Commit b9c78fd0 authored by Sven Geuer's avatar Sven Geuer

Import Debian changes 2.0.3-1~rc1

arno-iptables-firewall (2.0.3-1~rc1) UNRELEASED; urgency=medium

  * New upstream release.
    (Closes: #824684, #862856, #886991, #898770, #913089)
  * New maintainer.
    (Closes: #886951)
  * Update Standards-Version to 4.2.1; no changes necessary.
  * Update debhelper compatibility level to 11.
  * Clean up Depends.
  * Update debian/copyright.
  * Update debian/watch.
  * Make use of dh_installlogrotate and simulate non-existing
    dh_installrsyslog
    - Move logrotate.d.conf to arno-iptables-firewall.logrotate
    - Move rsyslog.d.conf to arno-iptables-firewall.rsyslog
    - Update debian/rules
  * Switch from System-V style init scripts to systemd
    - Suppress installation of /etc/init.d/arno-iptables-firewall
    - Introduce debian/prerm
    - Update debian/postrm to not use invoke-rc.d or update-rc.d.
    - Update debian/preinst to remove System-V style init script links.
    - Update debian/postinst to use deb-systemd-invoke instead 
      of invoke-rc.d or update-rc.d.
    - Update debian/arno-iptables-firewall.logrotate to use systemctl 
      instead of invoke-rc.d.
    - Update debian/template and debian/po/* to propose a call to 
      systemctl instead of invoke-rc.d.
    - Update debian/rules
  * Bugfix: Convert debian/po/fr.po and sv.po from latin1 to utf8
parents ed1a4c51 813c1fe5
Version 2.0.3 (June 28, 2018)
-----------------------------
! Missing mention in man page of arno-fwfilter's --no-resolve option
! Various fixes in the installer
* Improvements in the parasitic net plugin
* Various tweaks
Version 2.0.2a (October 26, 2017)
---------------------------------
! Fixed log line being too long (>28 chars)
! Fixed systemd installation failed on some systems
! Service file should start AIF after network is up and local filesystems are mounted
* Tweaks/improvements in configure/install scripts
Version 2.0.2 (July 28, 2017)
-----------------------------
+ Added new Parasitic Network plugin, allows "clients" on the same subnet to use this device as a gateway upstream.
* Improve lock-file handling in the "DynDNS Host Open" and "Traffic Accounting" plugins.
+ Disable nf_conntrack automatic helper assignment when possible, attach with CT target, Issue #35
! Fixed IPv6 NAT table was not flushed on start/stop/restart, Issue #36
+ Added EXT_IF_DHCPV6_IPV6 config variable supporting DHCPv6 when DHCP is not enabled, Issue #34
+ Added ability to selectively log blocked hosts by inbound and outbound direction.
BLOCKED_HOST_LOG Options: 0 = Disable, 1 = Inbound & Outbound, 2 = Inbound, 3 = Outbound
Version 2.0.1g (October 11, 2016)
---------------------------------
+ Added new BLOCK_NETSET_DIR variable which efficiently creates ipsets for blocklists using .netset files.
+ Added expert DEFAULT_NETSET_WHITELIST and DEFAULT_NETSET_WHITELISTV6 variables when BLOCK_NETSET_DIR is defined.
+ Added ipset support when IPTABLES_IPSET=1 and ipset is installed, disabled by default, Issues: #1, #24, #31
+ Added LAN to DMZ forwarding policy, new optional LAN_DMZ_ALLOW_IF variable, Issue #30
+ Added NAT_IF option to optionally specify external interfaces to be used for NAT
+ Added LAN to LAN (Inter-LAN) filtering rules, LAN_LAN_HOST_OPEN_xxx, Issue #28
- Removed unused INT_FORWARD_IN_CHAIN and INT_FORWARD_OUT_CHAIN user chains, related to Issue #28
Note: Any custom rule or plugin should generally use the FORWARD_CHAIN or POST_FORWARD_CHAIN to access the FORWARD chain.
Additionally, the new LAN_LAN_HOST_OPEN_xxx rules natively handle Inter-LAN filtering.
* New support for ICMPv6 Multicast Listener Discovery, enable with OPEN_ICMPV6_MLD=1, disabled by default
* Keep external ICMPv6 packets appearing as annoying logs, common with native IPv6 ISP's. Thanks to David Kerr
+ Added new PPTP VPN Passthrough plugin, suggested by Yuriy Cherniavsky, Issue #27
* Detect and remove stale lockfiles for plugin helpers
! Support kernel version check where "uname -r" doesn't contain a '-' character
! Leave the IPv6 sysctl accept_ra setting alone when forwarding=1, fixes WAN DHCPv6-client, Issue #21
Version 2.0.1f (October 1, 2015)
--------------------------------
* Honour Debian recommendations for systemd service file
......
......@@ -3,7 +3,7 @@
~ In memory of my dear father ~
(C) Copyright 2001-2015 by Arno van Amersfoort & Lonnie Abelbeck
(C) Copyright 2001-2017 by Arno van Amersfoort & Lonnie Abelbeck
Homepage : http://rocky.eld.leidenuniv.nl/
Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
(note: you must remove all spaces and substitute the @ and the .
......@@ -29,18 +29,13 @@ Almost *all* my work is distributed under the terms of the GNU GPL License,
which means it's free (open-source) software. If you like my work or you want
me to implement a certain feature, you are encouraged to donate money. You can
(preferably) donate directly to me through my bank account (mail me for my IBAN
number (International Bank Account Number). Or you can donate it to one of my
favourite charity organisations:
number (International Bank Account Number). My favourite charity organisations are:
- foundations for cancer research (in The Netherlands: "KWF Kanker Bestrijding");
- foundations for brain desease research (in The Netherlands: "De Hersenstichting");
- foundations for the welfare of animals ("IFAW" or in the Netherlands: "De Dierenbescherming")
Note that *ALL* donations I receive go to one of the above foundations.
I can also provide paid support (for commercial businesses). For example for
firewall customisation, (special) feature requests or other support. Just
contact me and we can work something out.
IMPORTANT NOTE:
---------------
I don't provide enduser support on my email address. Any problems & questions
......@@ -71,7 +66,7 @@ An explanation of the files in the package:
The configuration file used for Arno's iptables firewall script.
Normally you should put it in /etc/arno-iptables-firewall/. Make sure
root is owner/group (with "chown 0:0").
/etc/arno-iptables-firewall/plugins/ :
Put any plugin config files (.conf files) for my firewall in this
directory.
......@@ -117,7 +112,7 @@ An explanation of the files in the package:
/configure.sh :
Script to setup a basic configuration.
/install.sh :
Install script to deploy my firewall on your system.
......@@ -128,12 +123,12 @@ An explanation of the files in the package:
Directory contains any misc. (user contributed) files (scripts etc.) It
also contains examples on how to modify your syslogger to log your
firewall stuff into a separate file.
------------------------------------------
| Some IMPORTANT (security) information: |
------------------------------------------
1) If possible try to start the firewall before you enable your (ADSL) internet
connection (if possible). For an ppp-interface that doesn't exist yet
connection. For an ppp-interface that doesn't exist yet
you can use the wildcard device called "ppp+" (but you can only use
ppp+ if there aren't any other ppp interfaces!).
......@@ -319,7 +314,7 @@ features are enabled by default to protect you from hostile attacks.
NOTE 4: Don't forget to set EXT_IF_DHCP_IP=1 in firewall.conf too, in
case your ISP uses DHCP.
b) In case your on a corporate network which uses public IPs I'd suggest to add
your local subnet (range) to "FULL_ACCESS_HOSTS".
......@@ -444,7 +439,7 @@ Notes on writing your own plugins
chains like INPUT/OUTPUT/FORWARD/PREROUTING/POSTROUTING. Only do this when
it's absolutely necessary!
Available iptables chains created by Arno's Iptables Firewall
-------------------------------------------------------------
BASE_INPUT_CHAIN - Base input chain. For internal use by AIF only!
......@@ -471,15 +466,13 @@ DMZ_INPUT_CHAIN - DMZ INPUT chain
DMZ_LAN_FORWARD_CHAIN - DMZ to LAN/internal-net forward chain
DMZ_OUTPUT_CHAIN - DMZ output chain
INET_DMZ_FORWARD_CHAIN - External-net(internet) to DMZ forward chain
HOST_BLOCK_DROP - Chain where packets from dropped blocked hosts go
HOST_BLOCK_DST - Chain containing the list of destination based
blocked hosts
HOST_BLOCK_SRC - Chain containing the list of source based blocked
hosts
INT_FORWARD_IN_CHAIN - Internal-net FORWARD chain for INcoming traffic
INT_FORWARD_OUT_CHAIN - Internal-net FORWARD chain for OUTcoming traffic
HOST_BLOCK_SRC - Chain containing the list of inbound blocked hosts
HOST_BLOCK_DST - Chain containing the list of outbound blocked hosts
HOST_BLOCK_SRC_DROP - Chain where packets from dropped inbound blocked hosts go
HOST_BLOCK_DST_DROP - Chain where packets from dropped outbound blocked hosts go
INT_INPUT_CHAIN - Internal-net INPUT chain
INT_OUTPUT_CHAIN - Internal-net OUTPUT chain
LAN_LAN_FORWARD_CHAIN - LAN to LAN (Inter-LAN) forward chain (AIF private use only)
LAN_INET_FORWARD_CHAIN - LAN to internet (external net) forward chain
POST_INPUT_CHAIN - This chain is always processed last(post) in the
INPUT chain
......@@ -642,3 +635,4 @@ topics related to the scope of this firewall script.
CONFIG_NF_CT_ACCT was scheduled to be removed in 2.6.29, but has not yet
been removed, as of writing.
This diff is collapsed.
#!/bin/bash
MY_VERSION="1.02h"
MY_VERSION="1.03"
# ------------------------------------------------------------------------------------------
# -= Arno's iptables firewall =-
......@@ -8,7 +8,7 @@ MY_VERSION="1.02h"
#
# ~ In memory of my dear father ~
#
# (C) Copyright 2001-2015 by Arno van Amersfoort
# (C) Copyright 2001-2017 by Arno van Amersfoort
# Homepage : http://rocky.eld.leidenuniv.nl/
# Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
# (note: you must remove all spaces and substitute the @ and the .
......@@ -269,7 +269,7 @@ printf "\033[40m\033[1;32mArno's Iptables Firewall Script v$AIF_VERSION\033[0m\n
printf "Configure Script v$MY_VERSION\n"
echo "-------------------------------------------------------------------------------"
sanity_check;
sanity_check
RC_PATH="/etc"
# Check for Redhat/SUSE rc.d
......@@ -287,9 +287,15 @@ rm -f $RC_PATH/rc5.d/*arno-iptables-firewall
rm -f $RC_PATH/rc6.d/*arno-iptables-firewall
rm -f $RC_PATH/rcS.d/*arno-iptables-firewall
if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/)" "y"; then
if get_user_yn "Do you want to start the firewall at boot" "y"; then
DONE=0
if check_command update-rc.d; then
if check_command systemctl; then
if systemctl enable arno-iptables-firewall; then
echo "* Successfully enabled service with systemctl"
DONE=1
fi
elif check_command update-rc.d; then
# Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly
if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then
echo "* Successfully enabled service with update-rc.d"
......@@ -300,9 +306,7 @@ if get_user_yn "Do you want to start the firewall at boot (via /etc/init.d/)" "y
echo "* Successfully enabled service with chkconfig"
DONE=1
fi
fi
if [ $DONE -eq 0 ]; then
else
if [ -d "$RC_PATH/rcS.d" ]; then
if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" &&
ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" &&
......@@ -335,13 +339,13 @@ fi
if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
if get_user_yn "Your firewall.conf is not configured yet.\nDo you want me to help you setup a basic configuration" "y"; then
setup_conf_file;
setup_conf_file
else
echo "* Skipped"
fi
else
if get_user_yn "Your firewall.conf looks already customized.\nModify configuration" "n"; then
setup_conf_file;
setup_conf_file
else
echo "* Skipped"
fi
......
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv,local7,daemon,lpr.none;\
kern.!=debug;\
cron.!=info -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.*;kern.!=debug -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
# Logging for iptables
kern.=debug /var/log/firewall.log
#
# Some "catch-all" log files.
#
*.=debug;\
kern.!=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
# Log firewall messages to /var/log/arno-iptables-firewall (asynchronously),
# and then drop them so that they aren't logged again elsewhere.
if $syslogfacility-text == 'kern' \
and $msg contains 'AIF:' then -/var/log/firewall.log
& stop
* Make /etc/arno-iptables-firewall root:adm o-rx
bin/arno-fwfilter usr/bin
bin/arno-iptables-firewall usr/sbin
etc/* etc
etc/arno-iptables-firewall/* etc/arno-iptables-firewall
share/arno-iptables-firewall/* usr/share/arno-iptables-firewall
lib/* lib
arno-iptables-firewall binary: settitle-requires-versioned-depends config
arno-iptables-firewall: init.d-script-possible-missing-stop etc/init.d/arno-iptables-firewall 1
......@@ -8,6 +8,6 @@
delaycompress
sharedscripts
postrotate
[ -x /etc/init.d/rsyslog ] && invoke-rc.d rsyslog rotate > /dev/null
systemctl is-active rsyslog.service && systemctl --signal=SIGHUP kill rsyslog.service > /dev/null
endscript
}
arno-iptables-firewall (2.0.3-1~rc1) UNRELEASED; urgency=medium
* New upstream release.
(Closes: #824684, #862856, #886991, #898770, #913089)
* New maintainer.
(Closes: #886951)
* Update Standards-Version to 4.2.1; no changes necessary.
* Update debhelper compatibility level to 11.
* Clean up Depends.
* Update debian/copyright.
* Update debian/watch.
* Make use of dh_installlogrotate and simulate non-existing
dh_installrsyslog
- Move logrotate.d.conf to arno-iptables-firewall.logrotate
- Move rsyslog.d.conf to arno-iptables-firewall.rsyslog
- Update debian/rules
* Switch from System-V style init scripts to systemd
- Suppress installation of /etc/init.d/arno-iptables-firewall
- Introduce debian/prerm
- Update debian/postrm to not use invoke-rc.d or update-rc.d.
- Update debian/preinst to remove System-V style init script links.
- Update debian/postinst to use deb-systemd-invoke instead
of invoke-rc.d or update-rc.d.
- Update debian/arno-iptables-firewall.logrotate to use systemctl
instead of invoke-rc.d.
- Update debian/template and debian/po/* to propose a call to
systemctl instead of invoke-rc.d.
- Update debian/rules
* Bugfix: Convert debian/po/fr.po and sv.po from latin1 to utf8
-- Sven Geuer <debmaint@g-e-u-e-r.de> Thu, 06 Dec 2018 11:43:12 +0100
arno-iptables-firewall (2.0.1.f-1.1) unstable; urgency=medium
* Non-maintainer upload.
......
Source: arno-iptables-firewall
Maintainer: Michael Hanke <mih@debian.org>
Maintainer: Sven Geuer <debmaint@g-e-u-e-r.de>
Section: net
Priority: optional
Build-Depends: debhelper (>= 9~),
Build-Depends: debhelper-compat (= 11),
po-debconf
Standards-Version: 3.9.6
Vcs-Browser: http://git.voxindeserto.de/?p=arno-iptables-firewall.git
Vcs-Git: git://git.voxindeserto.de/arno-iptables-firewall.git
Standards-Version: 4.2.1
Homepage: http://rocky.eld.leidenuniv.nl/
Package: arno-iptables-firewall
Architecture: all
Depends: iptables,
gawk,
debconf | cdebconf,
${misc:Depends},
iproute2
Depends: ${misc:Depends},
iptables,
iproute2,
gawk
Recommends: curl,
dnsutils,
rsyslog (>= 5.8.1-1~)
......
......@@ -3,7 +3,7 @@ Upstream-Name: arno-iptables-firewall
Source: http://rocky.eld.leidenuniv.nl/
Files: *
Copyright: 2001-2014 Arno van Amersfoort and Lonnie Abelbeck
Copyright: 2001-2018 Arno van Amersfoort and Lonnie Abelbeck
License: GPL-2+
Files: contrib/adsl-failover
......@@ -25,7 +25,8 @@ Copyright: 2011-2012 Jared H. Hudson
License: GPL-2+
Files: debian/*
Copyright: Copyright 2005-2014, Michael Hanke <michael.hanke@gmail.com>
Copyright: 2005-2017 Michael Hanke <michael.hanke@gmail.com>
2018 Sven Geuer <debmaint@g-e-u-e-r.de>
License: GPL-2+
License: GPL-2+
......
......@@ -3,31 +3,32 @@ Description: Debconf abstract layer
main firewall configuration.
Forwarded: not-needed
Author: Michael Hanke <michael.hanke@gmail.com>
Last-Update: 2018-11-28
--- a/etc/arno-iptables-firewall/firewall.conf
+++ b/etc/arno-iptables-firewall/firewall.conf
@@ -232,11 +232,11 @@
@@ -253,11 +253,11 @@
# (EXPERT SETTING!) Location of the environment file
# -----------------------------------------------------------------------------
# ------------------------------------------------------------------------------
-ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+ENV_FILE="/usr/share/arno-iptables-firewall/environment"
# (EXPERT SETTING!) Location of plugin binary & config files
# -----------------------------------------------------------------------------
# ------------------------------------------------------------------------------
-PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
+PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
# Most people don't want to get any firewall logs being spit to the console.
@@ -486,7 +486,7 @@
@@ -521,7 +521,7 @@
# syslogd to log firewall messages to this file (see LOGLEVEL below for further
# info).
# -----------------------------------------------------------------------------
# ------------------------------------------------------------------------------
-#FIREWALL_LOG="/var/log/firewall.log"
+FIREWALL_LOG="/var/log/arno-iptables-firewall"
# (EXPERT SETTING!) Current log-level ("info": default kernel syslog level)
# "debug": can be used to log to /var/log/firewall.log, but you have to configure
# "debug": can be used to log to /var/log/firewall.log, but you have to
--- a/etc/init.d/arno-iptables-firewall
+++ b/etc/init.d/arno-iptables-firewall
@@ -21,7 +21,7 @@
......
......@@ -4,8 +4,6 @@ Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613631#5
Bug-Debian: http://bugs.debian.org/613631
Author: Tony Evans <tony@darkstorm.co.uk>, Michael Hanke <mih@debian.org>
diff --git a/bin/arno-fwfilter b/bin/arno-fwfilter
index 58cb9dc..d4e9758 100755
--- a/bin/arno-fwfilter
+++ b/bin/arno-fwfilter
@@ -48,7 +48,7 @@
......
......@@ -198,11 +198,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Abyste později nemuseli s aplikováním nových pravidel firewallu čekat až do "
"příštího restartu počítače, můžete je povolit příkazem 'invoke-rc.d arno-"
"iptables-firewall start'."
"příštího restartu počítače, můžete je povolit příkazem 'systemctl restart "
"arno-iptables-firewall.service'."
#. Type: boolean
#. description
......
......@@ -211,10 +211,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"For senere manuelt at anvende de nye indstillinger for brandmuren før den "
"næste genstart så kør »invoke-rc.d arno-iptables-firewall start«."
"næste genstart så kør »systemctl restart arno-iptables-firewall.service«."
#. Type: boolean
#. description
......
......@@ -224,10 +224,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Wenn Sie die neue Firewall-Konfiguration vor dem nächsten Neustart manuell "
"laden wollen, führen Sie 'invoke-rc.d arno-iptables-firewall start' aus."
"laden wollen, führen Sie 'systemctl restart arno-iptables-firewall.service' aus."
#. Type: boolean
#. description
......
......@@ -233,10 +233,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Para aplicar manualmente las configuraciones nuevas del cortafuegos antes "
"del siguiente reinicio, ejecute «invoke-rc.d arno-iptables-firewall start»."
"del siguiente reinicio, ejecute «systemctl restart arno-iptables-firewall"
".service»."
#. Type: boolean
#. description
......
This diff is collapsed.
......@@ -217,11 +217,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Per applicare manualmente le nuove impostazioni del firewall prima del "
"prossimo riavvio del sistema, puoi eseguire 'invoke-rc.d arno-iptables-"
"firewall start'."
"prossimo riavvio del sistema, puoi eseguire 'systemctl restart arno-iptables-"
"firewall.service'."
#. Type: boolean
#. description
......
......@@ -204,10 +204,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"後ほど手動で、新しいファイアウォール設定を次回の再起動前に適用するには、"
"「invoke-rc.d arno-iptables-firewall start」を実行してください。"
"「systemctl restart arno-iptables-firewall.service」を実行してください。"
#. Type: boolean
#. description
......
......@@ -201,10 +201,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"For å bruke de nye brannmurinnstillingene før neste omstart av systemet, "
"kjør «invoke-rc.d arno-iptables-firewall start»."
"kjør «systemctl restart arno-iptables-firewall.service»."
#. Type: boolean
#. description
......
......@@ -208,10 +208,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Om straks de nieuwe firewall-instellingen handmatig toe te passen voor de "
"volgende herstart voert u 'invoke-rc.d arno-iptables-firewall start' uit."
"volgende herstart voert u 'systemctl restart arno-iptables-firewall.service' uit."
#. Type: boolean
#. description
......
......@@ -210,7 +210,7 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Aby później ręcznie zastosować nowe ustawienia zapory sieciowej jeszcze "
"przed kolejnym, ponownym uruchomieniem komputera, proszę wykonać \"invoke-rc."
......
......@@ -210,11 +210,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Para depois poder aplicar manualmente a nova configuração de firewall antes "
"do próximo reiniciar da máquina, invoque 'invoke-rc.d arno-iptables-firewall "
"start'."
"do próximo reiniciar da máquina, invoque 'systemctl restart arno-iptables-"
"firewall.service'."
#. Type: boolean
#. description
......
......@@ -211,11 +211,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Para posteriormente aplicar manualmente as novas configurações do firewall "
"antes da próxima reinicialização, execute 'invoke-rc.d arno-iptables-"
"firewall start'."
"antes da próxima reinicialização, execute 'systemctl restart arno-iptables-"
"firewall.service'."
#. Type: boolean
#. description
......
......@@ -212,11 +212,11 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Позднее, чтобы вручную применить новые настройки межсетевого экрана перед "
"следующей перезагрузкой, запустите 'invoke-rc.d arno-iptables-firewall "
"start'."
"следующей перезагрузкой, запустите 'systemctl restart arno-iptables-firewall"
".service'."
#. Type: boolean
#. description
......
This diff is collapsed.
......@@ -174,7 +174,7 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
#. Type: boolean
......
......@@ -203,10 +203,10 @@ msgstr ""
#: ../templates:6001
msgid ""
"In order to later manually apply the new firewall settings before the next "
"reboot, invoke 'invoke-rc.d arno-iptables-firewall start'."
"reboot, invoke 'systemctl restart arno-iptables-firewall.service'."
msgstr ""
"Lúc sau, để tự áp dụng thiết lập bức tường lửa mới trước khi khởi động lại, "
"hãy sử dụng lệnh « invoke-rc.d arno-iptables-firewall start »."
"hãy sử dụng lệnh « systemctl restart arno-iptables-firewall.service »."
#. Type: boolean
#. description
......
This diff is collapsed.
......@@ -2,6 +2,11 @@
# postrm script for arno-iptables-firewall
set -e
# start up debconf here.
# why? see https://manpages.debian.org/testing/debconf-doc/debconf-devel.7.en.html, paragraph HACKS.
# plus automatically inserted code may be using debconf (in fact is does, and loads confmodule a little bit late)
. /usr/share/debconf/confmodule
db_version 2.0
case "$1" in
purge)
......@@ -10,27 +15,16 @@ case "$1" in
rm -f /etc/arno-iptables-firewall/conf.d/00debconf.conf
fi
;;
esac
case "$1" in
purge|remove|abort-install|disappear)
# when just removing stop the firewall
if [ -x /etc/init.d/arno-iptables-firewall ]; then
invoke-rc.d arno-iptables-firewall stop || true
fi
# and remove links from rc?.d
# -f because the init.d script is deleted later by debhelper
# and update-rc.d wants it to be deleted first
update-rc.d -f arno-iptables-firewall remove >/dev/null || exit 0
remove|abort-install|disappear)
;;
upgrade|failed-upgrade|abort-upgrade)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
echo "postrm called with unknown argument '$1'" >&2
exit 1
;;