commit 13edd9765a2fcd5e69ecf1f0b6247366d58ac9a9 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #29125 from geistesk/firehol-3.1.4

firehol: init at 3.1.4, iprange: init at 1.0.3

authored by Jörg Thalheim and committed by GitHub 8 years ago 13edd976 787c6ff3

+154

5 changed files

expand all

unified split

nixos

modules

module-list.nix

services

networking

fireqos.nix

pkgs

applications

networking

firehol

default.nix

iprange.nix

top-level

all-packages.nix

nixos/modules/module-list.nix

··· 430 430 ./services/networking/fakeroute.nix 431 431 ./services/networking/ferm.nix 432 432 ./services/networking/firefox/sync-server.nix 433 + ./services/networking/fireqos.nix 433 434 ./services/networking/firewall.nix 434 435 ./services/networking/flannel.nix 435 436 ./services/networking/flashpolicyd.nix

+52

nixos/modules/services/networking/fireqos.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.fireqos; 7 + fireqosConfig = pkgs.writeText "fireqos.conf" "${cfg.config}"; 8 + in { 9 + options.services.fireqos = { 10 + enable = mkOption { 11 + type = types.bool; 12 + default = false; 13 + description = '' 14 + If enabled, FireQOS will be launched with the specified 15 + configuration given in `config`. 16 + ''; 17 + }; 18 + 19 + config = mkOption { 20 + type = types.str; 21 + default = ""; 22 + example = '' 23 + interface wlp3s0 world-in input rate 10mbit ethernet 24 + class web commit 50kbit 25 + match tcp ports 80,443 26 + 27 + interface wlp3s0 world-out input rate 10mbit ethernet 28 + class web commit 50kbit 29 + match tcp ports 80,443 30 + ''; 31 + description = '' 32 + The FireQOS configuration goes here. 33 + ''; 34 + }; 35 + }; 36 + 37 + config = mkIf cfg.enable { 38 + systemd.services.fireqos = { 39 + description = "FireQOS"; 40 + after = [ "network.target" ]; 41 + serviceConfig = { 42 + Type = "oneshot"; 43 + RemainAfterExit = true; 44 + ExecStart = "${pkgs.firehol}/bin/fireqos start ${fireqosConfig}"; 45 + ExecStop = [ 46 + "${pkgs.firehol}/bin/fireqos stop" 47 + "${pkgs.firehol}/bin/fireqos clear_all_qos" 48 + ]; 49 + }; 50 + }; 51 + }; 52 + }

+79

pkgs/applications/networking/firehol/default.nix

··· 1 + { stdenv, lib, fetchFromGitHub, pkgs 2 + , autoconf, automake, curl, iprange, iproute, ipset, iptables, iputils 3 + , kmod, nettools, procps, tcpdump, traceroute, utillinux, whois 4 + 5 + # Just install FireQOS without FireHOL 6 + , onlyQOS ? true 7 + }: 8 + 9 + stdenv.mkDerivation rec { 10 + name = "firehol-${version}"; 11 + version = "3.1.4"; 12 + 13 + src = fetchFromGitHub { 14 + owner = "firehol"; 15 + repo = "firehol"; 16 + rev = "v${version}"; 17 + sha256 = "121kjq5149r11k58lr9mkqns2k8jbdbjg2k93v8v7axhng6js7s9"; 18 + }; 19 + 20 + patches = [ 21 + # configure tries to determine if `ping6` or the newer, combined 22 + # `ping` is installed by using `ping -6` which would fail. 23 + (pkgs.writeText "firehol-ping6.patch" 24 + '' 25 + --- a/m4/ax_check_ping_ipv6.m4 26 + +++ b/m4/ax_check_ping_ipv6.m4 27 + @@ -42,16 +42,16 @@ AC_DEFUN([AX_CHECK_PING_IPV6], 28 + 29 + AC_CACHE_CHECK([whether ]PING[ has working -6 option], [ac_cv_ping_6_opt], 30 + [ 31 + - ac_cv_ping_6_opt=no 32 + - if test -n "$PING"; then 33 + - echo "Trying '$PING -6 -c 1 ::1'" >&AS_MESSAGE_LOG_FD 34 + - $PING -6 -c 1 ::1 > conftest.out 2>&1 35 + - if test "$?" = 0; then 36 + - ac_cv_ping_6_opt=yes 37 + - fi 38 + - cat conftest.out >&AS_MESSAGE_LOG_FD 39 + - rm -f conftest.out 40 + - fi 41 + + ac_cv_ping_6_opt=yes 42 + + #if test -n "$PING"; then 43 + + # echo "Trying '$PING -6 -c 1 ::1'" >&AS_MESSAGE_LOG_FD 44 + + # $PING -6 -c 1 ::1 > conftest.out 2>&1 45 + + # if test "$?" = 0; then 46 + + # ac_cv_ping_6_opt=yes 47 + + # fi 48 + + # cat conftest.out >&AS_MESSAGE_LOG_FD 49 + + # rm -f conftest.out 50 + + #fi 51 + ]) 52 + 53 + AS_IF([test "x$ac_cv_ping_6_opt" = "xyes"],[ 54 + '') 55 + ]; 56 + 57 + nativeBuildInputs = [ autoconf automake ]; 58 + buildInputs = [ 59 + curl iprange iproute ipset iptables iputils kmod 60 + nettools procps tcpdump traceroute utillinux whois 61 + ]; 62 + 63 + preConfigure = "./autogen.sh"; 64 + configureFlags = [ "--localstatedir=/var" 65 + "--disable-doc" "--disable-man" ] ++ 66 + lib.optional onlyQOS [ "--disable-firehol" ]; 67 + 68 + meta = with stdenv.lib; { 69 + description = "A firewall for humans"; 70 + longDescription = '' 71 + FireHOL, an iptables stateful packet filtering firewall for humans! 72 + FireQOS, a TC based bandwidth shaper for humans! 73 + ''; 74 + homepage = http://firehol.org/; 75 + license = licenses.gpl2; 76 + maintainers = with maintainers; [ geistesk ]; 77 + platforms = platforms.linux; 78 + }; 79 + }

+18

pkgs/applications/networking/firehol/iprange.nix

··· 1 + { stdenv, fetchurl }: 2 + 3 + stdenv.mkDerivation rec { 4 + name = "iprange-${version}"; 5 + version = "1.0.3"; 6 + 7 + src = fetchurl { 8 + url = "https://github.com/firehol/iprange/releases/download/v${version}/iprange-${version}.tar.xz"; 9 + sha256 = "0lwgl5ybrhsv43llq3kgdjpvgyfl43f3nxm0g8a8cd7zmn754bg2"; 10 + }; 11 + 12 + meta = with stdenv.lib; { 13 + description = "manage IP ranges"; 14 + homepage = https://github.com/firehol/iprange; 15 + license = licenses.gpl2; 16 + maintainers = with maintainers; [ geistesk ]; 17 + }; 18 + }

pkgs/top-level/all-packages.nix

··· 1984 1984 1985 1985 finger_bsd = callPackage ../tools/networking/bsd-finger { }; 1986 1986 1987 + iprange = callPackage ../applications/networking/firehol/iprange.nix {}; 1988 + 1989 + firehol = callPackage ../applications/networking/firehol {}; 1990 + 1987 1991 fio = callPackage ../tools/system/fio { }; 1988 1992 1989 1993 flamerobin = callPackage ../applications/misc/flamerobin { };