summaryrefslogtreecommitdiffstats
path: root/network/arno-iptables-firewall/files/patch-configuration-script.diff
diff options
context:
space:
mode:
Diffstat (limited to 'network/arno-iptables-firewall/files/patch-configuration-script.diff')
-rw-r--r--network/arno-iptables-firewall/files/patch-configuration-script.diff161
1 files changed, 105 insertions, 56 deletions
diff --git a/network/arno-iptables-firewall/files/patch-configuration-script.diff b/network/arno-iptables-firewall/files/patch-configuration-script.diff
index dacac17330..800fb9157c 100644
--- a/network/arno-iptables-firewall/files/patch-configuration-script.diff
+++ b/network/arno-iptables-firewall/files/patch-configuration-script.diff
@@ -5,96 +5,145 @@
> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
> . /usr/share/arno-iptables-firewall/environment
36c36
-< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2
+< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
---
-> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2
-70a71,75
+> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
+76a77,81
> else
> # If no value is entered, remove (unless commented) previously set
-> # values: this is to prevent e.g. ports from remaining open, or
-> # internal interfaces from remaining enabled with NAT.
+> # values: this is to prevent, for example, ports from remaining open,
+> # or internal interfaces from remaining enabled with NAT.
> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1"
-85c90
+91c96
< # else
---
> else
-86a92,94
-> # This is needed in order to allow the function change_conf_var()
+92a98,100
+> # This is needed to allow the function change_conf_var()
> # to remove values for previously set open ports.
> change_conf_var "$2" "$3" ""
-216a225,231
+183,186c191,194
+< echo "Listing available interfaces:"
+< echo "-----------------------------"
+< list_interfaces;
+< echo "-----------------------------"
+---
+> # echo "Listing available interfaces:"
+> # echo "-----------------------------"
+> # list_interfaces;
+> # echo "-----------------------------"
+255a264,270
> else
-> # Remove previously set values related to the internal interface, if
-> # no internal interface is entered with this script.
+> # Remove previously set values related to the internal interface,
+> # if no internal interface is entered with this script.
> change_conf_var "$FIREWALL_CONF" "INT_IF" ""
> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" ""
> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" ""
> change_conf_var "$FIREWALL_CONF" "NAT" "0"
-218c233
-<
----
->
-220,222c235,237
-< chmod 755 /etc/init.d/arno-iptables-firewall
-< chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall
-< chmod 600 "$FIREWALL_CONF"
+259,261c274,276
+< if [ -e /etc/init.d/arno-iptables-firewall ]; then
+< chown 0:0 /etc/init.d/arno-iptables-firewall
+< chmod 755 /etc/init.d/arno-iptables-firewall
---
-> chmod 755 /etc/rc.d/rc.arno-iptables-firewall
-> chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall
-> chmod 600 "$FIREWALL_CONF"
-227c242
+> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
+> chown 0:0 /etc/rc.d/rc.arno-iptables-firewall
+> chmod 755 /etc/rc.d/rc.arno-iptables-firewall
+271c286
< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
---
> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
-235,251d249
+279,339c294
+< RC_PATH="/etc"
+< # Check for Redhat/SUSE rc.d
+< if [ -d "/etc/rc.d" ]; then
+< RC_PATH="/etc/rc.d"
+< fi
+<
< # Remove any symlinks in rc*.d out of the way
-< rm -f /etc/rc*.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rc0.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rc1.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rc2.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rc3.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rc4.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rc5.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rc6.d/*arno-iptables-firewall
+< rm -f $RC_PATH/rcS.d/*arno-iptables-firewall
<
-< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then
-< if [ -d /etc/rcS.d ]; then
-< ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall
+< if get_user_yn "Do you want to start the firewall at boot" "y"; then
+< DONE=0
+<
+< if check_command systemctl; then
+< if systemctl enable arno-iptables-firewall; then
+< echo "* Successfully enabled service with systemctl"
+< DONE=1
+< fi
+< elif check_command update-rc.d; then
+< # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly
+< if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then
+< echo "* Successfully enabled service with update-rc.d"
+< DONE=1
+< fi
+< elif check_command chkconfig; then
+< if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then
+< echo "* Successfully enabled service with chkconfig"
+< DONE=1
+< fi
< else
-< ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall
+< if [ -d "$RC_PATH/rcS.d" ]; then
+< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" &&
+< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" &&
+< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then
+< echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink"
+< DONE=1
+< fi
+< elif [ -d "$RC_PATH/rc2.d" ]; then
+< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" &&
+< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" &&
+< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then
+< echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink"
+< DONE=1
+< fi
+< else
+< echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2
+< fi
< fi
<
-< # Check for insserv. Used for dependency based booting on eg. Debian
-< INSSERV="$(find_command /sbin/insserv)"
-< if [ -n "$INSSERV" ]; then
-< "$INSSERV" arno-iptables-firewall
+< if [ $DONE -eq 0 ]; then
+< echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2
< fi
< fi
<
-253c251
-< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
+< if [ -e /etc/init.d/arno-iptables-firewall ]; then
+---
+> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
+341c296
+< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
---
-> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
-255c253
-< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
+> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
+343c298
+< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
---
-> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
-258c256
+> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
+347c302
< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
---
> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
-274a273,291
+362a318,335
> echo ""
> echo "-------------------------------------------------------------------------------"
-> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing **"
-> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" or **"
-> echo "** \"/etc/rc.d/rc.arno-iptables-firewall restart\" **"
-> echo "** It is recommended however to first review the settings in **"
-> echo "** /etc/arno-iptables-firewall/firewall.conf! **"
+> echo "** NOTE: 1) After configuration, it is recommended to review the firewall **"
+> echo "** settings in /etc/arno-iptables-firewall/firewall.conf **"
> echo "** **"
-> echo "** 2) In order to start the firewall automatically at boot-time, **"
-> echo "** you will need to manually create in /etc/rc.d/ an appropriate **"
-> echo "** symlink, named \"rc.firewall\", pointing to the startup script. **"
-> echo "** To do that, issue the following command: **"
+> echo "** 2) To manually start or restart the firewall, run: **"
+> echo "** /etc/rc.d/rc.arno-iptables-firewall start **"
+> echo "** or /etc/rc.d/rc.arno-iptables-firewall restart **"
> echo "** **"
-> echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **"
+> echo "** 3) To start the firewall automatically at boot-time, you need an **"
+> echo "** appropriate symlink, \"rc.firewall\", pointing to the startup **"
+> echo "** script. Issue the following commands to create the symlink: **"
+> echo "** cd /etc/rc.d/ **"
+> echo "** ln -sv rc.arno-iptables-firewall rc.firewall **"
> echo "** **"
-> echo "** Delete the link if you wish to disable firewall startup at boot- **"
-> echo "** time, or \"chmod -x\" the startup script for the same result. **"
+> echo "** 4) To disable startup at boot-time, simply delete the symlink, **"
+> echo "** or remove the executable bit from the startup script. **"
> echo "-------------------------------------------------------------------------------"
-> echo ""
-277d293
-<
generated by cgit v1.2.3 (git 2.32.0) at 2024-04-18 22:41:46 +0200