| blob | f95fc9d92b188600e84f90fa53f0b8c3cb6873c9 |
1 { coreutils
2 , ebtables
3 , fetchurl
4 , gnugrep
5 , gnused
6 , iproute2
7 , ipset
8 , iptables
9 , perl
10 , perlPackages
11 , lib, stdenv
12 , tree
13 , util-linux
14 }:
15 let
16 PATH = lib.concatStringsSep ":"
17 [ "${coreutils}/bin"
18 "${iproute2}/bin"
19 "${iptables}/bin"
20 "${ipset}/bin"
21 "${ebtables}/bin"
22 "${util-linux}/bin"
23 "${gnugrep}/bin"
24 "${gnused}/bin"
25 ];
26 in
27 stdenv.mkDerivation rec {
28 pname = "shorewall";
29 version = "5.2.3.3";
31 srcs = [
32 (fetchurl {
33 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-core-${version}.tar.bz2";
34 sha256 = "1gg2yfxzm3y9qqjrrg5nq2ggi1c6yfxx0s7fvwjw70b185mwa5p5";
35 })
36 (fetchurl {
37 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-${version}.tar.bz2";
38 sha256 = "1ka70pa3s0cnvc83rlm57r05cdv9idnxnq0vmxi6nr7razak5f3b";
39 })
40 (fetchurl {
41 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall6-${version}.tar.bz2";
42 sha256 = "0mhs4m6agwk082h1n69gnyfsjpycdd8215r4r9rzb3czs5xi087n";
43 })
44 ];
45 sourceRoot = ".";
47 buildInputs = [
48 coreutils
49 iproute2
50 ipset
51 iptables
52 ebtables
53 util-linux
54 gnugrep
55 gnused
56 perl
57 ] ++ (with perlPackages; [
58 DigestSHA1
59 ]);
60 prePatch = ''
61 # Patch configure and install.sh files
62 patchShebangs .
64 # Remove hardcoded PATH
65 sed -i shorewall-core-${version}/lib.cli \
66 -e '/^ *PATH=.*/d'
67 '';
68 configurePhase = ''
69 shorewall-core-${version}/configure \
70 HOST=linux \
71 PREFIX=$out \
72 CONFDIR=\$PREFIX/etc-example \
73 SBINDIR=\$PREFIX/sbin \
74 SYSCONFDIR= \
75 SHAREDIR=\$PREFIX/share \
76 LIBEXECDIR=\$SHAREDIR \
77 PERLLIBDIR=\$SHAREDIR/shorewall \
78 MANDIR=$out/man \
79 VARLIB=/var/lib \
80 INITSOURCE= \
81 INITDIR= \
82 INITFILE= \
83 DEFAULT_PAGER=
84 '';
85 installPhase = ''
86 export DESTDIR=/
87 shorewall-core-${version}/install.sh
89 ln -s ../shorewall-core-${version}/shorewallrc shorewall-${version}/
90 shorewall-${version}/install.sh
92 ln -s ../shorewall-core-${version}/shorewallrc shorewall6-${version}/
93 shorewall6-${version}/install.sh
95 # Patch the example shorewall{,6}.conf in case it is included
96 # in services.shorewall{,6}.configs
97 sed -i $out/etc-example/shorewall/shorewall.conf \
98 $out/etc-example/shorewall6/shorewall6.conf \
99 -e 's|^LOGFILE=.*|LOGFILE=/var/log/shorewall.log|' \
100 -e 's|^PATH=.*|PATH=${PATH}|' \
101 -e 's|^PERL=.*|PERL=${perl}/bin/perl|' \
102 -e 's|^SHOREWALL_SHELL=.*|SHOREWALL_SHELL=${stdenv.shell}|'
103 sed -i $out/etc-example/shorewall6/shorewall6.conf \
104 -e 's|^CONFIG_PATH=.*|CONFIG_PATH=:''${CONFDIR}/shorewall6:''${SHAREDIR}/shorewall6:''${SHAREDIR}/shorewall|'
105 # FIXME: the default GEOIPDIR=/usr/share/xt_geoip/LE may require attention.
107 # Redirect CONFDIR to /etc where services.shorewall{,6}.configs
108 # will generate the config files.
109 sed -i $out/share/shorewall/shorewallrc \
110 -e 's~^CONFDIR=.*~CONFDIR=/etc~'
111 '';
113 meta = {
114 homepage = "http://www.shorewall.net/";
115 description = "An IP gateway/firewall configuration tool for GNU/Linux";
116 longDescription = ''
117 Shorewall is a high-level tool for configuring Netfilter. You describe your
118 firewall/gateway requirements using entries in a set of configuration
119 files. Shorewall reads those configuration files and with the help of the
120 iptables, iptables-restore, ip and tc utilities, Shorewall configures
121 Netfilter and the Linux networking subsystem to match your requirements.
122 Shorewall can be used on a dedicated firewall system, a multi-function
123 gateway/router/server or on a standalone GNU/Linux system. Shorewall does
124 not use Netfilter's ipchains compatibility mode and can thus take
125 advantage of Netfilter's connection state tracking capabilities.
126 '';
127 license = lib.licenses.gpl2Plus;
128 platforms = lib.platforms.linux;
129 };
130 }