rpms/fedora/SPECS/firehol.spec

Name:           firehol
Version:        3.1.7
Release:        1%{?dist}
Summary:        Simple and powerful firewall and traffic shaping languages
License:        GPLv2+
URL:            http://firehol.org
Source0:        https://github.com/firehol/firehol/releases/download/v3.1.7/firehol-%{version}.tar.bz2
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
Source1:        firehol.init
Source2:        fireqos.init
%else
Source1:        firehol.service
Source2:        fireqos.service
%endif
BuildArch:      noarch
BuildRequires:  iprange
BuildRequires:  iproute
BuildRequires:  ipset
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
BuildRequires:  iptables
BuildRequires:  iptables-ipv6
BuildRequires:  procps-ng
BuildRequires:	iproute-tc
%else
BuildRequires:  iptables-services
BuildRequires:	kmod
%endif
BuildRequires:  tcpdump
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
%else
BuildRequires:  systemd
%endif
Requires:       coreutils
Requires:       gawk
Requires:       grep
Requires:       gzip
Requires:       ipset
Requires:       iproute
Requires:       iprange
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
Requires:       iptables
Requires:       iptables-ipv6
%else
Requires:       iptables-services
Requires:       kmod
Requires:	procps-ng
Requires:	iproute-tc
%endif
Requires:       less
Requires:       sed
Requires:       util-linux
Requires:       tcpdump
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
Requires:       module-init-tools
%else
Requires:       kmod
Requires(post):  systemd
Requires(preun):  systemd
Requires(postun):  systemd
%endif

%description
FireHOL is a generic firewall generator, meaning that you can design any kind
of local or routing stateful packet filtering firewalls with ease. Install
FireHOL if you want an easy way to configure stateful packet filtering
firewalls on Linux hosts and routers.

FireHOL uses an extremely simple but powerful way to define firewall rules
which it turns into complete stateful iptables firewalls.

You can run FireHOL with the 'helpme' argument, to get a configuration
file for the system run, which you can modify according to your
needs. The default configuration file will allow only client traffic
on all interfaces.

%prep
%setup -q

%build
%configure \
	--disable-link-balancer \
	--disable-vnetbuild
make %{?_smp_mflags}

%install
rm -rf "%{buildroot}"
make %{?_smp_mflags} install DESTDIR="%{buildroot}"
# Fixup the symlinks manually
rm %{buildroot}/usr/sbin/firehol
rm %{buildroot}/usr/sbin/fireqos
rm %{buildroot}/usr/sbin/update-ipsets
ln -s %{_libexecdir}/firehol/%{version}/firehol %{buildroot}/usr/sbin
ln -s %{_libexecdir}/firehol/%{version}/fireqos %{buildroot}/usr/sbin
ln -s %{_libexecdir}/firehol/%{version}/update-ipsets %{buildroot}/usr/sbin

%if 0%{?rhel} > 0 && 0%{?rhel} < 7
mkdir -p %{buildroot}%{_initrddir}
install -pm755 %{S:1} %{buildroot}%{_initrddir}/firehol
install -pm755 %{S:2} %{buildroot}%{_initrddir}/fireqos
%else
# Install systemd units.
mkdir -p %{buildroot}%{_unitdir}
install -pm644 %{S:1} %{S:2} %{buildroot}%{_unitdir}
%endif

# Install runtime directories.
mkdir -p %{buildroot}%{_sysconfdir}/firehol/services
mkdir -p %{buildroot}%{_localstatedir}/spool/firehol

# Ghost configurations.
touch %{buildroot}%{_sysconfdir}/firehol/firehol.conf \
      %{buildroot}%{_sysconfdir}/firehol/fireqos.conf

%post
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
/sbin/chkconfig --add firehol
/sbin/chkconfig --add fireqos
%else
%systemd_post firehol.service
%systemd_post fireqos.service
%endif

%preun
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
if [ $1 = 0 ] ; then
	/sbin/service firehol stop >/dev/null 2>&1
	/sbin/service fireqos stop >/dev/null 2>&1
	/sbin/chkconfig --del firehol
	/sbin/chkconfig --del fireqos
fi
%else
%systemd_preun firehol.service
%systemd_preun fireqos.service
%endif

%postun
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
if [ "$1" -ge "1" ] ; then
        /sbin/service firehol condrestart >/dev/null 2>&1 || :
        /sbin/service fireqos condrestart >/dev/null 2>&1 || :
fi
%else
%systemd_postun_with_restart firehol.service
%systemd_postun_with_restart fireqos.service
%endif

%files
%doc README THANKS examples contrib
%doc doc/firehol
%doc doc/fireqos
%dir %{_sysconfdir}/firehol
%config(noreplace) %{_sysconfdir}/firehol/firehol.conf
%config(noreplace) %{_sysconfdir}/firehol/fireqos.conf
%{_sysconfdir}/firehol/firehol.conf.example
%{_sysconfdir}/firehol/fireqos.conf.example
%{_sysconfdir}/firehol/services/bittorrent.conf.example
%if 0%{?rhel} > 0 && 0%{?rhel} < 7
%{_initrddir}/firehol
%{_initrddir}/fireqos
%else
%{_unitdir}/firehol.service
%{_unitdir}/fireqos.service
%endif
%{_sbindir}/firehol
%{_sbindir}/fireqos
%{_sbindir}/update-ipsets
%{_docdir}/firehol/html/*
%{_docdir}/firehol/*.pdf
%{_mandir}/man1/*.1*
%{_mandir}/man5/*.5*
%{_datadir}/update-ipsets/webdir/*
%dir %{_sysconfdir}/firehol/services/
%{_localstatedir}/spool/firehol
%{_libexecdir}/firehol/%{version}/firehol
%{_libexecdir}/firehol/%{version}/fireqos
%{_libexecdir}/firehol/%{version}/update-ipsets
%{_libexecdir}/firehol/%{version}/functions.common
%{_libexecdir}/firehol/%{version}/install.config
%{_libexecdir}/firehol/%{version}/services.common
%{_libexecdir}/firehol/%{version}/services.firehol
%{_libexecdir}/firehol/%{version}/services.fireqos

%changelog
* Thu Mar 28 2024 Daniel Steiner <daniel.steiner@dsteiner.ch>
- First build on fedora