about summary refs log tree commit diff
path: root/nixpkgs/pkgs/applications/networking/firehol/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/firehol/default.nix')
-rw-r--r--nixpkgs/pkgs/applications/networking/firehol/default.nix58
1 files changed, 58 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/networking/firehol/default.nix b/nixpkgs/pkgs/applications/networking/firehol/default.nix
new file mode 100644
index 000000000000..424c67721046
--- /dev/null
+++ b/nixpkgs/pkgs/applications/networking/firehol/default.nix
@@ -0,0 +1,58 @@
+{ stdenv, lib, fetchFromGitHub, pkgs
+, autoconf, automake, curl, iprange, iproute2, ipset, iptables, iputils
+, kmod, nettools, procps, tcpdump, traceroute, util-linux, whois
+
+# If true, just install FireQOS without FireHOL
+, onlyQOS ? false
+}:
+
+stdenv.mkDerivation rec {
+  pname = "firehol";
+  version = "3.1.7";
+
+  src = fetchFromGitHub {
+    owner = "firehol";
+    repo = "firehol";
+    rev = "v${version}";
+    sha256 = "sha256-gq7l7QoUsK+j5DUn84kD9hlUTC4hz3ds3gNJc1tRygs=";
+  };
+
+  patches = [
+    # configure tries to determine if `ping6` or the newer, combined
+    # `ping` is installed by using `ping -6` which would fail.
+    ./firehol-ping6.patch
+
+    # put firehol config files in /etc/firehol (not $out/etc/firehol)
+    # to avoid error on startup, see #35114
+    ./firehol-sysconfdir.patch
+
+    # we must quote "$UNAME_CMD", or the dash in
+    # /nix/store/...-coreutils-.../bin/uname will be interpreted as
+    # IFS -> error. this might be considered an upstream bug but only
+    # appears when there are dashes in the command path
+    ./firehol-uname-command.patch
+  ];
+
+  nativeBuildInputs = [ autoconf automake ];
+  buildInputs = [
+    curl iprange iproute2 ipset iptables iputils kmod
+    nettools procps tcpdump traceroute util-linux whois
+  ];
+
+  preConfigure = "./autogen.sh";
+  configureFlags = [ "--localstatedir=/var"
+                     "--disable-doc" "--disable-man" ] ++
+                   lib.optional onlyQOS [ "--disable-firehol" ];
+
+  meta = with lib; {
+    description = "A firewall for humans";
+    longDescription = ''
+      FireHOL, an iptables stateful packet filtering firewall for humans!
+      FireQOS, a TC based bandwidth shaper for humans!
+    '';
+    homepage = "https://firehol.org/";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ oxzi ];
+    platforms = platforms.linux;
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 10:52:01 +0000