From 3db725242024794c5e48b655dfdf2ed701bb37d1 Mon Sep 17 00:00:00 2001 From: Philip Lacroix Date: Fri, 21 Mar 2014 01:32:46 +0700 Subject: network/arno-iptables-firewall: Updated for version 2.0.1e. Signed-off-by: Willy Sudiarto Raharjo --- network/arno-iptables-firewall/files/conf.d.readme | 5 ++ .../files/patch-configuration-file.diff | 16 ++++ .../files/patch-configuration-script.diff | 100 +++++++++++++++++++++ .../files/patch-startup-script.diff | 25 ++++++ 4 files changed, 146 insertions(+) create mode 100644 network/arno-iptables-firewall/files/conf.d.readme create mode 100644 network/arno-iptables-firewall/files/patch-configuration-file.diff create mode 100644 network/arno-iptables-firewall/files/patch-configuration-script.diff create mode 100644 network/arno-iptables-firewall/files/patch-startup-script.diff (limited to 'network/arno-iptables-firewall/files') diff --git a/network/arno-iptables-firewall/files/conf.d.readme b/network/arno-iptables-firewall/files/conf.d.readme new file mode 100644 index 000000000000..e64d1b133eb3 --- /dev/null +++ b/network/arno-iptables-firewall/files/conf.d.readme @@ -0,0 +1,5 @@ +# /etc/arno-iptables-firewall/conf.d/ + +Files with a .conf extension in this directory will be sourced by the +environment file. + diff --git a/network/arno-iptables-firewall/files/patch-configuration-file.diff b/network/arno-iptables-firewall/files/patch-configuration-file.diff new file mode 100644 index 000000000000..c530647a2235 --- /dev/null +++ b/network/arno-iptables-firewall/files/patch-configuration-file.diff @@ -0,0 +1,16 @@ +233c233 +< IP4TABLES="/sbin/iptables" +--- +> IP4TABLES="/usr/sbin/iptables" +238c238 +< IP6TABLES="/sbin/ip6tables" +--- +> IP6TABLES="/usr/sbin/ip6tables" +242c242 +< ENV_FILE="/usr/local/share/arno-iptables-firewall/environment" +--- +> ENV_FILE="/usr/share/arno-iptables-firewall/environment" +246c246 +< PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins" +--- +> PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins" diff --git a/network/arno-iptables-firewall/files/patch-configuration-script.diff b/network/arno-iptables-firewall/files/patch-configuration-script.diff new file mode 100644 index 000000000000..de7aec5dbd87 --- /dev/null +++ b/network/arno-iptables-firewall/files/patch-configuration-script.diff @@ -0,0 +1,100 @@ +33,34c33,34 +< if [ -f ./share/arno-iptables-firewall/environment ]; then +< . ./share/arno-iptables-firewall/environment +--- +> if [ -f /usr/share/arno-iptables-firewall/environment ]; then +> . /usr/share/arno-iptables-firewall/environment +36c36 +< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2 +--- +> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2 +70a71,75 +> else +> # If no value is entered, remove (unless commented) previously set +> # values: this is to prevent e.g. ports from remaining open, or +> # internal interfaces from remaining enabled with NAT. +> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1" +85c90 +< # else +--- +> else +86a92,94 +> # This is needed in order to allow function change_conf_var() +> # to remove values for previously set open ports. +> change_conf_var "$2" "$3" "" +216a225,231 +> else +> # Remove previously set values related to the internal interface +> # if no internal interface is entered with this script. +> change_conf_var "$FIREWALL_CONF" "INT_IF" "" +> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" "" +> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" "" +> change_conf_var "$FIREWALL_CONF" "NAT" "0" +218c233 +< +--- +> +220,222c235,237 +< chmod 755 /etc/init.d/arno-iptables-firewall +< chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall +< chmod 600 "$FIREWALL_CONF" +--- +> chmod 755 /etc/rc.d/rc.arno-iptables-firewall +> chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall +> chmod 600 "$FIREWALL_CONF" +227c242 +< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" +--- +> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" +235,251d249 +< # Remove any symlinks in rc*.d out of the way +< rm -f /etc/rc*.d/*arno-iptables-firewall +< +< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then +< if [ -d /etc/rcS.d ]; then +< ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall +< else +< ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall +< fi +< +< # Check for insserv. Used for dependency based booting on eg. Debian +< INSSERV="$(find_command /sbin/insserv)" +< if [ -n "$INSSERV" ]; then +< "$INSSERV" arno-iptables-firewall +< fi +< fi +< +253c251 +< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1" +--- +> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1" +255c253 +< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0" +--- +> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0" +258c256 +< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then +--- +> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then +274a273,291 +> echo "" +> echo "-------------------------------------------------------------------------------" +> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing **" +> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" or **" +> echo "** \"/etc/rc.d/rc.arno-iptables-firewall restart\" **" +> echo "** It is recommended however to first review the settings in **" +> echo "** /etc/arno-iptables-firewall/firewall.conf! **" +> echo "** **" +> echo "** 2) In order to start the firewall automatically at boot-time, **" +> echo "** you will need to manually create in /etc/rc.d/ an appropriate **" +> echo "** symlink, named \"rc.firewall\", pointing to the startup script. **" +> echo "** To do that, issue the following command: **" +> echo "** **" +> echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **" +> echo "** **" +> echo "** Simply delete the link if you wish to disable firewall startup **" +> echo "** at boot-time. **" +> echo "-------------------------------------------------------------------------------" +> echo "" +277d293 +< diff --git a/network/arno-iptables-firewall/files/patch-startup-script.diff b/network/arno-iptables-firewall/files/patch-startup-script.diff new file mode 100644 index 000000000000..c4b947d4e794 --- /dev/null +++ b/network/arno-iptables-firewall/files/patch-startup-script.diff @@ -0,0 +1,25 @@ +4c4 +< # description: init.d script for Arno's iptables firewall +--- +> # description: rc.d script for Arno's iptables firewall +7c7 +< # Provides: arno-iptables-firewall +--- +> # Provides: rc.arno-iptables-firewall +16,20c16,21 +< # You should put this script in eg. "/etc/init.d/" . # +< # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it # +< # If you want to run it upon boot, either add an entry in your "/etc/rc.d/rc.local" or # +< # (for eg. Debian) in "/etc/rcS.d/" create a symlink to the arno-iptables-firewall script # +< # ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script"). # +--- +> # You should put this script in "/etc/rc.d/". # +> # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. # +> # If you want to run it upon boot, either create an "/etc/rc.d/rc.firewall" symlink to the # +> # present script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") or # +> # edit the network system startup script "/etc/rc.d/rc.inet2" by renaming both occurrences # +> # of "rc.firewall" to match this script's name (i.e. "rc.arno-iptables-firewall"). # +24c25 +< PROGRAM="/usr/local/sbin/arno-iptables-firewall" +--- +> PROGRAM="/usr/sbin/arno-iptables-firewall" -- cgit v1.2.3