This file is indexed.

postinst is in ufw 0.35-5.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/bin/sh -e

# Only source /usr/share/debconf/confmodule when not called with 'triggered'
# to avoid LP: #618410.
if [ "$1" != "triggered" ]; then
    . /usr/share/debconf/confmodule
fi

RULES_PATH="/etc/ufw"
OLD_USER_PATH="/lib/ufw"
USER_PATH="$RULES_PATH"
TEMPLATE_PATH="/usr/share/ufw"

enable_ufw() {
    ans=""
    if [ "$1" = "true" ]; then
        ans="yes"
    elif [ "$1" = "false" ]; then
        ans="no"
    else
        return 1
    fi

    test -f /etc/ufw/ufw.conf && sed -i "s/^ENABLED=.*/ENABLED=$ans/" /etc/ufw/ufw.conf
}

allow_port() {
    ufw allow "$@" >/dev/null || true
}

allow_service() {
    service=`echo "$@" | sed 's/#/ /g'`
    if [ "$service" = "CUPS" ]; then
        allow_port 631
    elif [ "$service" = "DNS" ]; then
        allow_port 53
    elif [ "$service" = "IMAPS" ]; then
        allow_port 993/tcp
    elif [ "$service" = "POP3S" ]; then
        allow_port 995/tcp
    elif [ "$service" = "SSH" ]; then
        allow_port 22/tcp
    elif [ "$service" = "CIFS (Samba)" ]; then
        allow_port 137/udp
        allow_port 138/udp
        allow_port 139/tcp
        allow_port 445/tcp
    elif [ "$service" = "SMTP" ]; then
        allow_port 25/tcp
    elif [ "$service" = "HTTP" ]; then
        allow_port 80/tcp
    elif [ "$service" = "HTTPS" ]; then
        allow_port 443/tcp
    fi
}

# If a primary chain is added to upstream, we should add it on upgrade so
# reload works correctly
add_primary_chain() {
    chain="$1"
    builtin="$2"
    ver="$3"

    exe="iptables"
    if [ "$ver" = "6" ]; then
        exe="ip6tables"
    fi
    if $exe -L "$chain" -n >/dev/null 2>&1 ; then
        return
    fi
    $exe -N "$chain" || true
    $exe -A "$builtin" -j "$chain" || true
}

case "$1" in
    configure)
        # these files are required, but don't want to change them if
        # the user modified them
        for f in before.rules before6.rules after.rules after6.rules
        do
            ucf --debconf-ok $TEMPLATE_PATH/iptables/$f $RULES_PATH/$f
            test -f $RULES_PATH/$f && chmod 640 $RULES_PATH/$f
        done

        # migrate user rules on upgrade
        if [ ! -z "$2" ] && dpkg --compare-versions "$2" lt "0.35~" ; then
            for f in user.rules user6.rules
            do
                mv $OLD_USER_PATH/$f $USER_PATH/$f
                ln -s $USER_PATH/$f $OLD_USER_PATH/$f
            done
        fi

        for f in user.rules user6.rules
        do
            if [ ! -e "$USER_PATH/$f" ]; then
                # if no config, copy the template
                cp $TEMPLATE_PATH/iptables/$f $USER_PATH/$f
                chmod 640 $USER_PATH/$f
            fi
        done

        for f in before.init after.init
        do
            if [ ! -e "/etc/ufw/$f" ]; then
                cp $TEMPLATE_PATH/$f /etc/ufw
                chmod 640 /etc/ufw/$f
            fi
        done

        if [ ! -e "/etc/ufw/ufw.conf" ]; then
            cp $TEMPLATE_PATH/ufw.conf /etc/ufw
        fi

        # configure ufw with debconf values
        db_get ufw/enable
        enabled="$RET"

        db_fget ufw/existing_configuration seen
        seen_warning="$RET"
        if [ "$enabled" = "true" ] && [ "$seen_warning" = "false" ] ; then
            db_get ufw/allow_known_ports
            CHOICES="$RET"
            for service in `echo "$CHOICES" | sed 's/, /\n/g' | sed 's/ /#/g'`; do
                allow_service "$service"
            done

            db_get ufw/allow_custom_ports
            PORTS="$RET"
            for port in $PORTS ; do
                allow_port "$port"
            done

            db_fset ufw/existing_configuration seen true
        fi

        # need to do this after all 'allow_service' calls, otherwise ufw may
        # try to use iptables, which breaks the installer
        enable_ufw "$enabled"

        # add new primary chains on upgrade
        if [ "$enabled" = "true" ] && [ ! -z "$2" ] && dpkg --compare-versions "$2" lt "0.34~rc-0ubuntu2" ; then
            add_primary_chain ufw-track-forward FORWARD
            add_primary_chain ufw6-track-forward FORWARD 6
        fi
        ;;
    triggered)
        ufw app update all || echo "Processing ufw triggers failed. Ignoring."
        exit 0
        ;;
    abort-upgrade|abort-remove|abort-deconfigure)
        ;;
    *)
        echo "postinst called with unknown argument '$1'" >&2
        exit 1
        ;;
esac

# Automatically added by dh_systemd_enable/10.7.2ubuntu2
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask ufw.service >/dev/null || true

# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled ufw.service; then
	# Enables the unit on first installation, creates new
	# symlinks on upgrades if the unit file has changed.
	deb-systemd-helper enable ufw.service >/dev/null || true
else
	# Update the statefile to add new symlinks (if any), which need to be
	# cleaned up on purge. Also remove old symlinks.
	deb-systemd-helper update-state ufw.service >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_installinit/10.7.2ubuntu2
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
	if [ -x "/etc/init.d/ufw" ]; then
		update-rc.d ufw defaults >/dev/null || exit $?
	fi
fi
# End automatically added section

# Automatically added by dh_python3:
if which py3compile >/dev/null 2>&1; then
	py3compile -p ufw -V 3.2-
fi

# End automatically added section
# Automatically added by dh_installdeb/10.7.2ubuntu2
dpkg-maintscript-helper rm_conffile /etc/init/ufw.conf 0.35-5~ ufw -- "$@"
# End automatically added section