diff options
| author | Waldemar Brodkorb <wbx@openadk.org> | 2009-11-29 19:45:19 +0100 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2009-11-29 19:45:19 +0100 |
| commit | b3a54c520195f3cab1109cb90de8179e4dff433f (patch) | |
| tree | 6728c4cdb14fd18a6b7c040c7d395a2d5603fc74 /package | |
| parent | 81b38e16646cc758202b51b5174da63e2e09646a (diff) | |
add bridging firewall stuff
- tested with a transparent squid proxy
- fix some minor other stuff
- not completely ready
Diffstat (limited to 'package')
| -rwxr-xr-x | package/base-files/extra/init | 3 | ||||
| -rwxr-xr-x | package/base-files/extra/sbin/update | 9 | ||||
| -rw-r--r-- | package/busybox/config/procps/Config.in | 2 | ||||
| -rw-r--r-- | package/cfinstall/src/cfinstall | 2 | ||||
| -rw-r--r-- | package/ebtables/Makefile | 2 | ||||
| -rw-r--r-- | package/ebtables/patches/patch-Makefile | 26 | ||||
| -rw-r--r-- | package/grub-bin/Makefile | 2 | ||||
| -rw-r--r-- | package/squid/Makefile | 3 | ||||
| -rw-r--r-- | package/squid/files/squid.conf | 39 | ||||
| -rw-r--r-- | package/squid/files/squid.init | 37 | ||||
| -rw-r--r-- | package/squid/files/squid.postinst | 6 |
11 files changed, 92 insertions, 39 deletions
diff --git a/package/base-files/extra/init b/package/base-files/extra/init index 9013065d0..db8c3a676 100755 --- a/package/base-files/extra/init +++ b/package/base-files/extra/init @@ -1,5 +1,5 @@ #!/bin/sh -echo "Pre-boot initializing" +echo "Starting system ..." export PATH=/bin:/sbin:/usr/bin:/usr/sbin mount -nt proc proc /proc mount -o nosuid,nodev,noexec -t sysfs sysfs /sys @@ -19,5 +19,4 @@ mount -o remount,rw / cat /etc/.rnd >/dev/urandom 2>&1 [ -f /etc/fstab ] && mount -a [ -x /sbin/cfgfs ] && { cfgfs setup; mount -o remount,ro /;} -echo "Starting system" exec /sbin/init diff --git a/package/base-files/extra/sbin/update b/package/base-files/extra/sbin/update index 83807ccf5..10d6e58c2 100755 --- a/package/base-files/extra/sbin/update +++ b/package/base-files/extra/sbin/update @@ -18,17 +18,17 @@ check_exit() { } extract_from_file() { - cat $1 | gunzip -c | tar -xvf - + cat $1 | gunzip -c | tar -xf - check_exit } extract_from_ssh() { - ssh $1 "cat $2" | gunzip -c | tar -xvf - + ssh $1 "cat $2" | gunzip -c | tar -xf - check_exit } extract_from_http() { - wget -O - $1 | gunzip -c | tar -xvf - + wget -O - $1 | gunzip -c | tar -xf - check_exit } @@ -61,5 +61,4 @@ esac sync mount -o bind /etc /tmp/.cfgfs/root -echo "Check with cfgfs status if you need to merge and save any changes in /etc." -echo "You should reboot now." +echo "Update sucessful. You should reboot now." diff --git a/package/busybox/config/procps/Config.in b/package/busybox/config/procps/Config.in index acec4e45e..c0c600b4e 100644 --- a/package/busybox/config/procps/Config.in +++ b/package/busybox/config/procps/Config.in @@ -64,7 +64,7 @@ config BUSYBOX_PIDOF config BUSYBOX_FEATURE_PIDOF_SINGLE bool "Enable argument for single shot (-s)" - default n + default y depends on BUSYBOX_PIDOF help Support argument '-s' for returning only the first pid found. diff --git a/package/cfinstall/src/cfinstall b/package/cfinstall/src/cfinstall index 0c1a61779..7e9a0d1ad 100644 --- a/package/cfinstall/src/cfinstall +++ b/package/cfinstall/src/cfinstall @@ -35,7 +35,7 @@ chroot /mnt mount -t proc /proc /proc chroot /mnt mount -t sysfs /sys /sys cat << EOF > /mnt/boot/grub/grub.cfg set default=0 -set timeout=5 +set timeout=1 serial --unit=0 --speed=$speed terminal_output serial terminal_input serial diff --git a/package/ebtables/Makefile b/package/ebtables/Makefile index 05392d4b9..2a2c7dfe3 100644 --- a/package/ebtables/Makefile +++ b/package/ebtables/Makefile @@ -23,7 +23,9 @@ BUILD_STYLE:= auto INSTALL_STYLE:= auto post-install: + ${INSTALL_DIR} ${IDIR_EBTABLES}/etc ${INSTALL_DIR} ${IDIR_EBTABLES}/usr/sbin ${IDIR_EBTABLES}/usr/lib + ${INSTALL_DATA} ${WRKINST}/etc/ethertypes ${IDIR_EBTABLES}/etc ${INSTALL_BIN} ${WRKINST}/usr/sbin/ebtables ${IDIR_EBTABLES}/usr/sbin ${CP} ${WRKINST}/usr/lib/*.so ${IDIR_EBTABLES}/usr/lib diff --git a/package/ebtables/patches/patch-Makefile b/package/ebtables/patches/patch-Makefile index 455893dcc..62528ec30 100644 --- a/package/ebtables/patches/patch-Makefile +++ b/package/ebtables/patches/patch-Makefile @@ -1,6 +1,6 @@ --- ebtables-v2.0.9-1.orig/Makefile 2009-06-21 15:13:25.000000000 +0200 -+++ ebtables-v2.0.9-1/Makefile 2009-11-29 12:54:31.000000000 +0100 -@@ -8,10 +8,10 @@ PROGDATE:=June\ 2009 ++++ ebtables-v2.0.9-1/Makefile 2009-11-29 15:39:30.000000000 +0100 +@@ -8,17 +8,16 @@ PROGDATE:=June\ 2009 # default paths LIBDIR:=/usr/lib @@ -14,7 +14,25 @@ SYSCONFIGDIR:=/etc/sysconfig DESTDIR:= -@@ -154,28 +154,29 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/ +-CFLAGS:=-Wall -Wunused ++CFLAGS?=-Wall -Wunused + CFLAGS_SH_LIB:=-fPIC +-CC:=gcc +-LD:=ld ++CC?=gcc + + ifeq ($(shell uname -m),sparc64) + CFLAGS+=-DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32 +@@ -85,7 +84,7 @@ ebtables-standalone.o: ebtables-standalo + + .PHONY: libebtc + libebtc: $(OBJECTS2) +- $(LD) -shared -soname libebtc.so -o libebtc.so -lc $(OBJECTS2) ++ $(CC) -shared -o libebtc.so -lc $(OBJECTS2) + + ebtables: $(OBJECTS) ebtables-standalone.o libebtc + $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \ +@@ -154,28 +153,29 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/ .PHONY: scripts scripts: ebtables-save ebtables.sysv ebtables-config cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_ @@ -51,7 +69,7 @@ .PHONY: install install: $(MANDIR)/man8/ebtables.8 $(ETHERTYPESFILE) exec scripts -@@ -199,18 +200,18 @@ release: +@@ -199,18 +199,18 @@ release: rm -f extensions/ebt_inat.c rm -rf $(CVSDIRS) mkdir -p include/linux/netfilter_bridge diff --git a/package/grub-bin/Makefile b/package/grub-bin/Makefile index 1d2fbb334..24f386acd 100644 --- a/package/grub-bin/Makefile +++ b/package/grub-bin/Makefile @@ -8,7 +8,7 @@ include ${TOPDIR}/rules.mk PKG_NAME:= grub-bin PKG_VERSION:= 1.97.1 PKG_RELEASE:= 1 -PKG_MD5SUM:= 99ddead9dcb689a7ec2431c1e6b3cf0d +PKG_MD5SUM:= 24961a39e63d8ec16d765aad3a301cda PKG_DESCR:= GRUB bootloader PKG_SECTION:= sys PKG_SITES:= http://openadk.org/distfiles/ diff --git a/package/squid/Makefile b/package/squid/Makefile index 9395c65c8..cfc35061c 100644 --- a/package/squid/Makefile +++ b/package/squid/Makefile @@ -146,6 +146,9 @@ post-configure: ${SED} 's#postdeps="-lstdc.*#postdeps="-lm"#' \ ${WRKBUILD}/libtool endif +post-configure: + ${SED} 's#\(hardcode_into_libs=\).*$$#\1no#' \ + ${WRKBUILD}/libtool post-install: ${INSTALL_MODS_y} ${INSTALL_MODS_m} ${INSTALL_DIR} ${IDIR_SQUID}/etc/squid diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf index 86ffa60c7..9e6571192 100644 --- a/package/squid/files/squid.conf +++ b/package/squid/files/squid.conf @@ -1,27 +1,16 @@ visible_hostname linux +# for transparent proxy use following +# http_port 3128 transparent http_port 3128 -# acl -acl manager proto cache_object -acl localhost src 127.0.0.1/32 -acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow localnet -http_access deny all +pid_filename /var/run/squid.pid +# logging +access_log syslog +cache_store_log none +cache_log /var/log/squid-cache.log +# security +cache_effective_user squid +cache_effective_group squid +# cache dir +cache_dir ufs /var/squid/cache 10M 16 256 +# allow all +http_access allow all diff --git a/package/squid/files/squid.init b/package/squid/files/squid.init new file mode 100644 index 000000000..5fd8e4c13 --- /dev/null +++ b/package/squid/files/squid.init @@ -0,0 +1,37 @@ +#!/bin/sh +#PKG squid +#INIT 70 + +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${squid:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + if [ ! -f /var/log/squid-cache.log ];then + touch /var/log/squid-cache.log + chown squid:squid /var/log/squid-cache.log + fi + if [ ! -d /var/squid/cache ];then + mkdir -p /var/squid/cache + chown squid:squid /var/squid/cache + squid -z + fi + squid + ;; +stop) + squid -k kill + ;; +restart) + sh $0 stop + sh $0 start + ;; + +*) + echo "usage: $0 {start | stop | restart}" + exit 1 +esac +exit $? diff --git a/package/squid/files/squid.postinst b/package/squid/files/squid.postinst new file mode 100644 index 000000000..6a08126c9 --- /dev/null +++ b/package/squid/files/squid.postinst @@ -0,0 +1,6 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +gid=$(get_next_gid) +add_user squid $(get_next_uid) $gid /var/squid/cache +add_group squid $gid +add_rcconf squid squid NO |