--- ferm-2.0.3.orig/debian/ferm.postrm +++ ferm-2.0.3/debian/ferm.postrm @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +rm -f /var/cache/ferm/*.sh /var/cache/ferm/*.tmp + +#DEBHELPER# --- ferm-2.0.3.orig/debian/ferm.templates +++ ferm-2.0.3/debian/ferm.templates @@ -0,0 +1,9 @@ +Template: ferm/enable +Type: boolean +Default: true +_Description: Enable ferm on bootup? + Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf. + . + The default configuration allows SSH login on port 22; if you are + installing this package remotely on another port, you should not + choose this option, and later edit /etc/default/ferm to enable ferm. --- ferm-2.0.3.orig/debian/watch +++ ferm-2.0.3/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://ferm.foo-projects.org/download/2.0/ferm-([0-9.]*)\.tar\.gz --- ferm-2.0.3.orig/debian/ferm.install +++ ferm-2.0.3/debian/ferm.install @@ -0,0 +1,5 @@ +src/{import-,}ferm usr/sbin +debian/ferm.conf etc/ferm +doc/{import-,}ferm.1 usr/share/man/man1 +doc/ferm.txt doc/ferm.html usr/share/doc/ferm +examples usr/share/doc/ferm --- ferm-2.0.3.orig/debian/ferm.docs +++ ferm-2.0.3/debian/ferm.docs @@ -0,0 +1,4 @@ +README +TODO +AUTHORS +NEWS --- ferm-2.0.3.orig/debian/ferm.dirs +++ ferm-2.0.3/debian/ferm.dirs @@ -0,0 +1 @@ +var/cache/ferm --- ferm-2.0.3.orig/debian/README.Debian +++ ferm-2.0.3/debian/README.Debian @@ -0,0 +1,33 @@ +The ferm debian package +======================= + +By default, ferm's configuration file is /etc/ferm/ferm.conf. The +directory /etc/ferm is reserved for includes you might want to write. + +The init script itself is configured with /etc/default/ferm, which +contains several variables. Most important for now is "ENABLED=yes" +if you want ferm to be run automatically on boot. + +Setting "FAST=yes" is, well, faster - but you shouldn't enable it on +Debian Sarge because it ships iptables 1.2, which is know to be too +bugged for ferm's fast mode. + +If you want to use ferm on sarge you have use iptables 1.3 or remove the 1.3 +dependency and set FAST=no in /etc/default/ferm (the latter is done for the +packages on backports.org). + +The cache ("CACHE=yes", enabled by default) speeds things up, too, +because ferm will only be run when you modify its configuration, but +this also means that ferm's rollback-on-error isn't assisting you. +Also note that the init script doesn't notice when you change an +include file. To work around that, touch /etc/ferm/ferm.conf. + +I recommend you use ferm's so-called "interactive mode" while you +develop firewall rules on remote machines. In this mode, ferm applies +the new firewall rules and asks you for confirmation. If you don't +confirm within 30 seconds, ferm reverts to the previous rule set. +Run: + + ferm --interactive /etc/ferm/ferm.conf + + -- Max Kellermann --- ferm-2.0.3.orig/debian/ferm.config +++ ferm-2.0.3/debian/ferm.config @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +. /usr/share/debconf/confmodule + +db_version 2.0 +db_capb backup + +if ! test -f /etc/default/ferm || ! grep -q ^ENABLED= /etc/default/ferm; then + db_input high ferm/enable || true + db_go || true +fi --- ferm-2.0.3.orig/debian/control +++ ferm-2.0.3/debian/control @@ -0,0 +1,28 @@ +Source: ferm +Section: net +Priority: optional +Maintainer: ferm maintainers +Uploaders: Alexander Wirt , Max Kellermann +Standards-Version: 3.8.0 +Build-Depends: debhelper (>= 5) +Build-Depends-Indep: po-debconf + +Package: ferm +Architecture: all +Depends: perl (>= 5.6), iptables (>= 1.3), debconf (>= 1.2.0), lsb-base (>= 3.0-6) +Description: maintain and setup complicated firewall rules + ferm is a frontend for iptables. It reads the rules from a + structured configuration file and calls iptables(8) to insert them + into the running kernel. + . + ferm's goal is to make firewall rules easy to write and easy to + read. It tries to reduce the tedious task of writing down rules, thus + enabling the firewall administrator to spend more time on developing + good rules than the proper implementation of the rule. + . + To achieve this, ferm uses a simple but powerful configuration + language, which allows variables, functions, arrays, blocks. It also + allows you to include other files, allowing you to create libraries + of commonly used structures and functions. + . + ferm, pronounced "firm", stands for "For Easy Rule Making". --- ferm-2.0.3.orig/debian/po/de.po +++ ferm-2.0.3/debian/po/de.po @@ -0,0 +1,39 @@ +# ferm gettext template. +# Copyright (C) 2006 +# This file is distributed under the same license as the ferm package. +# Max Kellermann , 2006. +# +msgid "" +msgstr "" +"Project-Id-Version: 1.2\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:39+0200\n" +"PO-Revision-Date: 2006-09-25 22:43+0200\n" +"Last-Translator: Alexander Wirt \n" +"Language-Team: ferm-maintainers@ned.snow-crash.org\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "Ferm beim Systemstart aktivieren?" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "" +"Ferm kann die Firewallregeln bei jedem Systemstart aus /etc/ferm/ferm.conf " +"laden." + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "" +"The default configuration allows SSH login on port 22; if you are installing " +"this package remotely on another port, you should not choose this option, " +"and later edit /etc/default/ferm to enable ferm." +msgstr "Die Standardkonfiguration beschränkt den Zugang auf SSH (Port 22); wenn Ihr SSH Dienst auf einem anderen Port läuft, sollten Sie diese Option nicht wählen und später /etc/default/ferm manuell editieren um ferm zu aktivieren. " --- ferm-2.0.3.orig/debian/po/templates.pot +++ ferm-2.0.3/debian/po/templates.pot @@ -0,0 +1,38 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:40+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "" +"The default configuration allows SSH login on port 22; if you are installing " +"this package remotely on another port, you should not choose this option, " +"and later edit /etc/default/ferm to enable ferm." +msgstr "" --- ferm-2.0.3.orig/debian/po/cs.po +++ ferm-2.0.3/debian/po/cs.po @@ -0,0 +1,42 @@ +# Czech translation of ferm debconf messages. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the ferm package. +# Miroslav Kure , 2006. +# +msgid "" +msgstr "" +"Project-Id-Version: ferm\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:40+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "Povolit ferm při zavádění systému?" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "" +"Ferm může při každém startu systému nahrát pravidla firewallu ze souboru " +"/etc/ferm/ferm.conf." + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "" +"The default configuration allows SSH login on port 22; if you are installing " +"this package remotely on another port, you should not choose this option, " +"and later edit /etc/default/ferm to enable ferm." +msgstr "" +"Výchozí konfigurace umožňuje přihlášení přes SSH na portu 22. Instalujete-li " +"tento balík vzdáleně přes jiný port, měli byste nyní tuto možnost zamítnout a " +"později povolit ferm úpravou souboru /etc/default/ferm." --- ferm-2.0.3.orig/debian/po/sv.po +++ ferm-2.0.3/debian/po/sv.po @@ -0,0 +1,44 @@ +# translation of ferm_1.3.4-1_sv.po to Swedish +# ferm. +# Copyright (C) 2008 +# This file is distributed under the same license as the ferm package. +# +# Martin Ågren , 2008. +msgid "" +msgstr "" +"Project-Id-Version: ferm_1.3.4-1_sv\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:40+0200\n" +"PO-Revision-Date: 2008-07-23 17:30+0200\n" +"Last-Translator: Martin Ågren \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "Aktivera ferm vid systemets uppstart?" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "Ferm kan ladda brandväggsregler från /etc/ferm/ferm.conf vid varje systemuppstart." + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "" +"The default configuration allows SSH login on port 22; if you are installing " +"this package remotely on another port, you should not choose this option, " +"and later edit /etc/default/ferm to enable ferm." +msgstr "" +"Standardkonfigurationen tillåter SSH-inloggningar på port 22; om du installerar " +"det här paketet genom fjärråtkomst på en annan port, ska du inte välja detta val. " +"Ändra i så fall /etc/default/ferm senare för att aktivera ferm." + --- ferm-2.0.3.orig/debian/po/fr.po +++ ferm-2.0.3/debian/po/fr.po @@ -0,0 +1,42 @@ +# ferm gettext template. +# Copyright (C) 2006 +# This file is distributed under the same license as the 2006 package. +# Max Kelleramen (max@duempel.org). +# +msgid "" +msgstr "" +"Project-Id-Version: ferm\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:40+0200\n" +"PO-Revision-Date: 2006-09-19 13:00+0200\n" +"Last-Translator: Thomas Huriaux \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "Faut-il lancer ferm au démarrage ?" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "" +"Ferm peut charger à chaque démarrage les règles du pare-feu présentes dans /" +"etc/ferm/ferm.conf." + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "" +"The default configuration allows SSH login on port 22; if you are installing " +"this package remotely on another port, you should not choose this option, " +"and later edit /etc/default/ferm to enable ferm." +msgstr "" +"La configuration par défaut autorise les connexions SSH sur le port 22. Si " +"vous installez ce paquet à distance en utilisant un autre port, vous devriez " +"refuser cette option et modifier /etc/default/ferm pour activer ferm." --- ferm-2.0.3.orig/debian/po/POTFILES.in +++ ferm-2.0.3/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] ferm.templates --- ferm-2.0.3.orig/debian/po/nl.po +++ ferm-2.0.3/debian/po/nl.po @@ -0,0 +1,36 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: ferm\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:40+0200\n" +"PO-Revision-Date: 2007-04-29 12:42+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Dutch\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "Wilt u ferm activeren tijdens het opstarten van het systeem?" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "Ferm kan firewall-regels laden van /etc/ferm/ferm.conf bij elke systeemstart." + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "The default configuration allows SSH login on port 22; if you are installing this package remotely on another port, you should not choose this option, and later edit /etc/default/ferm to enable ferm." +msgstr "De standaardconfiguratie laat aanmelden via SSH op poort 22 toe; als u dit pakket van op afstand via een andere poort installeert slaat u deze optie best af, om dan later ferm te activeren door /etc/default/ferm handmatig aan te passen." + --- ferm-2.0.3.orig/debian/po/es.po +++ ferm-2.0.3/debian/po/es.po @@ -0,0 +1,68 @@ +# Ferm translation to spanish +# Copyright (C) 2007 Free Software Foundation, Inc. +# This file is distributed under the same license as the package. +# +# Changes: +# - Initial translation +# Javier Ruano Ruano , 2007 +# +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas y normas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Si tiene dudas o consultas sobre esta traducción consulte con el último +# traductor (campo Last-Translator) y ponga en copia a la lista de +# traducción de Debian al español () +# +msgid "" +msgstr "" +"Project-Id-Version: Ferm\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:40+0200\n" +"PO-Revision-Date: 2007-01-13 18x:00+0200\n" +"Last-Translator: Javier Ruano Ruano \n" +"Language-Team: Debian L10n Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "¿Iniciar ferm durante el arranque?" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "Ferm cargará las reglas del cortafuegos durante el arranque desde " +"«/etc/ferm/ferm.conf»." + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "" +"The default configuration allows SSH login on port 22; if you are installing " +"this package remotely on another port, you should not choose this option, " +"and later edit /etc/default/ferm to enable ferm." +msgstr "" +"La configuración predeterminada permite el acceso por SSH a través del puerto 22;" +" Si está instalando este paquete remotamente a través de otro puerto, no debería" +" elegir esta opción, edite más tarde «/etc/default/ferm» para activarlo." + --- ferm-2.0.3.orig/debian/po/pt.po +++ ferm-2.0.3/debian/po/pt.po @@ -0,0 +1,40 @@ +# Portuguese translation of ferm's debconf messages. +# Copyright (C) 2007 +# This file is distributed under the same license as the ferm package. +# Ricardo Silva , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: ferm 1.2.3-1\n" +"Report-Msgid-Bugs-To: ferm-maintainers@ned.snow-crash.org\n" +"POT-Creation-Date: 2006-09-25 22:40+0200\n" +"PO-Revision-Date: 2007-03-20 09:19+0000\n" +"Last-Translator: Ricardo Silva \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Enable ferm on bootup?" +msgstr "Activar o ferm no arranque?" + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "Ferm can load firewall rules on every bootup from /etc/ferm/ferm.conf." +msgstr "O ferm pode carregar regras de firewall do ficheiro /etc/ferm/ferm.conf em cada arranque." + +#. Type: boolean +#. Description +#: ../ferm.templates:1001 +msgid "" +"The default configuration allows SSH login on port 22; if you are installing " +"this package remotely on another port, you should not choose this option, " +"and later edit /etc/default/ferm to enable ferm." +msgstr "" +"A configuração por omissão permite login por SSH no porto 22; Se está a " +"instalar este pacote remotamente noutro porto, não deve escolher esta opção, " +"e posteriormente editar o ficheiro /etc/default/ferm para activar o ferm." --- ferm-2.0.3.orig/debian/ferm.postinst +++ ferm-2.0.3/debian/ferm.postinst @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +action=$1 +version=$2 + +if [ "$action" = configure ]; then + . /usr/share/debconf/confmodule + db_version 2.0 + + if ! test -f /etc/default/ferm || ! grep -q ^ENABLED= /etc/default/ferm; then + # copy the enabled flag from debconf to /etc/default/ferm + + db_get ferm/enable + if [ "$RET" = "false" ]; then + VALUE="no" + else + VALUE="yes" + fi + + { + echo + echo "# Enable ferm on bootup?" + echo "ENABLED=$VALUE" + } >> /etc/default/ferm + fi + + # make the firewall configuration readable only by root and group adm + if [ -d /etc/ferm ]; then + chown -R root:adm /etc/ferm + chmod 2750 /etc/ferm + fi +fi + +#DEBHELPER# --- ferm-2.0.3.orig/debian/copyright +++ ferm-2.0.3/debian/copyright @@ -0,0 +1,27 @@ +This package was debianized by Tommi Virtanen tv@debian.org on +Sat, 7 Apr 2001 00:19:34 +0300. + +It was downloaded from http://www.geo.vu.nl/~koka/ferm/ + +Upstream Authors: +Auke Kok +Max Kellermann + +Copyright: + +# +# Copyright (C) 2001-2008 Max Kellermann, Auke Kok +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# + +On Debian Linux systems, the complete text of the GNU General Public +License can be found in '/usr/share/common-licenses/GPL'. --- ferm-2.0.3.orig/debian/compat +++ ferm-2.0.3/debian/compat @@ -0,0 +1 @@ +5 --- ferm-2.0.3.orig/debian/ferm.conf +++ ferm-2.0.3/debian/ferm.conf @@ -0,0 +1,52 @@ +# -*- shell-script -*- +# +# Configuration file for ferm(1). +# + +table filter { + chain INPUT { + policy DROP; + + # connection tracking + mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + + # allow local packages + interface lo ACCEPT; + + # respond to ping + proto icmp ACCEPT; + + # allow IPsec + proto udp dport 500 ACCEPT; + proto (esp ah) ACCEPT; + + # allow SSH connections + proto tcp dport ssh ACCEPT; + } + chain OUTPUT { + policy ACCEPT; + + # connection tracking + #mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + } + chain FORWARD { + policy DROP; + + # connection tracking + mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + } +} + +# IPv6: +#domain ip6 { +# table filter { +# chain INPUT { +# policy ACCEPT; +# # ... +# } +# # ... +# } +#} --- ferm-2.0.3.orig/debian/changelog +++ ferm-2.0.3/debian/changelog @@ -0,0 +1,323 @@ +ferm (2.0.3-1~bpo40+1) etch-backports; urgency=low + + * Rebuild for etch-backports as requested by DSA. + + -- Alexander Wirt Thu, 02 Oct 2008 08:43:09 +0000 + +ferm (2.0.3-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - fix subchain in include (Closes: #499515) + + -- Alexander Wirt Wed, 01 Oct 2008 13:03:48 +0200 + +ferm (2.0.2-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + + -- Alexander Wirt Sat, 26 Jul 2008 22:48:13 +0200 + +ferm (2.0.1-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - don't include hidden files (Closes: #489271) + * now that "fast" mode is default in upstream, specify --slow in the + init script when fast mode is explicitly turned off by the admin + * use "--shell" in "slow" mode, to prevent iptables warnings from being + written to the cache + * added the actual copyright statement to debian/copyright + * updated debian/watch, change to 2.0 download directory + * added Swedish po translation (Closes: #492058) + + [ Alexander Wirt ] + * Bump standards version (No changes) + + -- Alexander Wirt Sat, 26 Jul 2008 11:41:54 +0200 + +ferm (1.3.4-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + + -- Alexander Wirt Thu, 12 Jun 2008 11:27:38 +0200 + +ferm (1.3.3-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + * check the time stamp of all files in /etc/ferm for cache validation + + -- Alexander Wirt Wed, 23 Jan 2008 12:11:18 +0100 + +ferm (1.3.2-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - handle array after DNAT/to-destination correctly (Closes: #456994) + * don't shut down firewall during upgrade (Closes: #456187) + + -- Alexander Wirt Wed, 19 Dec 2007 10:45:36 +0100 + +ferm (1.3.1-1) unstable; urgency=low + + * new upstream release + - require IO::Handle, this fixes the interactive mode + * use Build-Depends-Indep to refer to po-debconf + + -- Max Kellermann Sun, 9 Dec 2007 00:39:45 +0100 + +ferm (1.3-1) unstable; urgency=low + + * new upstream release + - implemented conditionals with @if/@else (Closes: #419332) + - added function @resolve which resolves host names to IPv4 addresses + (Closes: #436742) + * start init script before other network services (Closes: #446930) + * fixed the URL in debian/watch (Closes: #450308) + + -- Max Kellermann Thu, 6 Dec 2007 23:02:54 +0100 + +ferm (1.2.5-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - make --flush do something in fast mode (Closes: #434820) + * fix typo in README.Debian (Closes: #439180) + + [ Alexander Wirt ] + * Fix emacs shell tag (Closes: #439118) + + -- Alexander Wirt Sun, 14 Oct 2007 23:37:38 +0200 + +ferm (1.2.4-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - implemented hooks (Closes: #418792) + * add Dutch po translation (Closes: #423072) + + [ Alexander Wirt ] + * Add debian/compat file + + -- Alexander Wirt Wed, 20 Jun 2007 20:59:16 +0200 + +ferm (1.2.3-3) unstable; urgency=low + + * Document OPTIONS= in default file + + -- Alexander Wirt Sun, 15 Apr 2007 02:19:17 +0200 + +ferm (1.2.3-2) unstable; urgency=low + + * Update spanish debconf translation (Closes: #412178) + * create directory /var/cache/ferm + * Add portuguese translation (Closes: #415630) + + -- Alexander Wirt Sun, 15 Apr 2007 01:59:41 +0200 + +ferm (1.2.3-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - don't copy module references to subchain (Closes: #407353) + * don't build with cdbs anymore + * enable ferm's fast mode by default + * depend on iptables >= 1.3, because older versions of iptables-restore + have known bugs triggered by ferm's fast mode + + [ Alexander Wirt ] + * Add spanish translation (Closes: #411001) + * Update README.Debian + + -- Alexander Wirt Thu, 15 Feb 2007 09:33:54 +0100 + +ferm (1.2.2-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - don't make "mod multiport" reset variables (Closes: #398867) + - mention deprecation of the "automod" feature in the manpage + (Closes: #397517) + * removed duplicate "Required-Stop" from init script + * removed "syslog" from "Required-Start" + + [ Alexander Wirt ] + * Add french po translation (Closes: #389909) + * Add czech po translation (Closes: #391476) + + -- Alexander Wirt Sat, 18 Nov 2006 00:33:04 +0100 + +ferm (1.2.1-1) unstable; urgency=low + + [ Max Kellermann ] + * New upstream version + - updated documentation, support target "ECN" (Closes: #207502) + * rephrase debconf prompt in an interface neutral way (Closes: #388248) + + -- Alexander Wirt Fri, 29 Sep 2006 21:48:33 +0200 + +ferm (1.2-1) unstable; urgency=low + + * New maintainers + * New upstream version + - generate correct uid-owner rules (Closes: #308910) + - don't break on comma separated lists with quotes (Closes: #241886) + - allows inclusion of files (Closes: #207505) + - support multiport iptables modules (Closes: #252034) + - warn if using undefined variables (Closes: #271965) + - adds support for backticks (Closes: #117730) + * Add startup script (Closes: #110928) + * Remove dependencies on ipchains and ipfwadm (Closes: #382662) + + -- Alexander Wirt Wed, 13 Sep 2006 16:47:19 +0200 + +ferm (1.1.1+1.2beta2-2) unstable; urgency=low + + * build-depend on debhelper 5 + * added author Max Kellermann to debian/copyright + * New maintainer(s) + + -- Alexander Wirt Wed, 13 Sep 2006 16:41:32 +0200 + +ferm (1.1.1+1.2beta2-1) unstable; urgency=low + + * no deprecated syntax in configuration file + * mention /etc/default/ferm in debconf menu + * use ferm --flush for rc stop + * use ferm --shell for caching in fast mode + * clear cache on remove + * added README.Debian + + -- Max Kellermann Sat, 9 Sep 2006 23:44:20 +0200 + +ferm (1.1.1+1.2beta1-1) unstable; urgency=low + + * store debconf variable "ferm/enable" in /etc/default/ferm + + -- Max Kellermann Tue, 29 Aug 2006 12:15:08 +0200 + +ferm (1.1+1.2beta1-1) unstable; urgency=low + + * new upstream version + * bumped Standards-Version to 3.7.2 + * changed Build-Depends-Indep to Build-Depends + * added hack to implement the "stop" command + + -- Max Kellermann Tue, 29 Aug 2006 00:08:54 +0200 + +ferm (1.1+svn20060320-1) unstable; urgency=low + + * new upstream snapshot from subversion + * don't import /etc/firewall.conf in preinst + * updated default configuration + * install import-ferm + + -- Max Kellermann Mon, 20 Mar 2006 13:53:59 +0100 + +ferm (1.1+svn20050606-1) unstable; urgency=low + + * new upstream snapshot from subversion + * added /etc/default/ferm + * support the --fast option, disabled by default + * cache the ferm output + + -- Max Kellermann Mon, 6 Jun 2005 23:38:30 +0200 + +ferm (1.1+svn20050313-1) unstable; urgency=low + + * new upstream snapshot from subversion + * changed maintainer + * new standards-version + * using cdbs + * depend on perl >= 5.6 + * provide a default configuration + * added debconf menu which enables or disables ferm on bootup + * conflict against (non-public) ferm-rc package; import + /etc/firewall.conf from this package + * imported description from upstream + + -- Max Kellermann Sun, 13 Mar 2005 21:22:30 +0100 + +ferm (1.1-1) unstable; urgency=low + + * New upstream release (Closes: #194170). Beware, there are syntax + changes. + + -- Tommi Virtanen Wed, 16 Jul 2003 19:12:02 +0300 + +ferm (1.0pl8-3) unstable; urgency=low + + * Allow use of lists when setting variables (Closes: #143606). + * Generate correct output when combining log and other targets with + ipchains (Closes: #144065). + * New standards version. + * No longer create compatibility symlinks in /usr/doc. + * Switch from Build-Depends to Build-Depends-Indep, this is an arch all + package. + + -- Tommi Virtanen Sat, 19 Apr 2003 22:06:06 +0300 + +ferm (1.0pl8-2) unstable; urgency=low + + * Add missing whitespace after --tos 0x00. + (Closes: #111855). + + -- Tommi Virtanen Fri, 12 Oct 2001 22:44:12 +0300 + +ferm (1.0pl8-1) unstable; urgency=low + + * New upstream version. Has improvements in manpage (Closes: #98519), + can autodetect needed modules (Closes: #100058), and has a NOP action + for accounting (Closes: #100056). + + -- Tommi Virtanen Thu, 19 Jul 2001 22:29:00 +0300 + +ferm (1.0pl6-2) unstable; urgency=low + + * Fixed cut-and-pasto, ferm is now architecture-independent + (Closes: #98141). + + -- Tommi Virtanen Sun, 24 Jun 2001 00:11:34 +0300 + +ferm (1.0pl6-1) unstable; urgency=low + + * New upstream version. + + -- Tommi Virtanen Wed, 30 May 2001 22:29:20 +0300 + +ferm (1.0pl5-1) unstable; urgency=low + + * New upstream version. + + -- Tommi Virtanen Thu, 17 May 2001 21:20:17 +0300 + +ferm (1.0pl3-1) unstable; urgency=low + + * New upstream version. + + -- Tommi Virtanen Thu, 10 May 2001 20:43:12 +0300 + +ferm (1.0pl1-1) unstable; urgency=low + + * New upstream version. + * Fixed a small grammar error in description. + + -- Tommi Virtanen Sat, 5 May 2001 00:54:53 +0300 + +ferm (0.0.18-1) unstable; urgency=low + + * New upstream version, includes fix for MASQERADE typo (Closes: + #94720) + * Fix cut-and-pasto, section should be net. + + -- Tommi Virtanen Sun, 22 Apr 2001 22:10:29 +0300 + +ferm (0.0.17-1) unstable; urgency=low + + * Initial version (Closes: #93154) + + -- Tommi Virtanen Sat, 7 Apr 2001 00:18:15 +0300 + --- ferm-2.0.3.orig/debian/rules +++ ferm-2.0.3/debian/rules @@ -0,0 +1,42 @@ +#!/usr/bin/make -f +# -*- mode: makefile; coding: utf-8 -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: + +clean: + dh_testdir + dh_testroot + rm -f debian/stamp-* + dh_clean + +# Build architecture-independent files here. +binary-indep: + dh_testdir -i + dh_testroot -i + dh_installdirs -i + dh_installdocs + dh_installchangelogs -i + dh_installinit -i --no-restart-on-upgrade -- start 41 S . start 36 0 6 . + dh_installdebconf + dh_install -i + dh_link -i + dh_strip -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_shlibdeps -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture-dependent files here. +binary-arch: + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary --- ferm-2.0.3.orig/debian/ferm.init +++ ferm-2.0.3/debian/ferm.init @@ -0,0 +1,115 @@ +#!/bin/bash +# +# ferm Configure ferm firewall rules from /etc/ferm.conf +# +# Written by Max Kellermann +# +# Version: $Revision: 270 $ +### BEGIN INIT INFO +# Provides: ferm +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 2 3 5 +# Default-Stop: 0 6 +# Description: Starts ferm firewall configuration +# short-description: ferm firewall configuration +### END INIT INFO + +#includes lsb functions +source /lib/lsb/init-functions + + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +FERM=/usr/sbin/ferm +CONFIG=/etc/ferm/ferm.conf +NAME=ferm +DESC="Firewall" +CACHE_DIR=/var/cache/ferm + +test -x $FERM || exit 0 +test -f $CONFIG || exit 0 + +umask 0077 + +unset ENABLED +FAST=yes +CACHE=no +OPTIONS= +unset DOMAINS +[ -r /etc/default/ferm ] && source /etc/default/ferm + +if [ -n "$DOMAINS" ]; then + echo "Warning: the DOMAINS setting in /etc/default/ferm is deprecated." >&2 +fi + +if [ "$ENABLED" != "yes" ]; then + if [ "$VERBOSE" != no ]; then + if [ -z "$ENABLED" ]; then + echo "Not starting ferm - run 'dpkg-reconfigure ferm' to enable it" + else + echo "Not starting ferm - edit /etc/default/ferm to enable it" + fi + fi + exit 0 +fi + +[ "$CACHE" = "yes" -a ! -d $CACHE_DIR ] && CACHE=no + +set -e + +function configure_ferm() { + local CACHE_NAME=${1:-start} + + if [ "$CACHE" = "yes" ]; then + local CACHE_FILE=$CACHE_DIR/$CACHE_NAME.sh + + if ! [ -f $CACHE_FILE -a \ + $CACHE_FILE -nt $CONFIG -a \ + -z "`find /etc/ferm -maxdepth 2 -newer $CACHE_FILE 2>/dev/null`" -a \ + $CACHE_FILE -nt /etc/default/ferm -a \ + $CACHE_FILE -nt /etc/init.d/ferm -a \ + $CACHE_FILE -nt $FERM ]; then + rm -f $CACHE_FILE{,.tmp} || return $? + if [ "$FAST" = "yes" ]; then + $FERM $OPTIONS --shell $CONFIG >$CACHE_FILE.tmp || return $? + else + $FERM $OPTIONS --shell --slow $CONFIG >$CACHE_FILE.tmp || return $? + fi + mv $CACHE_FILE.tmp $CACHE_FILE || return $? + else + source $CACHE_FILE || return $? + fi + else + if [ "$FAST" = "yes" ]; then + $FERM $OPTIONS $CONFIG || return $? + else + $FERM $OPTIONS --slow $CONFIG || return $? + fi + fi +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + configure_ferm || log_end_msg 1 + log_end_msg 0 + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + OPTIONS="$OPTIONS --flush" + configure_ferm stop || log_end_msg 1 + log_end_msg 0 + ;; + reload|restart|force-reload) + log_action_begin_msg "Reloading $DESC configuration..." + configure_ferm || log_end_msg 1 + log_action_end_msg 0 + ;; + *) + N=/etc/init.d/$NAME + log_action_msg "Usage: $N {start|stop|restart|reload|force-reload}" + exit 1 + ;; +esac + +exit 0 --- ferm-2.0.3.orig/debian/ferm.default +++ ferm-2.0.3/debian/ferm.default @@ -0,0 +1,10 @@ +# configuration for /etc/init.d/ferm + +# use iptables-restore for fast firewall initialization? +FAST=yes + +# cache the output of ferm --lines in /var/cache/ferm? +CACHE=yes + +# additional paramaters for ferm (like --def '$foo=bar') +OPTIONS= --- ferm-2.0.3.orig/debian/ferm.preinst +++ ferm-2.0.3/debian/ferm.preinst @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +action=$1 +version=$2 + +if [ "$action" = upgrade ]; then + # remove old cache files + rm -f /var/cache/ferm/*.sh /var/cache/ferm/*.tmp +fi + +if [ "$action" = upgrade -a -n "$version" ]; then + if dpkg --compare-versions "$version" lt "1.1.1" && + dpkg --compare-versions "$version" gt "1.1-1"; then + # upgrade from the 1.2 alpha ("1.1+svnXX") releases + + # this flag has been obsoleted, it is now a variable in + # /etc/default/ferm + rm -f /etc/ferm/disabled_on_bootup + fi +fi + +#DEBHELPER#