From f84a8fb6050ce60dcc8c1e5ec49b726a07c6b739 Mon Sep 17 00:00:00 2001
From: geistesk <github.jyf300hj@0x21.biz>
Date: Sat, 9 Sep 2017 00:29:39 +0200
Subject: [PATCH] firehol: init at 3.1.4

---
 .../networking/firehol/default.nix            | 79 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 +
 2 files changed, 81 insertions(+)
 create mode 100644 pkgs/applications/networking/firehol/default.nix

diff --git a/pkgs/applications/networking/firehol/default.nix b/pkgs/applications/networking/firehol/default.nix
new file mode 100644
index 000000000000..0f1928fff2b2
--- /dev/null
+++ b/pkgs/applications/networking/firehol/default.nix
@@ -0,0 +1,79 @@
+{ stdenv, lib, fetchFromGitHub, pkgs
+, autoconf, automake, curl, iprange, iproute, ipset, iptables, iputils
+, kmod, nettools, procps, tcpdump, traceroute, utillinux, whois
+
+# Just install FireQOS without FireHOL
+, onlyQOS ? true
+}:
+
+stdenv.mkDerivation rec {
+  name = "firehol-${version}";
+  version = "3.1.4";
+
+  src = fetchFromGitHub {
+    owner = "firehol";
+    repo = "firehol";
+    rev = "v${version}";
+    sha256 = "121kjq5149r11k58lr9mkqns2k8jbdbjg2k93v8v7axhng6js7s9";
+  };
+
+  patches = [
+    # configure tries to determine if `ping6` or the newer, combined
+    # `ping` is installed by using `ping -6` which would fail.
+    (pkgs.writeText "firehol-ping6.patch"
+      ''
+      --- a/m4/ax_check_ping_ipv6.m4
+      +++ b/m4/ax_check_ping_ipv6.m4
+      @@ -42,16 +42,16 @@ AC_DEFUN([AX_CHECK_PING_IPV6],
+
+           AC_CACHE_CHECK([whether ]PING[ has working -6 option], [ac_cv_ping_6_opt],
+           [
+      -        ac_cv_ping_6_opt=no
+      -        if test -n "$PING"; then
+      -            echo "Trying '$PING -6 -c 1 ::1'" >&AS_MESSAGE_LOG_FD
+      -            $PING -6 -c 1 ::1 > conftest.out 2>&1
+      -            if test "$?" = 0; then
+      -                ac_cv_ping_6_opt=yes
+      -            fi
+      -            cat conftest.out >&AS_MESSAGE_LOG_FD
+      -            rm -f conftest.out
+      -        fi
+      +        ac_cv_ping_6_opt=yes
+      +        #if test -n "$PING"; then
+      +        #    echo "Trying '$PING -6 -c 1 ::1'" >&AS_MESSAGE_LOG_FD
+      +        #    $PING -6 -c 1 ::1 > conftest.out 2>&1
+      +        #    if test "$?" = 0; then
+      +        #        ac_cv_ping_6_opt=yes
+      +        #    fi
+      +        #    cat conftest.out >&AS_MESSAGE_LOG_FD
+      +        #    rm -f conftest.out
+      +        #fi
+           ])
+
+           AS_IF([test "x$ac_cv_ping_6_opt" = "xyes"],[
+      '')
+  ];
+  
+  nativeBuildInputs = [ autoconf automake ];
+  buildInputs = [
+    curl iprange iproute ipset iptables iputils kmod
+    nettools procps tcpdump traceroute utillinux whois
+  ];
+
+  preConfigure = "./autogen.sh";
+  configureFlags = [ "--localstatedir=/var"
+                     "--disable-doc" "--disable-man" ] ++
+                   lib.optional onlyQOS [ "--disable-firehol" ];
+
+  meta = with stdenv.lib; {
+    description = "A firewall for humans";
+    longDescription = ''
+      FireHOL, an iptables stateful packet filtering firewall for humans!
+      FireQOS, a TC based bandwidth shaper for humans!
+    '';
+    homepage = http://firehol.org/;
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ geistesk ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 1afd427359a5..c394edfbdcd1 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1984,6 +1984,8 @@ with pkgs;
 
   iprange = callPackage ../applications/networking/firehol/iprange.nix {};
 
+  firehol = callPackage ../applications/networking/firehol {};
+
   fio = callPackage ../tools/system/fio { };
 
   flamerobin = callPackage ../applications/misc/flamerobin { };