summaryrefslogtreecommitdiff
path: root/network/arno-iptables-firewall/files
diff options
context:
space:
mode:
Diffstat (limited to 'network/arno-iptables-firewall/files')
-rw-r--r--network/arno-iptables-firewall/files/conf.d.readme5
-rw-r--r--network/arno-iptables-firewall/files/patch-configuration-file.diff16
-rw-r--r--network/arno-iptables-firewall/files/patch-configuration-script.diff100
-rw-r--r--network/arno-iptables-firewall/files/patch-startup-script.diff25
4 files changed, 146 insertions, 0 deletions
diff --git a/network/arno-iptables-firewall/files/conf.d.readme b/network/arno-iptables-firewall/files/conf.d.readme
new file mode 100644
index 0000000000..e64d1b133e
--- /dev/null
+++ b/network/arno-iptables-firewall/files/conf.d.readme
@@ -0,0 +1,5 @@
+# /etc/arno-iptables-firewall/conf.d/
+
+Files with a .conf extension in this directory will be sourced by the
+environment file.
+
diff --git a/network/arno-iptables-firewall/files/patch-configuration-file.diff b/network/arno-iptables-firewall/files/patch-configuration-file.diff
new file mode 100644
index 0000000000..c530647a22
--- /dev/null
+++ b/network/arno-iptables-firewall/files/patch-configuration-file.diff
@@ -0,0 +1,16 @@
+233c233
+< IP4TABLES="/sbin/iptables"
+---
+> IP4TABLES="/usr/sbin/iptables"
+238c238
+< IP6TABLES="/sbin/ip6tables"
+---
+> IP6TABLES="/usr/sbin/ip6tables"
+242c242
+< ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+---
+> ENV_FILE="/usr/share/arno-iptables-firewall/environment"
+246c246
+< PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
+---
+> PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
diff --git a/network/arno-iptables-firewall/files/patch-configuration-script.diff b/network/arno-iptables-firewall/files/patch-configuration-script.diff
new file mode 100644
index 0000000000..de7aec5dbd
--- /dev/null
+++ b/network/arno-iptables-firewall/files/patch-configuration-script.diff
@@ -0,0 +1,100 @@
+33,34c33,34
+< if [ -f ./share/arno-iptables-firewall/environment ]; then
+< . ./share/arno-iptables-firewall/environment
+---
+> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
+> . /usr/share/arno-iptables-firewall/environment
+36c36
+< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2
+---
+> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n" >&2
+70a71,75
+> else
+> # If no value is entered, remove (unless commented) previously set
+> # values: this is to prevent e.g. ports from remaining open, or
+> # internal interfaces from remaining enabled with NAT.
+> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1"
+85c90
+< # else
+---
+> else
+86a92,94
+> # This is needed in order to allow function change_conf_var()
+> # to remove values for previously set open ports.
+> change_conf_var "$2" "$3" ""
+216a225,231
+> else
+> # Remove previously set values related to the internal interface
+> # if no internal interface is entered with this script.
+> change_conf_var "$FIREWALL_CONF" "INT_IF" ""
+> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" ""
+> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" ""
+> change_conf_var "$FIREWALL_CONF" "NAT" "0"
+218c233
+<
+---
+>
+220,222c235,237
+< chmod 755 /etc/init.d/arno-iptables-firewall
+< chown 0:0 "$FIREWALL_CONF" /etc/init.d/arno-iptables-firewall
+< chmod 600 "$FIREWALL_CONF"
+---
+> chmod 755 /etc/rc.d/rc.arno-iptables-firewall
+> chown 0:0 "$FIREWALL_CONF" /etc/rc.d/rc.arno-iptables-firewall
+> chmod 600 "$FIREWALL_CONF"
+227c242
+< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
+---
+> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
+235,251d249
+< # Remove any symlinks in rc*.d out of the way
+< rm -f /etc/rc*.d/*arno-iptables-firewall
+<
+< if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/) (Y/N)?" "y"; then
+< if [ -d /etc/rcS.d ]; then
+< ln -sv /etc/init.d/arno-iptables-firewall /etc/rcS.d/S41arno-iptables-firewall
+< else
+< ln -sv /etc/init.d/arno-iptables-firewall /etc/rc2.d/S11arno-iptables-firewall
+< fi
+<
+< # Check for insserv. Used for dependency based booting on eg. Debian
+< INSSERV="$(find_command /sbin/insserv)"
+< if [ -n "$INSSERV" ]; then
+< "$INSSERV" arno-iptables-firewall
+< fi
+< fi
+<
+253c251
+< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
+---
+> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
+255c253
+< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
+---
+> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
+258c256
+< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
+---
+> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
+274a273,291
+> echo ""
+> echo "-------------------------------------------------------------------------------"
+> echo "** NOTE: 1) You can now (manually) (re)start the firewall by executing **"
+> echo "** \"/etc/rc.d/rc.arno-iptables-firewall start\" or **"
+> echo "** \"/etc/rc.d/rc.arno-iptables-firewall restart\" **"
+> echo "** It is recommended however to first review the settings in **"
+> echo "** /etc/arno-iptables-firewall/firewall.conf! **"
+> echo "** **"
+> echo "** 2) In order to start the firewall automatically at boot-time, **"
+> echo "** you will need to manually create in /etc/rc.d/ an appropriate **"
+> echo "** symlink, named \"rc.firewall\", pointing to the startup script. **"
+> echo "** To do that, issue the following command: **"
+> echo "** **"
+> echo "** ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall **"
+> echo "** **"
+> echo "** Simply delete the link if you wish to disable firewall startup **"
+> echo "** at boot-time. **"
+> echo "-------------------------------------------------------------------------------"
+> echo ""
+277d293
+<
diff --git a/network/arno-iptables-firewall/files/patch-startup-script.diff b/network/arno-iptables-firewall/files/patch-startup-script.diff
new file mode 100644
index 0000000000..c4b947d4e7
--- /dev/null
+++ b/network/arno-iptables-firewall/files/patch-startup-script.diff
@@ -0,0 +1,25 @@
+4c4
+< # description: init.d script for Arno's iptables firewall
+---
+> # description: rc.d script for Arno's iptables firewall
+7c7
+< # Provides: arno-iptables-firewall
+---
+> # Provides: rc.arno-iptables-firewall
+16,20c16,21
+< # You should put this script in eg. "/etc/init.d/" . #
+< # Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" it #
+< # If you want to run it upon boot, either add an entry in your "/etc/rc.d/rc.local" or #
+< # (for eg. Debian) in "/etc/rcS.d/" create a symlink to the arno-iptables-firewall script #
+< # ("ln -s /etc/init.d/arno-iptables-firewall script S99-arno-iptables-firewall script"). #
+---
+> # You should put this script in "/etc/rc.d/". #
+> # Furthermore make sure it's executable! -> "chmod 755" or "chmod +x" it. #
+> # If you want to run it upon boot, either create an "/etc/rc.d/rc.firewall" symlink to the #
+> # present script ("ln -sv /etc/rc.d/rc.arno-iptables-firewall /etc/rc.d/rc.firewall") or #
+> # edit the network system startup script "/etc/rc.d/rc.inet2" by renaming both occurrences #
+> # of "rc.firewall" to match this script's name (i.e. "rc.arno-iptables-firewall"). #
+24c25
+< PROGRAM="/usr/local/sbin/arno-iptables-firewall"
+---
+> PROGRAM="/usr/sbin/arno-iptables-firewall"