Summary: A graphical interface for basic firewall setup
Name: system-config-firewall
Version: 1.2.3
Release: 2%{?dist}
URL: http://fedora.redhat.com/projects/config-tools/
License: GPLv2+
ExclusiveOS: Linux
Group: System Environment/Base
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildArch: noarch
Source0: %{name}-%{version}.tar.bz2
BuildRequires: desktop-file-utils
BuildRequires: gettext
BuildRequires: intltool
Obsoletes: system-config-securitylevel
Provides: system-config-securitylevel = 1.7.0
Requires: pygtk2
Requires: python
Requires: usermode >= 1.94
Requires: system-config-firewall-tui = %{version}-%{release}
Requires: hicolor-icon-theme
Requires: pygtk2-libglade
Requires: gtk2 >= 2.6

%description
system-config-firewall is a graphical user interface for basic firewall setup.

%package tui
Summary: A text interface for basic firewall setup
Group: System Environment/Base
Obsoletes: lokkit
Obsoletes: system-config-securitylevel-tui
Provides: lokkit = 1.7.0
Provides: system-config-securitylevel-tui = 1.7.0
Requires: iptables >= 1.2.8
Requires: iptables-ipv6
Requires: system-config-network-tui
Requires: rhpl
Requires: newt
Requires: libselinux >= 1.19.1

%description tui
system-config-firewall-tui is a text and commandline user
interface for basic firewall setup.

%prep
%setup -q

%install
rm -rf %{buildroot}

make install INSTROOT=%{buildroot}

desktop-file-install --vendor system --delete-original \
	--dir %{buildroot}%{_datadir}/applications \
	--add-category X-Red-Hat-Base \
	%{buildroot}%{_datadir}/applications/system-config-firewall.desktop

%find_lang %{name} --all-name

%clean
rm -rf %{buildroot}

%post
touch --no-create %{_datadir}/icons/hicolor
if [ -x /usr/bin/gtk-update-icon-cache ]; then
  gtk-update-icon-cache -q %{_datadir}/icons/hicolor
fi

%postun
touch --no-create %{_datadir}/icons/hicolor
if [ -x /usr/bin/gtk-update-icon-cache ]; then
  gtk-update-icon-cache -q %{_datadir}/icons/hicolor
fi

%triggerpostun -- %{name} < 1.1.0
%{_datadir}/system-config-firewall/convert-config

%triggerpostun -- system-config-securitylevel
%{_datadir}/system-config-firewall/convert-config

%files -f %{name}.lang
%defattr(-,root,root)
%{_bindir}/system-config-firewall
%{_bindir}/system-config-securitylevel
%{_datadir}/system-config-firewall/system-config-firewall.py*
%dir %{_datadir}/system-config-securitylevel
%dir %{_datadir}/system-config-securitylevel/pixmaps
%dir %{_datadir}/firstboot/modules
%defattr(0644,root,root)
%{_datadir}/system-config-firewall/fw_gui.*
%{_datadir}/system-config-firewall/gtk_*
%{_datadir}/system-config-firewall/*.glade
%{_datadir}/system-config-firewall/*.png
%{_datadir}/applications/system-config-firewall.desktop
%{_datadir}/icons/hicolor/48x48/apps/system-config-firewall.png
%{_datadir}/icons/hicolor/48x48/apps/system-config-securitylevel.png
%config /etc/security/console.apps/system-config-firewall
%config /etc/security/console.apps/system-config-securitylevel
%config /etc/pam.d/system-config-firewall
%config /etc/pam.d/system-config-securitylevel
%{_datadir}/system-config-securitylevel/*.*
%{_datadir}/system-config-securitylevel/pixmaps/*.*
%{_datadir}/firstboot/modules/firstboot_selinux.py*
%{_datadir}/firstboot/modules/securitylevel.py*

%files -f %{name}.lang tui
%defattr(-,root,root)
%doc COPYING
%{_sbindir}/lokkit
%{_bindir}/system-config-firewall-tui
%{_datadir}/system-config-firewall/convert-config
%dir %{_datadir}/system-config-firewall
%defattr(0644,root,root)
%{_datadir}/system-config-firewall/etc_services.*
%{_datadir}/system-config-firewall/fw_compat.*
%{_datadir}/system-config-firewall/fw_config.*
%{_datadir}/system-config-firewall/fw_functions.*
%{_datadir}/system-config-firewall/fw_iptables.*
%{_datadir}/system-config-firewall/fw_parser.*
%{_datadir}/system-config-firewall/fw_selinux.*
%{_datadir}/system-config-firewall/fw_services.*
%{_datadir}/system-config-firewall/fw_sysconfig.*
%{_datadir}/system-config-firewall/fw_sysctl.*
%{_datadir}/system-config-firewall/fw_tui.*
%ghost %config(missingok,noreplace) /etc/sysconfig/system-config-firewall
%ghost %config(missingok,noreplace) /etc/sysconfig/system-config-securitylevel

%changelog
* Mon Feb 11 2008 Thomas Woerner <twoerner@redhat.com> 1.2.3-2
- fixed usermode version (rhbz#428392)

* Fri Feb  8 2008 Thomas Woerner <twoerner@redhat.com> 1.2.3-1
- fixed traceback for empty configuration use in life installer (rhbz#430963)
- use config-util for userhelper configuration (rhbz#428392)
- mark dirty after applying new default configuration
- do not overwrite attributes filename and converted in config
- use new shared ChooserButton
- fixed forward dialog and labels to use current dialog width
- use tempfile.mkdtemp for better security
- updated translations: fi, fr, it, ja, nl, pt_BR, sr and sr@latin

* Fri Feb  1 2008 Thomas Woerner <twoerner@redhat.com> 1.2.2-1
- fixed icmp handling for ip6tables in FORWARD chain
- do state established, related test early in FORWARD chain
- fixed typo in address for port-forwarding
- added IPv4 only message to masquerading and port-forwarding for lokkit
- updated translations: es, pl

* Thu Jan 31 2008 Thomas Woerner <twoerner@redhat.com> 1.2.1-1
- fixed traceback for clean selinux configuration (rhbz#430963)
- fixed icmp handling for ip6tables
- updated translations: as, de, it, ja, pl, pt_BR, zh_CN

* Fri Jan 25 2008 Thomas Woerner <twoerner@redhat.com> 1.2.0-1
- added port forwarding
- using INPUT chain in table filter instead of RH-Firewall-1-INPUT
- fixed masquerading
- rewrite of firewall generation code
- trusted hosts now also allowed for FORWARD
- lots of bug fixes
- gui enhancements

* Wed Jan 16 2008 Thomas Woerner <twoerner@redhat.com> 1.1.3-2
- added fw_compat files to files section

* Tue Jan 15 2008 Thomas Woerner <twoerner@redhat.com> 1.1.3-1
- new fw_compat, used in config-convert and fw_sysconfig to automatically 
  convert old system-config-securitylevel configurations
- new wizard look
- fixed range check for user defined ports
- some code cleanup
- updated translations for fi, fr and ja

* Mon Jan  7 2008 Thomas Woerner <twoerner@redhat.com> 1.1.2-1
- fw_gui: fixed row activation for masquerading
- fw_gui: fixed _setInterfaces to use internal functions to correctly set
  toggles
- fw_gui: show info dialog if no config exists and firewall gets enabled: new
  function enableFirewall
- fw_gui, fw_tui: disable firewall if no config exists
- fw_gui, fw_tui: do not print traceback if NCDeviceList.getDeviceList raises
  and exception
- forward masqueraded connections
- gtk_cellrenderercheck: fixed size calculations
- fw_sysconfig: set config.filename to None for merged configuration in
  read_sysconfig_config if no configuration exists
- new translations

* Fri Dec 21 2007 Thomas Woerner <twoerner@redhat.com> 1.1.1-1
- use radio buttons for skill menu entries to show active level
- fixed convert-config problem if there is no configuration to convert
  (rhbz#426477)
- minor string changes
- new it and pt_BR translations

* Thu Dec 20 2007 Thomas Woerner <twoerner@redhat.com> 1.1.0-1
- new default configurations: server, desktop
- cleanup of wizard: dropped network connection tab
- new option in wizard to keep configuration or load a default configuration
- new menu entry and dialog to configure iptables and ip6tables service settings
- some enhancements to the gtk_cellrenderercheck for better look and feel

* Fri Dec 14 2007 Thomas Woerner <twoerner@redhat.com> 1.1.0-0
- ports are ports and services are services: there is a new service tag to
  enable services; a port is not enabling a service anymore
- new conversion tool for 1.0.X to 1.1.X configuration
- new version option for lokkit
- wizard
  - dropped network connection selection tab
  - using keep configuration check instead of clear configuration check
  - added default configuration selection
- gui: new menu for skill level and load default configuration
- use choices in optparse, removed obsolete check functions

* Thu Dec 13 2007 Thomas Woerner <twoerner@redhat.com> 1.0.12-2
- fixed lokkit command problem for non english languages
- using latest translations

* Mon Dec 10 2007 Thomas Woerner <twoerner@redhat.com> 1.0.12-1
- allow to activate checkboxes by row activation in treeviews
- code cleanup in view_toggle_cb
- fixed port display for IPSec
- use system icons where possible, new wizard icons
- added fallback for CellRendererCheck if icons are missing, size fixes
- added tooltips for toolbar and menu entries (if needed)
- improved more english texts (rhbz#395801)
  thanks to Paul W. Frields for the initial patch

* Wed Nov 21 2007 Thomas Woerner <twoerner@redhat.com> 1.0.11-1
- fixed crash on startup for network device aliases (rhbz#384891)
  thanks to Loran Freval for the patch
- added port entry max length in other ports dialog (rhbz#385931)
- added version number to about dialog (rhbz#387891)
- improved some english texts (rhbz#383741)
  thanks to Paul W. Frields for the initial patch
- code cleanup with start speedup
- do not allow to add custm rules for ipv6:nat
- also translate parser error messages

* Fri Nov  9 2007 Thomas Woerner <twoerner@redhat.com> 1.0.10-1
- fixed problem with network devices (rhbz#331671)
- dropped obsolete translation no.po (rhbz#332331)

* Mon Nov  5 2007 Thomas Woerner <twoerner@redhat.com> 1.0.9-1
- do not report configuration failed if ipv6 is disabled (rhbz#355561)
- print messages if lokkit failed
- lokkit be more verbose on restarting ipXtables in verbose mode

* Fri Oct 26 2007 Thomas Woerner <twoerner@redhat.com> 1.0.8-2
- lokkit: write new config with nostart option (rhbz#353961)
- translation fixes for de, it, nb, sr@latin

* Mon Oct  1 2007 Thomas Woerner <twoerner@redhat.com> 1.0.8-1
- use extension match for protocols (rhbz#229879)
- use ipv6-icmp instead of icmpv6 (rhbz#291001)
- use ':' in tui as port/proto delimiter for other ports (rhbz#292171)
- some translation fixes

* Tue Sep 25 2007 Thomas Woerner <twoerner@redhat.com> 1.0.7-1
- new translations
- added openvpn to services (rhbz#)
- fixed typo in description text for ipsec
- using port numbers instead of port names for services
- renamed some variables to be consistent
- make tolltip better: bigger text, helper modules
- dropped unused code: inconsistent handling
- make port check button inactive in add_port_cb
- new function _addDevice: code cleanup
- allow to set variables in ipXtablesConfig, which were not set before
- fixed os.system calls in ipXtablesClass to return proper return values
- fixed status funciton in ipXtablesClass
- new _append_unique function in fw_parser to prevent duplicates
- added warning dialog for missing or unusable /etc/sysconfig/ip*tables files
- fixed expand of the warning label in the startup dialog

* Wed Sep 12 2007 Thomas Woerner <twoerner@redhat.com> 1.0.6-1
- dropped --stop option from fw_gui::genArgs
- new translations
- sysctl support for masquerading (net.ipv4.ip_forward will be set)
- glade file: fixed spacings, dropped not needed containers

* Wed Sep  5 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-4
- fixed problem if /etc/sysconfig/system-config-securtylevel and 
  /etc/sysconfig/system-config-firewall are not readable

* Fri Aug 31 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-3
- fixed problem if IP*TABLES_MODULES is not set in config files

* Fri Aug 31 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-2
- fixed lokkit problem if selinux configuration is not available (rhbz#269601)

* Thu Aug 30 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-1
- more translations
- fixed IPsec description
- fixed po file generation to use xgettext only

* Wed Aug 22 2007 Thomas Woerner <twoerner@redhat.com> 1.0.4-1
- more translations
- build environment changes
- dropped build stage, because it is not needed at all

* Tue Aug 21 2007 Thomas Woerner <twoerner@redhat.com> 1.0.3-1
- added missing system-config-securitylevel compatibility files
- string and documentation fixes
- fixed typos reported by Alain Portal
- more translations
- fixed buildroot
- cleanup and changes according to review (rhbz#253232)
- moved doc to tui sub package

* Fri Aug 17 2007 Thomas Woerner <twoerner@redhat.com> 1.0.2-2
- fixed license headers for GPLv2+

* Thu Aug 16 2007 Thomas Woerner <twoerner@redhat.com> 1.0.2-1
- obsolete and provide system-config-securitylevel package
- added compat files for anaconda, firstboot and system-config-kickstart
- lokkit fixes for nostart option:
  - only write config for iptables and ip6tables if enabled
  - stop iptables and ip6tables if disabled
  - unlink iptables and ip6tables rule files if disabled
- lokkit: new option --update to regenerate firewall configuration if not 
  disabled
- check for include files only when writing firewall configuration
- clean buildroot in install
- made system-config-securitylevel a synonym for system-config-firewall
- ip6tables: reject with icmp6-adm-prohibited instead of icmp6-port-unreachable
  (rhbz#250915)
- moved config files from /etc/sysconfig into tui sub package
- removed x bit from import files

* Mon Jul 23 2007 Thomas Woerner <twoerner@redhat.com> 1.0.1-2
- fixed disabled string in fw_gui
- set mode after copying of ip*tables-config to 0600
- fixed categories in desktop file

* Mon Jun  4 2007 Thomas Woerner <twoerner@redhat.com> 1.0.1-1
- fixed startup and description texts
- added missing requirement for system-config-network-tui
- moved base python files into tui sub package
- fixed requirements
- made package noarch

* Fri Jun  1 2007 Thomas Woerner <twoerner@redhat.com> 1.0.0-1
- initial package