aboutsummaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall
diff options
context:
space:
mode:
Diffstat (limited to 'network/arno-iptables-firewall')
-rw-r--r--network/arno-iptables-firewall/README47
-rw-r--r--network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild19
-rw-r--r--network/arno-iptables-firewall/slack-desc8
3 files changed, 39 insertions, 35 deletions
diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README
index c90b74baf3be5..57dc9d201849a 100644
--- a/network/arno-iptables-firewall/README
+++ b/network/arno-iptables-firewall/README
@@ -1,25 +1,23 @@
-arno-iptables-firewall is a front-end for iptables. Its configuration
-script will set up a secure and restrictive firewall by just asking a
-few questions. This includes configuring internal networks for Internet
-access via NAT and potential network services like http or ssh. Moreover,
-it provides many advanced additional features that can be enabled in the
-well documented configuration file.
+arno-iptables-firewall is a front-end for iptables. Its configuration script
+will set up a secure and restrictive firewall by just asking a few questions.
+This includes configuring internal networks for Internet access via NAT and
+potential network services like http or ssh. Moreover, it provides advanced
+additional features that can be enabled in the well documented configuration
+file.
-PLEASE NOTE - The setup script is NOT going to be run automatically
-after your package is installed. In order to do that you'll have to
-issue the following command:
+NOTE - The setup script will *not* run automatically after your package was
+installed. In order to run the script you have to issue the following command:
# arno-iptables-firewall-configure
-To enable firewall startup at boot-time you'll need to create a symlink
-as follows (remove the link to disable automatic firewall startup, or
-"chmod -x" the startup script for the same result):
+To enable the startup of the firewall at boot-time you need to create a symlink
+as follows (in order to disable it, either remove the symlink or "chmod -x" the
+startup script):
# ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall
# chmod +x /etc/rc.d/rc.arno-iptables-firewall
-When everything is ready you can start the firewall manually with one
-of the following commands:
+You can also start the firewall manually with one of the following commands:
# /etc/rc.d/rc.arno-iptables-firewall start
@@ -27,16 +25,15 @@ of the following commands:
IMPORTANT - A few security notes from the upstream author:
-1) If possible, make sure that the firewall is started before the (ADSL)
-Internet connection is enabled. For a ppp-interface that doesn't exist
-yet you can use the wildcard device called "ppp+" (but you can only use
-ppp+ if there aren't any other ppp interfaces).
+1) If possible make sure that the firewall is started before the (ADSL) Internet
+connection is enabled. For a ppp-interface that doesn't exist yet you can use
+the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any
+other ppp interfaces).
-2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't
-really understand what they mean. Changing them anyway could have a big
-impact on the security of your machine.
+2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't really
+understand what they mean. Changing them anyway could have a big impact on the
+security of your machine.
-3) A lot of people complain that their server stopped working after
-installing the firewall. This is the CORRECT behaviour for a firewall:
-blocking ALL incoming traffic by default. Configure your e.g. OPEN_TCP
-accordingly.
+3) A lot of people complain that their server stopped working after installing
+the firewall. This is the *correct* behaviour for a firewall: blocking *all*
+incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly.
diff --git a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild
index dd26d5775da82..4c29a237a0bb5 100644
--- a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild
+++ b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild
@@ -2,7 +2,7 @@
# Slackware build script for arno-iptables-firewall
-# Copyright 2013-2014 Philip Lacroix <philnx at posteo dot de>
+# Copyright 2013-2015 Philip Lacroix <philnx at posteo dot de>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -28,7 +28,7 @@
PRGNAM=arno-iptables-firewall
SRCNAM=aif
VERSION=${VERSION:-2.0.1e}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
TAG=${TAG:-_SBo}
CWD=$(pwd)
@@ -42,7 +42,14 @@ rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $SRCNAM-$VERSION
-tar xvf $CWD/$VERSION.tar.gz
+
+# The upstream tarball will be named differently, depending on
+# the file being downloaded manually (web browser) or with wget.
+if [ -e $CWD/$VERSION.tar.gz ]; then
+ tar xvzf $CWD/$VERSION.tar.gz
+else
+ tar xvzf $CWD/$SRCNAM-$VERSION.tar.gz
+fi
cd $SRCNAM-$VERSION
chown -R root:root .
@@ -107,9 +114,9 @@ cp -a ./share/$PRGNAM/* $PRGSHR/
cp -a $PRGETC/firewall.conf.new $PRGSHR/firewall.conf.orig
ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/
-# Install startup script and set permissions; apply patch to fix path
-# to the executable file and make comments more consistent with the
-# Slackware system.
+# Install startup script and set permissions; apply patch to fix the
+# path to the executable file and make comments more consistent with
+# the Slackware system.
install -m 0644 -D ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM
patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff
diff --git a/network/arno-iptables-firewall/slack-desc b/network/arno-iptables-firewall/slack-desc
index e6bdb751a96d6..6bf5e1aefe3af 100644
--- a/network/arno-iptables-firewall/slack-desc
+++ b/network/arno-iptables-firewall/slack-desc
@@ -6,14 +6,14 @@
# customary to leave one space after the ':' except on otherwise blank lines.
|-----handy-ruler------------------------------------------------------|
-arno-iptables-firewall: arno-iptables-firewall (a front-end for iptables)
+arno-iptables-firewall: arno-iptables-firewall (front-end for iptables)
arno-iptables-firewall:
arno-iptables-firewall: arno-iptables-firewall is a front-end for iptables. Its configuration
-arno-iptables-firewall: script will setup a secure and restrictive firewall by just asking a
+arno-iptables-firewall: script will set up a secure and restrictive firewall by just asking a
arno-iptables-firewall: few questions. This includes the configuration of internal networks
arno-iptables-firewall: for Internet access via NAT and potential network services like http
-arno-iptables-firewall: or ssh. Moreover, it provides many advanced additional features that
-arno-iptables-firewall: can be enabled in the well documented configuration file.
+arno-iptables-firewall: or ssh. Moreover, it provides advanced additional features that can be
+arno-iptables-firewall: enabled in the well documented configuration file.
arno-iptables-firewall:
arno-iptables-firewall: https://github.com/arno-iptables-firewall/aif
arno-iptables-firewall: