Commit ed1a4c51 authored by Luca Boccassi's avatar Luca Boccassi Committed by Sven Geuer

Import Debian changes 2.0.1.f-1.1

arno-iptables-firewall (2.0.1.f-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Depend on iproute2 instead of transitional package iproute.
    (Closes: #841001)

arno-iptables-firewall (2.0.1.f-1) unstable; urgency=medium

  * Bumped Standards-Version to 3.9.6; no changes necessary.
  * Add package conflict to iptables-persistent to prevent undesired
    behavior that reverts all iptables rules set by this package
    (Closes: #778845).
  * Standardize and modernize debian/control via CME.
  * Install systemd service file (Closes: #803638, #796587), and adjust
    patches to use correct paths for Debian.

arno-iptables-firewall (2.0.1.e-1) unstable; urgency=low

  * New upstream release.
    - Removed TRACE option.
  * Updated debian/copyright.
  * Bumped Standards-Version to 3.9.5; no changes necessary.
  * Bumped debhelper compatibility level to 9.
  * Adjust update-rc.d call to replace unsupported use of 'start' and 'stop'
    commands with 'defaults' and rely on LSB header information.

arno-iptables-firewall (2.0.1.d-1) unstable; urgency=low

  * New upstream release.
    - New plugins: nat-loopback, outbound-snat
    - New 'status-plugins' sub-command.
    - Addressed spurious error messages in conjunction with kmod
      (Closes: #684424)

arno-iptables-firewall (2.0.1.c-1) unstable; urgency=low

  * Upstream bugfix release.
    - Fix a script 'IFS' issue if IPv6 and DMZ is enabled together with
      DMZ_HOST_OPEN_IP
    - Support for newer kernels (3.4+) which replace ipt_LOG & ip6t_LOG with
      xt_LOG

arno-iptables-firewall (2.0.1.b-3) unstable; urgency=low

  * Add patch to use LSB init functions for logging. Thanks to
    Mike Miller and Christian Perrier (Closes: #672326).

arno-iptables-firewall (2.0.1.b-2) unstable; urgency=low

  * Upload to unstable.

arno-iptables-firewall (2.0.1.b-1) experimental; urgency=low

  * New upstream release. The package now supports conf.d-style configuration
    snippets at /etc/arno-iptables-firewall/conf.d (Closes: #653421, #658458).
  * Replace dependency on lynx with curl, due to upstream changes.
  * Bumped Standards-Version to 3.9.3; no changes necessary.
  * Remove DM-Upload flag -- no longer necessary.
  * Make debian/copyright comprehensive and copyright-format 1.0 compatible.
  * Fix pending l10n issues (Thanks to Christian Perrier for coordination).
    Debconf translations:
  * Dutch; (Jeroen Schot).  Closes: #658454
  * Danish (Joe Hansen).  Closes: #661989
  * Polish (Michał Kułach).  Closes: #666776
  * Use dh_lintian to install overrides.

arno-iptables-firewall (2.0.1-1) unstable; urgency=low

  * New upstream release. arno-fwfilter is now installed into /usr/bin.
    Obsolete configuration option DNS_FAST_FAIL & RESOLV_IPS have been
    removed.
  * Updated debian/copyright.

arno-iptables-firewall (2.0.0.c-1) unstable; urgency=low

  * New upstream maintenance release. Fixed multicast configuration issue
    (Closes: #631424) and updated several plugins.
  * Change strict dependency on rsyslogd to 'recommends'. This software can be
    used with other syslog daemons. However, out-of-the-box configuration is
    currently only provided for rsyslogd -- the default Debian syslog flavor.
    (Closes: #633530)

arno-iptables-firewall (2.0.0.b-1) unstable; urgency=low

  * New upstream bugfix release (Closes: #619496).
    Upstream merged the URL change related to #613631, but not the default
    option setting.
  * Added Japanese po-debconf template translation (Closes: #626801).
    Thanks to Hideki Yamane.
  * Update rsyslog handling, as the 'reload' action was removed (Closes:
    #628607). Added versioned dependency on the respective rsyslog release.
    Thanks to Michael Biebl for reporting.
  * Bumped Standards-Version to 3.9.2; no changes necessary.

arno-iptables-firewall (2.0.0.a-2) unstable; urgency=low

  * Fix bashisms in ipsec plugin (Closes: #617510).

arno-iptables-firewall (2.0.0.a-1) unstable; urgency=low

  * New upstream release -- first with IPv6 support (Closes: #594345).
  * Converted packaging to debhelper's dh.
  * Fixed issue with missing location information in arno-fwfilter output
    (Closes: #613631). Thanks to Tony Evans for the report and the initial
    patch.
  * Updated maintainer email address.

arno-iptables-firewall (1.9.2.l-1) UNRELEASED; urgency=low

  * New upstream bugfix release. Merged missing init.d dependency patch with
    upstream (Closes: #594326).
  * Bumped Standards-Version to 3.9.1.0; no changes necessary.

arno-iptables-firewall (1.9.2.k-2) unstable; urgency=low

  * Move iproute from recommended to a dependency (Closes: #566117). Thanks to
    Tenno Sereme for reporting.

arno-iptables-firewall (1.9.2.k-1) unstable; urgency=low

  * New upstream release.
  * Switch to dpkg-source 3.0 (quilt) format
  * Move debconf patch into quilt series.
  * New patch to add missing init.d dependency on $remote_fs (forwarded
    upstream).

arno-iptables-firewall (1.9.2.j-1) unstable; urgency=low

  * New upstream release.
  * Bumped Standards-Version to 3.8.4.0; no changes necessary.

arno-iptables-firewall (1.9.2.h-1) unstable; urgency=low

  * New upstream release (Closes: #550222, #553036).
  * Unify dependency-based boot-order and old-style update-rc.d, to be similar
    to shorewall's behavior.
  * Add lintian override. The init script does handle 'stop', but it is
    shadowed by an if-clause. The 'else' branch handles 'stop' as well.

arno-iptables-firewall (1.9.2.f-1) unstable; urgency=low

  * New upstream release (Closes: #550222, #553036).
  * Adjust the legacy update-rc.d configuration to match the dependency-based
    setup determined from the LSB header of the init script.

arno-iptables-firewall (1.9.2.d-1) unstable; urgency=low

  * New upstream release.

arno-iptables-firewall (1.9.2.c-1) unstable; urgency=low

  * New upstream release. Missed release 1.9.0.b.
  * Bumped Standards-Version to 3.8.3.0; no changes necessary.
  * Added russian debconf translation (Closes: #541751). Thanks to Yuri Kozlov.

arno-iptables-firewall (1.9.2.a-1) unstable; urgency=low

  * New Upstream Version (Closes: #530045, #520011). Missed releases 1.9.0.c
    and 1.9.2.
  * Added spanish debconf translation (Closes: #522651). Thanks to Francisco
    Javier Cuadrado.
  * Bumped Standards-Version to 3.8.1; no changes necessary.
  * Increase debhelper compat-level to 5.

arno-iptables-firewall (1.9.0.b-1) unstable; urgency=low

  * New upstream version (Closes: #509684). Missed release 1.9.0.a.
  * Added default logging setup for rsyslog (including logrotate config).
    All firewall-related messages go into /var/log/arno-iptables-firewall
    by default. Updated README.Debian and NEWS.Debian accordingly. Thanks to
    Tim Small (Closes: #503198).
  * Do not install syslogd examples, since Debian switched to rsyslog.
  * All executable scripts are now installed into /usr/sbin, since they are
    useless for normal users without access to the logfiles.
  * Updated debian/copyright and converted it into a machine-readable format.
  * Added DM-allow flag.
  * Added VCS information to debian/control.

arno-iptables-firewall (1.8.8.o-3) unstable; urgency=low

  * Bumped Standards-Version to 3.8.0; no changes necessary.
  * Added "$network" to the init script's LSB Required-Start and Required-Stop
    header lines. Thanks to Chris Lamb for the patch (Closes: #493805).
  * Disabled IGD plugin by default (Closes: #493685).

arno-iptables-firewall (1.8.8.o-2) unstable; urgency=low

  * Add dnsutils to the recommended packages (Closes: #471430).

arno-iptables-firewall (1.8.8.o-1) unstable; urgency=low

  * New Upstream Version (Closes: #469322).
  * Fix broken multi-route plugin (Closes: #470634).
  * Make the package recommend lynx instead of depending on it, as it is only
    needed for the optional arno-fwfilter script.

arno-iptables-firewall (1.8.8.n-1) unstable; urgency=low

  * New Upstream Version (Closes: #466972). Missed 1.8.8m, which only lived
    for a few days.
  * Minor change to the packaging documentation. Thanks to Joost van Baal.

arno-iptables-firewall (1.8.8.l-1) unstable; urgency=low

  * New Upstream Version. Missed 1.8.8.j and 1.8.8.k.
  * Moved plugins to /usr/share/arno-iptables-firewall/plugins as they are
    not really config files. Updated NEWS.Debian and README.Debian to
    announce this change.
  * Fixed config file path in multiroute plugin.
  * Bumped Standards-Version to 3.7.3; no changes necessary.
  * Modified debian/watch file to only track stable releases.
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.8.i-2) unstable; urgency=low

  * Added 'iproute' to the recommended packages, as it is required by one of
    the plugins. Thanks to Joost van Baal for spotting this one.
  * Added Portuguese debconf translation (Thanks to Américo Monteiro).
    Closes: #435181.
  * Switch to new-style homepage field in debian/control.
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.8.i-1) unstable; urgency=low

  * New Upstream Version. Fixes a bug in the NAT forwarding rules which caused
    using subnets as source restriction not to work.
    New plugins: Racoon IPSEC VPN Plugin, transparent DNAT plugin
  * Cleanup of the rules file. Most install task are now done by debhelper
    instead of countless cp calls.
  * Stopped manual parsing of dpkg status database. MD5 sum extraction for
    moving conffiles on package upgrade is now done by using dpkg-query.
  * Abandoned dpatch in favor of Git.
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.8.h-1) unstable; urgency=low

  * New upstream release. Fix broken plugin loader.
    (Closes: #409609, #412191)
  * Prevent parallel make threads in debian/rules to satisfy dpatch
    requirement.

arno-iptables-firewall (1.8.8.g-2) unstable; urgency=low

  * Added missing dependency to lynx (thanks to Joost van Baal).
  * Minor addition to the arno-fwfilter manpage (also thanks to Joost van
    Baal).
  * Added a note about plugin handling to README.Debian.
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.8.g-1) unstable; urgency=low

  * New upstream release.

arno-iptables-firewall (1.8.8.f-1) unstable; urgency=low

  * New upstream release (1.8.8.d was never released and 'e' only lived
    for a few days).
  * Updated copyright file: License is now GPL v2 only.

arno-iptables-firewall (1.8.8.c-1) unstable; urgency=low

  * New upstream release (fixed MAC-filter).

arno-iptables-firewall (1.8.8.b-1) unstable; urgency=low

  * New upstream release (missed 1.8.8.a).

arno-iptables-firewall (1.8.8-1) unstable; urgency=low

  * New upstream release.
  * Moved all config files to /etc/arno-iptables-firewall. Noted in
    NEWS.Debian.
  * Fixed bug that the firewall was not configured and restarted properly on
    fresh installs.
  * The package uses debconf to inform the user about necessary restarts even
    if it was previously indicated that debconf management is not wanted. This
    is done because to user has to be informed anyway and debconf is the most
    configurable mechanism.
  * Fixed an inconvenience that caused the restart debconf question to be
    displayed twice.
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.6.c-4) unstable; urgency=low

  * The diff is now managed using dpatch.
  * Added Brazilian Portuguese debconf translation (Thanks to Felipe Augusto
    van de Wiel). Closes: 390410
  * Added build-dependency to po-debconf.
  * Added minimal patch with LSB compliant init script description.
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.6.c-3) unstable; urgency=low

  * Fixed typo in french translation. Thanks to Florentin Duneau.
    (Closes: #379109)
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.6.c-2) unstable; urgency=low

  * French translation update. Thanks to  Florentin Duneau.(Closes: #367392)
  * Bumped Standards-Version to 3.7.2; no changes necessary.
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.6.c-1) unstable; urgency=low

  * New upstream release.
  * Improved debconf templates to conform to the guidelines in the
    Developers Reference. (Closes: #360579)
  * Added several translations of the debconf templates (cs, nb, sv, vi, fr).
    Thanks to debian-i18n. (Closes: #361110, #362626)
  * Sponsored upload by Joost van Baal <joostvb@debian.org>.

arno-iptables-firewall (1.8.6.b-1) unstable; urgency=low

  * New upstream release.
  * First upload to Debian archive, sponsored by Joost van Baal
    <joostvb@debian.org> (Closes: #325696)

arno-iptables-firewall (1.8.6.a-1) unstable; urgency=low

  * New upstream release.
  * Modified watch file to reflect the new versioning scheme.

arno-iptables-firewall (1.8.6-1) unstable; urgency=low

  * New upstream release.

arno-iptables-firewall (1.8.5-rc6-1) unstable; urgency=low

  * New upstream release-candidate.

arno-iptables-firewall (1.8.5-rc5-1) unstable; urgency=low

  * New upstream release-candidate.

arno-iptables-firewall (1.8.5-rc4-2) unstable; urgency=low

  * Bugfix: If specification of NATable internal network was left empty as
    recommended by debconf, the firewall failed to start.
  * Added a lintian override for the debconf related error
    'settitle-requires-versioned-depends config'. This package depends on
    the appropriate versions of debconf or cdebconf.
  * Updated Italian debconf translation (Thanks to Gianluca Ficarelli).

arno-iptables-firewall (1.8.5-rc4-1) unstable; urgency=low

  * New upstream release-candidate.
  * Using debconf for this package is now optional.
  * Bugfix: debconf dependency.

arno-iptables-firewall (1.8.5-rc3-1) unstable; urgency=low

  * New upstream release-candidate. (Missed: 1.8.5-BETA1 (2005-10-30),
    1.8.5-RC1 (2005-12-02), 1.8.5-RC2 (2005-12-09)).

arno-iptables-firewall (1.8.4d-2) unstable; urgency=low

  * Corrected several typos.
  * Moved arno-multiroute.sh to the examples.
  * Bugfix: Added alternative dependency to debconf-2.0.
  * Create an empty /etc/arno-firewall-custum-rules file on install.
  * Added comments about firewall logging to README.Debian.
  * Stripped debian/watch from useless comments.
  * Thanks to Joost van Baal for pointing at those bugs.

arno-iptables-firewall (1.8.4d-1) unstable; urgency=low

  * New upstream release
  * Custom iptable rules are now read from /etc/arno-firewall-custom-rules

arno-iptables-firewall (1.8.4c-3) unstable; urgency=low

  * More precise debconf questions (Thanks to Gianluca Ficarelli).

arno-iptables-firewall (1.8.4c-2) unstable; urgency=low

  * Bugfix: Syntax error in debian/config script.
  * Added German translation for debconf templates using po-debconf.
  * More descriptive debconf templates.
  * Split DC_OPEN_PORTS in DC_OPEN_TCP and DC_OPEN_UDP for a more precise
    configuration of open ports.
  * All debconf variables use the same name as the corresponding upstream
    variable, but with the prefix 'DC_'.

arno-iptables-firewall (1.8.4c-1) unstable; urgency=low

  * New upstream release.
  * New Debconf configuration procedure. NAT configuration is only attempted
    if internal network interfaces are specified. One can now configure
    internal network with and without access to external networks via Debconf.
  * Bugfix: NAT configuration did not work out of the box, because INTERNAL_NET
    was not set properly.
  * Improved Debconf templates.
  * The config script now properly unsets NAT-related variables when the
    internal network interfaces are removed during package reconfiguring.

arno-iptables-firewall (1.8.4b-6) unstable; urgency=low

  * Remove unused Debconf variable from config file.

arno-iptables-firewall (1.8.4b-5) unstable; urgency=low

  * Added debconf question whether the host should be pingable on the
    external network interfaces.
  * Change priorities of debconf question to minimize user interaction.
  * Improved debconf template with suggestions for the unsure.
  * Bugfix: Defaults for debconf were not correctly read from installed
    configuration file.
  * Bugfix: lintian reported too long description line in debian/control.

arno-iptables-firewall (1.8.4b-4) unstable; urgency=low

  * New package description.

arno-iptables-firewall (1.8.4b-3) unstable; urgency=low

  * NAT configuration for internal networks is now handled by debconf.

arno-iptables-firewall (1.8.4b-2) unstable; urgency=low

  * Renamed 'fwfilter' script to 'arno-fwfilter' to prevent name clashes.
  * Added manpage for 'arno-fwfilter'.

arno-iptables-firewall (1.8.4b-1) unstable; urgency=low

  * New upstream release that fixed some syntax errors in the config script.

arno-iptables-firewall (1.8.4a-1) unstable; urgency=low

  * New upstream release.

arno-iptables-firewall (1.8.4-2) unstable; urgency=low

  * The init.d script is now started just before the network interfaces are
    available during the boot process.
  * The package now cares for the initial setup of the external interface(s)
    via debconf.

arno-iptables-firewall (1.8.4-1) unstable; urgency=low

  * Initial Release.
  * Modified filename of the init.d script and the location
    of the configuration file to conform to the Debian policy.
  * Modified the 'reload' command of the init.d script to 'force-reload'.
parent 84dbdb9d
This diff is collapsed.
arno-iptables-firewall (2.0.1.b-1) experimental; urgency=low
* The package now supports a conf.d-style configuration option that
makes it possible to tweak the configuration without editing the default
configuration files. Consequently, the Debconf-based configuration settings
(if enabled) are no longer written into a custom 'debconf.cfg', but use
this mechanism also. Additional configuration snippets can be placed into
/etc/arno-iptables-filewall/conf.d. All files with extension '.conf' will
be sourced after the main configuration file and either overwrite or
extend the default.
-- Michael Hanke <mih@debian.org> Tue, 10 Apr 2012 10:58:18 +0200
arno-iptables-firewall (1.9.2.a-1) unstable; urgency=low
* With this release the syntax of the config file is slightly changed. From
now on the '#' (hash-character) is used as the new separator for interface
restrictions (i.e. eth0#....).
-- Michael Hanke <michael.hanke@gmail.com> Tue, 09 Jun 2009 10:12:23 +0200
arno-iptables-firewall (1.9.0.a-1) unstable; urgency=low
* The syntax and layout of the configuration file has been changed. Several
variable names have been modified, but the most notable difference is the
switch from ':' to '~' as port separator string. Although most
installations that exclusively use the debconf-managed configuration
settings should also work with this version, it is nevertheless recommend
to verify the firewall setup before reenabling the firewall after
upgrading. more information is available in
/usr/share/doc/arno-iptables-firewall/README.gz
* The 1.9 branch now uses a leightweight init.d script without a verbose
status dump during startup. The 'old' status report is available when
manually starting the firewall using /usr/sbin/arno-iptables-firewall.
Additionally, this script, as well as the init.d scripti, provides a details
iptables configuration dump via the 'status' command.
* A default rsyslog configuration (and corresponding logrotate setup) for
firewall-related messages is has been added. Such messages will now be
logged into /var/log/arno-iptables-firewall.
-- Michael Hanke <michael.hanke@gmail.com> Fri, 20 Feb 2009 07:31:15 +0100
arno-iptables-firewall (1.8.8.l-1) unstable; urgency=low
* The location of the firewall plugins has changed. The plugins itself are
now placed in /usr/share/arno-iptables-firewall/plugins, while their
configuration files remain in /etc/arno-iptables-firewall/plugins.
Unmodified plugins are silently moved on package upgrade. If any of the
plugins were modified, the modified plugin is preserved in
/etc/arno-iptables-firewall/plugins (with a '.dpkg-old' suffix). However,
only plugins in the new location will be used by the firewall and custom
modifications have to be updated manually.
-- Michael Hanke <michael.hanke@gmail.com> Fri, 25 Jan 2008 11:20:04 +0100
arno-iptables-firewall (1.8.8-1) unstable; urgency=low
* The location of the config files has been changed. All files are now
located in /etc/arno-iptables-firewall/. Config files of previous package
versions are automatically moved into the new location and any
customizations will be preserved. This includes MAC filter lists and host
blacklists as well as custom iptables rules.
-- Michael Hanke <michael.hanke@gmail.com> Thu, 5 Oct 2006 16:07:34 +0200
arno-iptables-firewall for Debian
---------------------------------
This document only describes the differences between the upstream and the
Debian version. Please refer to the README file for the regular documentation.
The major difference with upstream version is the added debconf layer for
configuration management. Basic settings (external interfaces, open ports and
internet connections sharing (NAT)) can optionally be handled by debconf.
Use 'dpkg-reconfigure -plow arno-iptables-firewall' to reconfigure the
firewall at any time.
The package includes a log setup for rsyslog (the default sysklog daemon since
lenny). By default firewall-related messages will go into
/var/log/arno-iptables-firewall. The setup assumes messages to be logged with
the default kernel syslog level 'info' (see LOGLEVEL setting in firewall.conf).
If the loglevel is changed /etc/rsyslog.d/arno-iptables-firewall.conf has to be
modified accordingly. The corresponding logrotate setup at
/etc/logrotate.d/arno-iptables-firewall.conf might need to be customized
depending on the amount of generated log messages, but the default should be
appropriate for most desktop machines.
Since version 1.8 there is support for plugins. Plugins are installed in
/usr/share/arno-iptables-firewall/plugins. The corresponding plugin
configurations are placed into /etc/arno-iptables-firewall/plugins.
-- Michael Hanke <michael.hanke@gmail.com>, Fri, 25. Jan 2008 16:04:47 +0100
* Make /etc/arno-iptables-firewall root:adm o-rx
bin/arno-fwfilter usr/bin
bin/arno-iptables-firewall usr/sbin
etc/* etc
share/arno-iptables-firewall/* usr/share/arno-iptables-firewall
lib/* lib
arno-iptables-firewall binary: settitle-requires-versioned-depends config
arno-iptables-firewall: init.d-script-possible-missing-stop etc/init.d/arno-iptables-firewall 1
This diff is collapsed.
#!/bin/bash
# config script for arno-iptables-firewall
set -e
. /usr/share/debconf/confmodule
CONFIGFILE=/etc/arno-iptables-firewall/conf.d/00debconf.conf
db_version 2.0
db_capb backup
db_settitle arno-iptables-firewall/title
# Load config file, if it exists.
if [ -e $CONFIGFILE ]; then
. $CONFIGFILE || true
# The fact that there is a debconf config file implies
# that debconf management is requested.
db_set arno-iptables-firewall/debconf-wanted true
# Store the current value of the EXT_IF var into
# debconf db.
db_set arno-iptables-firewall/config-ext-if $EXT_IF
if [ "$EXT_IF_DHCP_IP" = "1" ]; then
db_set arno-iptables-firewall/dynamic-ip true
else
db_set arno-iptables-firewall/dynamic-ip false
fi
db_set arno-iptables-firewall/services-tcp $OPEN_TCP
db_set arno-iptables-firewall/services-udp $OPEN_UDP
if [ "$NAT" = "1" ]; then
db_set arno-iptables-firewall/nat true
else
db_set arno-iptables-firewall/nat false
fi
db_set arno-iptables-firewall/config-int-if $INT_IF
db_set arno-iptables-firewall/config-int-net $INTERNAL_NET
db_set arno-iptables-firewall/config-int-nat-net $NAT_INTERNAL_NET
if [ "$OPEN_ICMP" = "1" ]; then
db_set arno-iptables-firewall/icmp-echo true
else
db_set arno-iptables-firewall/icmp-echo false
fi
fi # load config file
# This implements a simple state machine so the back button can be handled.
# taken from debconf demo example
STATE=1
while [ "$STATE" != 0 -a "$STATE" != 11 ]; do
case $STATE in
1)
db_input high arno-iptables-firewall/debconf-wanted || true
;;
2)
# This could be a multiselect question. Get all interfaces this way:
# db_subst arno-iptables-firewall/config-ext-if DETECTED `ifconfig -a | grep HWaddr | sed -e 's/[ ][ ]*Link.*/,/;s/:[0-9]*//' | sort -u`
# The problem is that currently not connected usb-net devices cannot be
# configured. Is this important?
db_input critical arno-iptables-firewall/config-ext-if || true
# include check for empty ext_if -> restarting the firewall will fail otherwise
;;
3)
db_input low arno-iptables-firewall/dynamic-ip || true
;;
4)
db_beginblock
db_input high arno-iptables-firewall/services-tcp || true
db_input high arno-iptables-firewall/services-udp || true
db_endblock
;;
5)
db_input low arno-iptables-firewall/icmp-echo || true
;;
6)
db_input high arno-iptables-firewall/config-int-if || true
;;
7)
db_get arno-iptables-firewall/config-int-if
if [ "$RET" != "" ]; then
db_input high arno-iptables-firewall/config-int-net || true
else
db_set arno-iptables-firewall/nat false
db_set arno-iptables-firewall/config-int-net ""
db_set arno-iptables-firewall/config-int-nat-net ""
fi
;;
8)
db_get arno-iptables-firewall/config-int-if
if [ "$RET" != "" ]; then
db_input low arno-iptables-firewall/nat || true
fi
;;
9)
db_get arno-iptables-firewall/config-int-if
if [ "$RET" != "" ]; then
db_get arno-iptables-firewall/nat
if [ "$RET" = "true" ]; then
db_input low arno-iptables-firewall/config-int-nat-net || true
else
db_set arno-iptables-firewall/config-int-nat-net ""
fi
fi
;;
10)
# make sure this question is displayed everytime the configuration might
# need inspection
db_fset arno-iptables-firewall/restart seen false
db_input critical arno-iptables-firewall/restart || true
;;
esac
if db_go; then
STATE=$(($STATE + 1))
else
STATE=$(($STATE - 1))
fi
# check whether debconf is still welcome
db_get arno-iptables-firewall/debconf-wanted
if [ "$RET" != "true" ]; then
STATE=0
fi
done
db_stop
Source: arno-iptables-firewall
Maintainer: Michael Hanke <mih@debian.org>
Section: net
Priority: optional
Build-Depends: debhelper (>= 9~),
po-debconf
Standards-Version: 3.9.6
Vcs-Browser: http://git.voxindeserto.de/?p=arno-iptables-firewall.git
Vcs-Git: git://git.voxindeserto.de/arno-iptables-firewall.git
Homepage: http://rocky.eld.leidenuniv.nl/
Package: arno-iptables-firewall
Architecture: all
Depends: iptables,
gawk,
debconf | cdebconf,
${misc:Depends},
iproute2
Recommends: curl,
dnsutils,
rsyslog (>= 5.8.1-1~)
Conflicts: iptables-persistent
Description: single- and multi-homed firewall script with DSL/ADSL support
Unlike other lean iptables frontends in Debian, arno-iptables-firewall
will setup and load a secure, restrictive firewall by just asking a few
question. This includes configuring internal networks for internet access
via NAT and potential network services (e.g. http or ssh).
.
However, it is in no way restricted to this simple setup. Some catch words
of additional features, that can be enabled in the well documented
configuration file are: DSL/ADSL, Port forwarding, DMZ's,
portscan detection, MAC address filtering.
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: arno-iptables-firewall
Source: http://rocky.eld.leidenuniv.nl/
Files: *
Copyright: 2001-2014 Arno van Amersfoort and Lonnie Abelbeck
License: GPL-2+
Files: contrib/adsl-failover
Copyright: 2007 Mark Cleverdon <mark@lanzarote1.com>
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/50ipsec-vpn.plugin
share/arno-iptables-firewall/plugins/60traffic-shaper.plugin
share/arno-iptables-firewall/plugins/90dmz-dnat.plugin
Copyright: 2006-2010 Philip Prindeville
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/50linux-upnp-igd.plugin
Copyright: 2007-2011 Joerg Straube
License: GPL-2+
Files: share/arno-iptables-firewall/plugins/90rpc.plugin
Copyright: 2011-2012 Jared H. Hudson
License: GPL-2+
Files: debian/*
Copyright: Copyright 2005-2014, Michael Hanke <michael.hanke@gmail.com>
License: GPL-2+
License: GPL-2+
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later
version.
.
This program is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more
details.
.
You should have received a copy of the GNU General Public
License along with this package; if not, write to the Free
Software Foundation, Inc., 51 Franklin St, Fifth Floor,
Boston, MA 02110-1301 USA
.
On Debian systems, the full text of the GNU General Public
License version 2 can be found in the file
`/usr/share/common-licenses/GPL-2'.
etc/arno-iptables-firewall/plugins
etc/arno-iptables-firewall/conf.d
etc/logrotate.d
etc/rsyslog.d
usr/bin
usr/share/arno-iptables-firewall/plugins
usr/share/lintian/overrides
README
share/arno-iptables-firewall/plugins/*.CHANGELOG
debian/CHANGELOG-1.9-series
[DEFAULT]
# the default branch for upstream sources:
upstream-branch = upstream
# the default branch for the debian patch:
debian-branch = master
/var/log/arno-iptables-firewall
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
[ -x /etc/init.d/rsyslog ] && invoke-rc.d rsyslog rotate > /dev/null
endscript
}
share/man/man8/arno-iptables-firewall.8
share/man/man1/arno-fwfilter.1
Description: Debconf abstract layer
Allow reading config settings from a debconf settings file from within the
main firewall configuration.
Forwarded: not-needed
Author: Michael Hanke <michael.hanke@gmail.com>
--- a/etc/arno-iptables-firewall/firewall.conf
+++ b/etc/arno-iptables-firewall/firewall.conf
@@ -232,11 +232,11 @@
# (EXPERT SETTING!) Location of the environment file
# -----------------------------------------------------------------------------
-ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+ENV_FILE="/usr/share/arno-iptables-firewall/environment"
# (EXPERT SETTING!) Location of plugin binary & config files
# -----------------------------------------------------------------------------
-PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
+PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
# Most people don't want to get any firewall logs being spit to the console.
@@ -486,7 +486,7 @@
# syslogd to log firewall messages to this file (see LOGLEVEL below for further
# info).
# -----------------------------------------------------------------------------
-#FIREWALL_LOG="/var/log/firewall.log"
+FIREWALL_LOG="/var/log/arno-iptables-firewall"
# (EXPERT SETTING!) Current log-level ("info": default kernel syslog level)
# "debug": can be used to log to /var/log/firewall.log, but you have to configure
--- a/etc/init.d/arno-iptables-firewall
+++ b/etc/init.d/arno-iptables-firewall
@@ -21,7 +21,7 @@
############################################################################################
PATH=/bin:/usr/bin:/sbin:/usr/sbin
-PROGRAM="/usr/local/sbin/arno-iptables-firewall"
+PROGRAM="/usr/sbin/arno-iptables-firewall"
NAME="arno-iptables-firewall"
# Be verbose(1)?:
--- a/lib/systemd/system/arno-iptables-firewall.service
+++ b/lib/systemd/system/arno-iptables-firewall.service
@@ -7,9 +7,9 @@
[Service]
Type=oneshot
-ExecStart=/usr/local/sbin/arno-iptables-firewall start
-ExecStop=/usr/local/sbin/arno-iptables-firewall stop
-ExecReload=/usr/local/sbin/arno-iptables-firewall force-reload
+ExecStart=/usr/sbin/arno-iptables-firewall start
+ExecStop=/usr/sbin/arno-iptables-firewall stop
+ExecReload=/usr/sbin/arno-iptables-firewall force-reload
RemainAfterExit=yes
[Install]
Description: Fix location query of arno-fwfilter
Query URL default setting prevented enabling the querying.
Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613631#5
Bug-Debian: http://bugs.debian.org/613631
Author: Tony Evans <tony@darkstorm.co.uk>, Michael Hanke <mih@debian.org>
diff --git a/bin/arno-fwfilter b/bin/arno-fwfilter
index 58cb9dc..d4e9758 100755
--- a/bin/arno-fwfilter
+++ b/bin/arno-fwfilter
@@ -48,7 +48,7 @@
RESOLVE_NAMES=1
# Enable this option if you want to (try to) obtain the IPs geographical location (can be very slow!) (requires "curl")
-SHOW_LOCATION=0
+SHOW_LOCATION=1
# Enable this option if you want to resolve both the source and target host when doing location/name lookups (slower)
FULL_INFO=0
From: Mike Miller <mtmiller@ieee.org>, Christian PERRIER <bubulle@debian.org>
Subject: using init script LSB log_xxx_msg functions
Bug-Debian: http://bugs.debian.org/672326
--- a/etc/init.d/arno-iptables-firewall
+++ b/etc/init.d/arno-iptables-firewall
@@ -22,28 +22,31 @@
PATH=/bin:/usr/bin:/sbin:/usr/sbin
PROGRAM="/usr/local/sbin/arno-iptables-firewall"
+NAME="arno-iptables-firewall"
# Be verbose(1)?:
VERBOSE=0
test -x $PROGRAM || exit 0
+. /lib/lsb/init-functions
+
if [ "$VERBOSE" = "0" ]; then
case "$1" in
start)
- echo "Starting Arno's Iptables Firewall..."
+ log_daemon_msg "Starting Arno's Iptables Firewall" "$NAME"
;;
stop)
- echo "Stopping Arno's Iptables Firewall..."
+ log_daemon_msg "Stopping Arno's Iptables Firewall" "$NAME"
;;
restart)
- echo "Restarting Arno's Iptables Firewall..."
+ log_daemon_msg "Restarting Arno's Iptables Firewall" "$NAME"
;;
force-reload)
- echo "(Forced) reloading Arno's Iptables Firewall..."
+ log_daemon_msg "(Forced) reloading Arno's Iptables Firewall" "$NAME"
;;
status)
@@ -65,6 +68,7 @@
# Call firewall script:
result=`$PROGRAM $*`
retval=$?
+ log_end_msg $retval
else
$PROGRAM $*
retval=$?
hostip_url_fix
lsb_init
debian_paths
[type: gettext/rfc822deb] templates
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
#! /bin/bash
# postinst script for arno-iptables-firewall
set -e
. /usr/share/debconf/confmodule
db_version 2.0
# move config files from versions prior to 1.8.8
if [ -f /etc/arno-iptables-firewall.debconf ]; then
echo "Moving debconf settings to /etc/arno-iptables-firewall/debconf.cfg."
mv /etc/arno-iptables-firewall.debconf /etc/arno-iptables-firewall/debconf.cfg
fi
if [ -f /etc/arno-firewall-blocked-hosts ]; then
echo "Moving host blacklist to /etc/arno-iptables-firewall/blocked-hosts."
mv /etc/arno-firewall-blocked-hosts /etc/arno-iptables-firewall/blocked-hosts
fi
if [ -f /etc/arno-firewall-mac-addresses ]; then
echo "Moving MAC address filter list to /etc/arno-iptables-firewall/mac-addresses."
mv /etc/arno-firewall-mac-addresses /etc/arno-iptables-firewall/mac-addresses
fi
if [ -f /etc/arno-firewall-custom-rules ]; then
echo "Merging custom iptables rules into /etc/arno-iptables-firewall/custom-rules."
cat /etc/arno-firewall-custom-rules >> /etc/arno-iptables-firewall/custom-rules
rm -f /etc/arno-firewall-custom-rules
fi
CFG=/etc/arno-iptables-firewall/conf.d/00debconf.conf
case "$1" in
configure)
# query all vars from debconf
# most important: is debconf management requested
db_get arno-iptables-firewall/debconf-wanted
if [ "$RET" = "true" ]; then
# debconf is welcome: look whether there is a config file and
# recreate the config file if missing
if [ ! -e $CFG ]; then
cat << EOT > $CFG
#######################################################################
# Feel free to edit this file. However, be aware that debconf writes #
# to (and reads from) this file too. In case of doubt, only use #
# 'dpkg-reconfigure -plow arno-iptables-firewall' to edit this file. #
# If you really don't want to use debconf, or if you have specific #
# needs, you're likely better off using placing an additional #
# configuration snippet into/etc/arno-iptables-firewall/conf.d/. #
# Also see README.Debian. #
#######################################################################
EXT_IF=""
EXT_IF_DHCP_IP=0
OPEN_TCP=""
OPEN_UDP=""
INT_IF=""
NAT=0
INTERNAL_NET=""
NAT_INTERNAL_NET=""
OPEN_ICMP=0
EOT
fi
# query the names of the external interfaces from debconf
db_get arno-iptables-firewall/config-ext-if ; DC_EXT_IF="$RET"
# query the DHCP status from debconf
db_get arno-iptables-firewall/dynamic-ip
if [ "$RET" = "true" ]; then
DC_EXT_IF_DHCP_IP=1
else
DC_EXT_IF_DHCP_IP=0
fi
# query the external services from debconf
db_get arno-iptables-firewall/services-tcp ; DC_OPEN_TCP="$RET"
db_get arno-iptables-firewall/services-udp ; DC_OPEN_UDP="$RET"
# query the NAT status from debconf
db_get arno-iptables-firewall/nat
if [ "$RET" = "true" ]; then
DC_NAT=1
else
DC_NAT=0
fi
# query the internal network interfaces from debconf
db_get arno-iptables-firewall/config-int-if ; DC_INT_IF="$RET"
# query the internal networks from debconf
db_get arno-iptables-firewall/config-int-net ; DC_INTERNAL_NET="$RET"
# we need to quote all slashes
DC_INTERNAL_NET=${DC_INTERNAL_NET//\//\\\/}
# query the internal networks with access to the external world from debconf
db_get arno-iptables-firewall/config-int-nat-net ; DC_NAT_INTERNAL_NET="$RET"
# we need to quote all slashes
DC_NAT_INTERNAL_NET=${DC_NAT_INTERNAL_NET//\//\\\/}
# allow the whole internal net for NAT if this was left empty
if [[ -z $DC_NAT_INTERNAL_NET && "$DC_NAT" == "1" ]]; then
DC_NAT_INTERNAL_NET="$DC_INTERNAL_NET"
fi
# query the 'pingable' status from debconf
db_get arno-iptables-firewall/icmp-echo
if [ "$RET" = "true" ]; then
DC_OPEN_ICMP=1
else
DC_OPEN_ICMP=0
fi
# make a backup conf file
cp -dpf $CFG $CFG.tmp
# check that all vars are in the debconf file
# If the admin deleted or commented some variables but then set
# them via debconf, (re-)add them to the conffile.
test -z "$DC_EXT_IF" || grep -Eq '^ *EXT_IF=' $CFG.tmp || echo "EXT_IF=" >> $CFG.tmp
test -z "$DC_EXT_IF_DHCP_IP" || grep -Eq '^ *EXT_IF_DHCP_IP=' $CFG.tmp || echo "EXT_IF_DHCP_IP=" >> $CFG.tmp
test -z "$DC_OPEN_TCP" || grep -Eq '^ *OPEN_TCP=' $CFG.tmp || echo "OPEN_TCP=" >> $CFG.tmp
test -z "$DC_OPEN_UDP" || grep -Eq '^ *OPEN_UDP=' $CFG.tmp || echo "OPEN_UDP=" >> $CFG.tmp
test -z "$DC_NAT" || grep -Eq '^ *NAT=' $CFG.tmp || echo "NAT=" >> $CFG.tmp
test -z "$DC_INT_IF" || grep -Eq '^ *INT_IF=' $CFG.tmp || echo "INT_IF=" >> $CFG.tmp
test -z "$DC_INTERNAL_NET" || grep -Eq '^ *INTERNAL_NET=' $CFG.tmp || echo "INTERNAL_NET=" >> $CFG.tmp
test -z "$DC_NAT_INTERNAL_NET" || grep -Eq '^ *NAT_INTERNAL_NET=' $CFG.tmp || echo "NAT_INTERNAL_NET=" >> $CFG.tmp
test -z "$DC_OPEN_ICMP" || grep -Eq '^ *OPEN_ICMP=' $CFG.tmp || echo "OPEN_ICMP=" >> $CFG.tmp
# now set the value from the debconf database
# write values to config file
sed -e "s/^ *EXT_IF=.*/EXT_IF=\"$DC_EXT_IF\"/" \
-e "s/^ *EXT_IF_DHCP_IP=.*/EXT_IF_DHCP_IP=$DC_EXT_IF_DHCP_IP/" \
-e "s/^ *OPEN_TCP=.*/OPEN_TCP=\"$DC_OPEN_TCP\"/" \
-e "s/^ *OPEN_UDP=.*/OPEN_UDP=\"$DC_OPEN_UDP\"/" \
-e "s/^ *NAT=.*/NAT=$DC_NAT/" \
-e "s/^ *INT_IF=.*/INT_IF=\"$DC_INT_IF\"/" \
-e "s/^ *INTERNAL_NET=.*/INTERNAL_NET=\"$DC_INTERNAL_NET\"/" \
-e "s/^ *NAT_INTERNAL_NET=.*/NAT_INTERNAL_NET=\"$DC_NAT_INTERNAL_NET\"/" \
-e "s/^ *OPEN_ICMP=.*/OPEN_ICMP=$DC_OPEN_ICMP/" \
< $CFG.tmp > $CFG
# replace the old conffile by the working copy
rm -f $CFG.tmp
db_get arno-iptables-firewall/restart
if [ "$RET" = "true" ]; then
invoke-rc.d arno-iptables-firewall restart
fi
fi # debconf wanted
# reload rsyslog if available
if [ -x /etc/init.d/rsyslog ]; then
invoke-rc.d rsyslog restart
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
# nothing to do
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
if [ -x "/etc/init.d/arno-iptables-firewall" ]; then
update-rc.d arno-iptables-firewall defaults >/dev/null || exit 0
fi
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
#! /bin/sh
# postrm script for arno-iptables-firewall
set -e
case "$1" in
purge)
# when purging remove debconf managed config file
if [ -e /etc/arno-iptables-firewall/conf.d/00debconf.conf ]; then
rm -f /etc/arno-iptables-firewall/conf.d/00debconf.conf
fi
;;
esac
case "$1" in
purge|remove|abort-install|disappear)
# when just removing stop the firewall
if [ -x /etc/init.d/arno-iptables-firewall ]; then
invoke-rc.d arno-iptables-firewall stop || true
fi
# and remove links from rc?.d
# -f because the init.d script is deleted later by debhelper
# and update-rc.d wants it to be deleted first
update-rc.d -f arno-iptables-firewall remove >/dev/null || exit 0
;;
upgrade|failed-upgrade|abort-upgrade)