--- /dev/null
+# ChangeLog for net-wireless/coova-chilli
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+ 18 Sep 2009; Vitor Brandão (noisebleed) <vitorbrandao.pt@gmail.com>
+ +coova-chilli-1.0.11.ebuild, +files/chilli, +files/firewall.iptables,
+ +metadata.xml:
+ New Ebuild for bug 217141. Thanks to Laurento Frittella
+
--- /dev/null
+AUX chilli 939 RMD160 3bb2924863360826b80969e84841ff67aba2ccd7 SHA1 21b36ddf83938412b63019c9a44f8e889b29da22 SHA256 4be8d1393e466bdc06cf37675cad11857ff96e8f4be7e9dbc50a6136ecd50f24
+AUX firewall.iptables 2013 RMD160 6c81c9f92414b8e846d179917ff5323199564eaa SHA1 b3e2a75b7f37661849e691911a72697b57fb12bf SHA256 484d7d1a8e27c4909088367c66818ccb47057eaeaa2f1e8c205d883528160e4e
+DIST coova-chilli-1.0.11.tar.gz 542862 RMD160 49bc11313f6b3a516485c555442368e40dc6479c SHA1 60fe535bcbd85d4484241e56ed084095b1704945 SHA256 f50ee950c1a248909f785b8f80bc0a5efa8cfc2120ddeb5060cab1d4e2d001f3
+EBUILD coova-chilli-1.0.11.ebuild 986 RMD160 4bf2ddbe72e2b06c79179cd53e8bea33cd16a03c SHA1 2a95c737676b41e5ba5ca91668970073d36eb21f SHA256 d61a3873213b337f4ddc947ba49296c3620fa7b798c7fdcded9b9e4d7031fcc5
+MISC ChangeLog 345 RMD160 f487213fb1492fe9469c71ce7948805c50e7c8f7 SHA1 17f9b30a486374ac5ee47957fd59f7050f319fc3 SHA256 f4d1d8eb8fcbf46338f0cad8502d20b25987d538f115c6e30c717a8e4e7c46c7
+MISC metadata.xml 556 RMD160 ac9a080e2c6b855f8336c6ba8da4eb76f9cae989 SHA1 a016043367fa4febaffbab8239bfbb91c8642da9 SHA256 f79ba6b4f87272d9978cd9335dcf3622af1979b6d668f32ed8e3d3b7dc919eec
--- /dev/null
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+inherit eutils
+
+MY_PN="CoovaChilli"
+DESCRIPTION="CoovaChilli is an open-source software access controller, based on
+the ChilliSpot project."
+HOMEPAGE="http://www.coova.org/CoovaChilli"
+SRC_URI="http://ap.coova.org/chilli/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+
+src_install() {
+ emake DESTDIR="${D}" install || die "Install failed"
+
+ # We need to overwrite the provided init script
+ doinitd "${FILESDIR}"/chilli || die "doinitd failed"
+
+ dodoc doc/hotspotlogin.cgi "${FILESDIR}"/firewall.iptables || die "dodoc
+ failed"
+}
+
+pkg_postinst() {
+ elog "$MY_PN uses RADIUS for access provisioning and accounting so be sure"
+ elog "to install and configure a RADIUS server before using ${MY_PN}."
+ elog "Gentoo-wiki has a nice guide regarding this (uses Freeradius):"
+ elog " http://en.gentoo-wiki.com/wiki/Chillispot_with_FreeRadius_and_MySQL"
+}
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+# Import chilli specific functions
+. /etc/chilli/functions
+
+depend() {
+ use net logger
+}
+
+
+checkconfig() {
+ check_required
+
+ if [ -f /etc/chilli.conf ]; then
+ return 0;
+ else
+ eerror "Error starting CoovaChilli. Please create /etc/chilli.conf before."
+ return 1;
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting CoovaChilli"
+
+ # TODO: check for tun module and ip_forward
+
+ writeconfig
+ radiusconfig
+
+ start-stop-daemon --start --pidfile /var/run/chilli.pid --quiet \
+ --exec /usr/sbin/chilli -- --pidfile=/var/run/chilli.pid
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping Chillispot"
+ start-stop-daemon --stop --pidfile /var/run/chilli.pid --quiet
+ eend $?
+}
+
--- /dev/null
+#!/bin/sh
+#
+# Firewall script for ChilliSpot
+# A Wireless LAN Access Point Controller
+#
+# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
+# $INTIF (eth1) as the internal interface (access points).
+#
+#
+# SUMMARY
+# * All connections originating from chilli are allowed.
+# * Only ssh is allowed in on external interface.
+# * Nothing is allowed in on internal interface.
+# * Forwarding is allowed to and from the external interface, but disallowed
+# to and from the internal interface.
+# * NAT is enabled on the external interface.
+
+IPTABLES="/sbin/iptables"
+EXTIF="eth0"
+INTIF="eth1"
+
+#Flush all rules
+$IPTABLES -F
+$IPTABLES -F -t nat
+$IPTABLES -F -t mangle
+
+#Set default behaviour
+$IPTABLES -P INPUT DROP
+$IPTABLES -P FORWARD ACCEPT
+$IPTABLES -P OUTPUT ACCEPT
+
+#Allow related and established on all interfaces (input)
+$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+#Allow releated, established and ssh on $EXTIF. Reject everything else.
+$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
+$IPTABLES -A INPUT -i $EXTIF -j REJECT
+
+#Allow related and established from $INTIF. Drop everything else.
+$IPTABLES -A INPUT -i $INTIF -j DROP
+
+#Allow http and https on other interfaces (input).
+#This is only needed if authentication server is on same server as chilli
+$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
+$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
+
+#Allow 3990 on other interfaces (input).
+$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
+
+#Allow ICMP echo on other interfaces (input).
+$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
+
+#Allow everything on loopback interface.
+$IPTABLES -A INPUT -i lo -j ACCEPT
+
+# Drop everything to and from $INTIF (forward)
+# This means that access points can only be managed from ChilliSpot
+$IPTABLES -A FORWARD -i $INTIF -j DROP
+$IPTABLES -A FORWARD -o $INTIF -j DROP
+
+#Enable NAT on output device
+$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<longdescription>
+CoovaChilli is an open-source software access controller, based on the
+popular (but now defunct) ChilliSpot project, and is actively maintained
+by an original ChilliSpot contributor.
+
+CoovaChilli is a feature rich software access controller that provides a
+captive portal / walled-garden environment and uses RADIUS for access
+provisioning and accounting
+</longdescription>
+</pkgmetadata>
projects / ~andy / sunrise / commitdiff