firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA

SVN-Revision: 36838
author: Jo-Philipp Wich <jow@openwrt.org> 2013-06-04 12:21:52 +0000
committer: Jo-Philipp Wich <jow@openwrt.org> 2013-06-04 12:21:52 +0000
commit: b721c9222110f0bbf2203da602f60ac0ec6f32ff (patch)
tree: f2e8a3de87e2d15cb5a674596bc8b26f2241d0e1 /package/network/config/firewall3
parent: 0dd6753c09a91d9046f9508f6f02c58212df8e5e (diff)
download: upstream-b721c9222110f0bbf2203da602f60ac0ec6f32ff.tar.gz
upstream-b721c9222110f0bbf2203da602f60ac0ec6f32ff.tar.bz2
upstream-b721c9222110f0bbf2203da602f60ac0ec6f32ff.zip
5 files changed, 0 insertions, 285 deletions
diff --git a/package/network/config/firewall3/Makefile b/package/network/config/firewall3/Makefile
deleted file mode 100644
index 76d756ef09..0000000000
--- a/package/network/config/firewall3/Makefile
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-# Copyright (C) 2013 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=firewall3
-PKG_VERSION:=2013-06-04
-PKG_RELEASE:=$(PKG_SOURCE_VERSION)
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=git://nbd.name/firewall3.git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=182abe47ae4686944482580b42a972827a0e4b51
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
-
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/kernel.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-define Package/firewall3
-  SECTION:=net
-  CATEGORY:=Network
-  TITLE:=UCI C Firewall
-  DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables
-endef
-
-define Package/firewall3/description
- This package provides a config-compatible C implementation of the UCI firewall.
-endef
-
-define Package/firewall3/conffiles
-/etc/config/firewall
-/etc/firewall.user
-endef
-
-define Build/Configure
-	$(foreach file,$(lastword $(wildcard $(KERNEL_BUILD_DIR)/iptables-*/extensions/libext.a)),$(CP) $(file) $(PKG_BUILD_DIR)/libext.a)
-	$(foreach file,$(lastword $(wildcard $(KERNEL_BUILD_DIR)/iptables-*/extensions/libext4.a)),$(CP) $(file) $(PKG_BUILD_DIR)/libext4.a)
-	$(foreach file,$(lastword $(wildcard $(KERNEL_BUILD_DIR)/iptables-*/extensions/libext6.a)),$(CP) $(file) $(PKG_BUILD_DIR)/libext6.a)
-	$(call Build/Configure/Default)
-endef
-
-TARGET_CFLAGS += -ffunction-sections -fdata-sections
-TARGET_LDFLAGS += -Wl,--gc-sections
-CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
-
-define Package/firewall3/install
-	$(INSTALL_DIR) $(1)/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/firewall3 $(1)/sbin/fw3
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/firewall.init $(1)/etc/init.d/firewall
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_DATA) ./files/firewall.hotplug $(1)/etc/hotplug.d/iface/20-firewall
-	$(INSTALL_DIR) $(1)/etc/config/
-	$(INSTALL_DATA) ./files/firewall.config $(1)/etc/config/firewall
-	$(INSTALL_DIR) $(1)/etc/
-	$(INSTALL_DATA) ./files/firewall.user $(1)/etc/firewall.user
-endef
-
-$(eval $(call BuildPackage,firewall3))
diff --git a/package/network/config/firewall3/files/firewall.config b/package/network/config/firewall3/files/firewall.config
deleted file mode 100644
index acfb5e5abd..0000000000
--- a/package/network/config/firewall3/files/firewall.config
+++ /dev/null
@@ -1,177 +0,0 @@
-config defaults
-	option syn_flood	1
-	option input		ACCEPT
-	option output		ACCEPT
-	option forward		REJECT
-# Uncomment this line to disable ipv6 rules
-#	option disable_ipv6	1
-
-config zone
-	option name		lan
-	list   network		'lan'
-	option input		ACCEPT
-	option output		ACCEPT
-	option forward		REJECT
-
-config zone
-	option name		wan
-	list   network		'wan'
-	list   network		'wan6'
-	option input		REJECT
-	option output		ACCEPT
-	option forward		REJECT
-	option masq		1
-	option mtu_fix		1
-
-config forwarding
-	option src		lan
-	option dest		wan
-
-# We need to accept udp packets on port 68,
-# see https://dev.openwrt.org/ticket/4108
-config rule
-	option name		Allow-DHCP-Renew
-	option src		wan
-	option proto		udp
-	option dest_port	68
-	option target		ACCEPT
-	option family		ipv4
-
-# Allow IPv4 ping
-config rule
-	option name		Allow-Ping
-	option src		wan
-	option proto		icmp
-	option icmp_type	echo-request
-	option family		ipv4
-	option target		ACCEPT
-
-# Allow DHCPv6 replies
-# see https://dev.openwrt.org/ticket/10381
-config rule
-	option name		Allow-DHCPv6
-	option src		wan
-	option proto		udp
-	option src_ip		fe80::/10
-	option src_port		547
-	option dest_ip		fe80::/10
-	option dest_port	546
-	option family		ipv6
-	option target		ACCEPT
-
-# Allow essential incoming IPv6 ICMP traffic
-config rule
-	option name		Allow-ICMPv6-Input
-	option src		wan
-	option proto	icmp
-	list icmp_type		echo-request
-	list icmp_type		echo-reply
-	list icmp_type		destination-unreachable
-	list icmp_type		packet-too-big
-	list icmp_type		time-exceeded
-	list icmp_type		bad-header
-	list icmp_type		unknown-header-type
-	list icmp_type		router-solicitation
-	list icmp_type		neighbour-solicitation
-	list icmp_type		router-advertisement
-	list icmp_type		neighbour-advertisement
-	option limit		1000/sec
-	option family		ipv6
-	option target		ACCEPT
-
-# Allow essential forwarded IPv6 ICMP traffic
-config rule
-	option name		Allow-ICMPv6-Forward
-	option src		wan
-	option dest		*
-	option proto		icmp
-	list icmp_type		echo-request
-	list icmp_type		echo-reply
-	list icmp_type		destination-unreachable
-	list icmp_type		packet-too-big
-	list icmp_type		time-exceeded
-	list icmp_type		bad-header
-	list icmp_type		unknown-header-type
-	option limit		1000/sec
-	option family		ipv6
-	option target		ACCEPT
-
-# include a file with users custom iptables rules
-config include
-	option path /etc/firewall.user
-
-
-### EXAMPLE CONFIG SECTIONS
-# do not allow a specific ip to access wan
-#config rule
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option dest		wan
-#	option proto	tcp
-#	option target	REJECT
-
-# block a specific mac on wan
-#config rule
-#	option dest		wan
-#	option src_mac	00:11:22:33:44:66
-#	option target	REJECT
-
-# block incoming ICMP traffic on a zone
-#config rule
-#	option src		lan
-#	option proto	ICMP
-#	option target	DROP
-
-# port redirect port coming in on wan to lan
-#config redirect
-#	option src			wan
-#	option src_dport	80
-#	option dest			lan
-#	option dest_ip		192.168.16.235
-#	option dest_port	80
-#	option proto		tcp
-
-# port redirect of remapped ssh port (22001) on wan
-#config redirect
-#	option src		wan
-#	option src_dport	22001
-#	option dest		lan
-#	option dest_port	22
-#	option proto		tcp
-
-# allow IPsec/ESP and ISAKMP passthrough
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option protocol		esp
-#	option target		ACCEPT
-
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option src_port		500
-#	option dest_port	500
-#	option proto		udp
-#	option target		ACCEPT
-
-### FULL CONFIG SECTIONS
-#config rule
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option src_mac	00:11:22:33:44:55
-#	option src_port	80
-#	option dest		wan
-#	option dest_ip	194.25.2.129
-#	option dest_port	120
-#	option proto	tcp
-#	option target	REJECT
-
-#config redirect
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option src_mac	00:11:22:33:44:55
-#	option src_port		1024
-#	option src_dport	80
-#	option dest_ip	194.25.2.129
-#	option dest_port	120
-#	option proto	tcp
diff --git a/package/network/config/firewall3/files/firewall.hotplug b/package/network/config/firewall3/files/firewall.hotplug
deleted file mode 100644
index 34f3afec9b..0000000000
--- a/package/network/config/firewall3/files/firewall.hotplug
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-[ "$ACTION" = ifup ] || exit 0
-
-/etc/init.d/firewall enabled || exit 0
-
-fw3 -q network "$INTERFACE" >/dev/null || exit 0
-
-logger -t firewall "Reloading firewall due to ifup of $INTERFACE ($DEVICE)"
-fw3 -q reload
diff --git a/package/network/config/firewall3/files/firewall.init b/package/network/config/firewall3/files/firewall.init
deleted file mode 100755
index 64e3a8c12b..0000000000
--- a/package/network/config/firewall3/files/firewall.init
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=19
-
-boot() {
-	# Be silent on boot, firewall might be started by hotplug already,
-	# so don't complain in syslog.
-	fw3 -q start
-}
-
-start() {
-	fw3 start
-}
-
-stop() {
-	fw3 flush
-}
-
-restart() {
-	fw3 restart
-}
-
-reload() {
-	fw3 reload
-}
diff --git a/package/network/config/firewall3/files/firewall.user b/package/network/config/firewall3/files/firewall.user
deleted file mode 100644
index 6f799063f5..0000000000
--- a/package/network/config/firewall3/files/firewall.user
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file is interpreted as shell script.
-# Put your custom iptables rules here, they will
-# be executed with each firewall (re-)start.
-
-# Internal uci firewall chains are flushed and recreated on reload, so
-# put custom rules into the root chains e.g. INPUT or FORWARD or into the
-# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
author	Jo-Philipp Wich <jow@openwrt.org>	2013-06-04 12:21:52 +0000
committer	Jo-Philipp Wich <jow@openwrt.org>	2013-06-04 12:21:52 +0000
commit	b721c9222110f0bbf2203da602f60ac0ec6f32ff (patch)
tree	f2e8a3de87e2d15cb5a674596bc8b26f2241d0e1 /package/network/config/firewall3
parent	0dd6753c09a91d9046f9508f6f02c58212df8e5e (diff)
download	upstream-b721c9222110f0bbf2203da602f60ac0ec6f32ff.tar.gz upstream-b721c9222110f0bbf2203da602f60ac0ec6f32ff.tar.bz2 upstream-b721c9222110f0bbf2203da602f60ac0ec6f32ff.zip