postinst is in ufw 0.35-5.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 | #!/bin/sh -e
# Only source /usr/share/debconf/confmodule when not called with 'triggered'
# to avoid LP: #618410.
if [ "$1" != "triggered" ]; then
. /usr/share/debconf/confmodule
fi
RULES_PATH="/etc/ufw"
OLD_USER_PATH="/lib/ufw"
USER_PATH="$RULES_PATH"
TEMPLATE_PATH="/usr/share/ufw"
enable_ufw() {
ans=""
if [ "$1" = "true" ]; then
ans="yes"
elif [ "$1" = "false" ]; then
ans="no"
else
return 1
fi
test -f /etc/ufw/ufw.conf && sed -i "s/^ENABLED=.*/ENABLED=$ans/" /etc/ufw/ufw.conf
}
allow_port() {
ufw allow "$@" >/dev/null || true
}
allow_service() {
service=`echo "$@" | sed 's/#/ /g'`
if [ "$service" = "CUPS" ]; then
allow_port 631
elif [ "$service" = "DNS" ]; then
allow_port 53
elif [ "$service" = "IMAPS" ]; then
allow_port 993/tcp
elif [ "$service" = "POP3S" ]; then
allow_port 995/tcp
elif [ "$service" = "SSH" ]; then
allow_port 22/tcp
elif [ "$service" = "CIFS (Samba)" ]; then
allow_port 137/udp
allow_port 138/udp
allow_port 139/tcp
allow_port 445/tcp
elif [ "$service" = "SMTP" ]; then
allow_port 25/tcp
elif [ "$service" = "HTTP" ]; then
allow_port 80/tcp
elif [ "$service" = "HTTPS" ]; then
allow_port 443/tcp
fi
}
# If a primary chain is added to upstream, we should add it on upgrade so
# reload works correctly
add_primary_chain() {
chain="$1"
builtin="$2"
ver="$3"
exe="iptables"
if [ "$ver" = "6" ]; then
exe="ip6tables"
fi
if $exe -L "$chain" -n >/dev/null 2>&1 ; then
return
fi
$exe -N "$chain" || true
$exe -A "$builtin" -j "$chain" || true
}
case "$1" in
configure)
# these files are required, but don't want to change them if
# the user modified them
for f in before.rules before6.rules after.rules after6.rules
do
ucf --debconf-ok $TEMPLATE_PATH/iptables/$f $RULES_PATH/$f
test -f $RULES_PATH/$f && chmod 640 $RULES_PATH/$f
done
# migrate user rules on upgrade
if [ ! -z "$2" ] && dpkg --compare-versions "$2" lt "0.35~" ; then
for f in user.rules user6.rules
do
mv $OLD_USER_PATH/$f $USER_PATH/$f
ln -s $USER_PATH/$f $OLD_USER_PATH/$f
done
fi
for f in user.rules user6.rules
do
if [ ! -e "$USER_PATH/$f" ]; then
# if no config, copy the template
cp $TEMPLATE_PATH/iptables/$f $USER_PATH/$f
chmod 640 $USER_PATH/$f
fi
done
for f in before.init after.init
do
if [ ! -e "/etc/ufw/$f" ]; then
cp $TEMPLATE_PATH/$f /etc/ufw
chmod 640 /etc/ufw/$f
fi
done
if [ ! -e "/etc/ufw/ufw.conf" ]; then
cp $TEMPLATE_PATH/ufw.conf /etc/ufw
fi
# configure ufw with debconf values
db_get ufw/enable
enabled="$RET"
db_fget ufw/existing_configuration seen
seen_warning="$RET"
if [ "$enabled" = "true" ] && [ "$seen_warning" = "false" ] ; then
db_get ufw/allow_known_ports
CHOICES="$RET"
for service in `echo "$CHOICES" | sed 's/, /\n/g' | sed 's/ /#/g'`; do
allow_service "$service"
done
db_get ufw/allow_custom_ports
PORTS="$RET"
for port in $PORTS ; do
allow_port "$port"
done
db_fset ufw/existing_configuration seen true
fi
# need to do this after all 'allow_service' calls, otherwise ufw may
# try to use iptables, which breaks the installer
enable_ufw "$enabled"
# add new primary chains on upgrade
if [ "$enabled" = "true" ] && [ ! -z "$2" ] && dpkg --compare-versions "$2" lt "0.34~rc-0ubuntu2" ; then
add_primary_chain ufw-track-forward FORWARD
add_primary_chain ufw6-track-forward FORWARD 6
fi
;;
triggered)
ufw app update all || echo "Processing ufw triggers failed. Ignoring."
exit 0
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument '$1'" >&2
exit 1
;;
esac
# Automatically added by dh_systemd_enable/10.7.2ubuntu2
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask ufw.service >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled ufw.service; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable ufw.service >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state ufw.service >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_installinit/10.7.2ubuntu2
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
if [ -x "/etc/init.d/ufw" ]; then
update-rc.d ufw defaults >/dev/null || exit $?
fi
fi
# End automatically added section
# Automatically added by dh_python3:
if which py3compile >/dev/null 2>&1; then
py3compile -p ufw -V 3.2-
fi
# End automatically added section
# Automatically added by dh_installdeb/10.7.2ubuntu2
dpkg-maintscript-helper rm_conffile /etc/init/ufw.conf 0.35-5~ ufw -- "$@"
# End automatically added section
|