postinst is in arno-iptables-firewall 2.0.1.d-1.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | #! /bin/bash
# postinst script for arno-iptables-firewall
set -e
. /usr/share/debconf/confmodule
db_version 2.0
# move config files from versions prior to 1.8.8
if [ -f /etc/arno-iptables-firewall.debconf ]; then
echo "Moving debconf settings to /etc/arno-iptables-firewall/debconf.cfg."
mv /etc/arno-iptables-firewall.debconf /etc/arno-iptables-firewall/debconf.cfg
fi
if [ -f /etc/arno-firewall-blocked-hosts ]; then
echo "Moving host blacklist to /etc/arno-iptables-firewall/blocked-hosts."
mv /etc/arno-firewall-blocked-hosts /etc/arno-iptables-firewall/blocked-hosts
fi
if [ -f /etc/arno-firewall-mac-addresses ]; then
echo "Moving MAC address filter list to /etc/arno-iptables-firewall/mac-addresses."
mv /etc/arno-firewall-mac-addresses /etc/arno-iptables-firewall/mac-addresses
fi
if [ -f /etc/arno-firewall-custom-rules ]; then
echo "Merging custom iptables rules into /etc/arno-iptables-firewall/custom-rules."
cat /etc/arno-firewall-custom-rules >> /etc/arno-iptables-firewall/custom-rules
rm -f /etc/arno-firewall-custom-rules
fi
CFG=/etc/arno-iptables-firewall/conf.d/00debconf.conf
case "$1" in
configure)
# query all vars from debconf
# most important: is debconf management requested
db_get arno-iptables-firewall/debconf-wanted
if [ "$RET" = "true" ]; then
# debconf is welcome: look whether there is a config file and
# recreate the config file if missing
if [ ! -e $CFG ]; then
cat << EOT > $CFG
#######################################################################
# Feel free to edit this file. However, be aware that debconf writes #
# to (and reads from) this file too. In case of doubt, only use #
# 'dpkg-reconfigure -plow arno-iptables-firewall' to edit this file. #
# If you really don't want to use debconf, or if you have specific #
# needs, you're likely better off using placing an additional #
# configuration snippet into/etc/arno-iptables-firewall/conf.d/. #
# Also see README.Debian. #
#######################################################################
EXT_IF=""
EXT_IF_DHCP_IP=0
OPEN_TCP=""
OPEN_UDP=""
INT_IF=""
NAT=0
INTERNAL_NET=""
NAT_INTERNAL_NET=""
OPEN_ICMP=0
EOT
fi
# query the names of the external interfaces from debconf
db_get arno-iptables-firewall/config-ext-if ; DC_EXT_IF="$RET"
# query the DHCP status from debconf
db_get arno-iptables-firewall/dynamic-ip
if [ "$RET" = "true" ]; then
DC_EXT_IF_DHCP_IP=1
else
DC_EXT_IF_DHCP_IP=0
fi
# query the external services from debconf
db_get arno-iptables-firewall/services-tcp ; DC_OPEN_TCP="$RET"
db_get arno-iptables-firewall/services-udp ; DC_OPEN_UDP="$RET"
# query the NAT status from debconf
db_get arno-iptables-firewall/nat
if [ "$RET" = "true" ]; then
DC_NAT=1
else
DC_NAT=0
fi
# query the internal network interfaces from debconf
db_get arno-iptables-firewall/config-int-if ; DC_INT_IF="$RET"
# query the internal networks from debconf
db_get arno-iptables-firewall/config-int-net ; DC_INTERNAL_NET="$RET"
# we need to quote all slashes
DC_INTERNAL_NET=${DC_INTERNAL_NET//\//\\\/}
# query the internal networks with access to the external world from debconf
db_get arno-iptables-firewall/config-int-nat-net ; DC_NAT_INTERNAL_NET="$RET"
# we need to quote all slashes
DC_NAT_INTERNAL_NET=${DC_NAT_INTERNAL_NET//\//\\\/}
# allow the whole internal net for NAT if this was left empty
if [[ -z $DC_NAT_INTERNAL_NET && "$DC_NAT" == "1" ]]; then
DC_NAT_INTERNAL_NET="$DC_INTERNAL_NET"
fi
# query the 'pingable' status from debconf
db_get arno-iptables-firewall/icmp-echo
if [ "$RET" = "true" ]; then
DC_OPEN_ICMP=1
else
DC_OPEN_ICMP=0
fi
# make a backup conf file
cp -dpf $CFG $CFG.tmp
# check that all vars are in the debconf file
# If the admin deleted or commented some variables but then set
# them via debconf, (re-)add them to the conffile.
test -z "$DC_EXT_IF" || grep -Eq '^ *EXT_IF=' $CFG.tmp || echo "EXT_IF=" >> $CFG.tmp
test -z "$DC_EXT_IF_DHCP_IP" || grep -Eq '^ *EXT_IF_DHCP_IP=' $CFG.tmp || echo "EXT_IF_DHCP_IP=" >> $CFG.tmp
test -z "$DC_OPEN_TCP" || grep -Eq '^ *OPEN_TCP=' $CFG.tmp || echo "OPEN_TCP=" >> $CFG.tmp
test -z "$DC_OPEN_UDP" || grep -Eq '^ *OPEN_UDP=' $CFG.tmp || echo "OPEN_UDP=" >> $CFG.tmp
test -z "$DC_NAT" || grep -Eq '^ *NAT=' $CFG.tmp || echo "NAT=" >> $CFG.tmp
test -z "$DC_INT_IF" || grep -Eq '^ *INT_IF=' $CFG.tmp || echo "INT_IF=" >> $CFG.tmp
test -z "$DC_INTERNAL_NET" || grep -Eq '^ *INTERNAL_NET=' $CFG.tmp || echo "INTERNAL_NET=" >> $CFG.tmp
test -z "$DC_NAT_INTERNAL_NET" || grep -Eq '^ *NAT_INTERNAL_NET=' $CFG.tmp || echo "NAT_INTERNAL_NET=" >> $CFG.tmp
test -z "$DC_OPEN_ICMP" || grep -Eq '^ *OPEN_ICMP=' $CFG.tmp || echo "OPEN_ICMP=" >> $CFG.tmp
# now set the value from the debconf database
# write values to config file
sed -e "s/^ *EXT_IF=.*/EXT_IF=\"$DC_EXT_IF\"/" \
-e "s/^ *EXT_IF_DHCP_IP=.*/EXT_IF_DHCP_IP=$DC_EXT_IF_DHCP_IP/" \
-e "s/^ *OPEN_TCP=.*/OPEN_TCP=\"$DC_OPEN_TCP\"/" \
-e "s/^ *OPEN_UDP=.*/OPEN_UDP=\"$DC_OPEN_UDP\"/" \
-e "s/^ *NAT=.*/NAT=$DC_NAT/" \
-e "s/^ *INT_IF=.*/INT_IF=\"$DC_INT_IF\"/" \
-e "s/^ *INTERNAL_NET=.*/INTERNAL_NET=\"$DC_INTERNAL_NET\"/" \
-e "s/^ *NAT_INTERNAL_NET=.*/NAT_INTERNAL_NET=\"$DC_NAT_INTERNAL_NET\"/" \
-e "s/^ *OPEN_ICMP=.*/OPEN_ICMP=$DC_OPEN_ICMP/" \
< $CFG.tmp > $CFG
# replace the old conffile by the working copy
rm -f $CFG.tmp
db_get arno-iptables-firewall/restart
if [ "$RET" = "true" ]; then
invoke-rc.d arno-iptables-firewall restart
fi
fi # debconf wanted
# reload rsyslog if available
if [ -x /etc/init.d/rsyslog ]; then
invoke-rc.d rsyslog restart
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
# nothing to do
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
if [ -x "/etc/init.d/arno-iptables-firewall" ]; then
update-rc.d arno-iptables-firewall start 41 S . stop 41 0 6 . >/dev/null || exit 0
fi
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
exit 0
|