From 20d99306257efa07c918787ca7fcae1200efc610 Mon Sep 17 00:00:00 2001 From: Philip Lacroix Date: Sat, 15 Feb 2020 08:24:56 +0700 Subject: network/arno-iptables-firewall: Updated for version 2.1.0. Signed-off-by: Willy Sudiarto Raharjo --- .../files/patch-configuration-file.diff | 12 +- .../files/patch-configuration-script.diff | 161 ++++++++++++++------- .../files/patch-startup-script.diff | 17 +-- 3 files changed, 115 insertions(+), 75 deletions(-) (limited to 'network/arno-iptables-firewall/files') diff --git a/network/arno-iptables-firewall/files/patch-configuration-file.diff b/network/arno-iptables-firewall/files/patch-configuration-file.diff index c530647a2235..4be4f835ab07 100644 --- a/network/arno-iptables-firewall/files/patch-configuration-file.diff +++ b/network/arno-iptables-firewall/files/patch-configuration-file.diff @@ -1,16 +1,8 @@ -233c233 -< IP4TABLES="/sbin/iptables" ---- -> IP4TABLES="/usr/sbin/iptables" -238c238 -< IP6TABLES="/sbin/ip6tables" ---- -> IP6TABLES="/usr/sbin/ip6tables" -242c242 +256c256 < ENV_FILE="/usr/local/share/arno-iptables-firewall/environment" --- > ENV_FILE="/usr/share/arno-iptables-firewall/environment" -246c246 +260c260 < PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins" --- > PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins" diff --git a/network/arno-iptables-firewall/files/patch-configuration-script.diff b/network/arno-iptables-firewall/files/patch-configuration-script.diff index dacac17330ba..800fb9157cd5 100644 --- a/network/arno-iptables-firewall/files/patch-configuration-script.diff +++ b/network/arno-iptables-firewall/files/patch-configuration-script.diff @@ -5,96 +5,145 @@ > if [ -f /usr/share/arno-iptables-firewall/environment ]; then > . /usr/share/arno-iptables-firewall/environment 36c36 -< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2 +< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2 --- -> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2 -70a71,75 +> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n\n" >&2 +76a77,81 > else > # If no value is entered, remove (unless commented) previously set -> # values: this is to prevent e.g. ports from remaining open, or -> # internal interfaces from remaining enabled with NAT. +> # values: this is to prevent, for example, ports from remaining open, +> # or internal interfaces from remaining enabled with NAT. > sed -i -e "s~^$2=.*$~$2=\"\"~" "$1" -85c90 +91c96 < # else --- > else -86a92,94 -> # This is needed in order to allow the function change_conf_var() +92a98,100 +> # This is needed to allow the function change_conf_var() > # to remove values for previously set open ports. > change_conf_var "$2" "$3" "" -216a225,231 +183,186c191,194 +< echo "Listing available interfaces:" +< echo "-----------------------------" +< list_interfaces; +< echo "-----------------------------" +--- +> # echo "Listing available interfaces:" +> # echo "-----------------------------" +> # list_interfaces; +> # echo "-----------------------------" +255a264,270 > else -> # Remove previously set values related to the internal interface, if -> # no internal interface is entered with this script. +> # Remove previously set values related to the internal interface, +> # if no internal interface is entered with this script. > change_conf_var "$FIREWALL_CONF" "INT_IF" "" > change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" "" > change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" "" > change_conf_var "$FIREWALL_CONF" "NAT" "0" -218c233 -< ---- -> -220,222c235,237 -< chmod 755 /etc/init.d/arno-iptables-firewall -< chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall -< chmod 600 "$FIREWALL_CONF" +259,261c274,276 +< if [ -e /etc/init.d/arno-iptables-firewall ]; then +< chown 0:0 /etc/init.d/arno-iptables-firewall +< chmod 755 /etc/init.d/arno-iptables-firewall --- -> chmod 755 /etc/rc.d/rc.arno-iptables-firewall -> chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall -> chmod 600 "$FIREWALL_CONF" -227c242 +> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then +> chown 0:0 /etc/rc.d/rc.arno-iptables-firewall +> chmod 755 /etc/rc.d/rc.arno-iptables-firewall +271c286 < AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" --- > AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" -235,251d249 +279,339c294 +< RC_PATH="/etc" +< # Check for Redhat/SUSE rc.d +< if [ -d "/etc/rc.d" ]; then +< RC_PATH="/etc/rc.d" +< fi +< < # Remove any symlinks in rc*.d out of the way -< rm -f /etc/rc*.d/*arno-iptables-firewall +< rm -f $RC_PATH/rc0.d/*arno-iptables-firewall +< rm -f $RC_PATH/rc1.d/*arno-iptables-firewall +< rm -f $RC_PATH/rc2.d/*arno-iptables-firewall +< rm -f $RC_PATH/rc3.d/*arno-iptables-firewall +< rm -f $RC_PATH/rc4.d/*arno-iptables-firewall +< rm -f $RC_PATH/rc5.d/*arno-iptables-firewall +< rm -f $RC_PATH/rc6.d/*arno-iptables-firewall +< rm -f $RC_PATH/rcS.d/*arno-iptables-firewall < -< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then -< if [ -d /etc/rcS.d ]; then -< ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall +< if get_user_yn "Do you want to start the firewall at boot" "y"; then +< DONE=0 +< +< if check_command systemctl; then +< if systemctl enable arno-iptables-firewall; then +< echo "* Successfully enabled service with systemctl" +< DONE=1 +< fi +< elif check_command update-rc.d; then +< # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly +< if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then +< echo "* Successfully enabled service with update-rc.d" +< DONE=1 +< fi +< elif check_command chkconfig; then +< if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then +< echo "* Successfully enabled service with chkconfig" +< DONE=1 +< fi < else -< ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall +< if [ -d "$RC_PATH/rcS.d" ]; then +< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" && +< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" && +< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then +< echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink" +< DONE=1 +< fi +< elif [ -d "$RC_PATH/rc2.d" ]; then +< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" && +< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" && +< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then +< echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink" +< DONE=1 +< fi +< else +< echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2 +< fi < fi < -< # Check for insserv. Used for dependency based booting on eg. Debian -< INSSERV="$(find_command /sbin/insserv)" -< if [ -n "$INSSERV" ]; then -< "$INSSERV" arno-iptables-firewall +< if [ $DONE -eq 0 ]; then +< echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2 < fi < fi < -253c251 -< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1" +< if [ -e /etc/init.d/arno-iptables-firewall ]; then +--- +> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then +341c296 +< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1" --- -> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1" -255c253 -< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0" +> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1" +343c298 +< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0" --- -> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0" -258c256 +> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0" +347c302 < if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then --- > if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then -274a273,291 +362a318,335 > echo "" > echo "-------------------------------------------------------------------------------" -> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing **" -> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" or **" -> echo "** \"/etc/rc.d/rc.arno-iptables-firewall restart\" **" -> echo "** It is recommended however to first review the settings in **" -> echo "** /etc/arno-iptables-firewall/firewall.conf! **" +> echo "** NOTE: 1) After configuration, it is recommended to review the firewall **" +> echo "** settings in /etc/arno-iptables-firewall/firewall.conf **" > echo "** **" -> echo "** 2) In order to start the firewall automatically at boot-time, **" -> echo "** you will need to manually create in /etc/rc.d/ an appropriate **" -> echo "** symlink, named \"rc.firewall\", pointing to the startup script. **" -> echo "** To do that, issue the following command: **" +> echo "** 2) To manually start or restart the firewall, run: **" +> echo "** /etc/rc.d/rc.arno-iptables-firewall start **" +> echo "** or /etc/rc.d/rc.arno-iptables-firewall restart **" > echo "** **" -> echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **" +> echo "** 3) To start the firewall automatically at boot-time, you need an **" +> echo "** appropriate symlink, \"rc.firewall\", pointing to the startup **" +> echo "** script. Issue the following commands to create the symlink: **" +> echo "** cd /etc/rc.d/ **" +> echo "** ln -sv rc.arno-iptables-firewall rc.firewall **" > echo "** **" -> echo "** Delete the link if you wish to disable firewall startup at boot- **" -> echo "** time, or \"chmod -x\" the startup script for the same result. **" +> echo "** 4) To disable startup at boot-time, simply delete the symlink, **" +> echo "** or remove the executable bit from the startup script. **" > echo "-------------------------------------------------------------------------------" -> echo "" -277d293 -< diff --git a/network/arno-iptables-firewall/files/patch-startup-script.diff b/network/arno-iptables-firewall/files/patch-startup-script.diff index c31514e2604e..5a005f25ec28 100644 --- a/network/arno-iptables-firewall/files/patch-startup-script.diff +++ b/network/arno-iptables-firewall/files/patch-startup-script.diff @@ -1,12 +1,12 @@ 4c4 -< # description: init.d script for Arno's iptables firewall +< # description: init.d script for Arno's Iptables Firewall(AIF) --- -> # description: rc.d script for Arno's iptables firewall +> # description: rc.d script for Arno's Iptables Firewall(AIF) 7c7 < # Provides: arno-iptables-firewall --- > # Provides: rc.arno-iptables-firewall -15,21c15,23 +15,21c15,22 < ############################################################################################ < # You should put this script in eg. "/etc/init.d/" . # < # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it # @@ -18,13 +18,12 @@ > ################################################################################ > # You should put this script in "/etc/rc.d/". # > # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. # -> # If you want to run it upon boot, either create an "rc.firewall" link to this # -> # script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") # -> # or edit the network system startup script "/etc/rc.d/rc.inet2", by renaming # -> # both occurrences of "rc.firewall" to match the name ot this script, that is, # -> # "rc.arno-iptables-firewall". # +> # If you want to run it upon boot, create an "rc.firewall" symlink to the # +> # rc.arno-iptables-firewall script: # +> # # +> # ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall # > ################################################################################ -24c25 +24c26 < PROGRAM="/usr/local/sbin/arno-iptables-firewall" --- > PROGRAM="/usr/sbin/arno-iptables-firewall" -- cgit v1.2.3