Attachment #372206 for bug #499174




This patch will update the version number in the release notes.

See http://thread.gmane.org/gmane.comp.security.shorewall/30808

--- shorewall-4.5.21.7.old/releasenotes.txt	2014-03-08 16:35:39.000000000 +0100

# Global start/restart/stop options
# 
OPTIONS=""

# Start options
# 
STARTOPTIONS=""

# Stop options
# 
STOPOPTIONS=""

# Restart options
# 
RESTARTOPTIONS=""




#!/sbin/runscript
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

description='The Shoreline Firewall, more commonly known as "Shorewall", is'
description="${description} a high-level tool for configuring Netfilter."

extra_commands="check clear"
extra_started_commands="refresh reset"

description_check="Checks if the configuration will compile or not."

description_clear="Clear will remove all rules and chains installed by"
description_clear="${description_clear} Shorewall. The firewall is then"
description_clear="${description_clear} wide open and unprotected."

description_refresh="The mangle table will be refreshed along with the"
description_refresh="${description_refresh} blacklist chain (if any)."

description_reset="All the packet and byte counters in the firewall are reset."

depend() {
	need net
	provide firewall
	after ulogd
}

status() {
	local _retval
	/sbin/shorewall status 1>/dev/null
	_retval=$?
	if [ ${_retval} = '0' ]; then
		einfo 'status: started'
		mark_service_started "${SVCNAME}"
		return 0
	else
		einfo 'status: stopped'	
		mark_service_stopped "${SVCNAME}"
		return 3
	fi
}

start() {
	ebegin "Starting shorewall"
	/sbin/shorewall ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
	eend $? 
}

stop() {
	ebegin "Stopping shorewall"
	/sbin/shorewall ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
	eend $?
}

restart() {
	# shorewall comes with its own control script that includes a
	# restart function, so refrain from calling svc_stop/svc_start
	# here.  Note that this comment is required to fix bug 55576;
	# runscript.sh greps this script...  (09 Jul 2004 agriffis)

	ebegin "Restarting shorewall"
	/sbin/shorewall status 1>/dev/null
	if [ $? != 0 ] ; then
		svc_start
	else
		/sbin/shorewall ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
	fi
	eend $?
}

clear() {
	# clear will remove all the rules and bring the system to an unfirewalled
	# state. (21 Nov 2004 eldad)

	ebegin "Clearing all shorewall rules and setting policy to ACCEPT"
	/sbin/shorewall ${OPTIONS} clear 1>/dev/null
	eend $?
}

reset() {
	# reset the packet and byte counters in the firewall

	ebegin "Resetting the packet and byte counters in shorewall"
	/sbin/shorewall ${OPTIONS} reset 1>/dev/null
	eend $?
}

refresh() {
	# refresh the rules involving the broadcast addresses of firewall 
	# interfaces, the black list, traffic control rules and 
	# ECN control rules

	ebegin "Refreshing shorewall rules"
	/sbin/shorewall ${OPTIONS} refresh 1>/dev/null
	eend $?
}

check() {
	# perform cursory validation of the zones, interfaces, hosts, rules
	# and policy files. CAUTION: does not parse and validate the generated 
	# iptables commands.

	ebegin "Checking shorewall configuration"
	/sbin/shorewall ${OPTIONS} check 1>/dev/null
	eend $?
}




#
# Gentoo Shorewall 4.5 rc file
#
BUILD=                                  #Default is to detect the build system
HOST=gentoo                             #Gentoo GNU Linux
PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr                             #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc                            #Directory where subsystem configurations are installed
SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin                           #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
INITDIR=${CONFDIR}/init.d               #Directory where SysV init scripts are installed.
INITFILE=${PRODUCT}                     #Name of the product's installed SysV init script
INITSOURCE=init.gentoo.sh               #Name of the distributed file to be installed as the SysV init script
ANNOTATED=                              #If non-zero, annotated configuration files are installed
SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system         #Directory where .service files are installed (systems running systemd only)
SERVICEFILE=gentoo.service              #Name of the distributed file to be installed as systemd service file
SYSCONFFILE=default.gentoo              #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR=${CONFDIR}/conf.d            #Directory where SysV init parameter files are installed
SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib                         #Directory where product variable data is stored.
VARDIR=${VARLIB}/${PRODUCT}             #Directory where product variable data is stored.




#
#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
#
[Unit]
Description=Shorewall IPv4 firewall
Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/shorewall
ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS

[Install]
WantedBy=multi-user.target

Line 0 Link Here

(-)original/net-firewall/shorewall/metadata.xml (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
	3	<pkgmetadata>
	4	<herd>netmon</herd>
	5	<herd>proxy-maintainers</herd>
	6	<maintainer>
	7	<email>whissi@whissi.de</email>
	8	<name>Thomas D. (Whissi)</name>
	9	</maintainer>
	10	</pkgmetadata>




# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI="5"

inherit eutils linux-info prefix systemd versionator

MY_URL_PREFIX=
case ${P} in
	*_beta* | \
	*_rc*)
		MY_URL_PREFIX='development/'
		;;
esac

MY_PV=${PV/_rc/-RC}
MY_PV=${MY_PV/_beta/-Beta}
MY_P=${PN}-${MY_PV}
MY_P_DOCS=shorewall-docs-html-${MY_PV}

MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)

DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is'
DESCRIPTION+=' a high-level tool for configuring Netfilter.'
HOMEPAGE="http://www.shorewall.net/"
SRC_URI="
	http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2
	doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 )
"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
IUSE="doc"

DEPEND="
	>=dev-lang/perl-5.10
	virtual/perl-Digest-SHA
	=net-firewall/shorewall-core-${PVR}
"
RDEPEND="
	${DEPEND}
	>=net-firewall/iptables-1.4.20
	>=sys-apps/iproute2-3.8.0[-minimal]
	>=sys-devel/bc-1.06.95
"

S=${WORKDIR}/${MY_P}

pkg_pretend() {
	local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4"

	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
	local WARNING_CONNTRACK+=" to run ${PN} on the local system."

	local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
	local WARNING_CONNTRACK_IPV4+=" be unable to run ${PN} on the local system."

	check_extra_config
}

src_prepare() {
	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch

	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
	eprefixify "${S}"/shorewallrc.gentoo

	cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed"

	epatch_user
}

src_configure() {
	:;
}

src_compile() {
	:;
}

src_install() {
	keepdir /var/lib/${PN}

	DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed"

	dodoc changelog.txt releasenotes.txt
	if use doc; then
		dodoc -r Samples
		cd "${WORKDIR}"/${MY_P_DOCS}
		dohtml -r *
	fi
}

pkg_postinst() {
	if [[ -z "${REPLACING_VERSIONS}" ]]; then
		# This is a new installation
		elog "Before you can use ${PN}, you need to edit its configuration in:"
		elog ""
		elog "  ${EPREFIX}/etc/${PN}/${PN}.conf"
		elog ""
		elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:"
		elog ""
		elog "  # rc-update add ${PN} default"
	fi

	if ! has_version ${CATEGORY}/shorewall-init; then
		elog ""
		elog "Starting with shorewall-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init,"
		elog "which we recommend to install, to protect your firewall at system boot."
		elog ""
		elog "To read more about shorewall-init, please visit"
		elog "  http://www.shorewall.net/Shorewall-init.html"
	fi
}




This patch will update the version number in the release notes.

See http://thread.gmane.org/gmane.comp.security.shorewall/30808

--- shorewall6-4.5.21.7.old/releasenotes.txt	2014-03-08 16:35:39.000000000 +0100

# Global start/restart/stop options
# 
OPTIONS=""

# Start options
# 
STARTOPTIONS=""

# Stop options
# 
STOPOPTIONS=""

# Restart options
# 
RESTARTOPTIONS=""




#!/sbin/runscript
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

description='The Shoreline Firewall 6, more commonly known as "Shorewall6", is'
description="${description} a high-level tool for configuring Netfilter."

extra_commands="check clear"
extra_started_commands="refresh reset"

description_check="Checks if the configuration will compile or not."

description_clear="Clear will remove all rules and chains installed by"
description_clear="${description_clear} Shorewall6. The firewall is then"
description_clear="${description_clear} wide open and unprotected."

description_refresh="The mangle table will be refreshed along with the"
description_refresh="${description_refresh} blacklist chain (if any)."

description_reset="All the packet and byte counters in the firewall are reset."

depend() {
	need net
	provide firewall
	after ulogd
}

status() {
	local _retval
	/sbin/shorewall6 status 1>/dev/null
	_retval=$?
	if [ ${_retval} = '0' ]; then
		einfo 'status: started'
		mark_service_started "${SVCNAME}"
		return 0
	else
		einfo 'status: stopped'	
		mark_service_stopped "${SVCNAME}"
		return 3
	fi
}

start() {
	ebegin "Starting shorewall6"
	/sbin/shorewall6 ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
	eend $? 
}

stop() {
	ebegin "Stopping shorewall6"
	/sbin/shorewall6 ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
	eend $?
}

restart() {
	# shorewall comes with its own control script that includes a
	# restart function, so refrain from calling svc_stop/svc_start
	# here.  Note that this comment is required to fix bug 55576;
	# runscript.sh greps this script...  (09 Jul 2004 agriffis)

	ebegin "Restarting shorewall6"
	/sbin/shorewall6 status 1>/dev/null
	if [ $? != 0 ] ; then
		svc_start
	else
		/sbin/shorewall6 ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
	fi
	eend $?
}

clear() {
	# clear will remove all the rules and bring the system to an unfirewalled
	# state. (21 Nov 2004 eldad)

	ebegin "Clearing all shorewall rules and setting policy to ACCEPT"
	/sbin/shorewall6 ${OPTIONS} clear 1>/dev/null
	eend $?
}

reset() {
	# reset the packet and byte counters in the firewall

	ebegin "Resetting the packet and byte counters in shorewall6"
	/sbin/shorewall6 ${OPTIONS} reset 1>/dev/null
	eend $?
}

refresh() {
	# refresh the rules involving the broadcast addresses of firewall 
	# interfaces, the black list, traffic control rules and 
	# ECN control rules

	ebegin "Refreshing shorewall6 rules"
	/sbin/shorewall6 ${OPTIONS} refresh 1>/dev/null
	eend $?
}

check() {
	# perform cursory validation of the zones, interfaces, hosts, rules
	# and policy files. CAUTION: does not parse and validate the generated 
	# iptables commands.

	ebegin "Checking shorewall6 configuration"
	/sbin/shorewall6 ${OPTIONS} check 1>/dev/null
	eend $?
}




#
#	The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.5
#
[Unit]
Description=Shorewall IPv6 firewall
Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/shorewall6
ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS
ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS

[Install]
WantedBy=multi-user.target




#
# Gentoo Shorewall 4.5 rc file
#
BUILD=                                  #Default is to detect the build system
HOST=gentoo                             #Gentoo GNU Linux
PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr                             #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc                            #Directory where subsystem configurations are installed
SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin                           #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
INITDIR=${CONFDIR}/init.d               #Directory where SysV init scripts are installed.
INITFILE=${PRODUCT}                     #Name of the product's installed SysV init script
INITSOURCE=init.gentoo.sh               #Name of the distributed file to be installed as the SysV init script
ANNOTATED=                              #If non-zero, annotated configuration files are installed
SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system         #Directory where .service files are installed (systems running systemd only)
SERVICEFILE=gentoo.service              #Name of the distributed file to be installed as systemd service file
SYSCONFFILE=default.gentoo              #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR=${CONFDIR}/conf.d            #Directory where SysV init parameter files are installed
SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib                         #Directory where product variable data is stored.
VARDIR=${VARLIB}/${PRODUCT}             #Directory where product variable data is stored.

Line 0 Link Here

(-)original/net-firewall/shorewall6/metadata.xml (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
	3	<pkgmetadata>
	4	<herd>netmon</herd>
	5	<herd>proxy-maintainers</herd>
	6	<maintainer>
	7	<email>whissi@whissi.de</email>
	8	<name>Thomas D. (Whissi)</name>
	9	</maintainer>
	10	</pkgmetadata>




# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI="5"

inherit eutils linux-info prefix systemd versionator

MY_URL_PREFIX=
case ${P} in
	*_beta* | \
	*_rc*)
		MY_URL_PREFIX='development/'
		;;
esac

MY_PV=${PV/_rc/-RC}
MY_PV=${MY_PV/_beta/-Beta}
MY_P=${PN}-${MY_PV}
MY_P_DOCS=shorewall-docs-html-${MY_PV}

MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)

DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall,'
DESCRIPTION+=' IPv6 component.'
HOMEPAGE="http://www.shorewall.net/"
SRC_URI="
	http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2
	doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 )
"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
IUSE="doc"

DEPEND="=net-firewall/shorewall-${PVR}"
RDEPEND="
	${DEPEND}
	>=net-firewall/iptables-1.4.20[ipv6]
	>=sys-apps/iproute2-3.8.0[-minimal]
	>=dev-perl/Socket6-0.230.0
"

S=${WORKDIR}/${MY_P}

pkg_pretend() {
	local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV6"

	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
	local WARNING_CONNTRACK+=" to run ${PN} on the local system."

	local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
	local WARNING_CONNTRACK_IPV6+=" be unable to run ${PN} on the local system."

	check_extra_config
}

src_prepare() {
	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch

	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
	eprefixify "${S}"/shorewallrc.gentoo

	cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed"

	epatch_user
}

src_configure() {
	:;
}

src_compile() {
	:;
}

src_install() {
	keepdir /var/lib/${PN}

	DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed"

	dodoc changelog.txt releasenotes.txt
	if use doc; then
		dodoc -r Samples6
		cd "${WORKDIR}"/${MY_P_DOCS}
		dohtml -r *
	fi
}

pkg_postinst() {
	if [[ -z "${REPLACING_VERSIONS}" ]]; then
		# This is a new installation
		elog "Before you can use ${PN}, you need to edit its configuration in:"
		elog ""
		elog "  ${EPREFIX}/etc/${PN}/${PN}.conf"
		elog ""
		elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:"
		elog ""
		elog "  # rc-update add ${PN} default"
	fi

	if ! has_version ${CATEGORY}/shorewall-init; then
		elog ""
		elog "Starting with shorewall6-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init,"
		elog "which we recommend to install, to protect your firewall at system boot."
		elog ""
		elog "To read more about shorewall-init, please visit"
		elog "  http://www.shorewall.net/Shorewall-init.html"
	fi
}




This patch will update the version number in the release notes.

See http://thread.gmane.org/gmane.comp.security.shorewall/30808

--- shorewall6-lite-4.5.21.7.old/releasenotes.txt	2014-03-08 16:35:39.000000000 +0100

# Global start/restart/stop options
# 
OPTIONS=""

# Start options
# 
STARTOPTIONS=""

# Stop options
# 
STOPOPTIONS=""

# Restart options
# 
RESTARTOPTIONS=""




#!/sbin/runscript
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

description='The Shoreline Firewall 6 Lite, more commonly known as "Shorewall6 Lite", is'
description="${description} a high-level tool for configuring Netfilter."

extra_commands="clear"
extra_started_commands="reset"

description_clear="Clear will remove all rules and chains installed by"
description_clear="${description_clear} Shorewall6 Lite. The firewall is"
description_clear="${description_clear} then wide open and unprotected."

description_reset="All the packet and byte counters in the firewall are reset."

depend() {
	need net
	provide firewall
	after ulogd
}

status() {
	local _retval
	/sbin/shorewall6-lite status 1>/dev/null
	_retval=$?
	if [ ${_retval} = '0' ]; then
		einfo 'status: started'
		mark_service_started "${SVCNAME}"
		return 0
	else
		einfo 'status: stopped'	
		mark_service_stopped "${SVCNAME}"
		return 3
	fi
}

start() {
	ebegin "Starting shorewall6-lite"
	/sbin/shorewall6-lite ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
	eend $? 
}

stop() {
	ebegin "Stopping shorewall6-lite"
	/sbin/shorewall6-lite ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
	eend $?
}

restart() {
	# shorewall comes with its own control script that includes a
	# restart function, so refrain from calling svc_stop/svc_start
	# here.  Note that this comment is required to fix bug 55576;
	# runscript.sh greps this script...  (09 Jul 2004 agriffis)

	ebegin "Restarting shorewall6-lite"
	/sbin/shorewall6-lite status 1>/dev/null
	if [ $? != 0 ] ; then
		svc_start
	else
		/sbin/shorewall6-lite ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
	fi
	eend $?
}

clear() {
	# clear will remove all the rules and bring the system to an unfirewalled
	# state. (21 Nov 2004 eldad)

	ebegin "Clearing all shorewall6-lite rules and setting policy to ACCEPT"
	/sbin/shorewall6-lite ${OPTIONS} clear 1>/dev/null
	eend $?
}

reset() {
	# reset the packet and byte counters in the firewall

	ebegin "Resetting the packet and byte counters in shorewall6-lite"
	/sbin/shorewall6-lite ${OPTIONS} reset 1>/dev/null
	eend $?
}




#
#	The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.5
#
[Unit]
Description=Shorewall IPv6 firewall lite
Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/shorewall6-lite
ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS

[Install]
WantedBy=multi-user.target




#
# Gentoo Shorewall 4.5 rc file
#
BUILD=                                  #Default is to detect the build system
HOST=gentoo                             #Gentoo GNU Linux
PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr                             #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc                            #Directory where subsystem configurations are installed
SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin                           #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
INITDIR=${CONFDIR}/init.d               #Directory where SysV init scripts are installed.
INITFILE=${PRODUCT}                     #Name of the product's installed SysV init script
INITSOURCE=init.gentoo.sh               #Name of the distributed file to be installed as the SysV init script
ANNOTATED=                              #If non-zero, annotated configuration files are installed
SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system         #Directory where .service files are installed (systems running systemd only)
SERVICEFILE=gentoo.service              #Name of the distributed file to be installed as systemd service file
SYSCONFFILE=default.gentoo              #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR=${CONFDIR}/conf.d            #Directory where SysV init parameter files are installed
SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib                         #Directory where product variable data is stored.
VARDIR=${VARLIB}/${PRODUCT}             #Directory where product variable data is stored.

Line 0 Link Here

(-)original/net-firewall/shorewall6-lite/metadata.xml (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
	3	<pkgmetadata>
	4	<herd>netmon</herd>
	5	<herd>proxy-maintainers</herd>
	6	<maintainer>
	7	<email>whissi@whissi.de</email>
	8	<name>Thomas D. (Whissi)</name>
	9	</maintainer>
	10	</pkgmetadata>




# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI="5"

inherit eutils linux-info prefix systemd versionator

MY_URL_PREFIX=
case ${P} in
	*_beta* | \
	*_rc*)
		MY_URL_PREFIX='development/'
		;;
esac

MY_PV=${PV/_rc/-RC}
MY_PV=${MY_PV/_beta/-Beta}
MY_P=${PN}-${MY_PV}
MY_P_DOCS=shorewall-docs-html-${MY_PV}

MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)

DESCRIPTION="An iptables-based firewall whose config is handled by a normal Shorewall6."
HOMEPAGE="http://www.shorewall.net/"
SRC_URI="
	http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2
	doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 )
"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
IUSE="doc"

DEPEND="=net-firewall/shorewall-core-${PVR}"
RDEPEND="
	${DEPEND}
	>=net-firewall/iptables-1.4.20[ipv6]
	>=sys-apps/iproute2-3.8.0[-minimal]
	>=dev-perl/Socket6-0.230.0
"

S=${WORKDIR}/${MY_P}

pkg_pretend() {
	local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV6"

	local ERROR_CONNTRACK="${PN} requires NF_CONNTRACK support."

	local ERROR_CONNTRACK_IPV6="${PN} requires NF_CONNTRACK_IPV6 support."

	check_extra_config
}

src_prepare() {
	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch

	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
	eprefixify "${S}"/shorewallrc.gentoo

	cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed"

	epatch_user
}

src_configure() {
	:;
}

src_compile() {
	:;
}

src_install() {
	keepdir /var/lib/${PN}

	DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed"

	dodoc changelog.txt releasenotes.txt
	if use doc; then
		cd "${WORKDIR}/${MY_P_DOCS}"
		dohtml -r *
	fi
}

pkg_postinst() {
	if [[ -z "${REPLACING_VERSIONS}" ]]; then
		# This is a new installation
		elog "Before you can use ${PN}, you need to provide a configuration, which you can"
		elog "create using ${CATEGORY}/shorewall6 (the full version, including the compiler)."
		elog ""
		elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:"
		elog ""
		elog "  # rc-update add ${PN} default"
	fi

	if ! has_version ${CATEGORY}/shorewall-init; then
		elog ""
		elog "Starting with shorewall6-lite-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init,"
		elog "which we recommend to install, to protect your firewall at system boot."
		elog ""
		elog "To read more about shorewall-init, please visit"
		elog "  http://www.shorewall.net/Shorewall-init.html"
	fi
}




This patch will update the version number in the release notes.

See http://thread.gmane.org/gmane.comp.security.shorewall/30808

--- shorewall-core-4.5.21.7.old/releasenotes.txt	2014-03-08 16:35:39.000000000 +0100

#
# Gentoo Shorewall 4.5 rc file
#
BUILD=                                  #Default is to detect the build system
HOST=gentoo                             #Gentoo GNU Linux
PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr                             #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc                            #Directory where subsystem configurations are installed
SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin                           #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
INITDIR=${CONFDIR}/init.d               #Directory where SysV init scripts are installed.
INITFILE=${PRODUCT}                     #Name of the product's installed SysV init script
INITSOURCE=init.gentoo.sh               #Name of the distributed file to be installed as the SysV init script
ANNOTATED=                              #If non-zero, annotated configuration files are installed
SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system         #Directory where .service files are installed (systems running systemd only)
SERVICEFILE=gentoo.service              #Name of the distributed file to be installed as systemd service file
SYSCONFFILE=default.gentoo              #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR=${CONFDIR}/conf.d            #Directory where SysV init parameter files are installed
SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib                         #Directory where product variable data is stored.
VARDIR=${VARLIB}/${PRODUCT}             #Directory where product variable data is stored.

Line 0 Link Here

(-)original/net-firewall/shorewall-core/metadata.xml (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
	3	<pkgmetadata>
	4	<herd>netmon</herd>
	5	<herd>proxy-maintainers</herd>
	6	<maintainer>
	7	<email>whissi@whissi.de</email>
	8	<name>Thomas D. (Whissi)</name>
	9	</maintainer>
	10	</pkgmetadata>




# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI="5"

inherit eutils prefix versionator

MY_URL_PREFIX=
case ${P} in
	*_beta* | \
	*_rc*)
		MY_URL_PREFIX='development/'
		;;
esac

MY_PV=${PV/_rc/-RC}
MY_PV=${MY_PV/_beta/-Beta}
MY_P=${PN}-${MY_PV}

MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)

DESCRIPTION="Core libraries of shorewall / shorewall(6)-lite"
HOMEPAGE="http://www.shorewall.net/"
SRC_URI="http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
IUSE="selinux"

DEPEND="
	>=dev-lang/perl-5.10
	virtual/perl-Digest-SHA
	!<net-firewall/shorewall-4.5.0.1
	selinux? ( >=sec-policy/selinux-shorewall-2.20130424-r2 )
"
RDEPEND="
	${DEPEND}
	>=net-firewall/iptables-1.4.20
	>=sys-apps/iproute2-3.8.0[-minimal]
	>=sys-devel/bc-1.06.95
	>=sys-apps/coreutils-8.20
"

DOCS=( changelog.txt releasenotes.txt )

S=${WORKDIR}/${PN}-${MY_PV}

src_prepare() {
	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch

	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
	eprefixify "${S}"/shorewallrc.gentoo

	epatch_user
}

src_configure() {
	:;
}

src_install() {
	DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed"
	default
}

pkg_postinst() {
	if ! has_version sys-apps/net-tools; then
		elog "It is recommended to install sys-apps/net-tools which will provide the"
		elog "the 'arp' utility which will give you a better 'shorewall-lite dump' output:"
		elog ""
		elog "  # emerge sys-apps/net-tools"
	fi
}




--- shorewall-init.old	2013-09-08 23:25:36.364924304 +0200

This patch will update the version number in the release notes.

See http://thread.gmane.org/gmane.comp.security.shorewall/30808

--- shorewall-init-4.5.21.7.old/releasenotes.txt	2014-03-08 16:35:39.000000000 +0100

shorewall-init from upstream offers two features (taken from [1]):

	1. It can 'close' the firewall before the network interfaces are
	   brought up during boot.
	
	2. It can change the firewall state as the result of interfaces
	   being brought up or taken down.

On Gentoo we only support the first feature -- the firewall lockdown during
boot.

We do not support the second feature, because Gentoo doesn't support a
if-{up,down}.d folder like other distributions do. If you would want to use
such a feature, you would have to add a custom action to /etc/conf.d/net
(please refer to the Gentoo Linux Handbook [2] for more information).
If you are able to add your custom {pre,post}{up,down} action, your are
also able to specify what shorewall{6,-lite,6-lite} should do, so there is
no need for upstream's scripts in Gentoo.

If you disagree with us, feel free to open a bug [3] and contribute your
solution for Gentoo.

Upstream's original init script also supports saving and restoring of
ipsets. Please use the init script from net-firewall/ipset if you need
such a feature.


[1] http://www.shorewall.net/Shorewall-init.html
[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5
[3] https://bugs.gentoo.org

Line 0 Link Here

(-)original/net-firewall/shorewall-init/files/4.5.21.7/shorewall-init.confd (+9 lines)
	1	# List the Shorewall products that Shorewall-init is to
	2	# initialize (space-separated list).
	3	#
	4	# Sample: PRODUCTS="shorewall shorewall6-lite"
	5	#
	6	PRODUCTS=""
	7
	8	# Startup options - set verbosity to 0 (minimal reporting)
	9	OPTIONS="-V0"




#!/sbin/runscript
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

SHOREWALLRC_FILE="@GENTOO_PORTAGE_EPREFIX@/usr/share/shorewall/shorewallrc"
CONFIG_FILE="@GENTOO_PORTAGE_EPREFIX@/etc/conf.d/${SVCNAME}"

description="Puts Shorewall in a safe state at boot time"
description="${description} prior to bringing up the network."

required_files="$SHOREWALLRC_FILE"

depend() {
	need localmount
	before net
	after bootmisc ipset tmpfiles.setup ulogd
}


. $SHOREWALLRC_FILE

checkconfig() {
	local PRODUCT=
	
	if [ -z "${VARLIB}" ]; then
		eerror "\"VARLIB\" isn't defined or empty! Please check" \
			"\"${SHOREWALLRC_FILE}\"."
		
		
		return 1
	fi
	
	if [ -z "${PRODUCTS}" ]; then
		eerror "${SVCNAME} isn't configured! Please check" \
			"\"${CONFIG_FILE}\"."
		
		
		return 1
	fi
	
	for PRODUCT in ${PRODUCTS}; do
		if [ ! -x ${SBINDIR}/${PRODUCT} ]; then
			eerror "Invalid product \"${PRODUCT}\" specified" \
				"in \"${CONFIG_FILE}\"!"
			eerror "Maybe \"${PRODUCT}\" isn't installed?"
			
			
			return 1
		fi
	done
	
	
	return 0
}

check_firewall_script() {
	if [ ! -x ${STATEDIR}/firewall ]; then
		if [ ${PRODUCT} = shorewall -o ${PRODUCT} = shorewall6 ]; then
			ebegin "Creating \"${STATEDIR}/firewall\""
			${SBINDIR}/${PRODUCT} compile 1>/dev/null
			eend $?
		else
			eerror "\"${PRODUCT}\" isn't configured!"
			eerror "Please go to your 'administrative system'" \
				"and deploy the compiled firewall" \
				"configuration for this system."
			
			
			return 1
		fi
	fi
	
	
	return 0
}

is_allowed_to_be_executed() {
	# This is not a real service. shorewall-init is an intermediate
	# script to put your Shorewall-based firewall into a safe state
	# at boot time prior to bringing up the network.
	# Please read /usr/share/doc/shorewall-init-*/README.gentoo.gz
	# for more information.
	# When your system is up, there is no need to call shorewall-init.
	# Please call shorewall{,6,-lite,6-lite} directly. That's the
	# reason why we are preventing start, stop or restart here.
	
	local PRODUCT=
	
	if [ "${RC_RUNLEVEL}" != "boot" -a "${RC_CMD}" = "start" ]; then
		# Starting shorewall-init is only allowed at boot time
		eerror "This is a boot service, which can only be started" \
			"at boot."
		eerror "If you want to get your shorewall-based firewall" \
			"into the same safe boot state again, run"
		eerror ""
		eindent
		for PRODUCT in ${PRODUCTS}; do
			eerror "/etc/init.d/${PRODUCT} stop"
		done
		eoutdent
		eerror ""
		eerror "Yes, \"stop\" and not start."
		eerror ""
		return 1
	fi
	
	if [ "${RC_RUNLEVEL}" != "shutdown" -a "${RC_CMD}" = "stop" ]; then
		# Stopping shorewall-init is only allowed at shutdown
		eerror "This is a boot service, which cannot be stopped."
		eerror "If you really want to stop your Shorewall-based" \
			"firewall the same way this service would stop" \
			"Shorewall at shutdown, please run"
		eerror ""
		eindent
		for PRODUCT in ${PRODUCTS}; do
			eerror "/etc/init.d/${PRODUCT} clear"
		done
		eoutdent
		eerror ""
		eerror "Keep in mind that this will clear (=bring down)" \
			"your firewall!"
		eerror ""
		return 1
	fi
	
	if [ "${RC_CMD}" = "restart" ]; then
		eerror "This is a boot service, which cannot be restarted."
		eerror "If you want to restart any of your Shorewall-based" \
			"firewalls, run"
		eerror ""
		eindent
		for PRODUCT in ${PRODUCTS}; do
			eerror "/etc/init.d/${PRODUCT} restart"
		done
		eoutdent
		eerror ""
		return 1
	fi
	
	
	return 0
}

set_statedir() {
	STATEDIR=
	local VARDIR=
	
	if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
		STATEDIR=$( . ${CONFDIR}/${PRODUCT}/vardir && echo ${VARDIR} )
	fi
	
	[ ! -n "${STATEDIR}" ] && STATEDIR=${VARLIB}/${PRODUCT}
}

start_pre() {
	checkconfig || return 1
	
	is_allowed_to_be_executed || return 1
}

start() {
	local PRODUCT=
	local STATEDIR=
	
	for PRODUCT in ${PRODUCTS}; do
		set_statedir
		
		check_firewall_script || return 1
		
		ebegin "Initializing \"${PRODUCT}\""
		${STATEDIR}/firewall stop 1>/dev/null
		eend $?
	done
}

stop_pre() {
	checkconfig || return 1
	
	is_allowed_to_be_executed || return 1
}

stop() {
	local PRODUCT=
	local STATEDIR=
	
	for PRODUCT in ${PRODUCTS}; do
		set_statedir
		
		check_firewall_script || return 1
		
		ebegin "Clearing \"${PRODUCT}\""
		${STATEDIR}/firewall clear 1>/dev/null
		eend $?
	done
}




#
#	The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
#
[Unit]
Description=shorewall-init
Documentation=http://www.shorewall.net/Shorewall-init.html
Before=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/shorewall-init start
ExecStop=/sbin/shorewall-init stop

[Install]
WantedBy=multi-user.target




#
# Gentoo Shorewall 4.5 rc file
#
BUILD=                                  #Default is to detect the build system
HOST=gentoo                             #Gentoo GNU Linux
PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr                             #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc                            #Directory where subsystem configurations are installed
SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin                           #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
INITDIR=${CONFDIR}/init.d               #Directory where SysV init scripts are installed.
INITFILE=${PRODUCT}                     #Name of the product's installed SysV init script
INITSOURCE=init.gentoo.sh               #Name of the distributed file to be installed as the SysV init script
ANNOTATED=                              #If non-zero, annotated configuration files are installed
SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system         #Directory where .service files are installed (systems running systemd only)
SERVICEFILE=gentoo.service              #Name of the distributed file to be installed as systemd service file
SYSCONFFILE=default.gentoo              #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR=${CONFDIR}/conf.d            #Directory where SysV init parameter files are installed
SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib                         #Directory where product variable data is stored.
VARDIR=${VARLIB}/${PRODUCT}             #Directory where product variable data is stored.

Line 0 Link Here

(-)original/net-firewall/shorewall-init/metadata.xml (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
	3	<pkgmetadata>
	4	<herd>netmon</herd>
	5	<herd>proxy-maintainers</herd>
	6	<maintainer>
	7	<email>whissi@whissi.de</email>
	8	<name>Thomas D. (Whissi)</name>
	9	</maintainer>
	10	</pkgmetadata>




# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI="5"

inherit eutils versionator prefix

MY_URL_PREFIX=
case ${P} in
	*_beta* | \
	*_rc*)
		MY_URL_PREFIX='development/'
		;;
esac

MY_PV=${PV/_rc/-RC}
MY_PV=${MY_PV/_beta/-Beta}
MY_P=${PN}-${MY_PV}

MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)

DESCRIPTION="Component to secure a Shorewall-protected system at boot time prior to bringing up the network."
HOMEPAGE="http://www.shorewall.net/"
SRC_URI="http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
IUSE=""

DEPEND=">=sys-apps/coreutils-8.20"
RDEPEND="
	${DEPEND}
	|| ( =net-firewall/shorewall-${PVR} =net-firewall/shorewall6-${PVR} =net-firewall/shorewall-lite-${PVR} =net-firewall/shorewall6-lite-${PVR} )
"

S=${WORKDIR}/${MY_P}

src_prepare() {
	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
	eprefixify "${S}"/shorewallrc.gentoo

	cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed"

	cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed"
	eprefixify "${S}"/init.gentoo.sh

	cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed"

	epatch "${FILESDIR}"/${PVR}/01_Remove-ipset-functionality.patch
	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch
	epatch_user
}

src_configure() {
	:;
}

src_compile() {
	:;
}

src_install() {
	DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed"

	if [ -d "${D}/etc/logrotate.d" ]; then
		# On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
		# so we don't need a logrotate folder at all
		rm -rf "${D}"/etc/logrotate.d
	fi

	if [ -d "${D}/etc/NetworkManager" ]; then
		# On Gentoo, we don't support NetworkManager
		# so we don't need these folder at all
		rm -rf "${D}"/etc/NetworkManager
	fi

	if [ -f "${D}/usr/share/shorewall-init/ifupdown" ]; then
		# This script won't work on Gentoo
		rm -rf "${D}"/usr/share/shorewall-init/ifupdown
	fi

	dodoc changelog.txt releasenotes.txt "${FILESDIR}"/${PVR}/README.Gentoo.txt
}

pkg_postinst() {
	if [[ -z "${REPLACING_VERSIONS}" ]]; then
		# This is a new installation
		elog "Before you can use ${PN}, you need to edit its configuration in:"
		elog ""
		elog "  ${EPREFIX}/etc/conf.d/${PN}"
		elog ""
		elog "To use ${PN}, please add ${PN} to your boot runlevel:"
		elog ""
		elog "  # rc-update add ${PN} boot"
		elog ""
		ewarn "Notice:"
		ewarn "${PN} is more like a start script than a service."
		ewarn "Therefore you cannot start or stop ${PN} at default runlevel."
		ewarn ""
		ewarn "For more information read ${EPREFIX}/usr/share/doc/${PF}/README.Gentoo.txt.bz2"
	fi
}




This patch will update the version number in the release notes.

See http://thread.gmane.org/gmane.comp.security.shorewall/30808

--- shorewall-lite-4.5.21.7.old/releasenotes.txt	2014-03-08 16:35:39.000000000 +0100

# Global start/restart/stop options
# 
OPTIONS=""

# Start options
# 
STARTOPTIONS=""

# Stop options
# 
STOPOPTIONS=""

# Restart options
# 
RESTARTOPTIONS=""




#!/sbin/runscript
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

description='The Shoreline Firewall Lite, more commonly known as "Shorewall Lite", is'
description="${description} a high-level tool for configuring Netfilter."

extra_commands="clear"
extra_started_commands="reset"

description_clear="Clear will remove all rules and chains installed by"
description_clear="${description_clear} Shorewall Lite. The firewall is"
description_clear="${description_clear} then wide open and unprotected."

description_reset="All the packet and byte counters in the firewall are reset."

depend() {
	need net
	provide firewall
	after ulogd
}

status() {
	local _retval
	/sbin/shorewall-lite status 1>/dev/null
	_retval=$?
	if [ ${_retval} = '0' ]; then
		einfo 'status: started'
		mark_service_started "${SVCNAME}"
		return 0
	else
		einfo 'status: stopped'	
		mark_service_stopped "${SVCNAME}"
		return 3
	fi
}

start() {
	ebegin "Starting shorewall-lite"
	/sbin/shorewall-lite ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
	eend $? 
}

stop() {
	ebegin "Stopping shorewall-lite"
	/sbin/shorewall-lite ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
	eend $?
}

restart() {
	# shorewall comes with its own control script that includes a
	# restart function, so refrain from calling svc_stop/svc_start
	# here.  Note that this comment is required to fix bug 55576;
	# runscript.sh greps this script...  (09 Jul 2004 agriffis)

	ebegin "Restarting shorewall-lite"
	/sbin/shorewall-lite status 1>/dev/null
	if [ $? != 0 ] ; then
		svc_start
	else
		/sbin/shorewall-lite ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
	fi
	eend $?
}

clear() {
	# clear will remove all the rules and bring the system to an unfirewalled
	# state. (21 Nov 2004 eldad)

	ebegin "Clearing all shorewall-lite rules and setting policy to ACCEPT"
	/sbin/shorewall-lite ${OPTIONS} clear 1>/dev/null
	eend $?
}

reset() {
	# reset the packet and byte counters in the firewall

	ebegin "Resetting the packet and byte counters in shorewall-lite"
	/sbin/shorewall-lite ${OPTIONS} reset 1>/dev/null
	eend $?
}




#
#	The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.5
#
[Unit]
Description=Shorewall IPv4 firewall lite
Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/shorewall-lite
ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS

[Install]
WantedBy=multi-user.target




#
# Gentoo Shorewall 4.5 rc file
#
BUILD=                                  #Default is to detect the build system
HOST=gentoo                             #Gentoo GNU Linux
PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr                             #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share                #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share              #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall    #Directory to install Shorewall Perl module directory
CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc                            #Directory where subsystem configurations are installed
SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin                           #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man              #Directory where manpages are installed.
INITDIR=${CONFDIR}/init.d               #Directory where SysV init scripts are installed.
INITFILE=${PRODUCT}                     #Name of the product's installed SysV init script
INITSOURCE=init.gentoo.sh               #Name of the distributed file to be installed as the SysV init script
ANNOTATED=                              #If non-zero, annotated configuration files are installed
SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system         #Directory where .service files are installed (systems running systemd only)
SERVICEFILE=gentoo.service              #Name of the distributed file to be installed as systemd service file
SYSCONFFILE=default.gentoo              #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR=${CONFDIR}/conf.d            #Directory where SysV init parameter files are installed
SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib                         #Directory where product variable data is stored.
VARDIR=${VARLIB}/${PRODUCT}             #Directory where product variable data is stored.

Line 0 Link Here

(-)original/net-firewall/shorewall-lite/metadata.xml (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
	3	<pkgmetadata>
	4	<herd>netmon</herd>
	5	<herd>proxy-maintainers</herd>
	6	<maintainer>
	7	<email>whissi@whissi.de</email>
	8	<name>Thomas D. (Whissi)</name>
	9	</maintainer>
	10	</pkgmetadata>




# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI="5"

inherit eutils linux-info prefix systemd versionator

MY_URL_PREFIX=
case ${P} in
	*_beta* | \
	*_rc*)
		MY_URL_PREFIX='development/'
		;;
esac

MY_PV=${PV/_rc/-RC}
MY_PV=${MY_PV/_beta/-Beta}
MY_P=${PN}-${MY_PV}
MY_P_DOCS=shorewall-docs-html-${MY_PV}

MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)

DESCRIPTION="An iptables-based firewall whose config is handled by a normal Shorewall."
HOMEPAGE="http://www.shorewall.net/"
SRC_URI="
	http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2
	doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 )
"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
IUSE="doc"

DEPEND="=net-firewall/shorewall-core-${PVR}"
RDEPEND="
	${DEPEND}
	>=net-firewall/iptables-1.4.20
	>=sys-apps/iproute2-3.8.0[-minimal]
"

S=${WORKDIR}/${MY_P}

pkg_pretend() {
	local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4"

	local ERROR_CONNTRACK="${PN} requires NF_CONNTRACK support."

	local ERROR_CONNTRACK_IPV4="${PN} requires NF_CONNTRACK_IPV4 support."

	check_extra_config
}

src_prepare() {
	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch

	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
	eprefixify "${S}"/shorewallrc.gentoo

	cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo || die "Copying ${PN}.confd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh || die "Copying ${PN}.initd failed"
	cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service || die "Copying ${PN}.systemd failed"

	epatch_user
}

src_configure() {
	:;
}

src_compile() {
	:;
}

src_install() {
	keepdir /var/lib/${PN}

	DESTDIR="${D}" ./install.sh shorewallrc.gentoo || die "install.sh failed"

	dodoc changelog.txt releasenotes.txt
	if use doc; then
		cd "${WORKDIR}/${MY_P_DOCS}"
		dohtml -r *
	fi
}

pkg_postinst() {
	if [[ -z "${REPLACING_VERSIONS}" ]]; then
		# This is a new installation
		elog "Before you can use ${PN}, you need to provide a configuration, which you can"
		elog "create using ${CATEGORY}/shorewall (the full version, including the compiler)."
		elog ""
		elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:"
		elog ""
		elog "  # rc-update add ${PN} default"
	fi

	if ! has_version ${CATEGORY}/shorewall-init; then
		elog ""
		elog "Starting with shorewall-lite-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init,"
		elog "which we recommend to install, to protect your firewall at system boot."
		elog ""
		elog "To read more about shorewall-init, please visit"
		elog "  http://www.shorewall.net/Shorewall-init.html"
	fi
}

Return to bug 499174

Line 0 Link Here

(-)original/net-firewall/shorewall/files/4.5.21.7/shorewall.confd (+20 lines)
	1	This patch will update the version number in the release notes.
	2
	3	See http://thread.gmane.org/gmane.comp.security.shorewall/30808
	4
	5	--- shorewall-4.5.21.7.old/releasenotes.txt 2014-03-08 16:35:39.000000000 +0100
Line 0 Link Here
	1	# Global start/restart/stop options
	2	#
	3	OPTIONS=""
	4
	5	# Start options
	6	#
	7	STARTOPTIONS=""
	8
	9	# Stop options
	10	#
	11	STOPOPTIONS=""
	12
	13	# Restart options
	14	#
	15	RESTARTOPTIONS=""

Line 0 Link Here

(-)original/net-firewall/shorewall/files/4.5.21.7/shorewall.initd (+107 lines)
		1	#!/sbin/runscript
		2	# Copyright 1999-2013 Gentoo Foundation
		3	# Distributed under the terms of the GNU General Public License v2
		4	# $Header: $
		5
		6	description='The Shoreline Firewall, more commonly known as "Shorewall", is'
		7	description="${description} a high-level tool for configuring Netfilter."
		8
		9	extra_commands="check clear"
		10	extra_started_commands="refresh reset"
		11
		12	description_check="Checks if the configuration will compile or not."
		13
		14	description_clear="Clear will remove all rules and chains installed by"
		15	description_clear="${description_clear} Shorewall. The firewall is then"
		16	description_clear="${description_clear} wide open and unprotected."
		17
		18	description_refresh="The mangle table will be refreshed along with the"
		19	description_refresh="${description_refresh} blacklist chain (if any)."
		20
		21	description_reset="All the packet and byte counters in the firewall are reset."
		22
		23	depend() {
		24	need net
		25	provide firewall
		26	after ulogd
		27	}
		28
		29	status() {
		30	local _retval
		31	/sbin/shorewall status 1>/dev/null
		32	_retval=$?
		33	if [ ${_retval} = '0' ]; then
		34	einfo 'status: started'
		35	mark_service_started "${SVCNAME}"
		36	return 0
		37	else
		38	einfo 'status: stopped'
		39	mark_service_stopped "${SVCNAME}"
		40	return 3
		41	fi
		42	}
		43
		44	start() {
		45	ebegin "Starting shorewall"
		46	/sbin/shorewall ${OPTIONS} start ${STARTOPTIONS} 1>/dev/null
		47	eend $?
		48	}
		49
		50	stop() {
		51	ebegin "Stopping shorewall"
		52	/sbin/shorewall ${OPTIONS} stop ${STOPOPTIONS} 1>/dev/null
		53	eend $?
		54	}
		55
		56	restart() {
		57	# shorewall comes with its own control script that includes a
		58	# restart function, so refrain from calling svc_stop/svc_start
		59	# here. Note that this comment is required to fix bug 55576;
		60	# runscript.sh greps this script... (09 Jul 2004 agriffis)
		61
		62	ebegin "Restarting shorewall"
		63	/sbin/shorewall status 1>/dev/null
		64	if [ $? != 0 ] ; then
65	svc_start
66	else
67	/sbin/shorewall ${OPTIONS} restart ${RESTARTOPTIONS} 1>/dev/null
68	fi
69	eend $?
70	}
71
72	clear() {
73	# clear will remove all the rules and bring the system to an unfirewalled
74	# state. (21 Nov 2004 eldad)
75
76	ebegin "Clearing all shorewall rules and setting policy to ACCEPT"
77	/sbin/shorewall ${OPTIONS} clear 1>/dev/null
78	eend $?
79	}
80
81	reset() {
82	# reset the packet and byte counters in the firewall
83
84	ebegin "Resetting the packet and byte counters in shorewall"
85	/sbin/shorewall ${OPTIONS} reset 1>/dev/null
86	eend $?
87	}
88
89	refresh() {
90	# refresh the rules involving the broadcast addresses of firewall
91	# interfaces, the black list, traffic control rules and
92	# ECN control rules
93
94	ebegin "Refreshing shorewall rules"
95	/sbin/shorewall ${OPTIONS} refresh 1>/dev/null
96	eend $?
97	}
98
99	check() {
100	# perform cursory validation of the zones, interfaces, hosts, rules
101	# and policy files. CAUTION: does not parse and validate the generated
102	# iptables commands.
103
104	ebegin "Checking shorewall configuration"
105	/sbin/shorewall ${OPTIONS} check 1>/dev/null
106	eend $?
107	}

Line 0 Link Here

(-)original/net-firewall/shorewall/files/4.5.21.7/shorewallrc (+23 lines)
	1	#
	2	# Gentoo Shorewall 4.5 rc file
	3	#
	4	BUILD= #Default is to detect the build system
	5	HOST=gentoo #Gentoo GNU Linux
	6	PREFIX=@GENTOO_PORTAGE_EPREFIX@/usr #Top-level directory for shared files, libraries, etc.
	7	SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
	8	LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
	9	PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
	10	CONFDIR=@GENTOO_PORTAGE_EPREFIX@/etc #Directory where subsystem configurations are installed
	11	SBINDIR=@GENTOO_PORTAGE_EPREFIX@/sbin #Directory where system administration programs are installed
	12	MANDIR=${PREFIX}/share/man #Directory where manpages are installed.
	13	INITDIR=${CONFDIR}/init.d #Directory where SysV init scripts are installed.
	14	INITFILE=${PRODUCT} #Name of the product's installed SysV init script
	15	INITSOURCE=init.gentoo.sh #Name of the distributed file to be installed as the SysV init script
	16	ANNOTATED= #If non-zero, annotated configuration files are installed
	17	SYSTEMD=@GENTOO_PORTAGE_EPREFIX@/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
	18	SERVICEFILE=gentoo.service #Name of the distributed file to be installed as systemd service file
	19	SYSCONFFILE=default.gentoo #Name of the distributed file to be installed in $SYSCONFDIR
	20	SYSCONFDIR=${CONFDIR}/conf.d #Directory where SysV init parameter files are installed
	21	SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
	22	VARLIB=@GENTOO_PORTAGE_EPREFIX@/var/lib #Directory where product variable data is stored.
	23	VARDIR=${VARLIB}/${PRODUCT} #Directory where product variable data is stored.

Line 0 Link Here

(-)original/net-firewall/shorewall/files/4.5.21.7/shorewall.systemd (+17 lines)
	1	#
	2	# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
	3	#
	4	[Unit]
	5	Description=Shorewall IPv4 firewall
	6	Documentation=man:shorewall(8) http://www.shorewall.net/Documentation_Index.html
	7	After=network.target
	8
	9	[Service]
	10	Type=oneshot
	11	RemainAfterExit=yes
	12	EnvironmentFile=/etc/conf.d/shorewall
	13	ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
	14	ExecStop=/sbin/shorewall $OPTIONS stop $STOPOPTIONS
	15
	16	[Install]
	17	WantedBy=multi-user.target

Line 0 Link Here

(-)original/net-firewall/shorewall/shorewall-4.5.21.7.ebuild (+118 lines)
		1	# Copyright 1999-2013 Gentoo Foundation
		2	# Distributed under the terms of the GNU General Public License v2
		3	# $Header: $
		4
		5	EAPI="5"
		6
		7	inherit eutils linux-info prefix systemd versionator
		8
		9	MY_URL_PREFIX=
		10	case ${P} in
		11	_beta \| \
		12	_rc)
		13	MY_URL_PREFIX='development/'
		14	;;
		15	esac
		16
		17	MY_PV=${PV/_rc/-RC}
		18	MY_PV=${MY_PV/_beta/-Beta}
		19	MY_P=${PN}-${MY_PV}
		20	MY_P_DOCS=shorewall-docs-html-${MY_PV}
		21
		22	MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
		23	MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
		24
		25	DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is'
		26	DESCRIPTION+=' a high-level tool for configuring Netfilter.'
		27	HOMEPAGE="http://www.shorewall.net/"
		28	SRC_URI="
		29	http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2
		30	doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 )
		31	"
		32
		33	LICENSE="GPL-2"
		34	SLOT="0"
		35	KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
		36	IUSE="doc"
		37
		38	DEPEND="
		39	>=dev-lang/perl-5.10
		40	virtual/perl-Digest-SHA
		41	=net-firewall/shorewall-core-${PVR}
		42	"
		43	RDEPEND="
		44	${DEPEND}
		45	>=net-firewall/iptables-1.4.20
		46	>=sys-apps/iproute2-3.8.0[-minimal]
		47	>=sys-devel/bc-1.06.95
		48	"
		49
		50	S=${WORKDIR}/${MY_P}
		51
		52	pkg_pretend() {
		53	local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV4"
		54
		55	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
		56	local WARNING_CONNTRACK+=" to run ${PN} on the local system."
		57
		58	local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
		59	local WARNING_CONNTRACK_IPV4+=" be unable to run ${PN} on the local system."
		60
		61	check_extra_config
		62	}
		63
		64	src_prepare() {
65	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch
66
67	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo \|\| die "Copying shorewallrc failed"
68	eprefixify "${S}"/shorewallrc.gentoo
69
70	cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo \|\| die "Copying ${PN}.confd failed"
71	cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh \|\| die "Copying ${PN}.initd failed"
72	cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service \|\| die "Copying ${PN}.systemd failed"
73
74	epatch_user
75	}
76
77	src_configure() {
78	:;
79	}
80
81	src_compile() {
82	:;
83	}
84
85	src_install() {
86	keepdir /var/lib/${PN}
87
88	DESTDIR="${D}" ./install.sh shorewallrc.gentoo \|\| die "install.sh failed"
89
90	dodoc changelog.txt releasenotes.txt
91	if use doc; then
92	dodoc -r Samples
93	cd "${WORKDIR}"/${MY_P_DOCS}
94	dohtml -r *
95	fi
96	}
97
98	pkg_postinst() {
99	if [[ -z "${REPLACING_VERSIONS}" ]]; then
100	# This is a new installation
101	elog "Before you can use ${PN}, you need to edit its configuration in:"
102	elog ""
103	elog " ${EPREFIX}/etc/${PN}/${PN}.conf"
104	elog ""
105	elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:"
106	elog ""
107	elog " # rc-update add ${PN} default"
108	fi
109
110	if ! has_version ${CATEGORY}/shorewall-init; then
111	elog ""
112	elog "Starting with shorewall-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init,"
113	elog "which we recommend to install, to protect your firewall at system boot."
114	elog ""
115	elog "To read more about shorewall-init, please visit"
116	elog " http://www.shorewall.net/Shorewall-init.html"
117	fi
118	}

Line 0 Link Here

(-)original/net-firewall/shorewall6/files/4.5.21.7/shorewall6.confd (+20 lines)
	1	This patch will update the version number in the release notes.
	2
	3	See http://thread.gmane.org/gmane.comp.security.shorewall/30808
	4
	5	--- shorewall6-4.5.21.7.old/releasenotes.txt 2014-03-08 16:35:39.000000000 +0100
Line 0 Link Here
	1	# Global start/restart/stop options
	2	#
	3	OPTIONS=""
	4
	5	# Start options
	6	#
	7	STARTOPTIONS=""
	8
	9	# Stop options
	10	#
	11	STOPOPTIONS=""
	12
	13	# Restart options
	14	#
	15	RESTARTOPTIONS=""

Line 0 Link Here

(-)original/net-firewall/shorewall6/files/4.5.21.7/shorewall6.systemd (+17 lines)
	1	#
	2	# The Shoreline Firewall 6 (Shorewall6) Packet Filtering Firewall - V4.5
	3	#
	4	[Unit]
	5	Description=Shorewall IPv6 firewall
	6	Documentation=man:shorewall6(8) http://www.shorewall.net/Documentation_Index.html
	7	After=network.target
	8
	9	[Service]
	10	Type=oneshot
	11	RemainAfterExit=yes
	12	EnvironmentFile=/etc/conf.d/shorewall6
	13	ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS
	14	ExecStop=/sbin/shorewall6 $OPTIONS stop $STOPOPTIONS
	15
	16	[Install]
	17	WantedBy=multi-user.target

Line 0 Link Here

(-)original/net-firewall/shorewall6/shorewall6-4.5.21.7.ebuild (+114 lines)
		1	# Copyright 1999-2013 Gentoo Foundation
		2	# Distributed under the terms of the GNU General Public License v2
		3	# $Header: $
		4
		5	EAPI="5"
		6
		7	inherit eutils linux-info prefix systemd versionator
		8
		9	MY_URL_PREFIX=
		10	case ${P} in
		11	_beta \| \
		12	_rc)
		13	MY_URL_PREFIX='development/'
		14	;;
		15	esac
		16
		17	MY_PV=${PV/_rc/-RC}
		18	MY_PV=${MY_PV/_beta/-Beta}
		19	MY_P=${PN}-${MY_PV}
		20	MY_P_DOCS=shorewall-docs-html-${MY_PV}
		21
		22	MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
		23	MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
		24
		25	DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall,'
		26	DESCRIPTION+=' IPv6 component.'
		27	HOMEPAGE="http://www.shorewall.net/"
		28	SRC_URI="
		29	http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P}.tar.bz2
		30	doc? ( http://www1.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}/${MY_P_DOCS}.tar.bz2 )
		31	"
		32
		33	LICENSE="GPL-2"
		34	SLOT="0"
		35	KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
		36	IUSE="doc"
		37
		38	DEPEND="=net-firewall/shorewall-${PVR}"
		39	RDEPEND="
		40	${DEPEND}
		41	>=net-firewall/iptables-1.4.20[ipv6]
		42	>=sys-apps/iproute2-3.8.0[-minimal]
		43	>=dev-perl/Socket6-0.230.0
		44	"
		45
		46	S=${WORKDIR}/${MY_P}
		47
		48	pkg_pretend() {
		49	local CONFIG_CHECK="~NF_CONNTRACK ~NF_CONNTRACK_IPV6"
		50
		51	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
		52	local WARNING_CONNTRACK+=" to run ${PN} on the local system."
		53
		54	local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
		55	local WARNING_CONNTRACK_IPV6+=" be unable to run ${PN} on the local system."
		56
		57	check_extra_config
		58	}
		59
		60	src_prepare() {
		61	epatch "${FILESDIR}"/${PVR}/10-releasenotes.patch
		62
		63	cp "${FILESDIR}"/${PVR}/shorewallrc "${S}"/shorewallrc.gentoo \|\| die "Copying shorewallrc failed"
		64	eprefixify "${S}"/shorewallrc.gentoo
65
66	cp "${FILESDIR}"/${PVR}/${PN}.confd "${S}"/default.gentoo \|\| die "Copying ${PN}.confd failed"
67	cp "${FILESDIR}"/${PVR}/${PN}.initd "${S}"/init.gentoo.sh \|\| die "Copying ${PN}.initd failed"
68	cp "${FILESDIR}"/${PVR}/${PN}.systemd "${S}"/gentoo.service \|\| die "Copying ${PN}.systemd failed"
69
70	epatch_user
71	}
72
73	src_configure() {
74	:;
75	}
76
77	src_compile() {
78	:;
79	}
80
81	src_install() {
82	keepdir /var/lib/${PN}
83
84	DESTDIR="${D}" ./install.sh shorewallrc.gentoo \|\| die "install.sh failed"
85
86	dodoc changelog.txt releasenotes.txt
87	if use doc; then
88	dodoc -r Samples6
89	cd "${WORKDIR}"/${MY_P_DOCS}
90	dohtml -r *
91	fi
92	}
93
94	pkg_postinst() {
95	if [[ -z "${REPLACING_VERSIONS}" ]]; then
96	# This is a new installation
97	elog "Before you can use ${PN}, you need to edit its configuration in:"
98	elog ""
99	elog " ${EPREFIX}/etc/${PN}/${PN}.conf"
100	elog ""
101	elog "To activate ${PN} on system start, please add ${PN} to your default runlevel:"
102	elog ""
103	elog " # rc-update add ${PN} default"
104	fi
105
106	if ! has_version ${CATEGORY}/shorewall-init; then
107	elog ""
108	elog "Starting with shorewall6-4.5.21.2, Gentoo also offers ${CATEGORY}/shorewall-init,"
109	elog "which we recommend to install, to protect your firewall at system boot."
110	elog ""
111	elog "To read more about shorewall-init, please visit"
112	elog " http://www.shorewall.net/Shorewall-init.html"
113	fi
114	}

Line 0 Link Here

(-)original/net-firewall/shorewall6-lite/files/4.5.21.7/shorewall6-lite.systemd (+17 lines)
	1	#
	2	# The Shoreline Firewall 6 Lite (Shorewall6-Lite) Packet Filtering Firewall - V4.5
	3	#
	4	[Unit]
	5	Description=Shorewall IPv6 firewall lite
	6	Documentation=man:shorewall6-lite(8) http://www.shorewall.net/Documentation_Index.html
	7	After=network.target
	8
	9	[Service]
	10	Type=oneshot
	11	RemainAfterExit=yes
	12	EnvironmentFile=/etc/conf.d/shorewall6-lite
	13	ExecStart=/sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
	14	ExecStop=/sbin/shorewall6-lite $OPTIONS stop $STOPOPTIONS
	15
	16	[Install]
	17	WantedBy=multi-user.target

Line 0 Link Here

(-)original/net-firewall/shorewall-init/files/4.5.21.7/README.Gentoo.txt (+36 lines)
	1	--- shorewall-init.old 2013-09-08 23:25:36.364924304 +0200
Line 0 Link Here
	1	This patch will update the version number in the release notes.
	2
	3	See http://thread.gmane.org/gmane.comp.security.shorewall/30808
	4
	5	--- shorewall-init-4.5.21.7.old/releasenotes.txt 2014-03-08 16:35:39.000000000 +0100
Line 0 Link Here
	1	shorewall-init from upstream offers two features (taken from [1]):
	2
	3	1. It can 'close' the firewall before the network interfaces are
	4	brought up during boot.
	5
	6	2. It can change the firewall state as the result of interfaces
	7	being brought up or taken down.
	8
	9	On Gentoo we only support the first feature -- the firewall lockdown during
	10	boot.
	11
	12	We do not support the second feature, because Gentoo doesn't support a
	13	if-{up,down}.d folder like other distributions do. If you would want to use
	14	such a feature, you would have to add a custom action to /etc/conf.d/net
	15	(please refer to the Gentoo Linux Handbook [2] for more information).
	16	If you are able to add your custom {pre,post}{up,down} action, your are
	17	also able to specify what shorewall{6,-lite,6-lite} should do, so there is
	18	no need for upstream's scripts in Gentoo.
	19
	20	If you disagree with us, feel free to open a bug [3] and contribute your
	21	solution for Gentoo.
	22
	23	Upstream's original init script also supports saving and restoring of
	24	ipsets. Please use the init script from net-firewall/ipset if you need
	25	such a feature.
	26
	27
	28	[1] http://www.shorewall.net/Shorewall-init.html
	29	[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5
	30	[3] https://bugs.gentoo.org

Line 0 Link Here

(-)original/net-firewall/shorewall-lite/files/4.5.21.7/shorewall-lite.systemd (+17 lines)
	1	#
	2	# The Shoreline Firewall Lite (Shorewall-Lite) Packet Filtering Firewall - V4.5
	3	#
	4	[Unit]
	5	Description=Shorewall IPv4 firewall lite
	6	Documentation=man:shorewall-lite(8) http://www.shorewall.net/Documentation_Index.html
	7	After=network.target
	8
	9	[Service]
	10	Type=oneshot
	11	RemainAfterExit=yes
	12	EnvironmentFile=/etc/conf.d/shorewall-lite
	13	ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
	14	ExecStop=/sbin/shorewall-lite $OPTIONS stop $STOPOPTIONS
	15
	16	[Install]
	17	WantedBy=multi-user.target