From 3db725242024794c5e48b655dfdf2ed701bb37d1 Mon Sep 17 00:00:00 2001 From: Philip Lacroix Date: Fri, 21 Mar 2014 01:32:46 +0700 Subject: network/arno-iptables-firewall: Updated for version 2.0.1e. Signed-off-by: Willy Sudiarto Raharjo --- network/arno-iptables-firewall/CHANGELOG | 9 ++ network/arno-iptables-firewall/README | 4 +- .../arno-iptables-firewall.SlackBuild | 35 ++++---- .../arno-iptables-firewall.info | 10 +-- network/arno-iptables-firewall/files/conf.d.readme | 5 ++ .../files/patch-configuration-file.diff | 16 ++++ .../files/patch-configuration-script.diff | 100 +++++++++++++++++++++ .../files/patch-startup-script.diff | 25 ++++++ .../patch-configuration-file.diff | 16 ---- .../patch-configuration-script.diff | 77 ---------------- .../patch-startup-script.diff | 25 ------ network/arno-iptables-firewall/slack-desc | 2 +- 12 files changed, 182 insertions(+), 142 deletions(-) create mode 100644 network/arno-iptables-firewall/CHANGELOG create mode 100644 network/arno-iptables-firewall/files/conf.d.readme create mode 100644 network/arno-iptables-firewall/files/patch-configuration-file.diff create mode 100644 network/arno-iptables-firewall/files/patch-configuration-script.diff create mode 100644 network/arno-iptables-firewall/files/patch-startup-script.diff delete mode 100644 network/arno-iptables-firewall/patch-configuration-file.diff delete mode 100644 network/arno-iptables-firewall/patch-configuration-script.diff delete mode 100644 network/arno-iptables-firewall/patch-startup-script.diff (limited to 'network') diff --git a/network/arno-iptables-firewall/CHANGELOG b/network/arno-iptables-firewall/CHANGELOG new file mode 100644 index 0000000000000..6c59e6c89f9e6 --- /dev/null +++ b/network/arno-iptables-firewall/CHANGELOG @@ -0,0 +1,9 @@ +Changes to this SlackBuild since version 2.0.1d +----------------------------------------------- + +* Modified patch for configuration script: better behavior of the + script if empty values are entered. +* Updated links to homepage and to source tarball. +* Moved patches and conf.d.readme file to new "files/" directory. +* SlackBuild cleanup. + diff --git a/network/arno-iptables-firewall/README b/network/arno-iptables-firewall/README index 8cee93f4577b1..1ab26e62de1cc 100644 --- a/network/arno-iptables-firewall/README +++ b/network/arno-iptables-firewall/README @@ -1,12 +1,12 @@ arno-iptables-firewall is a front-end for iptables. Its configuration -script will setup a secure and restrictive firewall by just asking a +script will set up a secure and restrictive firewall by just asking a few questions. This includes configuring internal networks for Internet access via NAT and network services like http or ssh. Moreover, it provides many advanced additional features that can be enabled in the well documented configuration file. PLEASE NOTE - The setup script is NOT going to be run automatically -after your package is installed. In order to do that, you'll have to +after your package is installed. In order to do that you'll have to issue the following command: # arno-iptables-firewall-configure diff --git a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild index 6be33adc9112f..a3fbecded7588 100644 --- a/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild +++ b/network/arno-iptables-firewall/arno-iptables-firewall.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for arno-iptables-firewall -# Copyright 2013-2014 Philip Lacroix +# Copyright 2013-2014 Philip Lacroix # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ # Thanks to Matteo Bernardini and Robby Workman for their valuable remarks. PRGNAM=arno-iptables-firewall -VERSION=${VERSION:-2.0.1d} +VERSION=${VERSION:-2.0.1e} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -39,10 +39,10 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM\_$VERSION -tar xvf $CWD/$PRGNAM\_$VERSION.tar.gz +rm -rf aif-$VERSION +tar xvf $CWD/$VERSION.tar.gz -cd $PRGNAM\_$VERSION +cd aif-$VERSION chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ @@ -64,19 +64,22 @@ cp -a ./bin/arno-fwfilter $PRGBIN/ # Patch the configuration script. We need this in order to be able to # run the script from outside the source directory as well. We're going -# to (1) change from relative to absolute the path to the environment +# to (1) change from relative to absolute the paths to the environment # file and firewall executable; (2) rename and change the path to the # startup script (this is for better consistency with Slackware's init # system); (3) change the path to the unmodified copy of the config # file, needed to check for existing custom setups. We will NOT create # a Slackware-compliant /etc/rc.d/rc.firewall symlink to the startup # script, as this should be done manually by the sysadmin. We won't -# create any SystemV-style symlinks either. Finally (4) we append the -# note, picked from the original installation script and slightly -# enhanced, that will be shown to the user when configuration is done -# (this is to inform that an rc.firewall symlink has to be created in -# order to start up the firewall at boot-time in a proper way). -patch $PRGBIN/$PRGNAM-configure < $CWD/patch-configuration-script.diff +# create any SystemV-style symlinks either. (4) We will allow the script +# to be run correctly more than once, by removing previously set values +# if no value is entered: this is to prevent e.g. ports from remaining +# open, or internal interfaces from remaining enabled with NAT. Finally +# (5) we append the note, picked from the original installation script +# and slightly enhanced, that the user will see when configuration is +# done: this is to inform that an rc.firewall symlink has to be created +# in order to start up the firewall at boot-time in a proper way. +patch $PRGBIN/$PRGNAM-configure < $CWD/files/patch-configuration-script.diff # Copy and compress man pages mkdir -p $PRGMAN @@ -87,8 +90,8 @@ find $PRGMAN -type f -exec gzip -9 {} \; # in order to fix paths; set permissions. mkdir -p $PRGETC/conf.d cp -a ./etc/$PRGNAM/* $PRGETC/ -cat $CWD/conf.d.readme > $PRGETC/conf.d/README -patch $PRGETC/firewall.conf < $CWD/patch-configuration-file.diff +cat $CWD/files/conf.d.readme > $PRGETC/conf.d/README +patch $PRGETC/firewall.conf < $CWD/files/patch-configuration-file.diff for conf in $( find $PRGETC -type f -not -name README ); do mv ${conf} ${conf}.new chmod 600 ${conf}.new @@ -107,10 +110,10 @@ ln -sv /usr/share/$PRGNAM/plugins/traffic-accounting-show $PRGBIN/ # Slackware system. mkdir -p $PKG/etc/rc.d/ install -m 0644 ./etc/init.d/$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM -patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/patch-startup-script.diff +patch $PKG/etc/rc.d/rc.$PRGNAM < $CWD/files/patch-startup-script.diff # Copy documentation, include third-party sample files. -mkdir -p $PRGDOC/contrib $PKG/usr/doc +mkdir -p $PRGDOC/contrib for doc in README CHANGELOG gpl_license.txt ; do cp -a ./${doc} $PRGDOC/ done diff --git a/network/arno-iptables-firewall/arno-iptables-firewall.info b/network/arno-iptables-firewall/arno-iptables-firewall.info index ad1a473ee1d65..22a9e6c652b45 100644 --- a/network/arno-iptables-firewall/arno-iptables-firewall.info +++ b/network/arno-iptables-firewall/arno-iptables-firewall.info @@ -1,10 +1,10 @@ PRGNAM="arno-iptables-firewall" -VERSION="2.0.1d" -HOMEPAGE="http://rocky.eld.leidenuniv.nl" -DOWNLOAD="http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1d.tar.gz" -MD5SUM="c0504a92f7f34f6973ce1d9996b4908d" +VERSION="2.0.1e" +HOMEPAGE="https://github.com/arno-iptables-firewall/aif" +DOWNLOAD="https://github.com/arno-iptables-firewall/aif/archive/2.0.1e.tar.gz" +MD5SUM="4981a336f55e2db90f594beedcaef47d" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" MAINTAINER="Philip Lacroix" -EMAIL="philnx at bluebottle dot com" +EMAIL="philnx at posteo dot de" diff --git a/network/arno-iptables-firewall/files/conf.d.readme b/network/arno-iptables-firewall/files/conf.d.readme new file mode 100644 index 0000000000000..e64d1b133eb32 --- /dev/null +++ b/network/arno-iptables-firewall/files/conf.d.readme @@ -0,0 +1,5 @@ +# /etc/arno-iptables-firewall/conf.d/ + +Files with a .conf extension in this directory will be sourced by the +environment file. + diff --git a/network/arno-iptables-firewall/files/patch-configuration-file.diff b/network/arno-iptables-firewall/files/patch-configuration-file.diff new file mode 100644 index 0000000000000..c530647a22355 --- /dev/null +++ b/network/arno-iptables-firewall/files/patch-configuration-file.diff @@ -0,0 +1,16 @@ +233c233 +< IP4TABLES="/sbin/iptables" +--- +> IP4TABLES="/usr/sbin/iptables" +238c238 +< IP6TABLES="/sbin/ip6tables" +--- +> IP6TABLES="/usr/sbin/ip6tables" +242c242 +< ENV_FILE="/usr/local/share/arno-iptables-firewall/environment" +--- +> ENV_FILE="/usr/share/arno-iptables-firewall/environment" +246c246 +< PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins" +--- +> PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins" diff --git a/network/arno-iptables-firewall/files/patch-configuration-script.diff b/network/arno-iptables-firewall/files/patch-configuration-script.diff new file mode 100644 index 0000000000000..de7aec5dbd870 --- /dev/null +++ b/network/arno-iptables-firewall/files/patch-configuration-script.diff @@ -0,0 +1,100 @@ +33,34c33,34 +< if [ -f ./share/arno-iptables-firewall/environment ]; then +< . ./share/arno-iptables-firewall/environment +--- +> if [ -f /usr/share/arno-iptables-firewall/environment ]; then +> . /usr/share/arno-iptables-firewall/environment +36c36 +< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2 +--- +> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2 +70a71,75 +> else +> # If no value is entered, remove (unless commented) previously set +> # values: this is to prevent e.g. ports from remaining open, or +> # internal interfaces from remaining enabled with NAT. +> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1" +85c90 +< # else +--- +> else +86a92,94 +> # This is needed in order to allow function change_conf_var() +> # to remove values for previously set open ports. +> change_conf_var "$2" "$3" "" +216a225,231 +> else +> # Remove previously set values related to the internal interface +> # if no internal interface is entered with this script. +> change_conf_var "$FIREWALL_CONF" "INT_IF" "" +> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" "" +> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" "" +> change_conf_var "$FIREWALL_CONF" "NAT" "0" +218c233 +< +--- +> +220,222c235,237 +< chmod 755 /etc/init.d/arno-iptables-firewall +< chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall +< chmod 600 "$FIREWALL_CONF" +--- +> chmod 755 /etc/rc.d/rc.arno-iptables-firewall +> chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall +> chmod 600 "$FIREWALL_CONF" +227c242 +< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" +--- +> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" +235,251d249 +< # Remove any symlinks in rc*.d out of the way +< rm -f /etc/rc*.d/*arno-iptables-firewall +< +< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then +< if [ -d /etc/rcS.d ]; then +< ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall +< else +< ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall +< fi +< +< # Check for insserv. Used for dependency based booting on eg. Debian +< INSSERV="$(find_command /sbin/insserv)" +< if [ -n "$INSSERV" ]; then +< "$INSSERV" arno-iptables-firewall +< fi +< fi +< +253c251 +< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1" +--- +> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1" +255c253 +< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0" +--- +> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0" +258c256 +< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then +--- +> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then +274a273,291 +> echo "" +> echo "-------------------------------------------------------------------------------" +> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing **" +> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" or **" +> echo "** \"/etc/rc.d/rc.arno-iptables-firewall restart\" **" +> echo "** It is recommended however to first review the settings in **" +> echo "** /etc/arno-iptables-firewall/firewall.conf! **" +> echo "** **" +> echo "** 2) In order to start the firewall automatically at boot-time, **" +> echo "** you will need to manually create in /etc/rc.d/ an appropriate **" +> echo "** symlink, named \"rc.firewall\", pointing to the startup script. **" +> echo "** To do that, issue the following command: **" +> echo "** **" +> echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **" +> echo "** **" +> echo "** Simply delete the link if you wish to disable firewall startup **" +> echo "** at boot-time. **" +> echo "-------------------------------------------------------------------------------" +> echo "" +277d293 +< diff --git a/network/arno-iptables-firewall/files/patch-startup-script.diff b/network/arno-iptables-firewall/files/patch-startup-script.diff new file mode 100644 index 0000000000000..c4b947d4e7948 --- /dev/null +++ b/network/arno-iptables-firewall/files/patch-startup-script.diff @@ -0,0 +1,25 @@ +4c4 +< # description: init.d script for Arno's iptables firewall +--- +> # description: rc.d script for Arno's iptables firewall +7c7 +< # Provides: arno-iptables-firewall +--- +> # Provides: rc.arno-iptables-firewall +16,20c16,21 +< # You should put this script in eg. "/etc/init.d/" . # +< # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it # +< # If you want to run it upon boot, either add an entry in your "/etc/rc.d/rc.local" or # +< # (for eg. Debian) in "/etc/rcS.d/" create a symlink to the arno-iptables-firewall script # +< # ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script"). # +--- +> # You should put this script in "/etc/rc.d/". # +> # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. # +> # If you want to run it upon boot, either create an "/etc/rc.d/rc.firewall" symlink to the # +> # present script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") or # +> # edit the network system startup script "/etc/rc.d/rc.inet2" by renaming both occurrences # +> # of "rc.firewall" to match this script's name (i.e. "rc.arno-iptables-firewall"). # +24c25 +< PROGRAM="/usr/local/sbin/arno-iptables-firewall" +--- +> PROGRAM="/usr/sbin/arno-iptables-firewall" diff --git a/network/arno-iptables-firewall/patch-configuration-file.diff b/network/arno-iptables-firewall/patch-configuration-file.diff deleted file mode 100644 index f49ee6099f981..0000000000000 --- a/network/arno-iptables-firewall/patch-configuration-file.diff +++ /dev/null @@ -1,16 +0,0 @@ -235c235 -< IP4TABLES="/sbin/iptables" ---- -> IP4TABLES="/usr/sbin/iptables" -240c240 -< IP6TABLES="/sbin/ip6tables" ---- -> IP6TABLES="/usr/sbin/ip6tables" -244c244 -< ENV_FILE="/usr/local/share/arno-iptables-firewall/environment" ---- -> ENV_FILE="/usr/share/arno-iptables-firewall/environment" -248c248 -< PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins" ---- -> PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins" diff --git a/network/arno-iptables-firewall/patch-configuration-script.diff b/network/arno-iptables-firewall/patch-configuration-script.diff deleted file mode 100644 index 6cdc80c7ad0ab..0000000000000 --- a/network/arno-iptables-firewall/patch-configuration-script.diff +++ /dev/null @@ -1,77 +0,0 @@ -34,35c34,35 -< if [ -f ./share/arno-iptables-firewall/environment ]; then -< . ./share/arno-iptables-firewall/environment ---- -> if [ -f /usr/share/arno-iptables-firewall/environment ]; then -> . /usr/share/arno-iptables-firewall/environment -37c37 -< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2 ---- -> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2 -219c219 -< ---- -> -221,223c221,223 -< chmod 755 /etc/init.d/arno-iptables-firewall -< chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall -< chmod 600 "$FIREWALL_CONF" ---- -> chmod 755 /etc/rc.d/rc.arno-iptables-firewall -> chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall -> chmod 600 "$FIREWALL_CONF" -228c228 -< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" ---- -> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" -236,252d235 -< # Remove any symlinks in rc*.d out of the way -< rm -f /etc/rc*.d/*arno-iptables-firewall -< -< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then -< if [ -d /etc/rcS.d ]; then -< ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall -< else -< ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall -< fi -< -< # Check for insserv. Used for dependency based booting on eg. Debian -< INSSERV="$(find_command /sbin/insserv)" -< if [ -n "$INSSERV" ]; then -< "$INSSERV" arno-iptables-firewall -< fi -< fi -< -254c237 -< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1" ---- -> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1" -256c239 -< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0" ---- -> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0" -259c242 -< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then ---- -> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then -275a259,276 -> echo "" -> echo "-------------------------------------------------------------------------------" -> echo "** NOTE: 1) You can now (manually) start the firewall by executing **" -> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" **" -> echo "** It is recommended however to first review the settings in **" -> echo "** /etc/arno-iptables-firewall/firewall.conf! **" -> echo "** **" -> echo "** 2) In order to start the firewall automatically at boot-time, **" -> echo "** you will need to manually create in /etc/rc.d/ an appropriate **" -> echo "** symlink, named \"rc.firewall\", pointing to the startup script. **" -> echo "** To do that, issue the following command: **" -> echo "** **" -> echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **" -> echo "** **" -> echo "** Simply delete the link if you wish to disable firewall startup **" -> echo "** at boot-time. **" -> echo "-------------------------------------------------------------------------------" -> echo "" -278d278 -< diff --git a/network/arno-iptables-firewall/patch-startup-script.diff b/network/arno-iptables-firewall/patch-startup-script.diff deleted file mode 100644 index c6dd915c7854b..0000000000000 --- a/network/arno-iptables-firewall/patch-startup-script.diff +++ /dev/null @@ -1,25 +0,0 @@ -4c4 -< # description: init.d script for Arno's iptables firewall ---- -> # description: rc.d script for Arno's iptables firewall -7c7 -< # Provides: arno-iptables-firewall ---- -> # Provides: rc.arno-iptables-firewall -16,20c16,21 -< # You should put this script in eg. "/etc/init.d/" . # -< # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it # -< # If you want to run it upon boot, either add an entry in your "/etc/rc.d/rc.local" or # -< # (for eg. Debian) in "/etc/rcS.d/" create a symlink to the arno-iptables-firewall script # -< # ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script"). # ---- -> # You should put this script in "/etc/rc.d/". # -> # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it. # -> # If you want to run it upon boot, either create an "/etc/rc.d/rc.firewall" symlink to the # -> # present script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") or # -> # edit the network system startup script "/etc/rc.d/rc.inet2" by renaming both occurrences # -> # of "rc.firewall" to match this script's name (i.e. "rc.arno-iptables-firewall"). # -24c25 -< PROGRAM="/usr/local/sbin/arno-iptables-firewall" ---- -> PROGRAM="/usr/sbin/arno-iptables-firewall" diff --git a/network/arno-iptables-firewall/slack-desc b/network/arno-iptables-firewall/slack-desc index 80e82a06f9189..89cec36c724fb 100644 --- a/network/arno-iptables-firewall/slack-desc +++ b/network/arno-iptables-firewall/slack-desc @@ -15,5 +15,5 @@ arno-iptables-firewall: for Internet access via NAT and network services like ht arno-iptables-firewall: Moreover, it provides many advanced additional features that can be arno-iptables-firewall: enabled in the well documented configuration file. arno-iptables-firewall: -arno-iptables-firewall: Homepage: http://rocky.eld.leidenuniv.nl +arno-iptables-firewall: https://github.com/arno-iptables-firewall/aif arno-iptables-firewall: -- cgit v1.2.3