jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ufw: use ufw-init, apply patches from master (resolves #2380)

Browse source
This commit is contained in:
Cameron Nemo 2018-09-04 23:14:55 -07:00 committed by Enno Boland
parent 58cd018959
commit 518198bfed
5 changed files with 39 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
srcpkgs/ufw/files/ufw/finish
View file

@ -1,3 +1,3 @@
#!/bin/sh
set -e
exec ufw disable > /dev/null 2>&1
exec /usr/lib/ufw/ufw-init stop

2
srcpkgs/ufw/files/ufw/run
View file

@ -1,4 +1,4 @@
#!/bin/sh
set -e
ufw enable > /dev/null 2>&1
/usr/lib/ufw/ufw-init start quiet
exec chpst -b ufw pause

15
srcpkgs/ufw/patches/0001-use-default-tcp-syncookies.patch Normal file
View file

@ -0,0 +1,15 @@
Origin: r972
Description: don't override distribution defaults for TCP syncookies
Index: ufw-0.35/conf/sysctl.conf
===================================================================
--- ufw-0.35.orig/conf/sysctl.conf
+++ ufw-0.35/conf/sysctl.conf
@@ -39,7 +39,7 @@ net/ipv4/conf/all/log_martians=0
# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
# (http://lkml.org/lkml/2008/2/5/167)
-net/ipv4/tcp_syncookies=0
+#net/ipv4/tcp_syncookies=1
#net/ipv4/tcp_fin_timeout=30
#net/ipv4/tcp_keepalive_intvl=1800

19
srcpkgs/ufw/patches/0002-lp1633698.patch Normal file
View file

@ -0,0 +1,19 @@
Origin: r962
Description: adjust ufw6-before-output rules for echo-reply and echo-request
Bug-Ubuntu: https://launchpad.net/bugs/1633698
Index: ufw-0.35/conf/before6.rules
===================================================================
--- ufw-0.35.orig/conf/before6.rules
+++ ufw-0.35/conf/before6.rules
@@ -77,8 +77,8 @@
-A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
--A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
--A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT

5
srcpkgs/ufw/template
View file

@ -1,7 +1,7 @@
# Template file for 'ufw'
pkgname=ufw
version=0.35
revision=5
revision=6
hostmakedepends="python iptables"
depends="$hostmakedepends"
noarch=yes
@ -9,9 +9,10 @@ pycompile_module="ufw"
short_desc="Uncomplicated Firewall"
maintainer="Juan RP <xtraeme@voidlinux.eu>"
homepage="https://launchpad.net/ufw"
license="GPL-3"
license="GPL-3.0-only"
distfiles="http://launchpad.net/ufw/${version}/${version}/+download/ufw-${version}.tar.gz"
checksum=662f865bc83bf8aa1a40a6fe578bc2ce796ff60a1be2c1103def7db1b91f8509
patch_args="-p1"
conf_files="
/etc/ufw/after.init
/etc/ufw/after.rules