| blob | f3edc8d0d01c761f951d3143ac36edf50afffc15 |
1 { coreutils
2 , fetchurl
3 , gnugrep
4 , gnused
5 , iproute2
6 , iptables
7 , perl
8 , perlPackages
9 , lib, stdenv
10 , util-linux
11 }:
12 let
13 PATH = lib.concatStringsSep ":"
14 [ "${coreutils}/bin"
15 "${iproute2}/bin"
16 "${iptables}/bin"
17 "${util-linux}/bin"
18 "${gnugrep}/bin"
19 "${gnused}/bin"
20 ];
21 in
22 stdenv.mkDerivation rec {
23 pname = "shorewall";
24 version = "5.2.3.3";
26 srcs = [
27 (fetchurl {
28 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-core-${version}.tar.bz2";
29 sha256 = "1gg2yfxzm3y9qqjrrg5nq2ggi1c6yfxx0s7fvwjw70b185mwa5p5";
30 })
31 (fetchurl {
32 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall-${version}.tar.bz2";
33 sha256 = "1ka70pa3s0cnvc83rlm57r05cdv9idnxnq0vmxi6nr7razak5f3b";
34 })
35 (fetchurl {
36 url = "http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/shorewall6-${version}.tar.bz2";
37 sha256 = "0mhs4m6agwk082h1n69gnyfsjpycdd8215r4r9rzb3czs5xi087n";
38 })
39 ];
40 sourceRoot = ".";
42 buildInputs = [
43 coreutils
44 iproute2
45 iptables
46 util-linux
47 gnugrep
48 gnused
49 perl
50 ] ++ (with perlPackages; [
51 DigestSHA1
52 ]);
53 prePatch = ''
54 # Patch configure and install.sh files
55 patchShebangs .
57 # Remove hardcoded PATH
58 sed -i shorewall-core-${version}/lib.cli \
59 -e '/^ *PATH=.*/d'
60 '';
61 configurePhase = ''
62 shorewall-core-${version}/configure \
63 HOST=linux \
64 PREFIX=$out \
65 CONFDIR=\$PREFIX/etc-example \
66 SBINDIR=\$PREFIX/sbin \
67 SYSCONFDIR= \
68 SHAREDIR=\$PREFIX/share \
69 LIBEXECDIR=\$SHAREDIR \
70 PERLLIBDIR=\$SHAREDIR/shorewall \
71 MANDIR=$out/man \
72 VARLIB=/var/lib \
73 INITSOURCE= \
74 INITDIR= \
75 INITFILE= \
76 DEFAULT_PAGER=
77 '';
78 installPhase = ''
79 export DESTDIR=/
80 shorewall-core-${version}/install.sh
82 ln -s ../shorewall-core-${version}/shorewallrc shorewall-${version}/
83 shorewall-${version}/install.sh
85 ln -s ../shorewall-core-${version}/shorewallrc shorewall6-${version}/
86 shorewall6-${version}/install.sh
88 # Patch the example shorewall{,6}.conf in case it is included
89 # in services.shorewall{,6}.configs
90 sed -i $out/etc-example/shorewall/shorewall.conf \
91 $out/etc-example/shorewall6/shorewall6.conf \
92 -e 's|^LOGFILE=.*|LOGFILE=/var/log/shorewall.log|' \
93 -e 's|^PATH=.*|PATH=${PATH}|' \
94 -e 's|^PERL=.*|PERL=${perl}/bin/perl|' \
95 -e 's|^SHOREWALL_SHELL=.*|SHOREWALL_SHELL=${stdenv.shell}|'
96 sed -i $out/etc-example/shorewall6/shorewall6.conf \
97 -e 's|^CONFIG_PATH=.*|CONFIG_PATH=:''${CONFDIR}/shorewall6:''${SHAREDIR}/shorewall6:''${SHAREDIR}/shorewall|'
98 # FIXME: the default GEOIPDIR=/usr/share/xt_geoip/LE may require attention.
100 # Redirect CONFDIR to /etc where services.shorewall{,6}.configs
101 # will generate the config files.
102 sed -i $out/share/shorewall/shorewallrc \
103 -e 's~^CONFDIR=.*~CONFDIR=/etc~'
104 '';
106 meta = {
107 homepage = "http://www.shorewall.net/";
108 description = "IP gateway/firewall configuration tool for GNU/Linux";
109 longDescription = ''
110 Shorewall is a high-level tool for configuring Netfilter. You describe your
111 firewall/gateway requirements using entries in a set of configuration
112 files. Shorewall reads those configuration files and with the help of the
113 iptables, iptables-restore, ip and tc utilities, Shorewall configures
114 Netfilter and the Linux networking subsystem to match your requirements.
115 Shorewall can be used on a dedicated firewall system, a multi-function
116 gateway/router/server or on a standalone GNU/Linux system. Shorewall does
117 not use Netfilter's ipchains compatibility mode and can thus take
118 advantage of Netfilter's connection state tracking capabilities.
119 '';
120 license = lib.licenses.gpl2Plus;
121 platforms = lib.platforms.linux;
122 };
123 }