summaryrefslogtreecommitdiffstats
path: root/network/arno-iptables-firewall/files/patch-configuration-script.diff
blob: 800fb9157cd51666b5786d0740595162e54568c9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

33,34c33,34
< if [ -f ./share/arno-iptables-firewall/environment ]; then
<   . ./share/arno-iptables-firewall/environment
---
> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
>   . /usr/share/arno-iptables-firewall/environment
36c36
<   printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
---
>   printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
76a77,81
>   else
>     # If no value is entered, remove (unless commented) previously set
>     # values: this is to prevent, for example, ports from remaining open,
>     # or internal interfaces from remaining enabled with NAT.
>     sed -i -e "s~^$2=.*$~$2=\"\"~" "$1"
91c96
< #    else
---
>     else
92a98,100
>       # This is needed to allow the function change_conf_var() 
>       # to remove values for previously set open ports.
>       change_conf_var "$2" "$3" ""
183,186c191,194
<   echo "Listing available interfaces:"
<   echo "-----------------------------"
<   list_interfaces; 
<   echo "-----------------------------"
---
> #  echo "Listing available interfaces:"
> #  echo "-----------------------------"
> #  list_interfaces; 
> #  echo "-----------------------------"
255a264,270
>   else
>     # Remove previously set values related to the internal interface,
>     # if no internal interface is entered with this script.
>     change_conf_var "$FIREWALL_CONF" "INT_IF" ""
>     change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" ""
>     change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" ""
>     change_conf_var "$FIREWALL_CONF" "NAT" "0"
259,261c274,276
<   if [ -e /etc/init.d/arno-iptables-firewall ]; then
<     chown 0:0 /etc/init.d/arno-iptables-firewall
<     chmod 755 /etc/init.d/arno-iptables-firewall
---
>   if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
>     chown 0:0 /etc/rc.d/rc.arno-iptables-firewall
>     chmod 755 /etc/rc.d/rc.arno-iptables-firewall
271c286
< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
---
> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
279,339c294
< RC_PATH="/etc"
< # Check for Redhat/SUSE rc.d
< if [ -d "/etc/rc.d" ]; then
<   RC_PATH="/etc/rc.d"
< fi
< 
< # Remove any symlinks in rc*.d out of the way
< rm -f $RC_PATH/rc0.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc1.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc2.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc3.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc4.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc5.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc6.d/*arno-iptables-firewall
< rm -f $RC_PATH/rcS.d/*arno-iptables-firewall
< 
< if get_user_yn "Do you want to start the firewall at boot" "y"; then
<   DONE=0
< 
<   if check_command systemctl; then
<     if systemctl enable arno-iptables-firewall; then
<       echo "* Successfully enabled service with systemctl"
<       DONE=1
<     fi
<   elif check_command update-rc.d; then
<     # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly
<     if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then
<       echo "* Successfully enabled service with update-rc.d"
<       DONE=1
<     fi
<   elif check_command chkconfig; then
<     if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then
<       echo "* Successfully enabled service with chkconfig"
<       DONE=1
<     fi
<   else
<     if [ -d "$RC_PATH/rcS.d" ]; then
<       if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" &&
<          ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" &&
<          ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then
<         echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink"
<         DONE=1
<       fi
<     elif [ -d "$RC_PATH/rc2.d" ]; then
<       if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" &&
<          ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" &&
<          ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then
<         echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink"
<         DONE=1
<       fi
<     else
<       echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2
<     fi
<   fi
< 
<   if [ $DONE -eq 0 ]; then
<     echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2
<   fi
< fi
< 
< if [ -e /etc/init.d/arno-iptables-firewall ]; then
---
> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
341c296
<     change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
---
>     change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
343c298
<     change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
---
>     change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
347c302
< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
---
> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
362a318,335
> echo ""
> echo "-------------------------------------------------------------------------------"
> echo "** NOTE: 1) After configuration, it is recommended to review the firewall    **"
> echo "**          settings in /etc/arno-iptables-firewall/firewall.conf            **"
> echo "**                                                                           **"
> echo "**       2) To manually start or restart the firewall, run:                  **"
> echo "**              /etc/rc.d/rc.arno-iptables-firewall start                    **"
> echo "**          or  /etc/rc.d/rc.arno-iptables-firewall restart                  **"
> echo "**                                                                           **"
> echo "**       3) To start the firewall automatically at boot-time, you need an    **"
> echo "**          appropriate symlink, \"rc.firewall\",  pointing to the startup     **"
> echo "**          script. Issue the following commands to create the symlink:      **"
> echo "**              cd /etc/rc.d/                                                **"
> echo "**              ln -sv rc.arno-iptables-firewall rc.firewall                 **"
> echo "**                                                                           **"
> echo "**       4) To disable startup at boot-time, simply delete the symlink,      **"
> echo "**          or remove the executable bit from the startup script.            **"
> echo "-------------------------------------------------------------------------------"
generated by cgit v1.2.3 (git 2.26.2) at 2024-04-25 00:46:11 +0000