150 lines
6.8 KiB
Diff
150 lines
6.8 KiB
Diff
33,34c33,34
|
|
< if [ -f ./share/arno-iptables-firewall/environment ]; then
|
|
< . ./share/arno-iptables-firewall/environment
|
|
---
|
|
> if [ -f /usr/share/arno-iptables-firewall/environment ]; then
|
|
> . /usr/share/arno-iptables-firewall/environment
|
|
36c36
|
|
< printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
|
|
---
|
|
> printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
|
|
76a77,81
|
|
> else
|
|
> # If no value is entered, remove (unless commented) previously set
|
|
> # values: this is to prevent, for example, ports from remaining open,
|
|
> # or internal interfaces from remaining enabled with NAT.
|
|
> sed -i -e "s~^$2=.*$~$2=\"\"~" "$1"
|
|
91c96
|
|
< # else
|
|
---
|
|
> else
|
|
92a98,100
|
|
> # This is needed to allow the function change_conf_var()
|
|
> # to remove values for previously set open ports.
|
|
> change_conf_var "$2" "$3" ""
|
|
183,186c191,194
|
|
< echo "Listing available interfaces:"
|
|
< echo "-----------------------------"
|
|
< list_interfaces;
|
|
< echo "-----------------------------"
|
|
---
|
|
> # echo "Listing available interfaces:"
|
|
> # echo "-----------------------------"
|
|
> # list_interfaces;
|
|
> # echo "-----------------------------"
|
|
255a264,270
|
|
> else
|
|
> # Remove previously set values related to the internal interface,
|
|
> # if no internal interface is entered with this script.
|
|
> change_conf_var "$FIREWALL_CONF" "INT_IF" ""
|
|
> change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" ""
|
|
> change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" ""
|
|
> change_conf_var "$FIREWALL_CONF" "NAT" "0"
|
|
259,261c274,276
|
|
< if [ -e /etc/init.d/arno-iptables-firewall ]; then
|
|
< chown 0:0 /etc/init.d/arno-iptables-firewall
|
|
< chmod 755 /etc/init.d/arno-iptables-firewall
|
|
---
|
|
> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
|
|
> chown 0:0 /etc/rc.d/rc.arno-iptables-firewall
|
|
> chmod 755 /etc/rc.d/rc.arno-iptables-firewall
|
|
271c286
|
|
< AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
|
|
---
|
|
> AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
|
|
279,339c294
|
|
< RC_PATH="/etc"
|
|
< # Check for Redhat/SUSE rc.d
|
|
< if [ -d "/etc/rc.d" ]; then
|
|
< RC_PATH="/etc/rc.d"
|
|
< fi
|
|
<
|
|
< # Remove any symlinks in rc*.d out of the way
|
|
< rm -f $RC_PATH/rc0.d/*arno-iptables-firewall
|
|
< rm -f $RC_PATH/rc1.d/*arno-iptables-firewall
|
|
< rm -f $RC_PATH/rc2.d/*arno-iptables-firewall
|
|
< rm -f $RC_PATH/rc3.d/*arno-iptables-firewall
|
|
< rm -f $RC_PATH/rc4.d/*arno-iptables-firewall
|
|
< rm -f $RC_PATH/rc5.d/*arno-iptables-firewall
|
|
< rm -f $RC_PATH/rc6.d/*arno-iptables-firewall
|
|
< rm -f $RC_PATH/rcS.d/*arno-iptables-firewall
|
|
<
|
|
< if get_user_yn "Do you want to start the firewall at boot" "y"; then
|
|
< DONE=0
|
|
<
|
|
< if check_command systemctl; then
|
|
< if systemctl enable arno-iptables-firewall; then
|
|
< echo "* Successfully enabled service with systemctl"
|
|
< DONE=1
|
|
< fi
|
|
< elif check_command update-rc.d; then
|
|
< # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly
|
|
< if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then
|
|
< echo "* Successfully enabled service with update-rc.d"
|
|
< DONE=1
|
|
< fi
|
|
< elif check_command chkconfig; then
|
|
< if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then
|
|
< echo "* Successfully enabled service with chkconfig"
|
|
< DONE=1
|
|
< fi
|
|
< else
|
|
< if [ -d "$RC_PATH/rcS.d" ]; then
|
|
< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" &&
|
|
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" &&
|
|
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then
|
|
< echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink"
|
|
< DONE=1
|
|
< fi
|
|
< elif [ -d "$RC_PATH/rc2.d" ]; then
|
|
< if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" &&
|
|
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" &&
|
|
< ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then
|
|
< echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink"
|
|
< DONE=1
|
|
< fi
|
|
< else
|
|
< echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2
|
|
< fi
|
|
< fi
|
|
<
|
|
< if [ $DONE -eq 0 ]; then
|
|
< echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2
|
|
< fi
|
|
< fi
|
|
<
|
|
< if [ -e /etc/init.d/arno-iptables-firewall ]; then
|
|
---
|
|
> if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then
|
|
341c296
|
|
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1"
|
|
---
|
|
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1"
|
|
343c298
|
|
< change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0"
|
|
---
|
|
> change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0"
|
|
347c302
|
|
< if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
|
|
---
|
|
> if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then
|
|
362a318,335
|
|
> echo ""
|
|
> echo "-------------------------------------------------------------------------------"
|
|
> echo "** NOTE: 1) After configuration, it is recommended to review the firewall **"
|
|
> echo "** settings in /etc/arno-iptables-firewall/firewall.conf **"
|
|
> echo "** **"
|
|
> echo "** 2) To manually start or restart the firewall, run: **"
|
|
> echo "** /etc/rc.d/rc.arno-iptables-firewall start **"
|
|
> echo "** or /etc/rc.d/rc.arno-iptables-firewall restart **"
|
|
> echo "** **"
|
|
> echo "** 3) To start the firewall automatically at boot-time, you need an **"
|
|
> echo "** appropriate symlink, \"rc.firewall\", pointing to the startup **"
|
|
> echo "** script. Issue the following commands to create the symlink: **"
|
|
> echo "** cd /etc/rc.d/ **"
|
|
> echo "** ln -sv rc.arno-iptables-firewall rc.firewall **"
|
|
> echo "** **"
|
|
> echo "** 4) To disable startup at boot-time, simply delete the symlink, **"
|
|
> echo "** or remove the executable bit from the startup script. **"
|
|
> echo "-------------------------------------------------------------------------------"
|