server stopped working after
+installing the firewall. This is the CORRECT behaviour for a firewall:
+blocking ALL incoming traffic by default. Configure your e.g. OPEN_TCP
+accordingly.

network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild

@@ -0,0 +1,126 @@
+#!/bin/sh
+
+# Slackware build script for arno-iptables-firewall
+
+# Copyright 2013-2014 Philip Lacroix <philnx at bluebottle dot com>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Thanks to Matteo Bernardini and Robby Workman for their valuable remarks.
+
+PRGNAM=arno-iptables-firewall
+VERSION=${VERSION:-2.0.1d}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=${PKG:-$TMP/package-$PRGNAM}
+OUTPUT=${OUTPUT:-/tmp}
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM\_$VERSION
+tar xvf $CWD/$PRGNAM\_$VERSION.tar.gz
+
+cd $PRGNAM\_$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 \
+  -o -perm 400 \) -exec chmod 644 {} \;
+
+PRGBIN=$PKG/usr/sbin
+PRGETC=$PKG/etc/$PRGNAM
+PRGSHR=$PKG/usr/share/$PRGNAM
+PRGDOC=$PKG/usr/doc/$PRGNAM-$VERSION
+PRGMAN=$PKG/usr/man
+
+# Copy firewall, log filter and configuration executables
+mkdir -p $PRGBIN
+cp -a ./bin/$PRGNAM $PRGBIN/
+cp -a ./configure.sh $PRGBIN/$PRGNAM-configure
+cp -a ./bin/arno-fwfilter $PRGBIN/
+
+# Patch the configuration script. We need this in order to be able to
+# run the script from outside the source directory as well. We're going
+# to (1) change from relative to absolute the path to the environment
+# file and firewall executable; (2) rename and change the path to the
+# startup script (this is for better consistency with Slackware's init
+# system); (3) change the path to the unmodified copy of the config
+# file, needed to check for existing custom setups. We will NOT create
+# a Slackware-compliant /etc/rc.d/rc.firewall symlink to the startup
+# script, as this should be done manually by the sysadmin. We won't 
+# create any SystemV-style symlinks either. Finally (4) we append the
+# note, picked from the original installation script and slightly
+# enhanced, that will be shown to the user when configuration is done
+# (this is to inform that an rc.firewall symlink has to be created in
+# order to start up the firewall at boot-time in a proper way).
+patch $PRGBIN/$PRGNAM-configure < $CWD/patch-configuration-script.diff
+
+# Copy and compress man pages
+mkdir -p $PRGMAN
+cp -a ./share/man/* $PRGMAN/
+find $PRGMAN -type f -exec gzip -9 {} \;
+
+# Copy and rename configuration files; apply patch to main config file
+# in order to fix paths; set permissions.
+mkdir -p $PRGETC/conf.d
+cp -a ./etc/$PRGNAM/* $PRGETC/
+cat $CWD/conf.d.readme > $PRGETC/conf.d/README
+patch $PRGETC/firewall.conf < $CWD/patch-configuration-file.diff
+for conf in $( find $PRGETC -type f -not -name README ); do
+  mv ${conf} ${conf}.new
+  chmod 600 ${conf}.new
+done
+
+# Copy shared data; include a clean copy of the configuration file, as
+# expected by the configuration script for comparison purposes; create
+# link to plugin as in the original script.
+mkdir -p $PRGSHR
+cp -a ./share/$PRGNAM/* $PRGSHR/
+cp -a $PRGETC/firewall.conf.new $PRGSHR/firewall.conf.orig
+ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/
+
+# Install startup script and set permissions; apply patch to fix path
+# to the executable file and make comments more consistent with the
+# Slackware system.
+mkdir -p $PKG/etc/rc.d/
+install -m 0644 ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM
+patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/patch-startup-script.diff
+
+# Copy documentation, include third-party sample files.
+mkdir -p $PRGDOC/contrib $PKG/usr/doc
+for doc in README CHANGELOG gpl_license.txt ; do
+  cp -a ./${doc} $PRGDOC/
+done
+cp -a ./contrib/adsl-failover $PRGDOC/contrib/
+cp -a ./contrib/Slackware/syslog.conf $PRGDOC/contrib/
+cat $CWD/$PRGNAM.SlackBuild > $PRGDOC/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-noarch-$BUILD$TAG.${PKGTYPE:-tgz}

network/arno-iptables-firewall/arno-iptables-firewall.info

@@ -0,0 +1,10 @@
+PRGNAM="arno-iptables-firewall"
+VERSION="2.0.1d"
+HOMEPAGE="http://rocky.eld.leidenuniv.nl"
+DOWNLOAD="http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1d.tar.gz"
+MD5SUM="c0504a92f7f34f6973ce1d9996b4908d"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="Philip Lacroix"
+EMAIL="philnx at bluebottle dot com"

network/arno-iptables-firewall/conf.d.readme

@@ -0,0 +1,5 @@
+# /etc/arno-iptables-firewall/conf.d/
+
+Files with a .conf extension in this directory will be sourced by the
+environment file.
+

network/arno-iptables-firewall/doinst.sh

@@ -0,0 +1,14 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+    rm $NEW
+  fi
+}
+
+CONFIG=${CONFIG:-/etc/arno-iptables-firewall}
+for conf in $( find $CONFIG -name *.new ) ; do
+  config ${conf}
+done

network/arno-iptables-firewall/patch-configuration-file.diff

@@ -0,0 +1,16 @@
+235c235
+< IP4TABLES="/sbin/iptables"
+---
+> IP4TABLES="/usr/sbin/iptables"
+240c240
+< IP6TABLES="/sbin/ip6tables"
+---
+> IP6TABLES="/usr/sbin/ip6tables"
+244c244
+< ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+---
+> ENV_FILE="/usr/share/arno-iptables-firewall/environment"
+248c248
+< PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
+---
+> PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"

network/arno-iptables-firewall/patch-configuration-script.diff

@@ -0,0 +1,77 @@
+34,35c34,35
+< if [ -f ./share/arno-iptables-firewall/environment ]; then
+<   . ./share/arno-iptables-firewall/environment
+---
+> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
+>   . /usr/share/arno-iptables-firewall/environment
+37c37
+<   printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2
+---
+>   printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2
+219c219
+<   
+---
+> 
+221,223c221,223
+<   chmod 755 /etc/init.d/arno-iptables-firewall
+<   chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall
+<   chmod 600 "$FIREWALL_CONF"
+---
+>   chmod 755 /etc/rc.d/rc.arno-iptables-firewall
+>   chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall
+>   chmod 600 "$FIREWALL_CONF"  
+228c228
+< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
+---
+> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
+236,252d235
+< # Remove any symlinks in rc*.d out of the way
+< rm -f /etc/rc*.d/*arno-iptables-firewall
+< 
+< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then
+<   if [ -d /etc/rcS.d ]; then
+<     ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall
+<   else
+<     ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall
+<   fi
+< 
+<   # Check for insserv. Used for dependency based booting on eg. Debian
+<   INSSERV="$(find_command /sbin/insserv)"
+<   if [ -n "$INSSERV" ]; then
+<     "$INSSERV" arno-iptables-firewall
+<   fi
+< fi
+< 
+254c237
+<   change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
+---
+>   change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
+256c239
+<   change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
+---
+>   change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
+259c242
+< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
+---
+> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
+275a259,276
+> echo ""
+> echo "-------------------------------------------------------------------------------"
+> echo "** NOTE: 1) You can now (manually) start the firewall by executing           **"
+> echo "**       \"/etc/rc.d/rc.arno-iptables-firewall start\"                         **"
+> echo "**       It is recommended however to first review the settings in           **"
+> echo "**       /etc/arno-iptables-firewall/firewall.conf!                          **"
+> echo "**                                                                           **"
+> echo "**       2) In order to start the firewall automatically at boot-time,       **"
+> echo "**       you will need to manually create in /etc/rc.d/ an appropriate       **"
+> echo "**       symlink, named \"rc.firewall\", pointing to the startup script.       **"
+> echo "**       To do that, issue the following command:                            **"
+> echo "**                                                                           **"
+> echo "**       ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall    **"
+> echo "**                                                                           **"
+> echo "**       Simply delete the link if you wish to disable firewall startup      **"
+> echo "**       at boot-time.                                                       **"
+> echo "-------------------------------------------------------------------------------"
+> echo ""
+278d278
+< 

network/arno-iptables-firewall/patch-startup-script.diff

@@ -0,0 +1,25 @@
+4c4
+< # description: init.d script for Arno's iptables firewall
+---
+> # description: rc.d script for Arno's iptables firewall
+7c7
+< # Provides:          arno-iptables-firewall
+---
+> # Provides:          rc.arno-iptables-firewall
+16,20c16,21
+< # You should put this script in eg. "/etc/init.d/" .                                       #
+< # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it                   #
+< # If you want to run it upon boot, either add an entry in your "/etc/rc.d/rc.local" or 	   #
+< # (for eg. Debian) in "/etc/rcS.d/" create a symlink to the arno-iptables-firewall script  #
+< # ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script").   #
+---
+> # You should put this script in "/etc/rc.d/".                                              #
+> # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it.                  #
+> # If you want to run it upon boot, either create an "/etc/rc.d/rc.firewall" symlink to the #
+> # present script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") or   #
+> # edit the network system startup script "/etc/rc.d/rc.inet2" by renaming both occurrences #
+> # of "rc.firewall" to match this script's name (i.e. "rc.arno-iptables-firewall").         #
+24c25
+< PROGRAM="/usr/local/sbin/arno-iptables-firewall"
+---
+> PROGRAM="/usr/sbin/arno-iptables-firewall"

network/arno-iptables-firewall/slack-desc

@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+                      |-----handy-ruler------------------------------------------------------|
+arno-iptables-firewall: arno-iptables-firewall (a front-end for iptables)
+arno-iptables-firewall:
+arno-iptables-firewall: arno-iptables-firewall is a front-end for iptables. Its configuration
+arno-iptables-firewall: script will setup a secure and restrictive firewall by just asking a
+arno-iptables-firewall: few questions. This includes the configuration of internal networks
+arno-iptables-firewall: for Internet access via NAT and network services like http or ssh.
+arno-iptables-firewall: Moreover, it provides many advanced additional features that can be
+arno-iptables-firewall: enabled in the well documented configuration file.
+arno-iptables-firewall:
+arno-iptables-firewall: Homepage: http://rocky.eld.leidenuniv.nl
+arno-iptables-firewall: