diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/firehol')
5 files changed, 121 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/networking/firehol/default.nix b/nixpkgs/pkgs/applications/networking/firehol/default.nix new file mode 100644 index 000000000000..424c67721046 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/firehol/default.nix @@ -0,0 +1,58 @@ +{ stdenv, lib, fetchFromGitHub, pkgs +, autoconf, automake, curl, iprange, iproute2, ipset, iptables, iputils +, kmod, nettools, procps, tcpdump, traceroute, util-linux, whois + +# If true, just install FireQOS without FireHOL +, onlyQOS ? false +}: + +stdenv.mkDerivation rec { + pname = "firehol"; + version = "3.1.7"; + + src = fetchFromGitHub { + owner = "firehol"; + repo = "firehol"; + rev = "v${version}"; + sha256 = "sha256-gq7l7QoUsK+j5DUn84kD9hlUTC4hz3ds3gNJc1tRygs="; + }; + + patches = [ + # configure tries to determine if `ping6` or the newer, combined + # `ping` is installed by using `ping -6` which would fail. + ./firehol-ping6.patch + + # put firehol config files in /etc/firehol (not $out/etc/firehol) + # to avoid error on startup, see #35114 + ./firehol-sysconfdir.patch + + # we must quote "$UNAME_CMD", or the dash in + # /nix/store/...-coreutils-.../bin/uname will be interpreted as + # IFS -> error. this might be considered an upstream bug but only + # appears when there are dashes in the command path + ./firehol-uname-command.patch + ]; + + nativeBuildInputs = [ autoconf automake ]; + buildInputs = [ + curl iprange iproute2 ipset iptables iputils kmod + nettools procps tcpdump traceroute util-linux whois + ]; + + preConfigure = "./autogen.sh"; + configureFlags = [ "--localstatedir=/var" + "--disable-doc" "--disable-man" ] ++ + lib.optional onlyQOS [ "--disable-firehol" ]; + + meta = with lib; { + description = "A firewall for humans"; + longDescription = '' + FireHOL, an iptables stateful packet filtering firewall for humans! + FireQOS, a TC based bandwidth shaper for humans! + ''; + homepage = "https://firehol.org/"; + license = licenses.gpl2; + maintainers = with maintainers; [ oxzi ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/networking/firehol/firehol-ping6.patch b/nixpkgs/pkgs/applications/networking/firehol/firehol-ping6.patch new file mode 100644 index 000000000000..7e06e503ef6f --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/firehol/firehol-ping6.patch @@ -0,0 +1,29 @@ +--- a/m4/ax_check_ping_ipv6.m4 ++++ b/m4/ax_check_ping_ipv6.m4 +@@ -42,16 +42,16 @@ AC_DEFUN([AX_CHECK_PING_IPV6], + + AC_CACHE_CHECK([whether ]PING[ has working -6 option], [ac_cv_ping_6_opt], + [ +- ac_cv_ping_6_opt=no +- if test -n "$PING"; then +- echo "Trying '$PING -6 -c 1 ::1'" >&AS_MESSAGE_LOG_FD +- $PING -6 -c 1 ::1 > conftest.out 2>&1 +- if test "$?" = 0; then +- ac_cv_ping_6_opt=yes +- fi +- cat conftest.out >&AS_MESSAGE_LOG_FD +- rm -f conftest.out +- fi ++ ac_cv_ping_6_opt=yes ++ #if test -n "$PING"; then ++ # echo "Trying '$PING -6 -c 1 ::1'" >&AS_MESSAGE_LOG_FD ++ # $PING -6 -c 1 ::1 > conftest.out 2>&1 ++ # if test "$?" = 0; then ++ # ac_cv_ping_6_opt=yes ++ # fi ++ # cat conftest.out >&AS_MESSAGE_LOG_FD ++ # rm -f conftest.out ++ #fi + ]) + + AS_IF([test "x$ac_cv_ping_6_opt" = "xyes"],[ diff --git a/nixpkgs/pkgs/applications/networking/firehol/firehol-sysconfdir.patch b/nixpkgs/pkgs/applications/networking/firehol/firehol-sysconfdir.patch new file mode 100644 index 000000000000..c541dd585acc --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/firehol/firehol-sysconfdir.patch @@ -0,0 +1,5 @@ +--- a/sbin/install.config.in.in ++++ b/sbin/install.config.in.in +@@ -4,1 +4,1 @@ +-SYSCONFDIR="@sysconfdir_POST@" ++SYSCONFDIR="/etc" diff --git a/nixpkgs/pkgs/applications/networking/firehol/firehol-uname-command.patch b/nixpkgs/pkgs/applications/networking/firehol/firehol-uname-command.patch new file mode 100644 index 000000000000..92ab4cd93214 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/firehol/firehol-uname-command.patch @@ -0,0 +1,11 @@ +--- a/sbin/firehol ++++ b/sbin/firehol +@@ -10295,7 +10295,7 @@ + kmaj=$1 + kmin=$2 + +- set -- $($UNAME_CMD -r) ++ set -- $("$UNAME_CMD" -r) + eval $kmaj=\$1 $kmin=\$2 + } + kernel_maj_min KERNELMAJ KERNELMIN diff --git a/nixpkgs/pkgs/applications/networking/firehol/iprange.nix b/nixpkgs/pkgs/applications/networking/firehol/iprange.nix new file mode 100644 index 000000000000..7dc43d5c116c --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/firehol/iprange.nix @@ -0,0 +1,18 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "iprange"; + version = "1.0.4"; + + src = fetchurl { + url = "https://github.com/firehol/iprange/releases/download/v${version}/iprange-${version}.tar.xz"; + sha256 = "0rymw4ydn09dng34q4g5111706fyppzs2gd5br76frgvfj4x2f71"; + }; + + meta = with lib; { + description = "manage IP ranges"; + homepage = "https://github.com/firehol/iprange"; + license = licenses.gpl2; + maintainers = with maintainers; [ oxzi ]; + }; +} |