contrib arno-iptables-firewall-1.8.8h - devel

3 Apr 2007


      Hi,
following the rules on http://wiki.centos.org/HowToContribute/Packages
I've attached my specfile for arno's iptables firewall and are offering the 
SRPM for you here:
http://osiris0.teamforge.de/arno-iptables-firewall-1.8.8h-1.src.rpm
I use this firewall for years now and am extremely satisfied. Why can't be 
every Linux daemon configured by editing a simple, well documented text 
file? I remember only squid-cache and maybe postfix comparable smooth to 
configure.
best regards,
    boris
Name:           arno-iptables-firewall
Version:        1.8.8h
Release:        1
Epoch:          0
Summary:        Single- & multi-homed firewall script with DSL/ADSL support
Group:          System Environment/Base
License:        GPL
URL:            http://rocky.molphys.leidenuniv.nl/
Source0:	http://rocky.molphys.leidenuniv.nl/iptables-firewall/arno-iptables-firewall_...
Patch0:         arno-iptables-firewall-enable-seperate-fw-log.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch:	noarch  
Requires:       iptables, sysklogd
%description
After installation, edit /etc/arno-iptables-firewall/firewall.conf, 
try "service arno-iptables-firewall start" and if satisfied permanently enable with
"chkconfig arno-iptables-firewall on"
Features
* Very secure stateful filtering firewall
* Both kernel 2.4 & 2.6 support
* Can be used for both single- and multi(eg. dual)-homed boxes
* Masquerading (NAT) and SNAT support
* Multiple external (internet) interfaces supported
* Supports multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
* Port forwarding (NAT)
* Supports MAC address filtering
* Support for DSL/ADSL modems
* Support for PPPoE, PPPoA and bridging modem setups
* Support for static and ISP assigned (DHCP) IPs
* Support for (transparent) proxies
* Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate e.g. your wireless LAN.
* (Nmap)(stealth) portscan detection
* Protection against SYN-flooding (DoS attacks)
* Protection against ICMP-flooding (DoS attacks)
* Extensive user-definable logging with rate limiting to prevent log flooding
* Includes options to optimize your throughput
* User definable open ports, closed ports, trusted hosts, blocked hosts etc.
* Log & protection options are both highly customizable
* Support for custom iptables rules in a seperate file
* Can be used with chkconfig runlevel system (eg. RedHat/Fedora)
* Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols
* Works with Freeswan IPSEC (VPN) & SSH Sentinel (http://www.freeswan.org) (+virtual IP's)
* Works with PoPTop PPTP (http://www.poptop.org)
* Works with UPnP
* DRDOS protection/detection (experimental)
* Easy to configure
* And much more...
%prep
%setup -q -n %{name}_%{version}
%patch0 -p1
%build
# gzip man pages
pushd man
gzip arno-fwfilter.1 arno-iptables-firewall.8
popd
%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/%_sysconfdir $RPM_BUILD_ROOT/%_sysconfdir/rc.d/init.d $RPM_BUILD_ROOT/%_sbindir \
       $RPM_BUILD_ROOT/%_sysconfdir/arno-iptables-firewall \
           $RPM_BUILD_ROOT/%_mandir/man1 $RPM_BUILD_ROOT/%_mandir/man8
cp -r   etc/arno-iptables-firewall/* $RPM_BUILD_ROOT/%_sysconfdir/arno-iptables-firewall
install -m 755 -o root -g root arno-iptables-firewall  $RPM_BUILD_ROOT/%_sysconfdir/rc.d/init.d
install        -o root -g root arno-fwfilter           $RPM_BUILD_ROOT/%_sbindir
install -m 644 -o root -g root man/arno-fwfilter.1.gz          $RPM_BUILD_ROOT/%_mandir/man1
install -m 644 -o root -g root man/arno-iptables-firewall.8.gz $RPM_BUILD_ROOT/%_mandir/man8
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
/%_sbindir/*
/%_sysconfdir/rc.d/init.d/*
%dir /%_sysconfdir/arno-iptables-firewall/
/%_sysconfdir/arno-iptables-firewall/firewall.conf.example
/%_sysconfdir/arno-iptables-firewall/plugins/*.plugin
/%_sysconfdir/arno-iptables-firewall/plugins/*.CHANGELOG
/%_mandir/man1/*
/%_mandir/man8/*
%attr(600,root,root) %config /%_sysconfdir/arno-iptables-firewall/firewall.conf
%attr(600,root,root) %config /%_sysconfdir/arno-iptables-firewall/custom-rules
%attr(600,root,root) %config /%_sysconfdir/arno-iptables-firewall/plugins/*.conf
%doc README CHANGELOG gpl_license.txt
%post
if [ $1 -eq 1 ]; then
        chkconfig --add arno-iptables-firewall
    cat >> /etc/syslog.conf <<-EOF
# Log all iptables messages to /var/log/firewall
kern.=debug                                             /var/log/firewall
EOF
    service syslog reload
    sed -e 's//var/log/messages//var/log/firewall /var/log/messages/' \
    /etc/logrotate.d/syslog > /etc/logrotate.d/syslog.$$ \
    && mv /etc/logrotate.d/syslog.$$ /etc/logrotate.d/syslog
fi
%preun
if [ $1 -eq 0 ]; then
        chkconfig --del arno-iptables-firewall
    service arno-iptables-firewall stop
fi
%postun
if [ $1 -eq 0 ]; then
    grep -v "/var/log/firewall" /etc/syslog.conf > /etc/syslog.conf.$$ \
        && mv /etc/syslog.conf.$$ /etc/syslog.conf
    service syslog reload
    sed -e 's//var/log/firewall //' \
    /etc/logrotate.d/syslog > /etc/logrotate.d/syslog.$$ \
    && mv /etc/logrotate.d/syslog.$$ /etc/logrotate.d/syslog
fi
%changelog
* Tue Apr  3 2007 Boris Folgmann boris@folgmann.de - 1.8.8h
- Upgraded to new version
* Wed Feb  1 2006 Boris Folgmann boris@folgmann.de - 1.8.4d
- Initial SPEC file version.