Accepting request 249936 from home:Aikhjarto:branches:Base:System

added template file for firewall config OBS-URL: https://build.opensuse.org/request/show/249936 OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=200
2014-09-18 00:28:46 +00:00
parent 902c657993
commit a514da0d09
3 changed files with 51 additions and 0 deletions
--- a/rsyslog.changes
+++ b/rsyslog.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Sep 17 09:40:40 UTC 2014 - wagner-thomas@gmx.at
+
+- added firewall template file
+
 -------------------------------------------------------------------
 Fri Aug 22 14:37:57 UTC 2014 - mt@suse.de

--- a/rsyslog.firewall
+++ b/rsyslog.firewall
@@ -0,0 +1,41 @@
+# Do not edit this file as it's just a template and will be
+# overwritten on package updates! Copy to a new file instead.
+# Fill in the required variables and delete the unused ones.
+# If in doubt ask security@suse.de
+#
+# Only the variables TCP, UDP, RPC, IP, BROADCAST, RELATED and
+# MODULES are allowed. More may be supported in the future.
+#
+# For a more detailed description of the individual variables see
+# the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2
+#
+
+## Name: Syslog Server
+## Description: Opens ports to accept remote syslog entries.
+
+# space separated list of allowed TCP ports
+TCP=""
+
+# space separated list of allowed UDP ports
+UDP="syslog"
+
+# space separated list of allowed RPC services
+RPC=""
+
+# space separated list of allowed IP protocols
+IP=""
+
+# space separated list of allowed UDP ports that accept broadcasts
+BROADCAST=""
+
+### variables below are only needed in very special cases
+
+# space separated list of net,protocol[,sport[,dport]]
+# see FW_SERVICES_ACCEPT_RELATED_EXT
+# net 0/0 means IPv4 and IPv6. If this sevice should only work for
+# IPv4 use 0.0.0.0/0
+RELATED=""
+
+# additional kernel modules needed for this service
+# see FW_LOAD_MODULES
+MODULES=""
--- a/rsyslog.spec
+++ b/rsyslog.spec
@@ -181,6 +181,7 @@ Source11:       module-relp
 Source12:       module-snmp
 Source13:       module-udpspoof
 Source14:       http://www.rsyslog.com/files/download/rsyslog/rsyslog-doc-%{upstream_version}.tar.gz
+Source15:       rsyslog.firewall

 # PATCH-FIX-OPENSUSE rsyslog-unit.patch crrodriguez@opensuse.org Customize upstream systemd unit for openSUSE needs.
 Patch0:         rsyslog-unit.patch
@@ -733,6 +734,9 @@ install -m0640 %{SOURCE6} %{buildroot}%{APPARMOR_PROFILE_PATH}/
  install -m0640 %{SOURCE13} %{buildroot}%{APPARMOR_PROFILE_PATH}/rsyslog.d/
 %endif

+# firewall config
+install -m 644 -D %{SOURCE15} %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
+
 %clean
 if [ -n "%{buildroot}" ] && [ "%{buildroot}" != "/" ] ; then
 	rm -rf "%{buildroot}"
@@ -941,6 +945,7 @@ fi
 %endif
 %{APPARMOR_PROFILE_PATH_DIR_COMMANDS}
 %config %{APPARMOR_PROFILE_PATH}/usr.sbin.rsyslogd
+%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}

 %files doc
 %defattr(-,root,root)