arno-iptables-firewall 2.0.1.d-1 / postinst

This file is indexed.

postinst is in arno-iptables-firewall 2.0.1.d-1.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
#! /bin/bash
# postinst script for arno-iptables-firewall

set -e
. /usr/share/debconf/confmodule
db_version 2.0

# move config files from versions prior to 1.8.8
if [ -f /etc/arno-iptables-firewall.debconf ]; then
    echo "Moving debconf settings to /etc/arno-iptables-firewall/debconf.cfg."
    mv /etc/arno-iptables-firewall.debconf /etc/arno-iptables-firewall/debconf.cfg
fi

if [ -f /etc/arno-firewall-blocked-hosts ]; then
    echo "Moving host blacklist to /etc/arno-iptables-firewall/blocked-hosts."
    mv /etc/arno-firewall-blocked-hosts /etc/arno-iptables-firewall/blocked-hosts
fi

if [ -f /etc/arno-firewall-mac-addresses ]; then
    echo "Moving MAC address filter list to /etc/arno-iptables-firewall/mac-addresses."
    mv /etc/arno-firewall-mac-addresses /etc/arno-iptables-firewall/mac-addresses
fi

if [ -f /etc/arno-firewall-custom-rules ]; then
    echo "Merging custom iptables rules into /etc/arno-iptables-firewall/custom-rules."
    cat /etc/arno-firewall-custom-rules >> /etc/arno-iptables-firewall/custom-rules
    rm -f /etc/arno-firewall-custom-rules
fi

CFG=/etc/arno-iptables-firewall/conf.d/00debconf.conf

case "$1" in
    configure)
        # query all vars from debconf
        # most important: is debconf management requested
        db_get arno-iptables-firewall/debconf-wanted
        if [ "$RET" = "true" ]; then
            # debconf is welcome: look whether there is a config file and
            # recreate the config file if missing
            if [ ! -e $CFG ]; then
                cat << EOT > $CFG
#######################################################################
# Feel free to edit this file.  However, be aware that debconf writes #
# to (and reads from) this file too.  In case of doubt, only use      #
# 'dpkg-reconfigure -plow arno-iptables-firewall' to edit this file.  #
# If you really don't want to use debconf, or if you have specific    #
# needs, you're likely better off using placing an additional         #
# configuration snippet into/etc/arno-iptables-firewall/conf.d/.      #
# Also see README.Debian.                                             #
#######################################################################
EXT_IF=""
EXT_IF_DHCP_IP=0
OPEN_TCP=""
OPEN_UDP=""
INT_IF=""
NAT=0
INTERNAL_NET=""
NAT_INTERNAL_NET=""
OPEN_ICMP=0
EOT
            fi

            # query the names of the external interfaces from debconf
            db_get arno-iptables-firewall/config-ext-if ; DC_EXT_IF="$RET"

            # query the DHCP status from debconf
            db_get arno-iptables-firewall/dynamic-ip
            if [ "$RET" = "true" ]; then
                DC_EXT_IF_DHCP_IP=1
            else
                DC_EXT_IF_DHCP_IP=0
            fi

            # query the external services from debconf
            db_get arno-iptables-firewall/services-tcp ; DC_OPEN_TCP="$RET"
            db_get arno-iptables-firewall/services-udp ; DC_OPEN_UDP="$RET"

            # query the NAT status from debconf
            db_get arno-iptables-firewall/nat
            if [ "$RET" = "true" ]; then
                DC_NAT=1
            else
                DC_NAT=0
            fi

            # query the internal network interfaces from debconf
            db_get arno-iptables-firewall/config-int-if ; DC_INT_IF="$RET"

            # query the internal networks from debconf
            db_get arno-iptables-firewall/config-int-net ; DC_INTERNAL_NET="$RET"
            # we need to quote all slashes
            DC_INTERNAL_NET=${DC_INTERNAL_NET//\//\\\/}

            # query the internal networks with access to the external world from debconf
            db_get arno-iptables-firewall/config-int-nat-net ; DC_NAT_INTERNAL_NET="$RET"
            # we need to quote all slashes
            DC_NAT_INTERNAL_NET=${DC_NAT_INTERNAL_NET//\//\\\/}
            # allow the whole internal net for NAT if this was left empty
            if [[ -z $DC_NAT_INTERNAL_NET && "$DC_NAT" == "1" ]]; then
                DC_NAT_INTERNAL_NET="$DC_INTERNAL_NET"
            fi

            # query the 'pingable' status from debconf
            db_get arno-iptables-firewall/icmp-echo
            if [ "$RET" = "true" ]; then
                DC_OPEN_ICMP=1
            else
                DC_OPEN_ICMP=0
            fi

            # make a backup conf file
            cp -dpf $CFG $CFG.tmp

            # check that all vars are in the debconf file
            # If the admin deleted or commented some variables but then set
            # them via debconf, (re-)add them to the conffile.
            test -z "$DC_EXT_IF"           || grep -Eq '^ *EXT_IF=' $CFG.tmp           || echo "EXT_IF=" >> $CFG.tmp
            test -z "$DC_EXT_IF_DHCP_IP"   || grep -Eq '^ *EXT_IF_DHCP_IP=' $CFG.tmp   || echo "EXT_IF_DHCP_IP=" >> $CFG.tmp
            test -z "$DC_OPEN_TCP"         || grep -Eq '^ *OPEN_TCP=' $CFG.tmp         || echo "OPEN_TCP=" >> $CFG.tmp
            test -z "$DC_OPEN_UDP"         || grep -Eq '^ *OPEN_UDP=' $CFG.tmp         || echo "OPEN_UDP=" >> $CFG.tmp
            test -z "$DC_NAT"              || grep -Eq '^ *NAT=' $CFG.tmp              || echo "NAT=" >> $CFG.tmp
            test -z "$DC_INT_IF"           || grep -Eq '^ *INT_IF=' $CFG.tmp           || echo "INT_IF=" >> $CFG.tmp
            test -z "$DC_INTERNAL_NET"     || grep -Eq '^ *INTERNAL_NET=' $CFG.tmp     || echo "INTERNAL_NET=" >> $CFG.tmp
            test -z "$DC_NAT_INTERNAL_NET" || grep -Eq '^ *NAT_INTERNAL_NET=' $CFG.tmp || echo "NAT_INTERNAL_NET=" >> $CFG.tmp
            test -z "$DC_OPEN_ICMP"        || grep -Eq '^ *OPEN_ICMP=' $CFG.tmp        || echo "OPEN_ICMP=" >> $CFG.tmp

            # now set the value from the debconf database
            # write values to config file
            sed -e "s/^ *EXT_IF=.*/EXT_IF=\"$DC_EXT_IF\"/" \
                -e "s/^ *EXT_IF_DHCP_IP=.*/EXT_IF_DHCP_IP=$DC_EXT_IF_DHCP_IP/" \
                -e "s/^ *OPEN_TCP=.*/OPEN_TCP=\"$DC_OPEN_TCP\"/" \
                -e "s/^ *OPEN_UDP=.*/OPEN_UDP=\"$DC_OPEN_UDP\"/" \
                -e "s/^ *NAT=.*/NAT=$DC_NAT/" \
                -e "s/^ *INT_IF=.*/INT_IF=\"$DC_INT_IF\"/" \
                -e "s/^ *INTERNAL_NET=.*/INTERNAL_NET=\"$DC_INTERNAL_NET\"/" \
                -e "s/^ *NAT_INTERNAL_NET=.*/NAT_INTERNAL_NET=\"$DC_NAT_INTERNAL_NET\"/" \
                -e "s/^ *OPEN_ICMP=.*/OPEN_ICMP=$DC_OPEN_ICMP/" \
                < $CFG.tmp > $CFG

            # replace the old conffile  by the working copy
            rm -f $CFG.tmp

            db_get arno-iptables-firewall/restart
            if [ "$RET" = "true" ]; then
            invoke-rc.d arno-iptables-firewall restart
            fi
        fi # debconf wanted

        # reload rsyslog if available
        if [ -x /etc/init.d/rsyslog ]; then
            invoke-rc.d rsyslog restart
        fi
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
        # nothing to do
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

if [ -x "/etc/init.d/arno-iptables-firewall" ]; then
    update-rc.d arno-iptables-firewall start 41 S . stop 41 0 6 . >/dev/null || exit 0
fi

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.



exit 0

APT Browse - Built by Thomas Orozco.