| blob | cdff695aa8df5fb1b33a1011102ae53804dff4d9 |
1 { stdenv, lib, fetchFromGitHub, autoconf, automake, curl, iprange, iproute2, iptables, iputils
2 , kmod, nettools, procps, tcpdump, traceroute, util-linux, whois
4 # If true, just install FireQOS without FireHOL
5 , onlyQOS ? false
6 }:
8 stdenv.mkDerivation rec {
9 pname = "firehol";
10 version = "3.1.7";
12 src = fetchFromGitHub {
13 owner = "firehol";
14 repo = "firehol";
15 rev = "v${version}";
16 sha256 = "sha256-gq7l7QoUsK+j5DUn84kD9hlUTC4hz3ds3gNJc1tRygs=";
17 };
19 patches = [
20 # configure tries to determine if `ping6` or the newer, combined
21 # `ping` is installed by using `ping -6` which would fail.
22 ./firehol-ping6.patch
24 # put firehol config files in /etc/firehol (not $out/etc/firehol)
25 # to avoid error on startup, see #35114
26 ./firehol-sysconfdir.patch
28 # we must quote "$UNAME_CMD", or the dash in
29 # /nix/store/...-coreutils-.../bin/uname will be interpreted as
30 # IFS -> error. this might be considered an upstream bug but only
31 # appears when there are dashes in the command path
32 ./firehol-uname-command.patch
33 ];
35 nativeBuildInputs = [ autoconf automake ];
36 buildInputs = [
37 curl iprange iproute2 iptables iputils kmod
38 nettools procps tcpdump traceroute util-linux whois
39 ];
41 preConfigure = "./autogen.sh";
42 configureFlags = [ "--localstatedir=/var"
43 "--disable-doc" "--disable-man"
44 "--disable-update-ipsets" ] ++
45 lib.optionals onlyQOS [ "--disable-firehol" ];
47 meta = with lib; {
48 description = "Firewall for humans";
49 longDescription = ''
50 FireHOL, an iptables stateful packet filtering firewall for humans!
51 FireQOS, a TC based bandwidth shaper for humans!
52 '';
53 homepage = "https://firehol.org/";
54 license = licenses.gpl2;
55 maintainers = with maintainers; [ oxzi ];
56 platforms = platforms.linux;
57 };
58 }