33,34c33,34
< if [ -f ./share/arno-iptables-firewall/environment ]; then
< . ./share/arno-iptables-firewall/environment
---
> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
> . /usr/share/arno-iptables-firewall/environment
36c36
< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
---
> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
76a77,81
> else
> # If no value is entered, remove (unless commented) previously set
> # values: this is to prevent, for example, ports from remaining open,
> # or internal interfaces from remaining enabled with NAT.
> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1"
91c96
< # else
---
> else
92a98,100
> # This is needed to allow the function change_conf_var()
> # to remove values for previously set open ports.
> change_conf_var "$2" "$3" ""
183,186c191,194
< echo "Listing available interfaces:"
< echo "-----------------------------"
< list_interfaces;
< echo "-----------------------------"
---
> # echo "Listing available interfaces:"
> # echo "-----------------------------"
> # list_interfaces;
> # echo "-----------------------------"
255a264,270
> else
> # Remove previously set values related to the internal interface,
> # if no internal interface is entered with this script.
> change_conf_var "$FIREWALL_CONF" "INT_IF" ""
> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" ""
> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" ""
> change_conf_var "$FIREWALL_CONF" "NAT" "0"
259,261c274,276
< if [ -e /etc/init.d/arno-iptables-firewall ]; then
< chown 0:0 /etc/init.d/arno-iptables-firewall
< chmod 755 /etc/init.d/arno-iptables-firewall
---
> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
> chown 0:0 /etc/rc.d/rc.arno-iptables-firewall
> chmod 755 /etc/rc.d/rc.arno-iptables-firewall
271c286
< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
---
> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
279,339c294
< RC_PATH="/etc"
< # Check for Redhat/SUSE rc.d
< if [ -d "/etc/rc.d" ]; then
< RC_PATH="/etc/rc.d"
< fi
<
< # Remove any symlinks in rc*.d out of the way
< rm -f $RC_PATH/rc0.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc1.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc2.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc3.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc4.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc5.d/*arno-iptables-firewall
< rm -f $RC_PATH/rc6.d/*arno-iptables-firewall
< rm -f $RC_PATH/rcS.d/*arno-iptables-firewall
<
< if get_user_yn "Do you want to start the firewall at boot" "y"; then
< DONE=0
<
< if check_command systemctl; then
< if systemctl enable arno-iptables-firewall; then
< echo "* Successfully enabled service with systemctl"
< DONE=1
< fi
< elif check_command update-rc.d; then
< # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly
< if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then
< echo "* Successfully enabled service with update-rc.d"
< DONE=1
< fi
< elif check_command chkconfig; then
< if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then
< echo "* Successfully enabled service with chkconfig"
< DONE=1
< fi
< else
< if [ -d "$RC_PATH/rcS.d" ]; then
< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" &&
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" &&
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then
< echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink"
< DONE=1
< fi
< elif [ -d "$RC_PATH/rc2.d" ]; then
< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" &&
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" &&
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then
< echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink"
< DONE=1
< fi
< else
< echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2
< fi
< fi
<
< if [ $DONE -eq 0 ]; then
< echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2
< fi
< fi
<
< if [ -e /etc/init.d/arno-iptables-firewall ]; then
---
> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
341c296
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
---
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
343c298
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
---
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
347c302
< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
---
> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
362a318,335
> echo ""
> echo "-------------------------------------------------------------------------------"
> echo "** NOTE: 1) After configuration, it is recommended to review the firewall **"
> echo "** settings in /etc/arno-iptables-firewall/firewall.conf **"
> echo "** **"
> echo "** 2) To manually start or restart the firewall, run: **"
> echo "** /etc/rc.d/rc.arno-iptables-firewall start **"
> echo "** or /etc/rc.d/rc.arno-iptables-firewall restart **"
> echo "** **"
> echo "** 3) To start the firewall automatically at boot-time, you need an **"
> echo "** appropriate symlink, \"rc.firewall\", pointing to the startup **"
> echo "** script. Issue the following commands to create the symlink: **"
> echo "** cd /etc/rc.d/ **"
> echo "** ln -sv rc.arno-iptables-firewall rc.firewall **"
> echo "** **"
> echo "** 4) To disable startup at boot-time, simply delete the symlink, **"
> echo "** or remove the executable bit from the startup script. **"
> echo "-------------------------------------------------------------------------------"
|
