summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-firewall/ufw
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-firewall/ufw')
-rw-r--r--net-firewall/ufw/Manifest1
-rw-r--r--net-firewall/ufw/files/rsyslog/ufw.logrotate13
-rw-r--r--net-firewall/ufw/files/syslog-ng/syslog-ng.example13
-rw-r--r--net-firewall/ufw/files/syslog-ng/ufw.logrotate12
-rw-r--r--net-firewall/ufw/files/ufw-0.31.1-move-path.patch177
-rw-r--r--net-firewall/ufw/files/ufw-0.31.1-python-abis.patch42
-rw-r--r--net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch46
-rw-r--r--net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch17
-rw-r--r--net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch15
-rw-r--r--net-firewall/ufw/files/ufw-2.initd137
-rw-r--r--net-firewall/ufw/files/ufw.confd5
-rw-r--r--net-firewall/ufw/files/ufw.service15
-rw-r--r--net-firewall/ufw/metadata.xml18
-rw-r--r--net-firewall/ufw/ufw-0.34_pre805-r1.ebuild184
-rw-r--r--net-firewall/ufw/ufw-0.34_pre805-r2.ebuild186
15 files changed, 881 insertions, 0 deletions
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
new file mode 100644
index 000000000000..6380dd51df0b
--- /dev/null
+++ b/net-firewall/ufw/Manifest
@@ -0,0 +1 @@
+DIST ufw-0.34_pre805.tar.gz 335875 SHA256 a78693da04720f9f7eb463447b940eed18c3e2c20d3de336ebf9bf821dfdac2f SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263 WHIRLPOOL 5e5238925d928e883c9869b3b72a7a04ad18352ebbcb5fead9b14c7bb5225f1bbae613d9117ceb5e9d435e1ca1f1d0d033bbdf673896990eda5efcb7a7d04829
diff --git a/net-firewall/ufw/files/rsyslog/ufw.logrotate b/net-firewall/ufw/files/rsyslog/ufw.logrotate
new file mode 100644
index 000000000000..f88ca8265bea
--- /dev/null
+++ b/net-firewall/ufw/files/rsyslog/ufw.logrotate
@@ -0,0 +1,13 @@
+/var/log/ufw.log
+{
+ rotate 5
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /etc/init.d/rsyslog reload >/dev/null 2>&1 || true
+ endscript
+}
diff --git a/net-firewall/ufw/files/syslog-ng/syslog-ng.example b/net-firewall/ufw/files/syslog-ng/syslog-ng.example
new file mode 100644
index 000000000000..41f7ce39cef7
--- /dev/null
+++ b/net-firewall/ufw/files/syslog-ng/syslog-ng.example
@@ -0,0 +1,13 @@
+# This is an example rule for app-admin/syslog-ng to separate ufw logs
+# from /var/log/messages.
+# Place those lines before "log" entries in /etc/syslog-ng/syslog-ng.conf.
+
+filter f_ufw { match("\\[UFW " value("MESSAGE")); };
+destination ufwfile { file("/var/log/ufw.log"); };
+log {
+ source(src);
+ filter(f_ufw);
+ destination(ufwfile);
+ destination(console_all);
+ flags(final);
+};
diff --git a/net-firewall/ufw/files/syslog-ng/ufw.logrotate b/net-firewall/ufw/files/syslog-ng/ufw.logrotate
new file mode 100644
index 000000000000..5080aa1bfa38
--- /dev/null
+++ b/net-firewall/ufw/files/syslog-ng/ufw.logrotate
@@ -0,0 +1,12 @@
+# logrotate snippet for ufw
+# requires app-admin/syslog-ng
+# copy the file into /etc/logrotate.d
+/var/log/ufw.log {
+ missingok
+ rotate 5
+ notifempty
+ sharedscripts
+ postrotate
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+ endscript
+}
diff --git a/net-firewall/ufw/files/ufw-0.31.1-move-path.patch b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch
new file mode 100644
index 000000000000..24d00ea68ccd
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.31.1-move-path.patch
@@ -0,0 +1,177 @@
+diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8
+--- ufw-0.31.orig/doc/ufw-framework.8 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/doc/ufw-framework.8 2012-03-12 16:55:50.680992962 +0100
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before[6].rules
+@@ -41,7 +41,7 @@
+
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. It supports the following arguments:
+ .TP
+diff -Naur ufw-0.31.orig/README ufw-0.31/README
+--- ufw-0.31.orig/README 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/README 2012-03-12 16:55:50.681993089 +0100
+@@ -58,7 +58,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example. Consult
+@@ -72,9 +72,9 @@
+ /etc/defaults/ufw high level configuration
+ /etc/ufw/before[6].rules rules evaluated before UI added rules
+ /etc/ufw/after[6].rules rules evaluated after UI added rules
+-/lib/ufw/user[6].rules UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf kernel network tunables
+-/lib/ufw/ufw-init start script
++/usr/share/ufw/ufw-init start script
+
+
+ Usage
+@@ -149,7 +149,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -247,7 +247,7 @@
+
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -290,7 +290,7 @@
+
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py
+--- ufw-0.31.orig/setup.py 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/setup.py 2012-03-12 16:55:50.682993216 +0100
+@@ -54,7 +54,8 @@
+ return
+
+ real_confdir = os.path.join('/etc')
+- real_statedir = os.path.join('/lib', 'ufw')
++ # real_statedir = os.path.join('/lib', 'ufw')
++ real_statedir = os.path.join('/etc', 'ufw', 'user')
+ real_prefix = self.prefix
+ if self.home != None:
+ real_confdir = self.home + real_confdir
+@@ -116,7 +117,7 @@
+ self.copy_file('doc/ufw.8', manpage)
+ self.copy_file('doc/ufw-framework.8', manpage_f)
+
+- # Install state files and helper scripts
++ # Install state files
+ statedir = real_statedir
+ if self.root != None:
+ statedir = self.root + real_statedir
+@@ -127,8 +128,14 @@
+ self.copy_file('conf/user.rules', user_rules)
+ self.copy_file('conf/user6.rules', user6_rules)
+
+- init_helper = os.path.join(statedir, 'ufw-init')
+- init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++ # Install helper scripts
++ sharedir = real_sharedir
++ if self.root != None:
++ sharedir = self.root + real_sharedir
++ self.mkpath(sharedir)
++
++ init_helper = os.path.join(sharedir, 'ufw-init')
++ init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+ self.copy_file('src/ufw-init', init_helper)
+ self.copy_file('src/ufw-init-functions', init_helper_functions)
+
+@@ -199,13 +206,18 @@
+
+ subprocess.call(["sed",
+ "-i",
++ "s%#SHARE_DIR#%" + real_sharedir + "%g",
++ file])
++
++ subprocess.call(["sed",
++ "-i",
+ "s%#VERSION#%" + ufw_version + "%g",
+ file])
+
+ # Install pristine copies of rules files
+- sharedir = real_sharedir
+- if self.root != None:
+- sharedir = self.root + real_sharedir
++ #sharedir = real_sharedir
++ #if self.root != None:
++ # sharedir = self.root + real_sharedir
+ rulesdir = os.path.join(sharedir, 'iptables')
+ self.mkpath(rulesdir)
+ for file in [ before_rules, after_rules, \
+diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py
+--- ufw-0.31.orig/src/backend_iptables.py 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/src/backend_iptables.py 2012-03-12 16:58:36.879115890 +0100
+@@ -22,7 +22,7 @@
+ import sys
+ import time
+
+-from ufw.common import UFWError, UFWRule, config_dir, state_dir
++from ufw.common import UFWError, UFWRule, config_dir, state_dir, share_dir
+ from ufw.util import warn, debug, msg, cmd, cmd_pipe
+ import ufw.backend
+
+@@ -40,7 +40,7 @@
+ files['rules6'] = os.path.join(state_dir, 'user6.rules')
+ files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+ files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+- files['init'] = os.path.join(state_dir, 'ufw-init')
++ files['init'] = os.path.join(share_dir, 'ufw-init')
+
+ ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
+
+diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init
+--- ufw-0.31.orig/src/ufw-init 2012-03-10 00:07:11.000000000 +0100
++++ ufw-0.31/src/ufw-init 2012-03-12 16:55:50.687993851 +0100
+@@ -18,8 +18,8 @@
+ #
+ set -e
+
+-if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then
+- . "#STATE_PREFIX#/ufw-init-functions"
++if [ -s "#SHARE_DIR#/ufw-init-functions" ]; then
++ . "#SHARE_DIR#/ufw-init-functions"
+ else
+ echo "Could not find $s (aborting)"
+ exit 1
+@@ -56,7 +56,7 @@
+ flush_builtins || exit "$?"
+ ;;
+ *)
+- echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++ echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+ exit 1
+ ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch b/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch
new file mode 100644
index 000000000000..2c04284ad50c
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.31.1-python-abis.patch
@@ -0,0 +1,42 @@
+This patch fixes issues during package build with ebuild supporting
+installation for Python versions: sed substitutions in common.py and location
+of ufw script in Python ABIs which have prefix different than /usr.
+Also makes .mo files not to be installed in wrong paths.
+
+More info about the first issue:
+with support for multiple Python versions in the ebuild, seems the
+file isn't copied from staging/ to build-*/lib/ufw/ after being
+modified. That's why the copy needs to be done "manually" here.
+The issue occurs with "setup.py build -b build-XXX" followed by
+"setup.py build -b build-XXX install".
+
+probably related: https://bugs.launchpad.net/ufw/+bug/819600
+--- setup.py
++++ setup.py
+@@ -90,6 +90,8 @@
+ "-i",
+ "s%#SHARE_DIR#%" + real_sharedir + "%g",
+ os.path.join('staging', file)])
++ self.copy_file(os.path.join('staging', file),
++ os.path.join(self.build_base, "lib", "ufw"))
+
+ # Now byte-compile everything
+ super(Install, self).run()
+@@ -99,7 +101,8 @@
+ if self.root != None:
+ prefix = self.root + real_prefix
+
+- script = os.path.join(prefix, 'sbin', 'ufw')
++ # PyPy (and Jython?) has different prefix. Without the change the binary would end up in a wrong path.
++ script = os.path.join(self.root, 'usr', 'sbin', 'ufw')
+ manpage = os.path.join(prefix, 'share', 'man', 'man8', 'ufw.8')
+ manpage_f = os.path.join(prefix, 'share', 'man', 'man8', \
+ 'ufw-framework.8')
+@@ -147,7 +150,6 @@
+ self.mkpath(i18ndir)
+ if len(os.listdir('locales/mo')) == 0:
+ subprocess.call(["make", "mo"])
+- self.copy_tree('locales/mo', i18ndir)
+
+ # Install configuration files
+ confdir = real_confdir
diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
new file mode 100644
index 000000000000..b7eae3595cb5
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
@@ -0,0 +1,46 @@
+diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py
+--- ufw-0.32/setup.py 2012-07-06 17:46:29.000000000 +0200
++++ ufw-0.32.new/setup.py 2012-07-30 15:28:31.874547818 +0200
+@@ -225,41 +225,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+- for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
+- '/usr/local/bin']:
+- if e == "iptables":
+- if os.path.exists(os.path.join(dir, e)):
+- iptables_dir = dir
+- iptables_exe = os.path.join(iptables_dir, "iptables")
+- print("Found '%s'" % iptables_exe)
+- else:
+- continue
+-
+- if iptables_exe != "":
+- break
+-
+-
+-if iptables_exe == '':
+- print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+- sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+- if not os.path.exists(os.path.join(iptables_dir, e)):
+- print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
+- sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+- raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+- (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', str(out))[1])
+-print("Found '%s' version '%s'" % (iptables_exe, version))
+-if version < "1.4":
+- print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
++iptables_dir = '/sbin'
+
+ setup (name='ufw',
+ version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch
new file mode 100644
index 000000000000..dc922435de10
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.34_pre805-bash-completion.patch
@@ -0,0 +1,17 @@
+--- shell-completion/bash
++++ shell-completion/bash
+@@ -52,7 +52,6 @@
+ echo "numbered verbose"
+ }
+
+-have ufw &&
+ _ufw()
+ {
+ cur=${COMP_WORDS[COMP_CWORD]}
+@@ -83,5 +82,5 @@
+ fi
+ }
+
+-[ "$have" ] && complete -F _ufw ufw
++complete -F _ufw ufw
+
diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
new file mode 100644
index 000000000000..991f4c826ece
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
@@ -0,0 +1,15 @@
+--- a/setup.py
++++ b/setup.py
+@@ -107,12 +107,6 @@ class Install(_install, object):
+ for f in [ script, manpage, manpage_f ]:
+ self.mkpath(os.path.dirname(f))
+
+- # update the interpreter to that of the one the user specified for setup
+- print("Updating staging/ufw to use %s" % (sys.executable))
+- subprocess.call(["sed",
+- "-i",
+- "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+- 'staging/ufw'])
+ self.copy_file('staging/ufw', script)
+ self.copy_file('doc/ufw.8', manpage)
+ self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/files/ufw-2.initd b/net-firewall/ufw/files/ufw-2.initd
new file mode 100644
index 000000000000..f8f03fa2ffcc
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-2.initd
@@ -0,0 +1,137 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+depend() {
+ before net
+ provide firewall
+}
+
+start() {
+ ebegin "Starting ufw"
+ _source_file || { eend $?; return $?; }
+
+ local enabled_in_cfg ret
+ _check_if_enabled_in_cfg
+ enabled_in_cfg=$?
+
+ # Avoid "Firewall already started, use 'force-reload'" message that
+ # appears if `ufw enable' had been run before start().
+ if _status_quiet; then
+ eend 0
+ return
+ fi
+
+ # The ufw_start function does the same: if ufw is disabled using `ufw disable',
+ # ufw_start would not start ufw and return 0, so let's handle this case.
+ case $enabled_in_cfg in
+ 0)
+ ufw_start
+ ret=$?
+ eend $ret "Failed to start ufw."
+ ;;
+ 1)
+ # see /etc/conf.d/<name>
+ if [ "${ufw_nonfatal_if_disabled:-no}" != "yes" ]; then
+ ret=1
+ eend $ret "Not starting firewall (not enabled), use \"ufw enable\" first."
+ else
+ ret=0
+ eend 0
+ fi
+ ;;
+ 2)
+ ret=1
+ eend $ret "Failed to start ufw."
+ ;;
+ esac
+
+ return $ret
+}
+
+stop() {
+ ebegin "Stopping ufw"
+ _source_file || { eend $?; return $?; }
+ local enabled_in_cfg ret
+ _check_if_enabled_in_cfg
+ enabled_in_cfg=$?
+
+ # Same as above (unless --force is passed to ufw_stop).
+ case $enabled_in_cfg in
+ 0)
+ ufw_stop
+ ret=$?
+ ;;
+ 1)
+ einfo "INFO: ufw is configured to be disabled"
+ ufw_stop --force
+ ret=$?
+ ;;
+ 2)
+ ret=1
+ ;;
+ esac
+
+ eend $ret "Failed to stop ufw."
+ return $ret
+}
+
+_status_quiet() {
+ # return values: 0 - started, 1 - stopped, 2 - error
+ # Does not execute _source_file.
+ local ret
+ ufw_status > /dev/null
+ ret=$?
+ # Return values for ufw_status come from /usr/share/ufw/ufw-init-functions.
+ case $ret in
+ 0) return 0 ;;
+ 3) return 1 ;;
+ *) return 2 ;;
+ esac
+}
+
+_source_file() {
+ local sourced_f="/usr/share/ufw/ufw-init-functions"
+ if [ ! -f "$sourced_f" ]; then
+ eerror "Cannot find file $sourced_f!"
+ return 1
+ fi
+
+ local _path=$PATH
+ if ! . "$sourced_f"; then
+ # PATH can be broken here, fix it...
+ PATH=$_path
+ eerror "Error sourcing file $sourced_f"
+ return 1
+ fi
+
+ if [ -z "$PATH" ]; then
+ PATH=$_path
+ else
+ PATH="${PATH}:${_path}"
+ fi
+ return 0
+}
+
+_check_if_enabled_in_cfg() {
+ # Check if user has enabled the firewall with "ufw enable".
+ # Return 0 if firewall enabled in configuration file, 1 otherwise, 2 on error.
+
+ local sourced_f="/etc/ufw/ufw.conf"
+ if [ ! -f "$sourced_f" ]; then
+ eerror "Cannot find file $sourced_f!"
+ return 2
+ fi
+
+ if ! . "$sourced_f"; then
+ eerror "Error sourcing file $sourced_f"
+ return 2
+ fi
+
+ if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
diff --git a/net-firewall/ufw/files/ufw.confd b/net-firewall/ufw/files/ufw.confd
new file mode 100644
index 000000000000..900d3bf67bd4
--- /dev/null
+++ b/net-firewall/ufw/files/ufw.confd
@@ -0,0 +1,5 @@
+# If equals to "yes", warnings that firewall is disabled
+# (using `ufw disable') will be suppressed and the service
+# will be considered started.
+# Default if unset or another value is "no".
+ufw_nonfatal_if_disabled=no
diff --git a/net-firewall/ufw/files/ufw.service b/net-firewall/ufw/files/ufw.service
new file mode 100644
index 000000000000..9d6972036a05
--- /dev/null
+++ b/net-firewall/ufw/files/ufw.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Uncomplicated Firewall
+DefaultDependencies=no
+Before=network.target sysinit.target
+After=systemd-sysctl.service
+ConditionPathExists=|/etc/ufw/ufw.conf
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/share/ufw/ufw-init start
+ExecStop=/usr/share/ufw/ufw-init stop
+
+[Install]
+WantedBy=multi-user.target \ No newline at end of file
diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
new file mode 100644
index 000000000000..afc7f7197388
--- /dev/null
+++ b/net-firewall/ufw/metadata.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>proxy-maintainers</herd>
+ <maintainer>
+ <email>slawomir.nizio@sabayon.org</email>
+ <name>Sławomir Nizio</name>
+ </maintainer>
+ <longdescription lang="en">
+ The Uncomplicated Firewall (ufw) is a frontend for iptables and is
+ particularly well-suited for host-based firewalls. It provides a framework
+ for managing netfilter, as well as an easy to use command-line interface for
+ manipulating the firewall.
+</longdescription>
+ <upstream>
+ <remote-id type="launchpad">ufw</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild
new file mode 100644
index 000000000000..865dbdb5a07e
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.34_pre805-r1.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 eutils linux-info distutils-r1 systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="http://launchpad.net/ufw"
+SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="examples ipv6"
+
+DEPEND="sys-devel/gettext"
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+ !<kde-misc/kcm-ufw-0.4.2
+ !<net-firewall/ufw-frontends-0.3.2
+"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+ # Remove unnecessary build time dependency on net-firewall/iptables.
+ "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
+ # Move files away from /lib/ufw.
+ "${FILESDIR}"/${PN}-0.31.1-move-path.patch
+ # Remove shebang modification.
+ "${FILESDIR}"/${P}-shebang.patch
+)
+
+pkg_pretend() {
+ local CONFIG_CHECK="~PROC_FS
+ ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+ ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+ ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+ if kernel_is -ge 2 6 39; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+ else
+ CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+ fi
+
+ # https://bugs.launchpad.net/ufw/+bug/1076050
+ if kernel_is -ge 3 4; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+ else
+ CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+ fi
+
+ CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+ check_extra_config
+
+ # Check for default, useful optional features.
+ if ! linux_config_exists; then
+ ewarn "Cannot determine configuration of your kernel."
+ return
+ fi
+
+ local nf_nat_ftp_ok="yes"
+ local nf_conntrack_ftp_ok="yes"
+ local nf_conntrack_netbios_ns_ok="yes"
+
+ linux_chkconfig_present \
+ NF_NAT_FTP || nf_nat_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+ # This is better than an essay for each unset option...
+ if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
+ || [[ ${nf_conntrack_netbios_ns_ok} = no ]]
+ then
+ echo
+ local mod_msg="Kernel options listed below are not set. They are not"
+ mod_msg+=" mandatory, but they are often useful."
+ mod_msg+=" If you don't need some of them, please remove relevant"
+ mod_msg+=" module name(s) from IPT_MODULES in"
+ mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+ mod_msg+=" Otherwise ufw may fail to start!"
+ ewarn "${mod_msg}"
+ if [[ ${nf_nat_ftp_ok} = no ]]; then
+ ewarn "NF_NAT_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_ftp_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+ fi
+ fi
+}
+
+python_prepare_all() {
+ # Set as enabled by default. User can enable or disable
+ # the service by adding or removing it to/from a runlevel.
+ sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+ || die "sed failed (ufw.conf)"
+
+ sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+ # If LINGUAS is set install selected translations only.
+ if [[ -n ${LINGUAS+set} ]]; then
+ _EMPTY_LOCALE_LIST="yes"
+ pushd locales/po > /dev/null || die
+
+ local lang
+ for lang in *.po; do
+ if ! has "${lang%.po}" ${LINGUAS}; then
+ rm "${lang}" || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+ done
+
+ popd > /dev/null || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+
+ distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+ newconfd "${FILESDIR}"/ufw.confd ufw
+ newinitd "${FILESDIR}"/ufw-2.initd ufw
+ systemd_dounit "${FILESDIR}/ufw.service"
+
+ exeinto /usr/share/${PN}
+ doexe tests/check-requirements
+
+ # users normally would want it
+ insinto /usr/share/doc/${PF}/logging/syslog-ng
+ doins "${FILESDIR}"/syslog-ng/*
+
+ insinto /usr/share/doc/${PF}/logging/rsyslog
+ doins "${FILESDIR}"/rsyslog/*
+ doins doc/rsyslog.example
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins examples/*
+ fi
+ newbashcomp shell-completion/bash ${PN}
+
+ [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
+
+ distutils-r1_python_install_all
+ python_replicate_script "${D}usr/sbin/ufw"
+}
+
+pkg_postinst() {
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ echo
+ elog "To enable ufw, add it to boot sequence and activate it:"
+ elog "-- # rc-update add ufw boot"
+ elog "-- # /etc/init.d/ufw start"
+ echo
+ elog "If you want to keep ufw logs in a separate file, take a look at"
+ elog "/usr/share/doc/${PF}/logging."
+ fi
+ if [[ -z ${REPLACING_VERSIONS} ]] \
+ || [[ ${REPLACING_VERSIONS} < 0.34 ]];
+ then
+ echo
+ elog "/usr/share/ufw/check-requirements script is installed."
+ elog "It is useful for debugging problems with ufw. However one"
+ elog "should keep in mind that the script assumes IPv6 is enabled"
+ elog "on kernel and net-firewall/iptables, and fails when it's not."
+ fi
+ echo
+ ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+ ewarn "default. See README, Remote Management section for more information."
+}
diff --git a/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild
new file mode 100644
index 000000000000..2d694f6e1b12
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.34_pre805-r2.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 eutils linux-info distutils-r1 systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="http://launchpad.net/ufw"
+SRC_URI="mirror://sabayon/${CATEGORY}/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 ia64 ppc ppc64 sparc ~x86"
+IUSE="examples ipv6"
+
+DEPEND="sys-devel/gettext"
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+ !<kde-misc/kcm-ufw-0.4.2
+ !<net-firewall/ufw-frontends-0.3.2
+"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+ # Remove unnecessary build time dependency on net-firewall/iptables.
+ "${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
+ # Move files away from /lib/ufw.
+ "${FILESDIR}"/${PN}-0.31.1-move-path.patch
+ # Remove shebang modification.
+ "${FILESDIR}"/${P}-shebang.patch
+ # Fix bash completions, bug #526300
+ "${FILESDIR}"/${P}-bash-completion.patch
+)
+
+pkg_pretend() {
+ local CONFIG_CHECK="~PROC_FS
+ ~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+ ~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+ ~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+ if kernel_is -ge 2 6 39; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+ else
+ CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+ fi
+
+ # https://bugs.launchpad.net/ufw/+bug/1076050
+ if kernel_is -ge 3 4; then
+ CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+ else
+ CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+ fi
+
+ CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+ use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+ check_extra_config
+
+ # Check for default, useful optional features.
+ if ! linux_config_exists; then
+ ewarn "Cannot determine configuration of your kernel."
+ return
+ fi
+
+ local nf_nat_ftp_ok="yes"
+ local nf_conntrack_ftp_ok="yes"
+ local nf_conntrack_netbios_ns_ok="yes"
+
+ linux_chkconfig_present \
+ NF_NAT_FTP || nf_nat_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+ linux_chkconfig_present \
+ NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+ # This is better than an essay for each unset option...
+ if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
+ || [[ ${nf_conntrack_netbios_ns_ok} = no ]]
+ then
+ echo
+ local mod_msg="Kernel options listed below are not set. They are not"
+ mod_msg+=" mandatory, but they are often useful."
+ mod_msg+=" If you don't need some of them, please remove relevant"
+ mod_msg+=" module name(s) from IPT_MODULES in"
+ mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+ mod_msg+=" Otherwise ufw may fail to start!"
+ ewarn "${mod_msg}"
+ if [[ ${nf_nat_ftp_ok} = no ]]; then
+ ewarn "NF_NAT_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_ftp_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+ fi
+ if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
+ ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+ fi
+ fi
+}
+
+python_prepare_all() {
+ # Set as enabled by default. User can enable or disable
+ # the service by adding or removing it to/from a runlevel.
+ sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+ || die "sed failed (ufw.conf)"
+
+ sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+ # If LINGUAS is set install selected translations only.
+ if [[ -n ${LINGUAS+set} ]]; then
+ _EMPTY_LOCALE_LIST="yes"
+ pushd locales/po > /dev/null || die
+
+ local lang
+ for lang in *.po; do
+ if ! has "${lang%.po}" ${LINGUAS}; then
+ rm "${lang}" || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+ done
+
+ popd > /dev/null || die
+ else
+ _EMPTY_LOCALE_LIST="no"
+ fi
+
+ distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+ newconfd "${FILESDIR}"/ufw.confd ufw
+ newinitd "${FILESDIR}"/ufw-2.initd ufw
+ systemd_dounit "${FILESDIR}/ufw.service"
+
+ exeinto /usr/share/${PN}
+ doexe tests/check-requirements
+
+ # users normally would want it
+ insinto /usr/share/doc/${PF}/logging/syslog-ng
+ doins "${FILESDIR}"/syslog-ng/*
+
+ insinto /usr/share/doc/${PF}/logging/rsyslog
+ doins "${FILESDIR}"/rsyslog/*
+ doins doc/rsyslog.example
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins examples/*
+ fi
+ newbashcomp shell-completion/bash ${PN}
+
+ [[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
+
+ distutils-r1_python_install_all
+ python_replicate_script "${D}usr/sbin/ufw"
+}
+
+pkg_postinst() {
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ echo
+ elog "To enable ufw, add it to boot sequence and activate it:"
+ elog "-- # rc-update add ufw boot"
+ elog "-- # /etc/init.d/ufw start"
+ echo
+ elog "If you want to keep ufw logs in a separate file, take a look at"
+ elog "/usr/share/doc/${PF}/logging."
+ fi
+ if [[ -z ${REPLACING_VERSIONS} ]] \
+ || [[ ${REPLACING_VERSIONS} < 0.34 ]];
+ then
+ echo
+ elog "/usr/share/ufw/check-requirements script is installed."
+ elog "It is useful for debugging problems with ufw. However one"
+ elog "should keep in mind that the script assumes IPv6 is enabled"
+ elog "on kernel and net-firewall/iptables, and fails when it's not."
+ fi
+ echo
+ ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+ ewarn "default. See README, Remote Management section for more information."
+}