# HG changeset patch # User Carl Byington # Date 1206133352 25200 # Node ID d9ae11033b4b810249ac28b177ecfff32685cf31 # Parent 738d1f059183ecb04ff06fdcf68972939ae4508a Add default config to firewall systems that send bounces to non-existant accounts. Switch to Mercurial source control. Update spec file for fedora packaging. diff -r 738d1f059183 -r d9ae11033b4b ChangeLog --- a/ChangeLog Fri Mar 21 08:51:24 2008 +0000 +++ b/ChangeLog Fri Mar 21 14:02:32 2008 -0700 @@ -1,4 +1,7 @@ - $Id$ +1.9 2008-03-21 + Add default config to firewall systems that send bounces to + non-existant accounts. Switch to Mercurial source control. + Update spec file for fedora packaging. 1.8 2007-11-08 Allow sigterm/sigint to properly shutdown by removing all diff -r 738d1f059183 -r d9ae11033b4b Makefile.am --- a/Makefile.am Fri Mar 21 08:51:24 2008 +0000 +++ b/Makefile.am Fri Mar 21 14:02:32 2008 -0700 @@ -2,6 +2,8 @@ hackdir = $(sysconfdir) hack_SCRIPTS = syslog2iptables sysconf_DATA = syslog2iptables.conf +htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@ +html_DATA = AUTHORS COPYING ChangeLog NEWS README CLEANFILES = syslog2iptables xml/syslog2iptables xml/Makefile EXTRA_DIST = syslog2iptables.conf syslog2iptables.spec $(wildcard xml/h*) $(wildcard xml/M*) $(wildcard xml/s*) diff -r 738d1f059183 -r d9ae11033b4b NEWS --- a/NEWS Fri Mar 21 08:51:24 2008 +0000 +++ b/NEWS Fri Mar 21 14:02:32 2008 -0700 @@ -1,5 +1,4 @@ - $Id$ - +1.9 2008-03-21 Add default config for bounce floods; fedora packaging 1.8 2007-11-08 Allow shutdown to remove the iptables entries that we added. 1.7 2007-09-18 Add description in config file for each regular expression. 1.6 2007-09-09 GPL3. diff -r 738d1f059183 -r d9ae11033b4b README --- a/README Fri Mar 21 08:51:24 2008 +0000 +++ b/README Fri Mar 21 14:02:32 2008 -0700 @@ -1,5 +1,3 @@ - $Id$ - Try this: ./configure @@ -10,3 +8,12 @@ The last step sets up the linux runlevels for this package and starts the daemon. + + +Starting with a mercurial working directory, try this: + + make -f *cvs + ./configure >/dev/null + (cd xml; make; make distclean) + make distcheck + diff -r 738d1f059183 -r d9ae11033b4b configure.in --- a/configure.in Fri Mar 21 08:51:24 2008 +0000 +++ b/configure.in Fri Mar 21 14:02:32 2008 -0700 @@ -1,6 +1,6 @@ AC_PREREQ(2.59) -AC_INIT(syslog2iptables,1.8,carl@five-ten-sg.com) +AC_INIT(syslog2iptables,1.9,carl@five-ten-sg.com) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADER([config.h]) @@ -8,6 +8,9 @@ # Checks for programs. AC_PATH_PROGS(BASH, bash) +if test "x$BASH" = x ; then + AC_MSG_ERROR([bash required for init script]) +fi AC_PROG_CXX AC_PROG_CC AC_PROG_CPP diff -r 738d1f059183 -r d9ae11033b4b src/syslog2iptables.cpp --- a/src/syslog2iptables.cpp Fri Mar 21 08:51:24 2008 +0000 +++ b/src/syslog2iptables.cpp Fri Mar 21 14:02:32 2008 -0700 @@ -23,8 +23,6 @@ #include /* header for waitpid() and various macros */ #include /* header for signal functions */ -static char* syslog2iptables_version = "$Id$"; - extern "C" { void sigchld(int sig); void sigterm(int sig); diff -r 738d1f059183 -r d9ae11033b4b src/syslogconfig.cpp --- a/src/syslogconfig.cpp Fri Mar 21 08:51:24 2008 +0000 +++ b/src/syslogconfig.cpp Fri Mar 21 14:02:32 2008 -0700 @@ -14,8 +14,6 @@ #include #include -static char* syslogconfig_version = "$Id$"; - char *token_add; char *token_bucket; char *token_file; diff -r 738d1f059183 -r d9ae11033b4b src/tokenizer.cpp --- a/src/tokenizer.cpp Fri Mar 21 08:51:24 2008 +0000 +++ b/src/tokenizer.cpp Fri Mar 21 14:02:32 2008 -0700 @@ -8,8 +8,6 @@ #include "includes.h" -static char* tokenizer_version="$Id$"; - const int maxlen = 1000; // used for snprintf buffers enum state {s_init, diff -r 738d1f059183 -r d9ae11033b4b syslog2iptables.conf --- a/syslog2iptables.conf Fri Mar 21 08:51:24 2008 +0000 +++ b/syslog2iptables.conf Fri Mar 21 14:02:32 2008 -0700 @@ -29,16 +29,19 @@ }; file "/var/log/httpd/access_log" { + // of course you cannot use this if you actually use cgi-bin directories pattern "(.*) - - .* /cgi-bin" { index 1; // zero based bucket 400; message "apache cgi-bin reference"; }; + // or if you actually have an index2.php script pattern "(.*) - - .*/index2.php" { index 1; // zero based bucket 400; message "apache index2.php reference"; }; + // or if you have a main.php script pattern "(.*) - - .*/main.php" { index 1; // zero based bucket 400; @@ -52,6 +55,15 @@ bucket 200; message "sendmail spammer dropping connection"; }; + + // make sure your upstream MX servers are listed in the + // ignore block above, otherwise you will kill them off + // when they try to forward such mail to you. + pattern "sendmail.*from=<>,.*nrcpts=0,.*\[(.*)\]" { + index 1; // zero based + bucket 200; + message "sendmail rejected bounce"; + }; }; // file "/var/log/messages" { diff -r 738d1f059183 -r d9ae11033b4b syslog2iptables.rc.in --- a/syslog2iptables.rc.in Fri Mar 21 08:51:24 2008 +0000 +++ b/syslog2iptables.rc.in Fri Mar 21 14:02:32 2008 -0700 @@ -63,5 +63,3 @@ exit 1 esac exit $RETVAL - -# $Id$ diff -r 738d1f059183 -r d9ae11033b4b syslog2iptables.spec.in --- a/syslog2iptables.spec.in Fri Mar 21 08:51:24 2008 +0000 +++ b/syslog2iptables.spec.in Fri Mar 21 14:02:32 2008 -0700 @@ -3,14 +3,12 @@ Summary: Syslog to iptables dynamic firewall Name: @PACKAGE@ Version: @VERSION@ -Release: %{?custom_release}%{!?custom_release:1} -License: GPL +Release: 1%{?dist} +License: GPLv3+ Group: System Environment/Daemons -Source: http://www.five-ten-sg.com/@PACKAGE@/packages/@PACKAGE@-@VERSION@.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot -URL: http://www.five-ten-sg.com/@PACKAGE@/ -Vendor: 510 Software Group -Packager: 510 Software Group +Source: http://www.five-ten-sg.com/%{name}/packages/%{name}-%{version}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +URL: http://www.five-ten-sg.com/%{name}/ AutoReqProv: no Requires(post,preun): /sbin/chkconfig @@ -22,73 +20,61 @@ %description - -@PACKAGE@ is a simple adaptive firewall. It maintains the INPUT chain of the iptables firewall set based on syslog entries. +This is a simple adaptive firewall. It maintains the INPUT chain +of the iptables firewall set based on syslog entries. %prep - - -%setup - +%setup -q %build -./configure --prefix=%{_prefix} \ - --bindir=%{_bindir} --mandir=%{_mandir} \ - --localstatedir=%{localstatedir} --libdir=%{_libdir} \ - --datadir=%{_datadir} --includedir=%{_includedir} \ - --sysconfdir=%{_sysconfdir} -make +%configure +make %{?_smp_mflags} %install -if [ "$RPM_BUILD_ROOT" = "/" -o -z "$RPM_BUILD_ROOT" ] ; then - echo sorry, you probably do not want me to delete the old buildroot at $RPM_BUILD_ROOT - exit 1 -fi rm -rf $RPM_BUILD_ROOT -make prefix=$RPM_BUILD_ROOT%{_prefix} bindir=$RPM_BUILD_ROOT%{_bindir} \ - mandir=$RPM_BUILD_ROOT%{_mandir} libdir=$RPM_BUILD_ROOT%{_libdir} \ - localstatedir=$RPM_BUILD_ROOT%{localstatedir} \ - datadir=$RPM_BUILD_ROOT%{_datadir} \ - includedir=$RPM_BUILD_ROOT%{_includedir} \ - sysconfdir=$RPM_BUILD_ROOT%{_sysconfdir} install +make DESTDIR=$RPM_BUILD_ROOT install mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d -mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/@PACKAGE@-@VERSION@ -mv -f $RPM_BUILD_ROOT%{_sysconfdir}/@PACKAGE@ $RPM_BUILD_ROOT/etc/rc.d/init.d -mv AUTHORS COPYING ChangeLog NEWS README $RPM_BUILD_ROOT%{_datadir}/doc/@PACKAGE@-@VERSION@ +mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name} $RPM_BUILD_ROOT/etc/rc.d/init.d %clean +rm -rf $RPM_BUILD_ROOT %pre %post -/sbin/chkconfig --add @PACKAGE@ +/sbin/chkconfig --add %{name} %preun -[ $1 = 0 ] && /sbin/service @PACKAGE@ stop || : +[ $1 = 0 ] && /sbin/service %{name} stop || : %postun -[ $1 = 0 ] && /sbin/chkconfig --del @PACKAGE@ +[ $1 = 0 ] && /sbin/chkconfig --del %{name} %files -%defattr(-,root,root) +%defattr(-,root,root,-) %{_sbindir}/* -%doc %{_mandir}/* -%docdir %{_datadir}/doc/@PACKAGE@-@VERSION@ -%{_datadir}/doc/@PACKAGE@-@VERSION@ -%config(noreplace) %{_sysconfdir}/@PACKAGE@.conf -/etc/rc.d/init.d/@PACKAGE@ +%{_mandir}/man1/* +%{_mandir}/man5/* +%docdir %{_datadir}/doc/%{name}-%{version} +%{_datadir}/doc/%{name}-%{version} +%config(noreplace) %{_sysconfdir}/%{name}.conf +/etc/rc.d/init.d/%{name} + %changelog -* Thu Aug 30 2007 Carl Byington 1.5 +* Fri Mar 21 2008 Carl Byington - 1.9 +- changes for Fedora packaging guidelines + +* Thu Aug 30 2007 Carl Byington - 1.5 - Fix pre/post scripts -* Thu Dec 08 2005 Carl Byington 1.0 +* Thu Dec 08 2005 Carl Byington - 1.0 - initial revision based on dnsbl spec file - and http://www.fedora.us/docs/rpm-packaging-guidelines.html diff -r 738d1f059183 -r d9ae11033b4b xml/syslog2iptables.in --- a/xml/syslog2iptables.in Fri Mar 21 08:51:24 2008 +0000 +++ b/xml/syslog2iptables.in Fri Mar 21 14:02:32 2008 -0700 @@ -11,7 +11,7 @@ - 2007-11-08 + 2008-03-21 @@ -141,9 +141,9 @@ - CVS Version + Version - $Id$ + @VERSION@ @@ -151,7 +151,7 @@ - 2007-11-08 + 2008-03-21 @@ -270,9 +270,9 @@ - CVS Version + Version - $Id$ + @VERSION@