committing changes in /etc after emerge run

Package changes: +net-firewall/pglinux-2.3.0
2015-08-15 21:22:26 +02:00 · 2015-08-15 21:22:26 +02:00 · 8b553adcef
parent 8171dd46ac
commit 8b553adcef
4 changed files with 139 additions and 0 deletions
--- a/dbus-1/system.d/org.netfilter.pgl.conf
+++ b/dbus-1/system.d/org.netfilter.pgl.conf
@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
+
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<!-- ../system.conf denies everything so we have to allow some things ourselves.
+    This file has to be placed in /etc/dbus-1/system.d/ in Ubuntu in order for pgld to be able to connect to the system bus
+    This is just an example and I imagine not secure at all -->
+<busconfig>
+
+  <!-- Only root can own the service -->
+  <policy user="root">
+    <allow own="org.netfilter.pgl"/>
+<!--    <allow send_destination="org.netfilter.pgl"/>
+    <allow send_interface="org.netfilter.pgl"/> -->
+  </policy>
+
+<!-- For debugging purposes, will probably disable later-->
+  <policy at_console="true">
+    <allow own="org.netfilter.pgl"/>
+    <allow send_destination="org.netfilter.pgl"/>
+    <allow send_interface="org.netfilter.pgl"/>
+  </policy>
+
+</busconfig>
--- a/init.d/pgl
+++ b/init.d/pgl
@ -0,0 +1,55 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Daemon script for pglinux"
+extra_commands="reload forcereload update"
+
+depend() {
+	need net
+}
+
+PIDFILE=/var/run/pgld.pid
+PGLCMD=/usr/bin/pglcmd
+
+start() {
+	ebegin "Starting pglinux daemon"
+
+	if [ "${RC_CMD}" = "restart" ]; then
+		sleep 3
+	fi
+
+	$PGLCMD start
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping pglinux daemon"
+	$PGLCMD stop_quick
+	eend $?
+}
+
+status() {
+	ebegin "Checking status of pglinux daemon"
+	$PGLCMD status
+	eend $?
+}
+
+reload() {
+	ebegin "reload config"
+	$PGLCMD reload
+	eend $?
+}
+
+forcereload() {
+	ebegin "force config reload"
+	$PGLCMD force-reload
+	eend $?
+}
+
+update() {
+	ebegin "Force update of lists"
+	$PGLCMD update
+	eend $?
+}
+
--- a/pgl/._cfg0000_blocklists.list
+++ b/pgl/._cfg0000_blocklists.list
@ -0,0 +1,50 @@
+# blocklists.list - lists the remote blocklists that pglcmd handles.
+
+# Place one URL per line for every blocklist.
+# Any line which starts with a # (hash) is a comment and is ignored.
+
+# Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for some hints
+# about some available blocklist providers. Neither do we recommend any
+# blocklist provider, nor do we even know much about them.
+
+# Instead or additionally to the remote blocklists that are specified here, you
+# can put local blocklists in LOCAL_BLOCKLIST_DIR (/etc/pgl/blocklists.local/).
+# All blocklists in that directory (except those in subdirectories, or which end
+# in "~" or start with ".") are used. They may be in any supported format.
+
+# pglcmd unpacks lists that are compressed with gz, zip or 7z for pgld.
+
+# Do a "pglcmd reload" (or "restart" or "update") when you have edited this
+# file.
+
+# The following blocklist setting may be useful or not, good or bad. Most
+# probably it is outdated:
+
+http://list.iblocklist.com/lists/bluetack/ads-trackers-and-bad-pr0n
+http://list.iblocklist.com/lists/bluetack/bad-peers
+# http://list.iblocklist.com/lists/bluetack/bogon
+http://list.iblocklist.com/lists/bluetack/dshield
+# http://list.iblocklist.com/lists/bluetack/edu
+# http://list.iblocklist.com/lists/bluetack/for-non-lan-computers
+# http://list.iblocklist.com/lists/bluetack/forum-spam
+# http://list.iblocklist.com/lists/bluetack/hijacked
+# http://list.iblocklist.com/lists/bluetack/iana-multicast
+# http://list.iblocklist.com/lists/bluetack/iana-private
+# http://list.iblocklist.com/lists/bluetack/iana-reserved
+http://list.iblocklist.com/lists/bluetack/level-1
+# http://list.iblocklist.com/lists/bluetack/level-2
+# http://list.iblocklist.com/lists/bluetack/level-3
+# http://list.iblocklist.com/lists/bluetack/microsoft
+http://list.iblocklist.com/lists/bluetack/proxy
+http://list.iblocklist.com/lists/bluetack/range-test
+# http://list.iblocklist.com/lists/bluetack/spider
+http://list.iblocklist.com/lists/bluetack/spyware
+# http://list.iblocklist.com/lists/bluetack/web-exploit
+# http://list.iblocklist.com/lists/bluetack/webexploit-forumspam
+# http://list.iblocklist.com/lists/cidr-report/bogon
+# http://list.iblocklist.com/lists/dchubad/faker
+# http://list.iblocklist.com/lists/dchubad/hacker
+# http://list.iblocklist.com/lists/dchubad/pedophiles
+# http://list.iblocklist.com/lists/dchubad/spammer
+# http://list.iblocklist.com/lists/peerblock/rapidshare
+# http://list.iblocklist.com/lists/spamhaus/drop
--- a/pgl/allow.p2p
+++ b/pgl/allow.p2p
@ -0,0 +1,9 @@
+# allow.p2p - allow list for pglcmd
+#
+# This file contains IP ranges that shall not be checked.
+# They must be in the PeerGuardian .p2p text format like this:
+#   Some organization:1.0.0.0-1.255.255.255
+# This is also true if your blocklists are in another format.
+# Lines beginning with a hash (#) are comments and will be ignored.
+#
+# Do a "pglcmd restart" when you have edited this file.