summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornslu2-linux.adm@bkbits.net <nslu2-linux.adm@bkbits.net>2005-01-03 10:40:09 +0000
committernslu2-linux.adm@bkbits.net <nslu2-linux.adm@bkbits.net>2005-01-03 10:40:09 +0000
commita129606993569b211295f4a99f16dd3b6bf8f5e2 (patch)
treeab6781927f0f070b6aa274f473891ccdaf6239d3
parent6d4bfd6186d966473fbea9bc3aa0b3f503a88b33 (diff)
Merge bk://oe-devel.bkbits.net/openembedded
into bkbits.net:/repos/n/nslu2-linux/openembedded 2005/01/03 11:38:06+01:00 (none)!br1 shorewall config nylon: added IPSEC 2005/01/03 10:53:55+01:00 (none)!br1 shorewall config for nylon: added routeback for mesh BKrev: 41d92109JJKBFpTPG5JoGJ7fid7WOA
-rw-r--r--packages/shorewall/files/shorewall-conf-nylon.diff175
-rw-r--r--packages/shorewall/shorewall_2.0.9.bb46
2 files changed, 221 insertions, 0 deletions
diff --git a/packages/shorewall/files/shorewall-conf-nylon.diff b/packages/shorewall/files/shorewall-conf-nylon.diff
index e69de29bb2..43b2abd745 100644
--- a/packages/shorewall/files/shorewall-conf-nylon.diff
+++ b/packages/shorewall/files/shorewall-conf-nylon.diff
@@ -0,0 +1,175 @@
+diff -Nurb shorewall/action.AllowMM shorewall.confed/action.AllowMM
+--- shorewall/action.AllowMM 1970-01-01 01:00:00.000000000 +0100
++++ shorewall.confed/action.AllowMM 2004-10-14 16:50:21.200725304 +0200
+@@ -0,0 +1,15 @@
++#
++# Shorewall 2.0 /etc/shorewall/action.AllowMM
++#
++# This action accepts MobileMesh routing protocol traffic.
++#
++# Note: This action allows traffic for the MobileMesh routing protocol
++#
++######################################################################################
++#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
++# PORT PORT(S) LIMIT GROUP
++ACCEPT - - udp 20470
++ACCEPT - - udp 20471
++ACCEPT - - tcp 20473
++ACCEPT - 224.1.2.3
++#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+diff -Nurb shorewall/action.AllowNetperf shorewall.confed/action.AllowNetperf
+--- shorewall/action.AllowNetperf 1970-01-01 01:00:00.000000000 +0100
++++ shorewall.confed/action.AllowNetperf 2004-10-14 15:46:36.000000000 +0200
+@@ -0,0 +1,17 @@
++#
++# Shorewall 2.0 /etc/shorewall/action.AllowSMTP
++#
++# This action accepts SMTP (email) traffic.
++#
++# Note: This action allows traffic between an MUA (Email client)
++# and an MTA (mail server) or between MTAs. It does not enable
++# reading of email via POP3 or IMAP. For those you need to use
++# the AllowPOP3 or AllowIMAP actions.
++#
++######################################################################################
++#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
++# PORT PORT(S) LIMIT GROUP
++ACCEPT - - tcp 12865
++ACCEPT - - tcp 1024:
++ACCEPT - - udp 1024:
++#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+diff -Nurb shorewall/action.AllowOLSR shorewall.confed/action.AllowOLSR
+--- shorewall/action.AllowOLSR 1970-01-01 01:00:00.000000000 +0100
++++ shorewall.confed/action.AllowOLSR 2004-10-14 15:45:29.000000000 +0200
+@@ -0,0 +1,12 @@
++#
++# Shorewall 2.0 /etc/shorewall/action.AllowOLSR
++#
++# This action accepts OLSR routing protocol traffic.
++#
++# Note: This action allows traffic from the OLSR routing protocol.
++#
++######################################################################################
++#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
++# PORT PORT(S) LIMIT GROUP
++ACCEPT - - udp 698
++#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+diff -Nurb shorewall/action.AllowTinc shorewall.confed/action.AllowTinc
+--- shorewall/action.AllowTinc 1970-01-01 01:00:00.000000000 +0100
++++ shorewall.confed/action.AllowTinc 2004-10-14 15:48:13.000000000 +0200
+@@ -0,0 +1,13 @@
++#
++# Shorewall 2.0 /etc/shorewall/action.AllowOLSR
++#
++# This action accepts OLSR routing protocol traffic.
++#
++# Note: This action allows traffic from the OLSR routing protocol.
++#
++######################################################################################
++#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
++# PORT PORT(S) LIMIT GROUP
++ACCEPT - - tcp 655 655
++ACCEPT - - udp 655 655
++#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+diff -Nurb shorewall/action.AllowIPSEC shorewall.confed/action.AllowIPSEC
+--- shorewall/action.AllowIPSEC 1970-01-01 01:00:00.000000000 +0100
++++ shorewall.confed/action.AllowIPSEC 2004-10-14 15:48:13.000000000 +0200
+@@ -0,0 +1,15 @@
++#
++# Shorewall 2.0 /etc/shorewall/action.AllowIPSEC
++#
++# This action accepts IPSEC traffic.
++#
++# Note: This action allows IPSEC encrypted traffic (ESP and AH)
++# and IPSEC key negotioation (IKE).
++#
++######################################################################################
++#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
++# PORT PORT(S) LIMIT GROUP
++ACCEPT - - 50
++ACCEPT - - 51
++ACCEPT - - udp 500 500
++#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+diff -Nurb shorewall/actions shorewall.confed/actions
+--- shorewall/actions 2004-10-14 17:04:41.547932648 +0200
++++ shorewall.confed/actions 2004-10-14 15:52:38.000000000 +0200
+@@ -25,5 +25,9 @@
+ # itself, the associated policy will have no common action.
+ #
+ #ACTION
+-
++AllowMM
++AllowNetperf
++AllowOLSR
++AllowTinc
++AllowIPSEC
+ #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
+diff -Nurb shorewall/interfaces shorewall.confed/interfaces
+--- shorewall/interfaces 2004-10-14 17:04:41.546932800 +0200
++++ shorewall.confed/interfaces 2004-10-14 16:04:41.000000000 +0200
+@@ -190,5 +190,10 @@
+ # net ppp0 -
+ ##############################################################################
+ #ZONE INTERFACE BROADCAST OPTIONS
++net ppp0 detect norfc1918
++net eth0 detect dhcp
++loc wlan0 detect dhcp
++loc ipsec0 detect
++mesh wlan1 detect routeback
+ #
+ #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+diff -Nurb shorewall/masq shorewall.confed/masq
+--- shorewall/masq 2004-10-14 17:04:41.547932648 +0200
++++ shorewall.confed/masq 2004-10-14 15:27:24.000000000 +0200
+@@ -137,4 +137,6 @@
+ #
+ ###############################################################################
+ #INTERFACE SUBNET ADDRESS PROTO PORT(S)
++eth0 0.0.0.0/0
++ppp0 0.0.0.0/0
+ #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
+diff -Nurb shorewall/policy shorewall.confed/policy
+--- shorewall/policy 2004-10-14 17:04:41.546932800 +0200
++++ shorewall.confed/policy 2004-10-14 16:06:33.000000000 +0200
+@@ -77,6 +77,9 @@
+ #SOURCE DEST POLICY LOG LIMIT:BURST
+ # LEVEL
+ loc net ACCEPT
++mesh net ACCEPT
++loc mesh ACCEPT
++fw all ACCEPT
+ net all DROP info
+ #
+ # THE FOLLOWING POLICY MUST BE LAST
+diff -Nurb shorewall/rules shorewall.confed/rules
+--- shorewall/rules 2004-10-14 17:04:41.547932648 +0200
++++ shorewall.confed/rules 2004-10-14 16:56:41.874854040 +0200
+@@ -310,4 +310,18 @@
+ ####################################################################################################
+ #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
+ # PORT PORT(S) DEST LIMIT GROUP
++AllowPing all all
++AllowTrcrt all all
++AllowDNS loc fw
++AllowDNS mesh fw
++AllowSSH all fw
++AllowWeb loc fw
++AllowSNMP loc fw
++AllowOLSR mesh fw
++AllowOLSR fw mesh
++AllowMM mesh fw
++AllowMM fw mesh
++AllowNetperf loc fw
++AllowNetperf mesh fw
++AllowIPSEC all fw
+ #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+diff -Nurb shorewall/zones shorewall.confed/zones
+--- shorewall/zones 2004-10-14 17:04:41.546932800 +0200
++++ shorewall.confed/zones 2004-10-14 15:04:59.000000000 +0200
+@@ -15,5 +15,5 @@
+ #ZONE DISPLAY COMMENTS
+ net Net Internet
+ loc Local Local networks
+-dmz DMZ Demilitarized zone
++mesh Mesh The Mesh Netwok
+ #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/packages/shorewall/shorewall_2.0.9.bb b/packages/shorewall/shorewall_2.0.9.bb
index e69de29bb2..f92da56808 100644
--- a/packages/shorewall/shorewall_2.0.9.bb
+++ b/packages/shorewall/shorewall_2.0.9.bb
@@ -0,0 +1,46 @@
+DESCRIPTION = "Shorewall is a high-level tool for configuring Netfilter."
+HOMEPAGE = "http://www.shorewall.net/"
+MAINTAINER = "Bruno Randolf <bruno.randolf@4g-systems.biz>"
+LICENSE = "GPL"
+SECTION = "network"
+PRIORITY = "optional"
+PR = "r2"
+
+RDEPENDS = "iptables kernel-module-ip-tables kernel-module-ip-conntrack kernel-module-ipt-conntrack kernel-module-ipt-multiport kernel-module-ipt-log kernel-module-ipt-mac kernel-module-ipt-mark kernel-module-ipt-masquerade kernel-module-ipt-pkttype kernel-module-ipt-reject kernel-module-ipt-state kernel-module-ipt-tos kernel-module-iptable-filter kernel-module-iptable-mangle kernel-module-iptable-nat"
+
+SRC_URI = "http://germany.shorewall.net/pub/shorewall/2.0/shorewall-2.0.9/shorewall-2.0.9.tgz \
+ file://install-no-chown.diff;patch=1;pnum=0"
+SRC_URI_append_nylon = " file://shorewall-conf-nylon.diff;patch=1"
+
+do_install() {
+ export PREFIX=${D}
+ ${S}/install.sh
+}
+
+CONFFILES_${PN}_nylon = "\
+${sysconfdir}/shorewall/accounting \
+${sysconfdir}/shorewall/actions \
+${sysconfdir}/shorewall/blacklist \
+${sysconfdir}/shorewall/ecn \
+${sysconfdir}/shorewall/hosts \
+${sysconfdir}/shorewall/init \
+${sysconfdir}/shorewall/initdone \
+${sysconfdir}/shorewall/interfaces \
+${sysconfdir}/shorewall/maclist \
+${sysconfdir}/shorewall/masq \
+${sysconfdir}/shorewall/modules \
+${sysconfdir}/shorewall/nat \
+${sysconfdir}/shorewall/netmap \
+${sysconfdir}/shorewall/params \
+${sysconfdir}/shorewall/policy \
+${sysconfdir}/shorewall/proxyarp \
+${sysconfdir}/shorewall/routestopped \
+${sysconfdir}/shorewall/rules \
+${sysconfdir}/shorewall/shorewall.conf \
+${sysconfdir}/shorewall/start \
+${sysconfdir}/shorewall/stop \
+${sysconfdir}/shorewall/stopped \
+${sysconfdir}/shorewall/tcrules \
+${sysconfdir}/shorewall/tos \
+${sysconfdir}/shorewall/tunnels \
+${sysconfdir}/shorewall/zones"