Lines 1-436
Link Here
|
1 |
# Copyright 1999-2014 Gentoo Foundation |
|
|
2 |
# Distributed under the terms of the GNU General Public License v2 |
3 |
# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall/shorewall-4.6.5.2.ebuild,v 1.1 2014/11/18 12:54:56 xmw Exp $ |
4 |
|
5 |
EAPI="5" |
6 |
|
7 |
inherit eutils linux-info prefix systemd versionator |
8 |
|
9 |
DESCRIPTION='The Shoreline Firewall, commonly known as Shorewall, is' |
10 |
DESCRIPTION+=' a high-level tool for configuring Netfilter' |
11 |
HOMEPAGE="http://www.shorewall.net/" |
12 |
LICENSE="GPL-2" |
13 |
SLOT="0" |
14 |
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" |
15 |
IUSE="doc +init +ipv4 ipv6 lite4 lite6" |
16 |
|
17 |
MY_PV=${PV/_rc/-RC} |
18 |
MY_PV=${MY_PV/_beta/-Beta} |
19 |
MY_P=${PN}-${MY_PV} |
20 |
|
21 |
MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2) |
22 |
MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3) |
23 |
|
24 |
# shorewall |
25 |
MY_PN_IPV4=Shorewall |
26 |
MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV} |
27 |
|
28 |
# shorewall6 |
29 |
MY_PN_IPV6=Shorewall6 |
30 |
MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV} |
31 |
|
32 |
# shorewall-lite |
33 |
MY_PN_LITE4=Shorewall-lite |
34 |
MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV} |
35 |
|
36 |
# shorewall6-lite |
37 |
MY_PN_LITE6=Shorewall6-lite |
38 |
MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV} |
39 |
|
40 |
# shorewall-init |
41 |
MY_PN_INIT=Shorewall-init |
42 |
MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV} |
43 |
|
44 |
# shorewall-core |
45 |
MY_PN_CORE=Shorewall-core |
46 |
MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV} |
47 |
|
48 |
# shorewall-docs-html |
49 |
MY_PN_DOCS=Shorewall-docs-html |
50 |
MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV} |
51 |
|
52 |
# Upstream URL schema: |
53 |
# Beta: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2 |
54 |
# RC: $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2 |
55 |
# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2 |
56 |
|
57 |
MY_URL_PREFIX= |
58 |
MY_URL_SUFFIX= |
59 |
if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then |
60 |
KEYWORDS="" |
61 |
MY_URL_PREFIX='development/' |
62 |
|
63 |
_tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1)) |
64 |
_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV}) |
65 |
if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then |
66 |
MY_URL_SUFFIX="-${_tmp_suffix}" |
67 |
fi |
68 |
|
69 |
# Cleaning up temporary variables |
70 |
unset _tmp_last_index |
71 |
unset _tmp_suffix |
72 |
fi |
73 |
|
74 |
SRC_URI=" |
75 |
http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2 |
76 |
ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 ) |
77 |
ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 ) |
78 |
lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 ) |
79 |
lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 ) |
80 |
init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 ) |
81 |
doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 ) |
82 |
" |
83 |
|
84 |
# - Shorewall6 requires Shorewall |
85 |
# - Installing Shorewall-init or just the documentation doesn't make any sense, |
86 |
# that's why we force the user to select at least one "real" Shorewall product |
87 |
# |
88 |
# See http://shorewall.net/download.htm#Which |
89 |
REQUIRED_USE=" |
90 |
ipv6? ( ipv4 ) |
91 |
|| ( ipv4 lite4 lite6 ) |
92 |
" |
93 |
|
94 |
# No build dependencies! Just plain shell scripts... |
95 |
DEPEND="" |
96 |
|
97 |
RDEPEND=" |
98 |
>=net-firewall/iptables-1.4.20 |
99 |
>=sys-apps/iproute2-3.8.0[-minimal] |
100 |
>=sys-devel/bc-1.06.95 |
101 |
ipv4? ( |
102 |
>=dev-lang/perl-5.16 |
103 |
virtual/perl-Digest-SHA |
104 |
) |
105 |
ipv6? ( |
106 |
>=dev-perl/Socket6-0.230.0 |
107 |
>=net-firewall/iptables-1.4.20[ipv6] |
108 |
>=sys-apps/iproute2-3.8.0[ipv6] |
109 |
) |
110 |
lite6? ( |
111 |
>=net-firewall/iptables-1.4.20[ipv6] |
112 |
>=sys-apps/iproute2-3.8.0[ipv6] |
113 |
) |
114 |
init? ( >=sys-apps/coreutils-8.20 ) |
115 |
!net-firewall/shorewall-core |
116 |
!net-firewall/shorewall6 |
117 |
!net-firewall/shorewall-lite |
118 |
!net-firewall/shorewall6-lite |
119 |
!net-firewall/shorewall-init |
120 |
!<sys-apps/openrc-0.13 |
121 |
!<sys-apps/systemd-214 |
122 |
" |
123 |
|
124 |
S=${WORKDIR} |
125 |
|
126 |
pkg_pretend() { |
127 |
local CONFIG_CHECK="~NF_CONNTRACK" |
128 |
|
129 |
local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable" |
130 |
local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system." |
131 |
|
132 |
if use ipv4 || use lite4; then |
133 |
CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4" |
134 |
|
135 |
local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will" |
136 |
local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system." |
137 |
fi |
138 |
|
139 |
if use ipv6 || use lite6; then |
140 |
CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6" |
141 |
|
142 |
local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will" |
143 |
local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system." |
144 |
fi |
145 |
|
146 |
check_extra_config |
147 |
} |
148 |
|
149 |
src_prepare() { |
150 |
# We are moving each unpacked source from MY_P_* to MY_PN_*. |
151 |
# This allows us to use patches from upstream and keeps epatch_user working |
152 |
|
153 |
einfo "Preparing shorewallrc ..." |
154 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewallrc-r1 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc-r1 failed" |
155 |
eprefixify "${S}"/shorewallrc.gentoo |
156 |
|
157 |
# shorewall-core |
158 |
mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'" |
159 |
ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..." |
160 |
ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" |
161 |
eend 0 |
162 |
|
163 |
# shorewall |
164 |
if use ipv4; then |
165 |
mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'" |
166 |
ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}" |
167 |
ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" |
168 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.confd "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd failed" |
169 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.initd "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd failed" |
170 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed" |
171 |
eend 0 |
172 |
fi |
173 |
|
174 |
# shorewall6 |
175 |
if use ipv6; then |
176 |
mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'" |
177 |
ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}" |
178 |
ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" |
179 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.confd "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall6.confd failed" |
180 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.initd "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall6.initd failed" |
181 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed" |
182 |
eend 0 |
183 |
fi |
184 |
|
185 |
# shorewall-lite |
186 |
if use lite4; then |
187 |
mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'" |
188 |
ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}" |
189 |
ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" |
190 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.confd "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd failed" |
191 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.initd "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd failed" |
192 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed" |
193 |
eend 0 |
194 |
fi |
195 |
|
196 |
# shorewall6-lite |
197 |
if use lite6; then |
198 |
mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'" |
199 |
ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}" |
200 |
ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" |
201 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.confd "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall6-lite.confd failed" |
202 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.initd "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall6-lite.initd failed" |
203 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed" |
204 |
eend 0 |
205 |
fi |
206 |
|
207 |
# shorewall-init |
208 |
if use init; then |
209 |
mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'" |
210 |
ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}" |
211 |
ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo" |
212 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed" |
213 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed" |
214 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed" |
215 |
cp "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed" |
216 |
eend 0 |
217 |
|
218 |
eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh |
219 |
|
220 |
cd "${S}"/${MY_PN_INIT} |
221 |
epatch "${FILESDIR}"/${MY_MAJOR_RELEASE_NUMBER}/shorewall-init-01_remove-ipset-functionality.patch |
222 |
cd "${S}" |
223 |
fi |
224 |
|
225 |
# shorewall-docs-html |
226 |
if use doc; then |
227 |
mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'" |
228 |
fi |
229 |
|
230 |
epatch_user |
231 |
} |
232 |
|
233 |
src_configure() { |
234 |
:; |
235 |
} |
236 |
|
237 |
src_compile() { |
238 |
:; |
239 |
} |
240 |
|
241 |
src_install() { |
242 |
# shorewall-core |
243 |
einfo "Installing ${MY_P_CORE} ..." |
244 |
DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed" |
245 |
dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt |
246 |
|
247 |
# shorewall |
248 |
if use ipv4; then |
249 |
einfo "Installing ${MY_P_IPV4} ..." |
250 |
keepdir /var/lib/shorewall |
251 |
DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed" |
252 |
|
253 |
if use doc; then |
254 |
dodoc -r "${S}"/${MY_PN_IPV4}/Samples |
255 |
fi |
256 |
fi |
257 |
|
258 |
# shorewall6 |
259 |
if use ipv6; then |
260 |
einfo "Installing ${MY_P_IPV6} ..." |
261 |
keepdir /var/lib/shorewall6 |
262 |
DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed" |
263 |
|
264 |
if use doc; then |
265 |
dodoc -r "${S}"/${MY_PN_IPV6}/Samples6 |
266 |
fi |
267 |
fi |
268 |
|
269 |
# shorewall-lite |
270 |
if use lite4; then |
271 |
einfo "Installing ${MY_P_LITE4} ..." |
272 |
keepdir /var/lib/shorewall-lite |
273 |
DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed" |
274 |
fi |
275 |
|
276 |
# shorewall6-lite |
277 |
if use lite6; then |
278 |
einfo "Installing ${MY_P_LITE6} ..." |
279 |
keepdir /var/lib/shorewall6-lite |
280 |
DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed" |
281 |
fi |
282 |
|
283 |
# shorewall-init |
284 |
if use init; then |
285 |
einfo "Installing ${MY_P_INIT} ..." |
286 |
DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed" |
287 |
dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt |
288 |
|
289 |
if [ -f "${D}etc/logrotate.d/shorewall-init" ]; then |
290 |
# On Gentoo, shorewall-init will not create shorewall-ifupdown.log, |
291 |
# so we don't need a logrotate configuration file for shorewall-init |
292 |
einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..." |
293 |
rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed" |
294 |
fi |
295 |
|
296 |
if [ -d "${D}etc/NetworkManager" ]; then |
297 |
# On Gentoo, we don't support NetworkManager |
298 |
# so we don't need this folder at all |
299 |
einfo "Removing unused \"${D}etc/NetworkManager\" ..." |
300 |
rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed" |
301 |
fi |
302 |
|
303 |
if [ -f "${D}usr/share/shorewall-init/ifupdown" ]; then |
304 |
# This script isn't supported on Gentoo |
305 |
rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed" |
306 |
fi |
307 |
fi |
308 |
|
309 |
if use doc; then |
310 |
einfo "Installing ${MY_P_DOCS} ..." |
311 |
dohtml -r "${S}"/${MY_PN_DOCS} |
312 |
fi |
313 |
} |
314 |
|
315 |
pkg_postinst() { |
316 |
if [[ -z "${REPLACING_VERSIONS}" ]]; then |
317 |
# This is a new installation |
318 |
|
319 |
# Show first steps for shorewall/shorewall6 |
320 |
local _PRODUCTS="" |
321 |
if use ipv4; then |
322 |
_PRODUCTS="shorewall" |
323 |
|
324 |
if use ipv6; then |
325 |
_PRODUCTS="${_PRODUCTS}/shorewall6" |
326 |
fi |
327 |
fi |
328 |
|
329 |
if [[ -n "${_PRODUCTS}" ]]; then |
330 |
elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:" |
331 |
elog "" |
332 |
elog " /etc/shorewall/shorewall.conf" |
333 |
|
334 |
if use ipv6; then |
335 |
elog " /etc/shorewall6/shorewall6.conf" |
336 |
fi |
337 |
|
338 |
elog "" |
339 |
elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:" |
340 |
elog "" |
341 |
elog " # rc-update add shorewall default" |
342 |
|
343 |
if use ipv6; then |
344 |
elog " # rc-update add shorewall6 default" |
345 |
fi |
346 |
fi |
347 |
|
348 |
# Show first steps for shorewall-lite/shorewall6-lite |
349 |
_PRODUCTS="" |
350 |
if use lite4; then |
351 |
_PRODUCTS="shorewall-lite" |
352 |
fi |
353 |
|
354 |
if use lite6; then |
355 |
if [[ -z "${_PRODUCTS}" ]]; then |
356 |
_PRODUCTS="shorewall6-lite" |
357 |
else |
358 |
_PRODUCTS="${_PRODUCTS}/shorewall6-lite" |
359 |
fi |
360 |
fi |
361 |
|
362 |
if [[ -n "${_PRODUCTS}" ]]; then |
363 |
if use ipv4; then |
364 |
elog "" |
365 |
fi |
366 |
|
367 |
elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can" |
368 |
elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)." |
369 |
elog "" |
370 |
elog "To read more about ${_PRODUCTS}, please visit" |
371 |
elog " http://shorewall.net/CompiledPrograms.html" |
372 |
elog "" |
373 |
elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:" |
374 |
elog "" |
375 |
|
376 |
if use lite4; then |
377 |
elog " # rc-update add shorewall-lite default" |
378 |
fi |
379 |
|
380 |
if use lite6; then |
381 |
elog " # rc-update add shorewall6-lite default" |
382 |
fi |
383 |
fi |
384 |
|
385 |
if use init; then |
386 |
elog "" |
387 |
elog "To secure your system on boot, please add shorewall-init to your boot runlevel:" |
388 |
elog "" |
389 |
elog " # rc-update add shorewall-init boot" |
390 |
elog "" |
391 |
elog "and review \$PRODUCTS in" |
392 |
elog "" |
393 |
elog " /etc/conf.d/shorewall-init" |
394 |
fi |
395 |
|
396 |
fi |
397 |
|
398 |
if [[ -n "${REPLACING_VERSIONS}" && ${REPLACING_VERSIONS} < ${MY_MAJOR_RELEASE_NUMBER} ]]; then |
399 |
# This is an upgrade |
400 |
|
401 |
elog "You are upgrading from a previous major version. It is highly recommended that you read" |
402 |
elog "" |
403 |
elog " - /usr/share/doc/shorewall*/releasenotes.tx*" |
404 |
elog " - http://shorewall.net/upgrade_issues.htm#idp8704902640" |
405 |
|
406 |
if use ipv4; then |
407 |
elog "" |
408 |
elog "You can auto-migrate your configuration using" |
409 |
elog "" |
410 |
elog " # shorewall update -A" |
411 |
|
412 |
if use ipv6; then |
413 |
elog " # shorewall6 update -A" |
414 |
fi |
415 |
|
416 |
elog "" |
417 |
elog "But if you are not familiar with the \"shorewall[6] update\" command," |
418 |
elog "please read the shorewall[6] man page first." |
419 |
fi |
420 |
fi |
421 |
|
422 |
if ! use init; then |
423 |
elog "" |
424 |
elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot" |
425 |
elog "before your shorewall-based firewall is ready to start." |
426 |
elog "" |
427 |
elog "To read more about shorewall-init, please visit" |
428 |
elog " http://www.shorewall.net/Shorewall-init.html" |
429 |
fi |
430 |
|
431 |
if ! has_version "net-firewall/conntrack-tools"; then |
432 |
elog "" |
433 |
elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\"" |
434 |
elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!" |
435 |
fi |
436 |
} |