Merge pull request #17908 from Mic92/ferm

Ferm

1 files changed, 38 insertions, 0 deletions

diff --git a/pkgs/tools/networking/ferm/default.nix b/pkgs/tools/networking/ferm/default.nix
new file mode 100644
index 000000000000..f4cf387ecc52
--- /dev/null
+++ b/pkgs/tools/networking/ferm/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, fetchurl, makeWrapper, perl, ebtables, ipset, iptables }:
+
+stdenv.mkDerivation rec {
+  version = "2.3";
+  name = "ferm-${version}";
+
+  src = fetchurl {
+    url = "http://ferm.foo-projects.org/download/${version}/ferm-${version}.tar.gz";
+    sha256 = "0jx63fhjw5y1ahgdbn4hgd7sq6clxl80dr8a2hkryibfbwz3vs4x";
+  };
+
+  buildInputs = [ perl ipset ebtables iptables makeWrapper ];
+  preConfigure = ''
+    substituteInPlace config.mk --replace "PERL = /usr/bin/perl" "PERL = ${perl}/bin/perl"
+    substituteInPlace config.mk --replace "PREFIX = /usr" "PREFIX = $out"
+  '';
+  postInstall = ''
+    rm -r $out/lib/systemd
+    for i in "$out/sbin/"*; do
+      wrapProgram "$i" --prefix PATH : "${iptables}/bin:${ipset}/bin:${ebtables}/bin"
+    done
+  '';
+
+  meta = {
+    homepage = http://ferm.foo-projects.org/;
+    description = "Tool to maintain complex firewalls";
+    longDescription = ''
+      ferm is a tool to maintain complex firewalls, without having the trouble to
+      rewrite the complex rules over and over again. ferm allows the entire
+      firewall rule set to be stored in a separate file, and to be loaded with one
+      command. The firewall configuration resembles structured programming-like
+      language, which can contain levels and lists.
+    '';
+    license = stdenv.lib.licenses.gpl2;
+    maintainers = with stdenv.lib.maintainers; [mic92];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}