pyrox.dev
lol
1{
2 coreutils,
3 fetchurl,
4 gnugrep,
5 gnused,
6 iproute2,
7 iptables,
8 perl,
9 perlPackages,
10 lib,
11 stdenv,
12 util-linux,
13}:
14let
15 PATH = lib.concatStringsSep ":" [
16 "${coreutils}/bin"
17 "${iproute2}/bin"
18 "${iptables}/bin"
19 "${util-linux}/bin"
20 "${gnugrep}/bin"
21 "${gnused}/bin"
22 ];
23in
24stdenv.mkDerivation rec {
25 pname = "shorewall";
26 version = "5.2.3.3";
27
28 srcs = [
29 (fetchurl {
30 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-core-${version}.tar.bz2";
31 sha256 = "1gg2yfxzm3y9qqjrrg5nq2ggi1c6yfxx0s7fvwjw70b185mwa5p5";
32 })
33 (fetchurl {
34 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-${version}.tar.bz2";
35 sha256 = "1ka70pa3s0cnvc83rlm57r05cdv9idnxnq0vmxi6nr7razak5f3b";
36 })
37 (fetchurl {
38 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall6-${version}.tar.bz2";
39 sha256 = "0mhs4m6agwk082h1n69gnyfsjpycdd8215r4r9rzb3czs5xi087n";
40 })
41 ];
42 sourceRoot = ".";
43
44 buildInputs = [
45 coreutils
46 iproute2
47 iptables
48 util-linux
49 gnugrep
50 gnused
51 perl
52 ]
53 ++ (with perlPackages; [
54 DigestSHA1
55 ]);
56 prePatch = ''
57 # Patch configure and install.sh files
58 patchShebangs .
59
60 # Remove hardcoded PATH
61 sed -i shorewall-core-${version}/lib.cli \
62 -e '/^ *PATH=.*/d'
63 '';
64 configurePhase = ''
65 shorewall-core-${version}/configure \
66 HOST=linux \
67 PREFIX=$out \
68 CONFDIR=\$PREFIX/etc-example \
69 SBINDIR=\$PREFIX/sbin \
70 SYSCONFDIR= \
71 SHAREDIR=\$PREFIX/share \
72 LIBEXECDIR=\$SHAREDIR \
73 PERLLIBDIR=\$SHAREDIR/shorewall \
74 MANDIR=$out/man \
75 VARLIB=/var/lib \
76 INITSOURCE= \
77 INITDIR= \
78 INITFILE= \
79 DEFAULT_PAGER=
80 '';
81 installPhase = ''
82 export DESTDIR=/
83 shorewall-core-${version}/install.sh
84
85 ln -s ../shorewall-core-${version}/shorewallrc shorewall-${version}/
86 shorewall-${version}/install.sh
87
88 ln -s ../shorewall-core-${version}/shorewallrc shorewall6-${version}/
89 shorewall6-${version}/install.sh
90
91 # Patch the example shorewall{,6}.conf in case it is included
92 # in services.shorewall{,6}.configs
93 sed -i $out/etc-example/shorewall/shorewall.conf \
94 $out/etc-example/shorewall6/shorewall6.conf \
95 -e 's|^LOGFILE=.*|LOGFILE=/var/log/shorewall.log|' \
96 -e 's|^PATH=.*|PATH=${PATH}|' \
97 -e 's|^PERL=.*|PERL=${perl}/bin/perl|' \
98 -e 's|^SHOREWALL_SHELL=.*|SHOREWALL_SHELL=${stdenv.shell}|'
99 sed -i $out/etc-example/shorewall6/shorewall6.conf \
100 -e 's|^CONFIG_PATH=.*|CONFIG_PATH=:''${CONFDIR}/shorewall6:''${SHAREDIR}/shorewall6:''${SHAREDIR}/shorewall|'
101 # FIXME: the default GEOIPDIR=/usr/share/xt_geoip/LE may require attention.
102
103 # Redirect CONFDIR to /etc where services.shorewall{,6}.configs
104 # will generate the config files.
105 sed -i $out/share/shorewall/shorewallrc \
106 -e 's~^CONFDIR=.*~CONFDIR=/etc~'
107 '';
108
109 meta = {
110 homepage = "http://www.shorewall.net/";
111 description = "IP gateway/firewall configuration tool for GNU/Linux";
112 longDescription = ''
113 Shorewall is a high-level tool for configuring Netfilter. You describe your
114 firewall/gateway requirements using entries in a set of configuration
115 files. Shorewall reads those configuration files and with the help of the
116 iptables, iptables-restore, ip and tc utilities, Shorewall configures
117 Netfilter and the Linux networking subsystem to match your requirements.
118 Shorewall can be used on a dedicated firewall system, a multi-function
119 gateway/router/server or on a standalone GNU/Linux system. Shorewall does
120 not use Netfilter's ipchains compatibility mode and can thus take
121 advantage of Netfilter's connection state tracking capabilities.
122 '';
123 license = lib.licenses.gpl2Plus;
124 platforms = lib.platforms.linux;
125 };
126}