changeset 42:d9ae11033b4b stable-1-9

Add default config to firewall systems that send bounces to non-existant accounts. Switch to Mercurial source control. Update spec file for fedora packaging.
author Carl Byington <carl@five-ten-sg.com>
date Fri, 21 Mar 2008 14:02:32 -0700
parents 738d1f059183
children f7e118192ee6
files ChangeLog Makefile.am NEWS README configure.in src/syslog2iptables.cpp src/syslogconfig.cpp src/tokenizer.cpp syslog2iptables.conf syslog2iptables.rc.in syslog2iptables.spec.in xml/syslog2iptables.in
diffstat 12 files changed, 67 insertions(+), 63 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Mar 21 08:51:24 2008 +0000
+++ b/ChangeLog	Fri Mar 21 14:02:32 2008 -0700
@@ -1,4 +1,7 @@
-    $Id$
+1.9 2008-03-21
+    Add default config to firewall systems that send bounces to
+    non-existant accounts. Switch to Mercurial source control.
+    Update spec file for fedora packaging.
 
 1.8 2007-11-08
     Allow sigterm/sigint to properly shutdown by removing all
--- a/Makefile.am	Fri Mar 21 08:51:24 2008 +0000
+++ b/Makefile.am	Fri Mar 21 14:02:32 2008 -0700
@@ -2,6 +2,8 @@
 hackdir = $(sysconfdir)
 hack_SCRIPTS = syslog2iptables
 sysconf_DATA = syslog2iptables.conf
+htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@
+html_DATA = AUTHORS COPYING ChangeLog NEWS README
 CLEANFILES = syslog2iptables xml/syslog2iptables xml/Makefile
 EXTRA_DIST = syslog2iptables.conf syslog2iptables.spec $(wildcard xml/h*) $(wildcard xml/M*) $(wildcard xml/s*)
 
--- a/NEWS	Fri Mar 21 08:51:24 2008 +0000
+++ b/NEWS	Fri Mar 21 14:02:32 2008 -0700
@@ -1,5 +1,4 @@
-    $Id$
-
+1.9 2008-03-21 Add default config for bounce floods; fedora packaging
 1.8 2007-11-08 Allow shutdown to remove the iptables entries that we added.
 1.7 2007-09-18 Add description in config file for each regular expression.
 1.6 2007-09-09 GPL3.
--- a/README	Fri Mar 21 08:51:24 2008 +0000
+++ b/README	Fri Mar 21 14:02:32 2008 -0700
@@ -1,5 +1,3 @@
-    $Id$
-
 Try this:
 
     ./configure
@@ -10,3 +8,12 @@
 
 The last step sets up the linux runlevels for this package and starts
 the daemon.
+
+
+Starting with a mercurial working directory, try this:
+
+    make -f *cvs
+    ./configure >/dev/null
+    (cd xml; make; make distclean)
+    make distcheck
+
--- a/configure.in	Fri Mar 21 08:51:24 2008 +0000
+++ b/configure.in	Fri Mar 21 14:02:32 2008 -0700
@@ -1,6 +1,6 @@
 
 AC_PREREQ(2.59)
-AC_INIT(syslog2iptables,1.8,carl@five-ten-sg.com)
+AC_INIT(syslog2iptables,1.9,carl@five-ten-sg.com)
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADER([config.h])
 
@@ -8,6 +8,9 @@
 
 # Checks for programs.
 AC_PATH_PROGS(BASH, bash)
+if test "x$BASH" = x ; then
+    AC_MSG_ERROR([bash required for init script])
+fi
 AC_PROG_CXX
 AC_PROG_CC
 AC_PROG_CPP
--- a/src/syslog2iptables.cpp	Fri Mar 21 08:51:24 2008 +0000
+++ b/src/syslog2iptables.cpp	Fri Mar 21 14:02:32 2008 -0700
@@ -23,8 +23,6 @@
 #include <sys/wait.h>   /* header for waitpid() and various macros */
 #include <signal.h>     /* header for signal functions */
 
-static char* syslog2iptables_version = "$Id$";
-
 extern "C" {
     void sigchld(int sig);
     void sigterm(int sig);
--- a/src/syslogconfig.cpp	Fri Mar 21 08:51:24 2008 +0000
+++ b/src/syslogconfig.cpp	Fri Mar 21 14:02:32 2008 -0700
@@ -14,8 +14,6 @@
 #include <netdb.h>
 #include <limits.h>
 
-static char* syslogconfig_version = "$Id$";
-
 char *token_add;
 char *token_bucket;
 char *token_file;
--- a/src/tokenizer.cpp	Fri Mar 21 08:51:24 2008 +0000
+++ b/src/tokenizer.cpp	Fri Mar 21 14:02:32 2008 -0700
@@ -8,8 +8,6 @@
 
 #include "includes.h"
 
-static char* tokenizer_version="$Id$";
-
 const int maxlen = 1000;	// used for snprintf buffers
 
 enum state {s_init,
--- a/syslog2iptables.conf	Fri Mar 21 08:51:24 2008 +0000
+++ b/syslog2iptables.conf	Fri Mar 21 14:02:32 2008 -0700
@@ -29,16 +29,19 @@
 };
 
 file "/var/log/httpd/access_log" {
+    // of course you cannot use this if you actually use cgi-bin directories
     pattern "(.*) - - .* /cgi-bin" {
         index 1;    // zero based
         bucket 400;
         message "apache cgi-bin reference";
     };
+    // or if you actually have an index2.php script
     pattern "(.*) - - .*/index2.php" {
         index 1;    // zero based
         bucket 400;
         message "apache index2.php reference";
     };
+    // or if you have a main.php script
     pattern "(.*) - - .*/main.php" {
         index 1;    // zero based
         bucket 400;
@@ -52,6 +55,15 @@
         bucket 200;
         message "sendmail spammer dropping connection";
     };
+
+    // make sure your upstream MX servers are listed in the
+    // ignore block above, otherwise you will kill them off
+    // when they try to forward such mail to you.
+    pattern "sendmail.*from=<>,.*nrcpts=0,.*\[(.*)\]" {
+        index 1;    // zero based
+        bucket 200;
+        message "sendmail rejected bounce";
+    };
 };
 
 //  file "/var/log/messages" {
--- a/syslog2iptables.rc.in	Fri Mar 21 08:51:24 2008 +0000
+++ b/syslog2iptables.rc.in	Fri Mar 21 14:02:32 2008 -0700
@@ -63,5 +63,3 @@
         exit 1
 esac
 exit $RETVAL
-
-# $Id$
--- a/syslog2iptables.spec.in	Fri Mar 21 08:51:24 2008 +0000
+++ b/syslog2iptables.spec.in	Fri Mar 21 14:02:32 2008 -0700
@@ -3,14 +3,12 @@
 Summary:            Syslog to iptables dynamic firewall
 Name:               @PACKAGE@
 Version:            @VERSION@
-Release:            %{?custom_release}%{!?custom_release:1}
-License:            GPL
+Release:            1%{?dist}
+License:            GPLv3+
 Group:              System Environment/Daemons
-Source:             http://www.five-ten-sg.com/@PACKAGE@/packages/@PACKAGE@-@VERSION@.tar.gz
-BuildRoot:          %{_tmppath}/%{name}-%{version}-buildroot
-URL:                http://www.five-ten-sg.com/@PACKAGE@/
-Vendor:             510 Software Group
-Packager:           510 Software Group
+Source:             http://www.five-ten-sg.com/%{name}/packages/%{name}-%{version}.tar.gz
+BuildRoot:          %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+URL:                http://www.five-ten-sg.com/%{name}/
 AutoReqProv:        no
 
 Requires(post,preun):   /sbin/chkconfig
@@ -22,73 +20,61 @@
 
 
 %description
-
-@PACKAGE@ is a simple adaptive firewall.  It maintains the INPUT chain of the iptables firewall set based on syslog entries.
+This is a simple adaptive firewall.  It maintains the INPUT chain
+of the iptables firewall set based on syslog entries.
 
 %prep
-
-
-%setup
-
+%setup -q
 
 %build
-./configure --prefix=%{_prefix} \
-    --bindir=%{_bindir} --mandir=%{_mandir} \
-    --localstatedir=%{localstatedir} --libdir=%{_libdir} \
-    --datadir=%{_datadir} --includedir=%{_includedir} \
-    --sysconfdir=%{_sysconfdir}
-make
+%configure
+make %{?_smp_mflags}
 
 
 %install
-if [ "$RPM_BUILD_ROOT" = "/" -o -z "$RPM_BUILD_ROOT" ] ; then
-        echo sorry, you probably do not want me to delete the old buildroot at $RPM_BUILD_ROOT
-        exit 1
-fi
 rm -rf $RPM_BUILD_ROOT
-make prefix=$RPM_BUILD_ROOT%{_prefix} bindir=$RPM_BUILD_ROOT%{_bindir} \
-    mandir=$RPM_BUILD_ROOT%{_mandir} libdir=$RPM_BUILD_ROOT%{_libdir} \
-    localstatedir=$RPM_BUILD_ROOT%{localstatedir} \
-    datadir=$RPM_BUILD_ROOT%{_datadir} \
-    includedir=$RPM_BUILD_ROOT%{_includedir} \
-    sysconfdir=$RPM_BUILD_ROOT%{_sysconfdir} install
+make DESTDIR=$RPM_BUILD_ROOT install
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/@PACKAGE@-@VERSION@
-mv -f $RPM_BUILD_ROOT%{_sysconfdir}/@PACKAGE@        $RPM_BUILD_ROOT/etc/rc.d/init.d
-mv AUTHORS COPYING ChangeLog NEWS README             $RPM_BUILD_ROOT%{_datadir}/doc/@PACKAGE@-@VERSION@
+mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}        $RPM_BUILD_ROOT/etc/rc.d/init.d
 
 
 %clean
+rm -rf $RPM_BUILD_ROOT
 
 
 %pre
 
 
 %post
-/sbin/chkconfig --add @PACKAGE@
+/sbin/chkconfig --add %{name}
 
 
 %preun
-[ $1 = 0 ] && /sbin/service @PACKAGE@ stop || :
+[ $1 = 0 ] && /sbin/service %{name} stop || :
 
 
 %postun
-[ $1 = 0 ] && /sbin/chkconfig --del @PACKAGE@
+[ $1 = 0 ] && /sbin/chkconfig --del %{name}
 
 
 %files
-%defattr(-,root,root)
+%defattr(-,root,root,-)
 %{_sbindir}/*
-%doc %{_mandir}/*
-%docdir %{_datadir}/doc/@PACKAGE@-@VERSION@
-%{_datadir}/doc/@PACKAGE@-@VERSION@
-%config(noreplace) %{_sysconfdir}/@PACKAGE@.conf
-/etc/rc.d/init.d/@PACKAGE@
+%{_mandir}/man1/*
+%{_mandir}/man5/*
+%docdir %{_datadir}/doc/%{name}-%{version}
+%{_datadir}/doc/%{name}-%{version}
+%config(noreplace) %{_sysconfdir}/%{name}.conf
+/etc/rc.d/init.d/%{name}
+
 
 %changelog
-* Thu Aug 30 2007 Carl Byington 1.5
+* Fri Mar 21 2008 Carl Byington <carl@five-ten-sg.com> - 1.9
+- changes for Fedora packaging guidelines
+
+* Thu Aug 30 2007 Carl Byington <carl@five-ten-sg.com> - 1.5
 - Fix pre/post scripts
 
-* Thu Dec 08 2005 Carl Byington 1.0
+* Thu Dec 08 2005 Carl Byington <carl@five-ten-sg.com> - 1.0
 - initial revision based on dnsbl spec file
 - and http://www.fedora.us/docs/rpm-packaging-guidelines.html
--- a/xml/syslog2iptables.in	Fri Mar 21 08:51:24 2008 +0000
+++ b/xml/syslog2iptables.in	Fri Mar 21 14:02:32 2008 -0700
@@ -11,7 +11,7 @@
 
     <refentry id="@PACKAGE@.1">
         <refentryinfo>
-            <date>2007-11-08</date>
+            <date>2008-03-21</date>
         </refentryinfo>
 
         <refmeta>
@@ -141,9 +141,9 @@
         </refsect1>
 
         <refsect1 id='version.1'>
-            <title>CVS Version</title>
+            <title>Version</title>
             <para>
-                $Id$
+                @VERSION@
             </para>
         </refsect1>
     </refentry>
@@ -151,7 +151,7 @@
 
     <refentry id="@PACKAGE@.conf.5">
         <refentryinfo>
-            <date>2007-11-08</date>
+            <date>2008-03-21</date>
         </refentryinfo>
 
         <refmeta>
@@ -270,9 +270,9 @@
         </refsect1>
 
         <refsect1 id='version.5'>
-            <title>CVS Version</title>
+            <title>Version</title>
             <para>
-                $Id$
+                @VERSION@
             </para>
         </refsect1>