@@ -31,6 +31,7 @@ F: package/audit/
F: package/busybox/
F: package/checkpolicy/
F: package/cppdb/
+F: package/firewalld/
F: package/gobject-introspection/
F: package/gstreamer1/gstreamer1/
F: package/gstreamer1/gstreamer1-mm/
@@ -2042,6 +2042,7 @@ menu "Networking applications"
source "package/fail2ban/Config.in"
source "package/fastd/Config.in"
source "package/fcgiwrap/Config.in"
+ source "package/firewalld/Config.in"
source "package/flannel/Config.in"
source "package/fmc/Config.in"
source "package/fping/Config.in"
new file mode 100644
@@ -0,0 +1,40 @@
+config BR2_PACKAGE_FIREWALLD
+ bool "firewalld"
+ depends on BR2_USE_MMU # gobject-introspection
+ depends on BR2_USE_WCHAR # dbus-python, gettext
+ depends on BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS # gobject-introspection
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # gobject-introspection
+ depends on BR2_TOOLCHAIN_HAS_THREADS # dbus-python
+ depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 # nftables
+ depends on BR2_TOOLCHAIN_USES_GLIBC # gobject-introspection
+ depends on BR2_PACKAGE_PYTHON3 # gobject-introspection
+ select BR2_PACKAGE_DBUS # dbus-python
+ select BR2_PACKAGE_DBUS_PYTHON
+ select BR2_PACKAGE_GETTEXT
+ select BR2_PACKAGE_GOBJECT_INTROSPECTION
+ select BR2_PACKAGE_IPTABLES
+ select BR2_PACKAGE_JANSSON # Uses the nftables json interface
+ select BR2_PACKAGE_NFTABLES
+ select BR2_PACKAGE_PYTHON_DECORATOR
+ select BR2_PACKAGE_PYTHON_GOBJECT
+ select BR2_PACKAGE_PYTHON_SIX
+ select BR2_PACKAGE_PYTHON_SLIP_DBUS
+ help
+ Firewalld provides a dynamically managed firewall with
+ support for network or firewall zones to define the trust
+ level of network connections or interfaces. It has support
+ for IPv4, IPv6 firewall settings and for ethernet bridges and
+ a separation of runtime and permanent configuration options.
+ It also provides an interface for services or applications to
+ add ip*tables and ebtables rules directly.
+
+ Note: Firewalld uses nftables as the backend as requires
+ kernel version >= 4.18.
+
+ https://github.com/firewalld/firewalld
+
+comment "firewalld needs python3, and a glibc toolchain w/ gcc >= 4.9, threads"
+ depends on BR2_USE_MMU
+ depends on BR2_PACKAGE_HOST_QEMU_ARCH_SUPPORTS
+ depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || !BR2_TOOLCHAIN_USES_GLIBC \
+ || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_PACKAGE_PYTHON3
new file mode 100644
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+firewalld=/usr/sbin/firewalld
+pidfile=/var/run/firewalld.pid
+
+start() {
+ printf "Starting firewalld: "
+ start-stop-daemon -S -q --exec ${firewalld}
+ [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+stop() {
+ printf "Stopping firewalld: "
+ start-stop-daemon --stop --quiet --pidfile ${pidfile}
+ [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+reload(){
+ printf "Reloading firewalld: "
+ firewall-cmd --reload
+ [ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+
+restart() {
+ stop
+ start
+}
+
+status(){
+ firewall-cmd --state
+}
+
+case "${1}" in
+ start|stop|restart|reload|status)
+ ${1}
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|status}"
+ exit 1
+esac
new file mode 100644
@@ -0,0 +1,3 @@
+# Locally computed
+sha256 4ecb16d82c2825ccfb8f109e543c0492cf6ea8c43e2d0f59901bddcead037dc6 firewalld-0.8.3.tar.gz
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
new file mode 100644
@@ -0,0 +1,81 @@
+################################################################################
+#
+# firewalld
+#
+################################################################################
+
+FIREWALLD_VERSION = 0.8.3
+# Use the release tarball to avoid having to use autoreconf
+FIREWALLD_SITE = https://github.com/firewalld/firewalld/releases/download/v$(FIREWALLD_VERSION)
+FIREWALLD_LICENSE = GPL-2.0
+FIREWALLD_LICENSE_FILES = COPYING
+
+FIREWALLD_DEPENDENCIES = \
+ host-intltool \
+ host-libglib2 \
+ host-libxml2 \
+ host-libxslt \
+ dbus-python \
+ gettext \
+ gobject-introspection \
+ iptables \
+ jansson \
+ nftables \
+ python3 \
+ python-decorator \
+ python-gobject \
+ python-six \
+ python-slip-dbus
+
+# Firewalld hard codes the python shebangs to the full path of the
+# python-interpreter. IE: #!/home/buildroot/output/host/bin/python.
+# Force the proper python path.
+FIREWALLD_CONF_ENV += PYTHON="/usr/bin/env python$(PYTHON3_VERSION_MAJOR)"
+
+# iptables, ip6tables, ebtables, and ipset *should* be unnecessary
+# when the nftables backend is available, because nftables supersedes all of
+# them. However we still need to build and install iptables and ip6tables
+# because application relying on direct passthrough rules (IE docker) will
+# break.
+# /etc/sysconfig/firewalld is a RedHat-ism, only referenced by
+# the RedHat specific init script which isn't used, so we set
+# --disable-sysconfig.
+FIREWALLD_CONF_OPTS += \
+ --disable-nls \
+ --disable-rpmmacros \
+ --disable-sysconfig \
+ --with-ip6tables-restore=/usr/sbin/ip6tables-restore \
+ --with-ip6tables=/usr/sbin/ip6tables \
+ --with-iptables-restore=/usr/sbin/iptables-restore \
+ --with-iptables=/usr/sbin/iptables \
+ --without-ebtables \
+ --without-ebtables-restore \
+ --without-ipset \
+ --without-xml-catalog
+
+ifeq ($(BR2_SYSTEM_ENABLE_NLS),y)
+FIREWALLD_CONF_OPTS += --enable-nls
+endif
+
+ifeq ($(BR2_PACKAGE_SYSTEMD),y)
+FIREWALLD_DEPENDENCIES += systemd
+FIREWALLD_CONF_OPTS += \
+ --enable-systemd \
+ --with-systemd-unitdir=/usr/lib/systemd/system
+else
+FIREWALLD_CONF_OPTS += --disable-systemd
+endif
+
+define FIREWALLD_INSTALL_INIT_SYSTEMD
+ $(INSTALL) -D -m 0644 $(@D)/config/firewalld.service \
+ $(TARGET_DIR)/usr/lib/systemd/system/firewalld.service
+endef
+
+# The bundled sysvinit file requires /etc/init.d/functions which is not
+# provided by buildroot. As such, we provide our own firewalld init file.
+define FIREWALLD_INSTALL_INIT_SYSV
+ $(INSTALL) -D -m 0755 $(FIREWALLD_PKGDIR)/S41firewalld \
+ $(TARGET_DIR)/etc/init.d/S41firewalld
+endef
+
+$(eval $(autotools-package))