summaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall/files/patch-configuration-script.diff
blob: dacac17330bad2cd7b296f49e309b4e287923e63 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
33,34c33,34
< if [ -f ./share/arno-iptables-firewall/environment ]; then
<   . ./share/arno-iptables-firewall/environment
---
> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
>   . /usr/share/arno-iptables-firewall/environment
36c36
<   printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2
---
>   printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2
70a71,75
>   else
>     # If no value is entered, remove (unless commented) previously set
>     # values: this is to prevent e.g. ports from remaining open, or
>     # internal interfaces from remaining enabled with NAT.
>     sed -i -e "s~^$2=.*$~$2=\"\"~" "$1"
85c90
< #    else
---
>     else
86a92,94
>       # This is needed in order to allow the function change_conf_var() 
>       # to remove values for previously set open ports.
>       change_conf_var "$2" "$3" ""
216a225,231
>   else
>     # Remove previously set values related to the internal interface, if
>     # no internal interface is entered with this script.
>     change_conf_var "$FIREWALL_CONF" "INT_IF" ""
>     change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" ""
>     change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" ""
>     change_conf_var "$FIREWALL_CONF" "NAT" "0"
218c233
<   
---
> 
220,222c235,237
<   chmod 755 /etc/init.d/arno-iptables-firewall
<   chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall
<   chmod 600 "$FIREWALL_CONF"
---
>   chmod 755 /etc/rc.d/rc.arno-iptables-firewall
>   chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall
>   chmod 600 "$FIREWALL_CONF"  
227c242
< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
---
> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
235,251d249
< # Remove any symlinks in rc*.d out of the way
< rm -f /etc/rc*.d/*arno-iptables-firewall
< 
< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then
<   if [ -d /etc/rcS.d ]; then
<     ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall
<   else
<     ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall
<   fi
< 
<   # Check for insserv. Used for dependency based booting on eg. Debian
<   INSSERV="$(find_command /sbin/insserv)"
<   if [ -n "$INSSERV" ]; then
<     "$INSSERV" arno-iptables-firewall
<   fi
< fi
< 
253c251
<   change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
---
>   change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
255c253
<   change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
---
>   change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
258c256
< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
---
> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
274a273,291
> echo ""
> echo "-------------------------------------------------------------------------------"
> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing       **"
> echo "**       \"/etc/rc.d/rc.arno-iptables-firewall start\" or                      **"
> echo "**       \"/etc/rc.d/rc.arno-iptables-firewall restart\"                       **"
> echo "**       It is recommended however to first review the settings in           **"
> echo "**       /etc/arno-iptables-firewall/firewall.conf!                          **"
> echo "**                                                                           **"
> echo "**       2) In order to start the firewall automatically at boot-time,       **"
> echo "**       you will need to manually create in /etc/rc.d/ an appropriate       **"
> echo "**       symlink, named \"rc.firewall\", pointing to the startup script.       **"
> echo "**       To do that, issue the following command:                            **"
> echo "**                                                                           **"
> echo "**       ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall    **"
> echo "**                                                                           **"
> echo "**       Delete the link if you wish to disable firewall startup at boot-    **"
> echo "**       time, or \"chmod -x\" the startup script for the same result.         **"
> echo "-------------------------------------------------------------------------------"
> echo ""
277d293
<