134 lines
6.9 KiB
Plaintext
134 lines
6.9 KiB
Plaintext
# Contributor: Alex Denes <caskd@redxen.eu>
|
|
# Maintainer: Alex Denes <caskd@redxen.eu>
|
|
|
|
. ../APKBUILD-config.template
|
|
|
|
pkgver=2021.06.09.01
|
|
pkgrel=0
|
|
source="
|
|
filter
|
|
mangle
|
|
nat
|
|
commit
|
|
|
|
base/10-base-any-filter-inval-drop
|
|
base/20-base-any-filter-lo
|
|
base/20-base-any-filter-eth1
|
|
base/25-base-v4-filter-icmp
|
|
base/25-base-v6-filter-icmp
|
|
base/90-base-any-filter-established
|
|
|
|
ipset/50-ipset-v4-filter
|
|
ipset/50-ipset-v6-filter
|
|
|
|
dovecot/60-dovecot-v4-filter-conntrack
|
|
dovecot/60-dovecot-v6-filter-conntrack
|
|
dovecot/70-dovecot-any-filter-services
|
|
|
|
postfix/60-postfix-v4-filter-conntrack
|
|
postfix/60-postfix-v6-filter-conntrack
|
|
postfix/70-postfix-any-filter-services
|
|
|
|
wireguard/60-wireguard-v4-nat-masquerade
|
|
wireguard/60-wireguard-v6-nat-masquerade
|
|
wireguard/70-wireguard-any-filter-port
|
|
wireguard/80-wireguard-any-filter-forward
|
|
|
|
murmur/70-murmur-any-filter-port
|
|
|
|
haproxy/60-haproxy-v4-filter-conntrack
|
|
haproxy/60-haproxy-v6-filter-conntrack
|
|
haproxy/70-haproxy-any-filter-port
|
|
|
|
unbound/70-unbound-any-filter-port
|
|
|
|
transmission/70-transmission-any-filter-port
|
|
|
|
openssh/40-openssh-any-filter-port
|
|
"
|
|
subpackages="
|
|
$pkgname-openssh
|
|
$pkgname-ipset:_module
|
|
$pkgname-dovecot:_module
|
|
$pkgname-postfix:_module
|
|
$pkgname-wireguard:_module
|
|
$pkgname-murmur:_module
|
|
$pkgname-haproxy:_module
|
|
$pkgname-unbound:_module
|
|
$pkgname-transmission:_module
|
|
"
|
|
depends="redxen-config-ipset" # This is now a hard dependency, would complicate things if i were to have it as a soft dependency in terms of package splitting
|
|
|
|
package() {
|
|
for i in filter mangle nat; do
|
|
for x in v4 v6; do
|
|
_rx_installdir="$_rx_installdir/$x" rx_install "$i"
|
|
mkdir -p "$(rx_cpkgdir)/$_rx_installdir/$x/$i-rules"
|
|
touch "$(rx_cpkgdir)/$_rx_installdir/$x/$i-rules/dummy" # Dummy file that contains nothing, in case if other rules don't exist
|
|
done
|
|
done
|
|
for x in v4 v6; do
|
|
_rx_installdir="$_rx_installdir/$x" rx_install "commit"
|
|
done
|
|
_rx_iptables_mod "base"
|
|
}
|
|
|
|
openssh() {
|
|
install_if="$pkgname openssh"
|
|
_rx_iptables_mod "${subpkgname##$pkgname-}"
|
|
}
|
|
|
|
_module() {
|
|
install_if="$pkgname redxen-config-${subpkgname##$pkgname-}"
|
|
_rx_iptables_mod "${subpkgname##$pkgname-}"
|
|
}
|
|
|
|
_rx_iptables_mod() {
|
|
for i in $source; do
|
|
if [ "${i%%/*}" = "$1" ]; then
|
|
sn="${i##*/}"
|
|
fam="$(echo $sn | cut -d- -f3)"
|
|
tab="$(echo $sn | cut -d- -f4)"
|
|
if [ "$fam" = "any" ]; then
|
|
for x in v4 v6; do
|
|
_rx_installdir="$_rx_installdir/$x/$tab-rules" rx_install "$sn"
|
|
done
|
|
else
|
|
_rx_installdir="$_rx_installdir/$fam/$tab-rules" rx_install "$sn"
|
|
fi
|
|
fi
|
|
done
|
|
}
|
|
|
|
sha512sums="
|
|
d3dcf53af7fb9cb9064c4d3ba794d3084c6376f6a758d88af223ce28bebed2d897c07ceae278e7204210719437e90455f8b45ee62decb2216d423e47e84a6300 filter
|
|
b449f492134b8b4cc1df61f0e6aaa4bfb6b60351688e18b0034d444fd6a680c02782611952f1bb5897c44de4d5d760e07cd98152689ecee18279df03b0ead9aa mangle
|
|
fa20fddf230071d762ee84da298482b183af49d7a9cf0f66f66c5efefc8d68154240d4a9d5ad32d2637aa49360c58111bbdebf8aba6fd60ec4c2f628602a8f80 nat
|
|
ece382e0a6389c46e9321a87a0494b2db4483ef992c935b034c24f053b8aa702aafc8a5835a501794d31329a147e9d0b15a8598473dca374980b970227db9c48 commit
|
|
2fef47f6df0951361047e239c1719b08539d3041813be8bc362aea4800e2ddab856ebbcfbc4aa3d5219adadd9d17845710203179117f702b585e13bc9c473f05 10-base-any-filter-inval-drop
|
|
f5a2eab77980fdff6ac81866a9d666da2e50962a3e0eb6d7d327a01aa5448905b6134108c77bcd8bc2cf28fa7954253f0743b4b05b441983df8de2f38926b98e 20-base-any-filter-lo
|
|
80de169f957660b54b4c6c925ef3caa3731630bb2e65724825af6da26174a864e6877549eb8641a149a9744b064534d8e68484d11e0d725cbf85d73e937a16c6 20-base-any-filter-eth1
|
|
9c96080d7b378dd43f858f54b8b2f772ad23cd777aa22a8d22eb64f29e696419315a9528c422de9fbcfc9d038d37da4a1ab138e156160d2e212e43e3cc851273 25-base-v4-filter-icmp
|
|
ff3bd322ced88f5dccc8679149bc2eab401835d4e7e389ab210c1eb723815db393135f64fc787a33d4441f87e3c0a45e33ba4abdbae778552116043dba1816be 25-base-v6-filter-icmp
|
|
008b4085ad6564ac7627389644891b707f6fa7b7c44b8c0526eb6c9093f7ef7ed891350b9497968052cc404c56af938a133a022ebbc1a0ccd292137a2284ac7d 90-base-any-filter-established
|
|
a690ab21d943e020219a4941fffe9388fa523e36d72ac9aa1d7cc0974828bafea68de3b55f6faf6f60693f2b5af60d50af3574fcf21a0379e6257f3a980f2a7e 50-ipset-v4-filter
|
|
9428b8aef2041a27d169ec5c901f0a3fd05b4d1a944d607691496f74c8cb4f52f87d1ff8b382c83ae69a2079f9b9e8f7bff75dbfef8d758966ddcbac8e6c1852 50-ipset-v6-filter
|
|
5e76bd9c8fd93a2778a13417dd5bb4c5a9bb1195a45f3059e962e89c5cbc162a8c5930ed6238606d616ec1ac3b1b08353f1c0d77b54fdd8b16e7f759992e3dfd 60-dovecot-v4-filter-conntrack
|
|
f6d0ae7d84222e374a06cc9b9847c25cc75402f361d9d55932d6d704b941fe919823fd0d939a197e18484e9b9f1b4c545b44258f9d281d675a778033d752e74d 60-dovecot-v6-filter-conntrack
|
|
66ba931f2cf26cdad2fd8497c4545d2a1b309a7ba2a8e9f6455c7c4ddc40558100f7675e7bb31595f42688d525881698f2686496f626ce7361ee9bc9a1c6cb67 70-dovecot-any-filter-services
|
|
4e3fcfec708b7bdefbc9a012371b10e9cd18ca4811caad807f46dc7affc3e24da1b667507d0392d233e36ea9e75c9da9feeca0345613983cfdfa50ac03c8b2ec 60-postfix-v4-filter-conntrack
|
|
d9f28582a905d610289a91ffa91a9ff82e26072a143b08539504a08d818ac0ee264fc3f5e257693f1e6aef710e8f9bfea27e68a11066e2b3fe2ed81414deb28b 60-postfix-v6-filter-conntrack
|
|
4b996d18ba997d6103e00b6f3c69f300764205cc2d1549909f832a0fd4b7ea05d59210d8b761c226cf5ba10ddc5f83141953ee3e8828e2e9044921f900357028 70-postfix-any-filter-services
|
|
0b9a8faa498823b619cbe00b9d21cee2484c1a1061741a17b2456d7dce30d415b4fb591cc9064e63c372963a4305e7295d1c62919b01ef0bb0a7e16f40e5c228 60-wireguard-v4-nat-masquerade
|
|
c0a8bbd3aad096ac8722aced6b24aa1e51d8fefc3b7e5a3218247c199b19ca0fa96c3e4b51f162cfbe836fcc50e20b0821c9babe1fe54b24a192da43c8596622 60-wireguard-v6-nat-masquerade
|
|
d83970e5c451ad42429ea097cb8bdd4ada7d58dc34c58720908bac3ca3bb2e58213da04055a2e9b88e380642d3b2f40b4395df9c23a8e2dfe25956cc09947e13 70-wireguard-any-filter-port
|
|
852d065f7d0500af4eb76bcb6505a4dce7c9cf1d215573ebb3242764f2247fb47f1665d68cb0b213055b6b1a2224e0d667b3d101caa7cda36f5f1ccac2a25850 80-wireguard-any-filter-forward
|
|
dc5bdd07e0a26f0f1c448c38fdd6c485ef5918868001ed159cb77f8fbb270d4af139beb5e1b3baae7fb168e7c6fa57d971fa3cc1a06ed0b11b7ce0f1fc4dcd29 70-murmur-any-filter-port
|
|
fe517b6a5a8cd875f1fda14ad2c6be21466efa831a7b6beb827e0036459f8184254dca048ce8897083d9b9173bf4a649a615ac953de3884134ebaca7f10e5b5c 60-haproxy-v4-filter-conntrack
|
|
14e01096a0916b459957f97aa4a5a90e4d1f9214de21f67271bfbebc6edd02592074803cd0df0c8802f65328da85d2cd8b1c7e7f6707018526285bd78afbc3ca 60-haproxy-v6-filter-conntrack
|
|
78c9007babe35b6f6696fec9f5b002184d45d373bfce8ea9ac02183f931f0f6fe3b704a6b4f6d39c56299b88baf063a7e88396eb95f202b203a2472514a876c0 70-haproxy-any-filter-port
|
|
228b67e5e8174191c1e6d7c5a4fa57d723936bb17ec21e290080f639d92e72c4d923c6df4726be6112215669e71c540f574b52f1b8197cd128629589ef285a34 70-unbound-any-filter-port
|
|
2e9fec439d8e752f4397c35278595208ffe63d50c028e00e85f9e2018f14c6a46c270476c302c1b175c3edc3a34f69900afcc0a857e2cd806c511950e0ca487a 70-transmission-any-filter-port
|
|
b4282360aa468f885fd2b38dadfecc4114ae4121b135cb41b1d164cc3a7a8a778e5ac5687366f71c26141358e7ea7c8ed36acc155ab71c5e7abc2fb5393573f4 40-openssh-any-filter-port
|
|
"
|