33,34c33,34 < if [ -f ./share/arno-iptables-firewall/environment ]; then < . ./share/arno-iptables-firewall/environment --- > if [ -f /usr/share/arno-iptables-firewall/environment ]; then > . /usr/share/arno-iptables-firewall/environment 36c36 < printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2 --- > printf "\033[40m\033[1;31mERROR: Could not read environment file /usr/share/arno-iptables-firewall/environment!\033[0m\n\n" >&2 76a77,81 > else > # If no value is entered, remove (unless commented) previously set > # values: this is to prevent, for example, ports from remaining open, > # or internal interfaces from remaining enabled with NAT. > sed -i -e "s~^$2=.*$~$2=\"\"~" "$1" 91c96 < # else --- > else 92a98,100 > # This is needed to allow the function change_conf_var() > # to remove values for previously set open ports. > change_conf_var "$2" "$3" "" 183,186c191,194 < echo "Listing available interfaces:" < echo "-----------------------------" < list_interfaces; < echo "-----------------------------" --- > # echo "Listing available interfaces:" > # echo "-----------------------------" > # list_interfaces; > # echo "-----------------------------" 255a264,270 > else > # Remove previously set values related to the internal interface, > # if no internal interface is entered with this script. > change_conf_var "$FIREWALL_CONF" "INT_IF" "" > change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" "" > change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" "" > change_conf_var "$FIREWALL_CONF" "NAT" "0" 259,261c274,276 < if [ -e /etc/init.d/arno-iptables-firewall ]; then < chown 0:0 /etc/init.d/arno-iptables-firewall < chmod 755 /etc/init.d/arno-iptables-firewall --- > if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then > chown 0:0 /etc/rc.d/rc.arno-iptables-firewall > chmod 755 /etc/rc.d/rc.arno-iptables-firewall 271c286 < AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" --- > AIF_VERSION="$(grep "MY_VERSION=" /usr/sbin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")" 279,339c294 < RC_PATH="/etc" < # Check for Redhat/SUSE rc.d < if [ -d "/etc/rc.d" ]; then < RC_PATH="/etc/rc.d" < fi < < # Remove any symlinks in rc*.d out of the way < rm -f $RC_PATH/rc0.d/*arno-iptables-firewall < rm -f $RC_PATH/rc1.d/*arno-iptables-firewall < rm -f $RC_PATH/rc2.d/*arno-iptables-firewall < rm -f $RC_PATH/rc3.d/*arno-iptables-firewall < rm -f $RC_PATH/rc4.d/*arno-iptables-firewall < rm -f $RC_PATH/rc5.d/*arno-iptables-firewall < rm -f $RC_PATH/rc6.d/*arno-iptables-firewall < rm -f $RC_PATH/rcS.d/*arno-iptables-firewall < < if get_user_yn "Do you want to start the firewall at boot" "y"; then < DONE=0 < < if check_command systemctl; then < if systemctl enable arno-iptables-firewall; then < echo "* Successfully enabled service with systemctl" < DONE=1 < fi < elif check_command update-rc.d; then < # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly < if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then < echo "* Successfully enabled service with update-rc.d" < DONE=1 < fi < elif check_command chkconfig; then < if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then < echo "* Successfully enabled service with chkconfig" < DONE=1 < fi < else < if [ -d "$RC_PATH/rcS.d" ]; then < if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" && < ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" && < ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then < echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink" < DONE=1 < fi < elif [ -d "$RC_PATH/rc2.d" ]; then < if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" && < ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" && < ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then < echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink" < DONE=1 < fi < else < echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2 < fi < fi < < if [ $DONE -eq 0 ]; then < echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2 < fi < fi < < if [ -e /etc/init.d/arno-iptables-firewall ]; then --- > if [ -e /etc/rc.d/rc.arno-iptables-firewall ]; then 341c296 < change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "1" --- > change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "1" 343c298 < change_conf_var /etc/init.d/arno-iptables-firewall "VERBOSE" "0" --- > change_conf_var /etc/rc.d/rc.arno-iptables-firewall "VERBOSE" "0" 347c302 < if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then --- > if diff /usr/share/arno-iptables-firewall/firewall.conf.orig "$FIREWALL_CONF" >/dev/null; then 362a318,335 > echo "" > echo "-------------------------------------------------------------------------------" > echo "** NOTE: 1) After configuration, it is recommended to review the firewall **" > echo "** settings in /etc/arno-iptables-firewall/firewall.conf **" > echo "** **" > echo "** 2) To manually start or restart the firewall, run: **" > echo "** /etc/rc.d/rc.arno-iptables-firewall start **" > echo "** or /etc/rc.d/rc.arno-iptables-firewall restart **" > echo "** **" > echo "** 3) To start the firewall automatically at boot-time, you need an **" > echo "** appropriate symlink, \"rc.firewall\", pointing to the startup **" > echo "** script. Issue the following commands to create the symlink: **" > echo "** cd /etc/rc.d/ **" > echo "** ln -sv rc.arno-iptables-firewall rc.firewall **" > echo "** **" > echo "** 4) To disable startup at boot-time, simply delete the symlink, **" > echo "** or remove the executable bit from the startup script. **" > echo "-------------------------------------------------------------------------------"