diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..ea27d1d --- /dev/null +++ b/Makefile @@ -0,0 +1,37 @@ +#!/usr/bin/make -f + +# This file is part of netfilter-persistent +# Copyright (C) 2014 Jonathan Wiltshire +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. + +PREFIX=/ +DEST=$(DESTDIR)$(PREFIX) + +all: + +clean: + +install: + install -d $(DEST)/usr/sbin + install -d $(DEST)/usr/share/netfilter-persistent + install -d $(DEST)/usr/share/netfilter-persistent/plugins.d + # Main wrapper + install netfilter-persistent $(DEST)/usr/sbin + # Systemd + install -d $(DEST)/lib/systemd/system + install --mode=644 systemd/* $(DEST)/lib/systemd/system + # Manual + install -d $(DEST)/usr/share/man/man8 + install --mode=644 netfilter-persistent.8 $(DEST)/usr/share/man/man8 + +install-plugins: + # Plugins + install plugins/* $(DEST)/usr/share/netfilter-persistent/plugins.d + # Explicit flush plugin + install --mode=755 iptb-expflush-plugin $(DEST)/usr/share/netfilter-persistent + ln -fs /usr/share/netfilter-persistent/iptb-expflush-plugin $(DEST)/usr/share/netfilter-persistent/plugins/12-iptb4-explicit-flush + ln -fs /usr/share/netfilter-persistent/iptb-expflush-plugin $(DEST)/usr/share/netfilter-persistent/plugins/20-iptb6-explicit-flush diff --git a/README.md b/README.md deleted file mode 100644 index 9ebb840..0000000 --- a/README.md +++ /dev/null @@ -1 +0,0 @@ -# template-repository \ No newline at end of file diff --git a/USAR_DGIT!!! b/USAR_DGIT!!! new file mode 100644 index 0000000..e69de29 diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..946948d --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,12 @@ +iptables-persistent (1.0.20) unstable; urgency=medium + + iptables-persistent.service, ip6tables-persistent.service and + ipset-persistent.service are now aliases instead of alternatives, using + native functionality to provide alternative names. Users wishing to use such + names can use 'systemctl enable netfilter-persistent.service' to enable them, + and can override them using the standard systemd configuration mechanisms. + Other packages wishing to provide the same service names simply have to + declare the same aliases in their units, and users can enable the one they + prefer. + + -- Luca Boccassi Tue, 16 May 2023 01:40:17 +0100 diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..c8dad16 --- /dev/null +++ b/debian/README @@ -0,0 +1,22 @@ +netfilter-persistent and its plugins +------------------------------------ + +netfilter-persistent does no work on its own. You need the accompanying +plugins (for example, iptables-persistent) to load and save filter rules. + +However, commands are run from netfilter-persistent. For example, to save +all filter rules: + + netfilter-persistent save + +or to load them: + + netfilter-persistent start + +For more details, see `man netfilter-persistent`. + +The system service will try to load rules at startup if enabled, but by +default it will not flush rules at shutdown. This behaviour can be changed +by editing /etc/default/netfilter-persistent. + + -- Jonathan Wiltshire Sat, 02 Jan 2016 00:00:00 +0000 diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..f04f592 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,8 @@ + + iptables-persistent has become a native package (meaning there is no + upstream tarball). In its present form, iptables-persistent is unlikely + to be useful outside Debian or Debian-derivatives, and I do not plan to + include any support for other distributions, so a native package makes the + maintenance overhead considerably smaller. + + -- Jonathan Wiltshire Wed, 29 Dec 2010 22:51:17 +0000 diff --git a/debian/changelog b/debian/changelog index bad88e2..d9cf6b1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,452 @@ -template-repository (1.0-1) unstable; urgency=medium +iptables-persistent (1.0.22) unstable; urgency=medium - * Initial release + * [3e0ff9] add dh-sequence-movetousr to b-d (Closes: #1073670) - -- Tsic404 Sat, 28 Jan 2023 13:46:49 +0800 + -- gustavo panizzo Fri, 19 Jul 2024 22:36:49 +0200 + +iptables-persistent (1.0.21) unstable; urgency=medium + + [ Emmanuel BENOÎT ] + * [b33b0e] Support explicit, partial flushing of iptables chains + * [291b37] fix(iptb-expflush-plugin): use "," as a separator + + [ gustavo panizzo ] + * [869bf7] Fix typo on ipset's template. + Thanks to Christian (Closes: #1041781) + * [7f39a9] Remove empty dir left after a previous upgrade (Closes: #1036628) + * [72ea40] Do not flush user defined chains. + Thanks to Gabor Zsoldos (Closes: #1063844) + + -- gustavo panizzo Mon, 03 Jun 2024 20:41:11 +0200 + +iptables-persistent (1.0.20) unstable; urgency=medium + + [ Luca Boccassi ] + * [3d8a9b] Use aliases instead of overrides for alternative names + (Closes: #1036147) + * [418c74] Install drop-ins in /lib/ instead of /etc/ (Closes: #1036147) + + [ gustavo panizzo ] + * [06509f] Handle obsolete conffile removal + * [633371] Remove obsolete dependency (lsb-base) + + -- gustavo panizzo Fri, 19 May 2023 13:27:33 +0200 + +iptables-persistent (1.0.19) unstable; urgency=medium + + * [49d9ca] Debconf templates translation to Romanian. + Thanks to Remus-Gabriel Chelu (Closes: #1031918) + * [b91289] Standards version 4.6.2 (no changes) + + -- gustavo panizzo Tue, 28 Feb 2023 08:02:38 +0100 + +iptables-persistent (1.0.18) unstable; urgency=medium + + * No source change upload to be built in the buildd + + -- gustavo panizzo Tue, 01 Nov 2022 21:51:35 +0100 + +iptables-persistent (1.0.17) unstable; urgency=medium + + * [e12f28] Test rules before loading them. + Thanks to Phillip Smith (Closes: 1022156) + * [1d3e87] Standards version 4.6.1.0 (no changes) + + -- gustavo panizzo Sat, 22 Oct 2022 17:13:17 +0200 + +iptables-persistent (1.0.16+nmu1) unstable; urgency=medium + + * Non-maintainer upload. + * No source change upload to rebuild with debhelper 13.10. + + -- Michael Biebl Sat, 15 Oct 2022 12:10:44 +0200 + +iptables-persistent (1.0.16) unstable; urgency=medium + + [ Mauricio Faria de Oliveira ] + * [36cf9e] Introduce options IP[6]TABLES_RESTORE_NOFLUSH + Thanks to Mauricio Faria de Oliveira (Closes: #998416). + + [ gustavo panizzo ] + * [34d37b] Bump standards version, no changes required + * [98c9ec] Remove a very old migration from the preinst script + + -- gustavo panizzo Fri, 03 Dec 2021 15:29:12 +0100 + +iptables-persistent (1.0.15) unstable; urgency=medium + + * [b89d12] Fix warning message on the ipset plugin + * [9a8d08] Standards version 4.5.1 (no changes) + * [42af90] Fix the Vcs-Browser url + * [586d4f] Add Rules-Requires-Root: no to d/control + * [bd1a1a] Increase the debhelper-compat level + + -- gustavo panizzo Sun, 14 Feb 2021 07:49:44 +0000 + +iptables-persistent (1.0.14) unstable; urgency=medium + + * [401a9f] No longer load modules. + Thanks to Jérémie LEGRAND (Closes: 932196) + * [933938] Implement a new logic to flush firewall rules + * [824486] Add variable Pre-Depends as required by init-system-helpers and debhelper 12 + * [3ed371] Run wrap-and-sort + + -- gustavo panizzo Fri, 13 Sep 2019 19:16:28 +0200 + +iptables-persistent (1.0.13) unstable; urgency=medium + + * Upload to unstable + * [30244a] Standards version 4.4.0 (no changes) + * [242e35] Provide the virtual systemd units iptables.service and + ipset.service. + Thanks to Laurent Bigonville for the bug report (Closes: #926927) + * [3a751c] Remove Jonathan Wiltshire as Maintainer and add myself + * [7303da] Add Documentation to the systemd unit + * [320e48] Use debhelper 12 + + -- gustavo panizzo Mon, 26 Aug 2019 21:27:58 +0200 + +iptables-persistent (1.0.12) experimental; urgency=medium + + * [3ca86e] Use white space and tabs consistently + * [d5726c] Allow granular configuration for the save action + + -- gustavo panizzo Wed, 27 Mar 2019 14:34:28 +0800 + +iptables-persistent (1.0.11) unstable; urgency=medium + + * [e491d7] Make iptables-persistent to Pre-Depends on iptables. + Thanks to Herman van Rink (Closes: 921730) + * [cc7ba0] Standards version 4.3.0 (no changes) + + -- gustavo panizzo Sat, 09 Feb 2019 12:36:39 +0800 + +iptables-persistent (1.0.10) unstable; urgency=medium + + * [ded6eb] Set a sane PATH in all plugins + * [e65ed0] Find executables at run time and use them. + Thanks to Adrian Davey (Closes: #911833) + * [df9e4c] Use /bin/sh in ipset scripts + * [1d9dfa] Remove rc variables and exit code. + Thanks to Guillaume LUCAS (Closes: #836680) + * [968263] Fix typo introduced in 07df20dcbff91. + Thanks to Urs Breinlinger (Closes: #914155) + * [ce9a35] Remove obsolete calls to dh_installinit. + Thanks to Yuriy M. Kaminskiy (Closes: #819693) + * [aab568] Cleanup the systemd unit + + -- gustavo panizzo Sat, 24 Nov 2018 02:01:45 +0000 + +iptables-persistent (1.0.9) unstable; urgency=medium + + * [7348f0] Exit fast if IPv6 is disabled. + Thanks to Scott Smemsh (Closes: #780738) + * [fe7575] Do not load blacklisted modules. + Thanks to Jonathan Thibault (Closes: #748267) + * [07df20] Do not fail the scripts if modprobe fails. + Thanks to Nye Liu and Marc MAURICE (Closes: #794037, #720110) + * [a11723] Do not discard stderr from *-save and *-restore commands. + Thanks to Tony Finch (Closes: #859015) + * [3f8f61] Remove trailing space in debian/rules + + -- gustavo panizzo Fri, 19 Oct 2018 01:13:04 +0000 + +iptables-persistent (1.0.8) unstable; urgency=medium + + [ Ondřej Nový ] + * d/changelog: Remove trailing whitespaces + + [ gustavo panizzo ] + * [c4ed04] IPset: Ensure we can run ipset before try to save the rules + * [e6044e] Fix typo on the long description + * [4dd1c5] Standards version 4.2.1 (no changes) + * [01b2a7] Rename [gbp-dch] section to [dch] in debian/gbp.conf + * [5a7fca] Add the debian branch in debian/gbp.conf pointing to debian branch + + -- gustavo panizzo Thu, 11 Oct 2018 13:33:54 +0000 + +iptables-persistent (1.0.7) unstable; urgency=medium + + * Bump version of the package as required by dgit. See #801435. + Previous upload didn't make into the archive as it contained a new + binary package and I performed a source-only upload (which is not allowed). + To fix my previous mistake and keep using dgit a newer version of the + package as to be upload to both the archive and dgit. + Apologies in advance to those following to git or dgit repository. + + -- gustavo panizzo Fri, 03 Aug 2018 09:44:11 +0800 + +iptables-persistent (1.0.6) unstable; urgency=medium + + * [85b975] Add initial support for ipsets + * [fb975f] Add myself to uploaders + * [f99506] Rename git-dch section to dch in gbp.conf + * [b3d13a] Increase the standards version, no changes were required + + -- gustavo panizzo Thu, 02 Aug 2018 14:41:31 +0800 + +iptables-persistent (1.0.5) unstable; urgency=medium + + * Team upload. + + [ gustavo panizzo ] + * Apply a patch from Ross Vandegrift to solve an issue + when stopping the service. (Closes: #900022) + * Point VCS headers to salsa.debian.org + * Increase compat level to 11 + * Drop build dependency on dh-systemd, as newer debhelper makes it obsolete + * Bumped standard version to 4.1.4, no changes were needed. + * Use a secure URI for copyright format + + -- gustavo panizzo Tue, 03 Jul 2018 18:27:31 +0800 + +iptables-persistent (1.0.4+nmu2) unstable; urgency=medium + + * Non-maintainer upload. + * Use the full path to executables when saving and restoring firewall + rules for both IP and IPv6. Thanks G.W. Haywood for the patch. + Closes (#857301) + + -- gustavo panizzo Sat, 18 Mar 2017 21:11:49 +0800 + +iptables-persistent (1.0.4+nmu1) unstable; urgency=low + + [ Jonathan Wiltshire ] + * Update debhelper to compat level 9 + * Standards version 3.9.6 no changes needed. + * Re-tab plugins/15-ip4tables and plugins/25-ip6tables + + [ gustavo panizzo ] + * Non-maintainer upload. + * Starts netfilter-persistent service before network-pre.target, + as suggested by systemd upstream. Thanks to Patrick Schleizer + (Closes: #829640). + + -- gustavo panizzo Sun, 21 Aug 2016 13:05:39 +0800 + +iptables-persistent (1.0.4) unstable; urgency=medium + + * [d52b9e] During flush, set policy before flushing rules (Closes: #749790) + * [5d962d] Suggest iptables-persistent (Closes: #766940) + * [379050] Stop rules files being world-readable. + Thanks to Bernhard Thaler (Closes: #764645) + * [110c78] Rewrite README, install for both packages (Closes: #807285) + * [c2f464] Remove Andreas from uploads - thanks for your contributions! + * [e5ea0b] Update VCS links + * [b9c096] Weaken systemd dependency on systemd-modules-load.service + (Closes: #780407) + + -- Jonathan Wiltshire Sat, 02 Jan 2016 19:45:51 +0000 + +iptables-persistent (1.0.3) unstable; urgency=medium + + * [b7c661] systemd: start after local filesystem is available + (Closes: #760424) + + -- Jonathan Wiltshire Sat, 27 Dec 2014 11:04:58 +0000 + +iptables-persistent (1.0.2) unstable; urgency=medium + + * [5c4390] Update VCS URLs + * [ca8e27] Properly set systemd dependencies (Closes: #747949) + * [85c57d] Have plugins depend on the source version of the main loader + + -- Jonathan Wiltshire Thu, 28 Aug 2014 19:20:20 -0700 + +iptables-persistent (1.0.1) unstable; urgency=high + + * [8ceea8] Break systemd dependency loop by disabling default + dependencies, and depending explicitly on systemd-modules-load + (Closes: #665720) + + -- Jonathan Wiltshire Thu, 08 May 2014 13:41:49 +0100 + +iptables-persistent (1.0) unstable; urgency=low + + * [8be057] Rewrite main program entirely: + - new plugin architecture and binary (Enables: #693177, #697088) + - systemd support (Closes: #665720) + - packaging split into netfilter-persistent and iptables-persistent + * [72c333] Standards version 3.9.5 + * [2d1b82] Start in runlevel S (Closes: #672296) + + -- Jonathan Wiltshire Sat, 19 Apr 2014 20:05:36 +0100 + +iptables-persistent (0.5.7) unstable; urgency=low + + * [e7534a] Fix bashism in debian/iptables-persistent.init. + Thanks to Andreas Rütten (Closes: #683789) + + -- Jonathan Wiltshire Fri, 04 Jan 2013 19:17:00 +0000 + +iptables-persistent (0.5.6) unstable; urgency=low + + * [6b6358] Instead of checking on modules, test a working iptables more + directly (Closes: #679840) + * [1db63c] Remove dependency on kmod + + -- Andreas Rütten Thu, 02 Aug 2012 22:50:05 +0200 + +iptables-persistent (0.5.5) unstable; urgency=low + + * Regressions were found in the previous release, this version fixes them + + [ Andreas Rütten ] + * [e2736e] Fix postinst fails with legacy boot ordering due to wrong call + to update-rc.d (Closes: #651838) + * [7ee7cc] Add Andreas Rütten to Uploaders + + [ Jonathan Wiltshire ] + * [e823c4] iptables-persistent.postinst: check return value of modprobe + before loading rules + * [575176] Add dependency on kmod for calls to modprobe in postinst. + Thanks to Hideki Yamane (Closes: #656348) + * [24d67d] Pre-Depending on a sufficient version of dpkg is no longer + necessary (Closes: #659765) + * [65a9d7] Guard against moving rules files around in preinst/abort-upgrade + + -- Jonathan Wiltshire Sat, 30 Jun 2012 19:52:36 +0100 + +iptables-persistent (0.5.4) unstable; urgency=low + + [ Jonathan Wiltshire ] + * Acknowledge NMU, thanks Christian + + [ Andreas Rütten ] + * [15dd48] Remove trailing whitespace in debian/copyright + * [be22ca] Fix out-of-date-copyright-format-uri + * [fa8499] Fix init.d-script-missing-lsb-description + * [125cb4] Fix obsolete-field-in-dep5-copyright + * [5502af] Bump Standards-Version to 3.9.3, no changes needed + * [7fc88f] Replace the utilisation of dpkg-maintscript-helper by a simple mv + (Closes: #665813) + * [bed2d6] Fix insserv issue if upgrading from <=0.5.2 (Closes: #665814) + + -- Jonathan Wiltshire Sat, 30 Jun 2012 12:14:07 +0100 + +iptables-persistent (0.5.3+nmu1) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Dutch; (Jeroen Schot). Closes: #659362 + - Slovak (Slavko). Closes: #668412 + - Polish (Michał Kułach). Closes: #669035 + + -- Christian Perrier Wed, 25 Apr 2012 08:30:00 +0200 + +iptables-persistent (0.5.3) unstable; urgency=low + + * [09d9ae] Check for loaded modules in postinst (Closes: #637852) + * [521544] Fix Default-Start and Default-Stop fields of the LSB header in + the init script. Thanks to Andreas Rütten (Closes: #650001) + * [d17b2f] Revert checking for loaded modules at startup, as this isn't + necessary in newer versions ip{,6}tables-restore - instead check that there + is a rules file to be loaded. Ensure at least ip{,6}table_filter is loaded + during save (Closes: #637796) + * [71aa52] Tidy formatting and spacing in iptables-persistent.init + * [3fe51a] Debconf translations to Spanish. + Thanks to Francisco Javier Cuadrado (Closes: #645523) + + -- Jonathan Wiltshire Mon, 28 Nov 2011 23:19:39 +0000 + +iptables-persistent (0.5.2) unstable; urgency=low + + * [1019a3] Debconf translation to Japanese. + Thanks to Hideki Yamane (Closes: #626385) + * [a29b06] debian/po: refresh .po files + * [3780d5] Do not attempt to save or load rules if the appropriate module + is not loaded (Closes: #619626) + * [1c14c5] Do not include blank rules.* files; instead, simply remove them + on purge if they have been created (Closes: #612278) + * [ec6628] Implement 'flush' command to init script (Closes: #634368) + * [428b95] Standards version 3.9.2 (no changes) + + -- Jonathan Wiltshire Sat, 13 Aug 2011 22:23:46 +0100 + +iptables-persistent (0.5.1) unstable; urgency=low + + * [f62ef8] Depend on lsb-base (Closes: #608531) + * [82ba5d] Improve package description + * [90bce5] Only autosave rules on first package installation, not on + upgrades + * [f60a5e] Debconf templates and debian/control reviewed by the + debian-l10n-english team as part of the Smith review project. + (Closes: #610169) + * [f542f6] Debconf translation to Danish (Closes: #610264) + - thanks to Joe Dalton + * [f7b486] Debconf translation to Portugese (Closes: #610277) + - thanks to Américo Monteiro + * [f73645] Debconf translation to Czech (Closes: #610325) + - thanks to Michal Simunek + * [3ac07a] Debconf translation to Italian- thanks to Vincenzo + Campanella + * [1677c1] Debconf translation to Russian (Closes: #610643) + - thanks to Yuri Kozlov + * [c4a068] Debconf translation to French (Closes: #610677) + - thanks to Steve Petruzzello + * [70cfba] Debconf translation to German (Closes: #610646) + - thanks to Chris Leick + * [d0a8f6] Debconf translation to Swedish (Closes: #611150) + - thanks to Martin Bagge + * [cbdac5] Debconf translation to Brazillian Portugese + (Closes: #611437)- thanks to Adriano Rafael Gomes + * [1d3bf1] Debconf translation to Spanish (Closes: #611714) + - thanks to Ricardo Fraile + * [0eb3ca] Correctly save IPv6 rules during startup (Closes: #613368) + + -- Jonathan Wiltshire Fri, 04 Mar 2011 10:18:07 +0000 + +iptables-persistent (0.5) unstable; urgency=low + + * [e1e1a6] debian/rules: fix regression installing init script for + systems that have not been converted to dependency-based start + (Closes: #608383) + * [ac615c] Load rules from /etc/iptables/rules.v4 instead of + /etc/iptables/rules for consistency, and rename the rules file + appropriately to keep local modifications. (Closes: #608382) + * [9c0df7] During installation, prompt the user to save the current + rulesets + * [a48ed9] iptables-persistent.init: show useful progress messages + using LSB functions, and implement a "save" action for the lazy^w + efficient admin + * [6db04e] Update README + + -- Jonathan Wiltshire Fri, 31 Dec 2010 00:32:00 +0000 + +iptables-persistent (0.0.20101230) unstable; urgency=low + + * [b53635] New maintainer (Closes: #599478) + * [7cc2c8] Convert to a native package, rationale in README.source + * [874b93] debian/control: make short description policy-compliant + * [193b89] debian/rules: convert to tiny-style dh rules + * [3ce686] Improvements to iptables-persistent.init: + - load IPv6 rules if available + - guarantee start before network interfaces + - implement reload, force-reload and restart + - return the exit status of iptables-restore to catch + rule file errors + (Closes: #599478, #541459) - thanks to Christoph Anton Mitterer + * [00a4b3] Add debian/gbp.conf with appropriate options + * [07781c] Remove debian/watch + * [244039] Update debian/README + * [69443b] Update debian/copyright + * [42dc6f] Add Vcs-* fields to debian/control + + -- Jonathan Wiltshire Thu, 30 Dec 2010 01:22:41 +0000 + +iptables-persistent (0.0.20100801) unstable; urgency=low + + * New Maintainer (Closes: #591077) + * Updated Standards-Version to 3.9.1 + * debian/copyright: + + Make copyright file DEP5 compliant + * deian/init.d + + Renamed to iptables-persistent.init + + -- Chris Silva Sun, 01 Aug 2010 21:34:25 -0500 + +iptables-persistent (0.0.20090701) unstable; urgency=low + + * Initial Release. + + -- Simon Richter Wed, 01 Jul 2009 13:43:43 +0200 diff --git a/debian/compat b/debian/compat deleted file mode 100644 index b4de394..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -11 diff --git a/debian/control b/debian/control index cb7c4a0..9442333 100644 --- a/debian/control +++ b/debian/control @@ -1,15 +1,41 @@ -Source: template-repository -Section: unknown +Source: iptables-persistent +Section: admin Priority: optional -Maintainer: Tsic404 -Build-Depends: debhelper (>= 11) -Standards-Version: 4.1.3 -Homepage: https://github.com/deepin-community/template-repository -#Vcs-Browser: https://salsa.debian.org/debian/deepin-community-template-repository -#Vcs-Git: https://salsa.debian.org/debian/deepin-community-template-repository.git +Maintainer: gustavo panizzo +Standards-Version: 4.6.2 +Build-Depends: debhelper-compat (= 13), dh-exec, po-debconf, dh-sequence-movetousr +Vcs-Browser: https://salsa.debian.org/debian/iptables-persistent +Vcs-Git: https://salsa.debian.org/debian/iptables-persistent.git +Rules-Requires-Root: no +Pre-Depends: dpkg (>= 1.15.7.2) -Package: template-repository -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Description: - +Package: netfilter-persistent +Architecture: all +Depends: ${misc:Depends} +Suggests: iptables-persistent +Pre-Depends: ${misc:Pre-Depends} +Description: boot-time loader for netfilter configuration + This package provides a loader for netfilter configuration using a + plugin-based architecture. It can load, flush and save a running + configuration. Extending netfilter-persistent with plugins is trivial and can + be done in any language. + +Package: iptables-persistent +Architecture: all +Depends: netfilter-persistent (= ${source:Version}), ${misc:Depends} +Pre-Depends: iptables, ${misc:Pre-Depends} +Description: boot-time loader for netfilter rules, iptables plugin + netfilter-persistent is a loader for netfilter configuration using a + plugin-based architecture. + . + This package contains the iptables and ip6tables plugins. + +Package: ipset-persistent +Architecture: all +Pre-Depends: ${misc:Pre-Depends} +Depends: ipset, netfilter-persistent (= ${source:Version}), ${misc:Depends} +Description: boot-time loader for netfilter rules, ipset plugin + netfilter-persistent is a loader for netfilter configuration using a + plugin-based architecture. + . + This package contains the ipset plugin. diff --git a/debian/copyright b/debian/copyright index f5c805e..a28d877 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,13 +1,16 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: template-repository -Source: https://github.com/deepin-community/template-repository +Upstream-Name: iptables-persistent +Upstream-Contact: Jonathan Wiltshire Files: * -Copyright: 2023 Tsic404 -License: GPL-2+ - This package is free software; you can redistribute it and/or modify +Copyright: © 2009, Simon Richter + © 2010, Chris Silva + © 2010, Jonathan Wiltshire + © 2018, gustavo panizzo +License: GPL-3 + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation, either version 3 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, @@ -16,7 +19,7 @@ License: GPL-2+ GNU General Public License for more details. . You should have received a copy of the GNU General Public License - along with this program. If not, see + along with this program. If not, see . . On Debian systems, the complete text of the GNU General - Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". + Public License version 3 can be found in `/usr/share/common-licenses/GPL-3'. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..b7dd3f2 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,7 @@ +[DEFAULT] +compression = bzip2 +debian-branch=debian + +[dch] +meta = true +id-length = 6 diff --git a/debian/ipset-persistent.config b/debian/ipset-persistent.config new file mode 100644 index 0000000..83cf0f3 --- /dev/null +++ b/debian/ipset-persistent.config @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +# Source debconf library +. /usr/share/debconf/confmodule + +db_get ipset-persistent/autosave_done || true +if [ "x$RET" != "xtrue" ]; then + # Save ipset rules? + db_input high ipset-persistent/autosave || true + db_go +fi diff --git a/debian/ipset-persistent.dirs b/debian/ipset-persistent.dirs new file mode 100644 index 0000000..1bf9faf --- /dev/null +++ b/debian/ipset-persistent.dirs @@ -0,0 +1,2 @@ +etc/iptables +usr/share/netfilter-persistent/plugins.d diff --git a/debian/ipset-persistent.docs b/debian/ipset-persistent.docs new file mode 100644 index 0000000..df6f1f3 --- /dev/null +++ b/debian/ipset-persistent.docs @@ -0,0 +1 @@ +debian/README diff --git a/debian/ipset-persistent.install b/debian/ipset-persistent.install new file mode 100755 index 0000000..311ad47 --- /dev/null +++ b/debian/ipset-persistent.install @@ -0,0 +1,4 @@ +#! /usr/bin/dh-exec +plugins/10-ipset usr/share/netfilter-persistent/plugins.d/ +plugins/40-ipset usr/share/netfilter-persistent/plugins.d/ +debian/ipset.override => lib/systemd/system/netfilter-persistent.service.d/ipset.conf diff --git a/debian/ipset-persistent.maintscript b/debian/ipset-persistent.maintscript new file mode 100644 index 0000000..5d90bc5 --- /dev/null +++ b/debian/ipset-persistent.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/systemd/system/netfilter-persistent.service.d/ipset.conf diff --git a/debian/ipset-persistent.postinst b/debian/ipset-persistent.postinst new file mode 100644 index 0000000..bb25b45 --- /dev/null +++ b/debian/ipset-persistent.postinst @@ -0,0 +1,46 @@ +#!/bin/sh + +set -e + +# Can be dropped in Trixie +if update-alternatives --query ipset.service 2>/dev/null; then + update-alternatives --remove-all ipset.service +fi + +# Source debconf library +. /usr/share/debconf/confmodule + +case "$1" in +configure) + db_get ipset-persistent/autosave_done || true + if [ "x$RET" != "xtrue" ]; then + db_get ipset-persistent/autosave || true + if [ "x$RET" = "xtrue" ]; then + if which ipset >/dev/null; then + if ipset list >/dev/null; then + ipset save >/etc/iptables/ipsets + else + echo "IPset: Unable to save sets (module not loadable or other problem)" + fi + fi + fi + + db_set ipset-persistent/autosave_done true || true + fi + + ;; +esac + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ]; then + # Ensure the drop-in is loaded + if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + fi +fi + +# See #1036785 +if [ -f /etc/systemd/system/netfilter-persistent.service.d ]; then + rmdir --ignore-fail-on-non-empty /etc/systemd/system/netfilter-persistent.service.d +fi + +#DEBHELPER# diff --git a/debian/ipset-persistent.postrm b/debian/ipset-persistent.postrm new file mode 100644 index 0000000..90fde1d --- /dev/null +++ b/debian/ipset-persistent.postrm @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +case "$1" in +purge) + rm -rf /etc/iptables/ipsets +;; +esac + +# To register the drop-in's removal +if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi + +#DEBHELPER# diff --git a/debian/ipset-persistent.templates b/debian/ipset-persistent.templates new file mode 100644 index 0000000..e5003b5 --- /dev/null +++ b/debian/ipset-persistent.templates @@ -0,0 +1,11 @@ +Template: ipset-persistent/autosave +Type: boolean +Default: true +_Description: Save current ipsets? + Current ipsets can be saved to the configuration + file /etc/iptables/ipsets. These ipsets will then be loaded automatically + during system startup. + . + Sets are only saved automatically during package installation. See the + manual page of ipset (8) for instructions on keeping the rules file + up-to-date. diff --git a/debian/ipset.override b/debian/ipset.override new file mode 100644 index 0000000..39f4d70 --- /dev/null +++ b/debian/ipset.override @@ -0,0 +1,2 @@ +[Install] +Alias=ipset.service diff --git a/debian/iptables-persistent.config b/debian/iptables-persistent.config new file mode 100644 index 0000000..5de3f50 --- /dev/null +++ b/debian/iptables-persistent.config @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +# Source debconf library +. /usr/share/debconf/confmodule + +db_get iptables-persistent/autosave_done || true +if [ "x$RET" != "xtrue" ]; then + # Save iptables rules? + db_input high iptables-persistent/autosave_v4 || true + db_go + + # Save ip6tables rules? + db_input high iptables-persistent/autosave_v6 || true + db_go +fi diff --git a/debian/iptables-persistent.dirs b/debian/iptables-persistent.dirs new file mode 100644 index 0000000..1bf9faf --- /dev/null +++ b/debian/iptables-persistent.dirs @@ -0,0 +1,2 @@ +etc/iptables +usr/share/netfilter-persistent/plugins.d diff --git a/debian/iptables-persistent.docs b/debian/iptables-persistent.docs new file mode 100644 index 0000000..df6f1f3 --- /dev/null +++ b/debian/iptables-persistent.docs @@ -0,0 +1 @@ +debian/README diff --git a/debian/iptables-persistent.install b/debian/iptables-persistent.install new file mode 100755 index 0000000..8f66664 --- /dev/null +++ b/debian/iptables-persistent.install @@ -0,0 +1,5 @@ +#! /usr/bin/dh-exec +iptb-expflush-plugin usr/share/netfilter-persistent/ +plugins/15-ip4tables usr/share/netfilter-persistent/plugins.d/ +plugins/25-ip6tables usr/share/netfilter-persistent/plugins.d/ +debian/iptables.override => lib/systemd/system/netfilter-persistent.service.d/iptables.conf diff --git a/debian/iptables-persistent.links b/debian/iptables-persistent.links new file mode 100644 index 0000000..efa716f --- /dev/null +++ b/debian/iptables-persistent.links @@ -0,0 +1,2 @@ +usr/share/netfilter-persistent/iptb-expflush-plugin usr/share/netfilter-persistent/plugins/12-iptb4-explicit-flush +usr/share/netfilter-persistent/iptb-expflush-plugin usr/share/netfilter-persistent/plugins/20-iptb6-explicit-flush diff --git a/debian/iptables-persistent.maintscript b/debian/iptables-persistent.maintscript new file mode 100644 index 0000000..6bf24f1 --- /dev/null +++ b/debian/iptables-persistent.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/systemd/system/netfilter-persistent.service.d/iptables.conf diff --git a/debian/iptables-persistent.postinst b/debian/iptables-persistent.postinst new file mode 100644 index 0000000..a49a8cb --- /dev/null +++ b/debian/iptables-persistent.postinst @@ -0,0 +1,61 @@ +#!/bin/sh + +set -e + +# Can be dropped in Trixie +if update-alternatives --query iptables.service 2>/dev/null; then + update-alternatives --remove-all iptables.service +fi + +# Source debconf library +. /usr/share/debconf/confmodule + +case "$1" in +configure) + db_get iptables-persistent/autosave_done || true + if [ "x$RET" != "xtrue" ]; then + db_get iptables-persistent/autosave_v4 || true + if [ "x$RET" = "xtrue" ]; then + if which iptables >/dev/null; then + if iptables -t filter -L -n >/dev/null; then + iptables-save >/etc/iptables/rules.v4 + else + echo "IPv4: Unable to save (table filter isn't available or module not loadable)" + fi + else + echo "IPv4: Can't find iptables in $PATH, please check your system" + fi + fi + db_get iptables-persistent/autosave_v6 || true + if [ "x$RET" = "xtrue" ]; then + if which ip6tables >/dev/null; then + if ip6tables -t filter -L -n >/dev/null; then + ip6tables-save >/etc/iptables/rules.v6 + else + echo "IPv6: Unable to save (table filter isn't available or module not loadable)" + fi + else + echo "IPv6: Can't find ip6tables in $PATH, please check your system" + fi + fi + + db_set iptables-persistent/autosave_done true || true + fi + + update-rc.d iptables-persistent remove + ;; +esac + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ]; then + # Ensure the drop-in is loaded + if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + fi +fi + +# See #1036785 +if [ -f /etc/systemd/system/netfilter-persistent.service.d ]; then + rmdir --ignore-fail-on-non-empty /etc/systemd/system/netfilter-persistent.service.d +fi + +#DEBHELPER# diff --git a/debian/iptables-persistent.postrm b/debian/iptables-persistent.postrm new file mode 100644 index 0000000..86677b4 --- /dev/null +++ b/debian/iptables-persistent.postrm @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +case "$1" in +purge) + rm -rf /etc/iptables/rules \ + /etc/iptables/rules.v4 \ + /etc/iptables/rules.v6 +;; +esac + +# To register the drop-in's removal +if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi + +#DEBHELPER# diff --git a/debian/iptables-persistent.preinst b/debian/iptables-persistent.preinst new file mode 100644 index 0000000..bd7a9fa --- /dev/null +++ b/debian/iptables-persistent.preinst @@ -0,0 +1,26 @@ +#!/bin/sh + +set -e + + +case "$1" in + install|upgrade) + if [ -e /etc/iptables/rules ]; then + if [ -e /etc/iptables/rules.v4 ]; then + mv -f /etc/iptables/rules /etc/iptables/rules.v4.dpkg-old + else + mv -f /etc/iptables/rules /etc/iptables/rules.v4 + fi + fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# diff --git a/debian/iptables-persistent.templates b/debian/iptables-persistent.templates new file mode 100644 index 0000000..3770398 --- /dev/null +++ b/debian/iptables-persistent.templates @@ -0,0 +1,32 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: iptables-persistent/autosave_v4 +Type: boolean +Default: true +_Description: Save current IPv4 rules? + Current iptables rules can be saved to the configuration + file /etc/iptables/rules.v4. These rules will then be loaded automatically + during system startup. + . + Rules are only saved automatically during package installation. See the + manual page of iptables-save(8) for instructions on keeping the rules file + up-to-date. + +Template: iptables-persistent/autosave_v6 +Type: boolean +Default: true +_Description: Save current IPv6 rules? + Current iptables rules can be saved to the configuration + file /etc/iptables/rules.v6. These rules will then be loaded automatically + during system startup. + . + Rules are only saved automatically during package installation. See the + manual page of ip6tables-save(8) for instructions on keeping the rules file + up-to-date. diff --git a/debian/iptables.override b/debian/iptables.override new file mode 100644 index 0000000..101cc4a --- /dev/null +++ b/debian/iptables.override @@ -0,0 +1,2 @@ +[Install] +Alias=iptables.service ip6tables.service diff --git a/debian/netfilter-persistent.default b/debian/netfilter-persistent.default new file mode 100644 index 0000000..a27957d --- /dev/null +++ b/debian/netfilter-persistent.default @@ -0,0 +1,29 @@ +# Configuration for netfilter-persistent +# Plugins may extend this file or have their own + +FLUSH_ON_STOP=0 + +# Set to yes to skip saving rules/sets when netfilter-persistent is called with +# the save parameter +# IPTABLES_SKIP_SAVE=yes +# IP6TABLES_SKIP_SAVE=yes +# IPSET_SKIP_SAVE=yes + + +# Set to yes for not flushing existing ip[6]tables rules when netfilter-persistent +# is called with the start parameter +# IPTABLES_RESTORE_NOFLUSH=yes +# IP6TABLES_RESTORE_NOFLUSH=yes + + +# Explicit flush. May be `no' to disable, `auto' to flush all tables listed in +# the dump, or `yes:.[,...]' to flush the tables listed here. No +# effect unless the corresponding `_RESTORE_NOFLUSH' variable is set to `yes'. +IPTABLES_EXPLICIT_FLUSH=no +IP6TABLES_EXPLICIT_FLUSH=no + + +# Set to yes to test load the rules before applying them. This avoids loading failure +# from causing no rules to be loaded in the kernel +IPTABLES_TEST_RULESET=yes +IP6TABLES_TEST_RULESET=yes diff --git a/debian/netfilter-persistent.docs b/debian/netfilter-persistent.docs new file mode 100644 index 0000000..df6f1f3 --- /dev/null +++ b/debian/netfilter-persistent.docs @@ -0,0 +1 @@ +debian/README diff --git a/debian/netfilter-persistent.init b/debian/netfilter-persistent.init new file mode 100644 index 0000000..1b4f1c0 --- /dev/null +++ b/debian/netfilter-persistent.init @@ -0,0 +1,50 @@ +#!/bin/sh + +# This file is part of netfilter-persistent +# Copyright (C) 2014 Jonathan Wiltshire +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. + +### BEGIN INIT INFO +# Provides: netfilter-persistent +# Required-Start: mountkernfs $remote_fs +# Required-Stop: $remote_fs +# Default-Start: S +# Default-Stop: 0 1 6 +# Short-Description: Load boot-time netfilter configuration +# Description: Loads boot-time netfilter configuration +### END INIT INFO + +. /lib/lsb/init-functions + +case "$1" in +start|restart|reload|force-reload) + log_action_begin_msg "Loading netfilter rules" + /usr/sbin/netfilter-persistent start + log_action_end_msg $? + ;; +save) + log_action_begin_msg "Saving netfilter rules" + /usr/sbin/netfilter-persistent save + log_action_end_msg $? + ;; +stop) + log_action_begin_msg "Stopping netfilter rules" + /usr/sbin/netfilter-persistent stop + log_action_end_msg $? + ;; +flush) + log_action_begin_msg "Flushing netfilter rules" + /usr/sbin/netfilter-persistent flush + log_action_end_msg $? + ;; +*) + echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2 + exit 1 + ;; +esac + +exit $rc diff --git a/debian/netfilter-persistent.install b/debian/netfilter-persistent.install new file mode 100644 index 0000000..0bc2083 --- /dev/null +++ b/debian/netfilter-persistent.install @@ -0,0 +1,3 @@ +lib +usr +logcheck/ignore.d.server/netfilter-persistent etc/logcheck/ignore.d.server/netfilter-persistent diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..8be7801 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] iptables-persistent.templates diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 0000000..6a29442 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,77 @@ +# Czech PO debconf template translation of iptables-persistent. +# Copyright (C) 2010 Michal Simunek +# This file is distributed under the same license as the iptables-persistent package. +# Michal Simunek , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.6\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-17 16:31+0100\n" +"Last-Translator: Michal Simunek \n" +"Language-Team: Czech \n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Uložit stávající pravidla IPv4?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Stávající pravidla pro iptables se mohou uložit do konfiguračního souboru " +"/etc/iptables/rules.v4. Tato pravidla pak budou během spouštění systému " +"automaticky nahrána." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Pravidla se ukládají automaticky pouze při instalaci balíčku. Pro informace, " +"jak udržet soubor s pravidly aktuální, se podívejte do manuálové stránky " +"iptables-save(8)." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Uložit stávající pravidla IPv6?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Stávající pravidla pro iptables se mohou uložit do konfiguračního souboru " +"/etc/iptables/rules.v6. Tato pravidla pak budou během spouštění systému " +"automaticky nahrána." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Pravidla se ukládají automaticky pouze při instalaci balíčku. Pro informace, " +"jak udržet soubor s pravidly aktuální, se podívejte do manuálové stránky " +"ip6tables-save(8)." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 0000000..792f869 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,75 @@ +# Danish translation for ptables-persistent. +# Copyright (C) 2011 ptables-persistent og nedenstående oversættere. +# This file is distributed under the same license as the ptables-persistent package. +# Joe Hansen (joedalton2@yahoo.dk), 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: ptables-persistent\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-16 19:25+0200\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish \n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Gem aktuelle IPv4-regler?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Aktuelle iptables-regler kan gemmes til konfigurationsfilen /etc/iptables/" +"rules.v4. Disse regler vil så automatisk blive indlæst, når systemet starter " +"op." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Regler gemmes kun automatisk under pakkeinstallation. Se manualsiden for " +"iptables-save(8) for instruktioner om hvordan regelfilerne holdes ajour." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Gem aktuelle IPv6-regler?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Aktuelle iptables-regler kan gemmes til konfigurationsfilen /etc/iptables/" +"rules.v6. Disse regler vil så automatisk blive indlæst, når systemet starter " +"op." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Regler gemmes kun automatisk under pakkeinstallation. Se manualsiden for " +"ip6tables-save(8) for instruktioner om hvordan regelfilerne holdes ajour." diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 0000000..bb6fb92 --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,77 @@ +# German translation of iptables-persistent. +# This file is distributed under the same license as the +# iptables-persistent package. +# Chris Leick , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.6\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-16 11:11+0100\n" +"Last-Translator: Chris Leick \n" +"Language-Team: German \n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Aktuelle IPv4-Regeln speichern?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Aktuelle Iptables-Regeln können in der Konfigurationsdatei " +"/etc/iptables/rules.v4 gespeichert werden. Diese Regeln werden dann beim " +"Systemstart automatisch geladen." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Regeln werden nur automatisch während der Paketinstallation gespeichert. " +"Lesen Sie die Handbuchseite von iptables-save(8), um zu erfahren, wie die " +"Regeln aktuell gehalten werden können." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Aktuelle IPv6-Regeln speichern?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Aktuelle Iptables-Regeln können in der Konfigurationsdatei " +"/etc/iptables/rules.v6 gespeichert werden. Diese Regeln werden dann beim " +"Systemstart automatisch geladen." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Regeln werden nur automatisch während der Paketinstallation gespeichert. " +"Lesen Sie die Handbuchseite von ip6tables-save(8), um zu erfahren, wie die " +"Regeln aktuell gehalten werden können." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 0000000..e7065d7 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,101 @@ +# iptables-persistent po-debconf translation to Spanish +# Copyright (C) 2011 Software in the Public Interest +# This file is distributed under the same license as the iptables-persistent package. +# +# Changes: +# - Initial translation +# Ricardo Fraile , 2011 +# +# - Updates +# Francisco Javier Cuadrado , 2011 +# +# Traductores, si no conocen el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas y normas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.5.2\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-10-04 19:20+0100\n" +"Last-Translator: Francisco Javier Cuadrado \n" +"Language-Team: Debian l10n Spanish \n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "¿Desea guardar las reglas de IPv4 actuales?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Las reglas actuales de iptables se pueden guardar en el archivo de " +"configuración «/etc/iptables/rules.v4». Estas reglas se cargarán " +"automáticamente durante el inicio del sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Las reglas sólo se guardan automáticamente durante la instalación del " +"paquete. Puede consultar las instrucciones para mantener el archivo de " +"reglas actualizado en la página de manual de «iptables-save(8)»." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "¿Desea guardar las reglas de IPv6 actuales?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Las reglas actuales de iptables se pueden guardar en el archivo de " +"configuración «/etc/iptables/rules.v6». Estas reglas se cargarán " +"automáticamente durante el inicio del sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Las reglas sólo se guardan automáticamente durante la instalación del " +"paquete. Puede consultar las instrucciones para mantener el archivo de " +"reglas actualizado en la página de manual de «ip6tables-save(8)»." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 0000000..211b466 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,77 @@ +# Translation of iptables-persistent debconf screens to French +# Copyright (C) 2011 Debian French l10n Team +# This file is distributed under the same license as the iptables-persistent package. +# Steve Petruzzello , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent_0.0.20100801 \n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-12 12:00+0001\n" +"Last-Translator: Steve Petruzzello \n" +"Language-Team: French \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Faut-il enregistrer les règles IPv4 actuelles ?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Les règles actuelles peuvent être enregistrées dans le fichier de " +"configuration « /etc/iptables/rules.v4 ». Ces règles seront chargées au " +"prochain redémarrage de la machine." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Les règles ne sont enregistrées automatiquement que lors de l'installation " +"du paquet. Veuillez consulter la page de manuel de iptables-save(8) pour " +"connaître la manière de garder à jour le fichier des règles." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Faut-il enregistrer les règles IPv6 actuelles ?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Les règles actuelles peuvent être enregistrées dans le fichier de " +"configuration « /etc/iptables/rules.v6 ». Ces règles seront chargées au " +"prochain redémarrage de la machine." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Les règles ne sont enregistrées automatiquement que lors de l'installation " +"du paquet. Veuillez consulter la page de manuel de ip6tables-save(8) pour " +"connaître la manière de garder à jour le fichier des règles." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 0000000..2a09546 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,78 @@ +# ITALIAN TRANSLATION OF IPTABLES-PERSISTENT'S PO-DEBCONF FILE. +# COPYRIGHT (C) 2011 THE IPTABLES-PERSISTENT'S COPYRIGHT HOLDER +# This file is distributed under the same license as the iptables-persistent package. +# Vincenzo Campanella , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.6\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-16 08:31+0100\n" +"Last-Translator: Vincenzo Campanella \n" +"Language-Team: Italian \n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Salvare le regole IPv4 attuali?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Le regole iptables attuali possono essere salvate nel file di configurazione " +"«/etc/iptables/rules.v4». Queste regole verranno poi caricate automaticamente " +"all'avvio del sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Le regole vengono salvate automaticamente solo durante l'installazione del " +"pacchetto. Per informazioni su come mantenere aggiornato il file delle regole " +"vedere le pagine del manuale di iptables-save(8)." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Salvare le regole IPv6 attuali?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Le regole iptables attuali possono essere salvate nel file di configurazione " +"«/etc/iptables/rules.v6». Queste regole verranno poi caricate automaticamente " +"all'avvio del sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Le regole vengono salvate automaticamente solo durante l'installazione del " +"pacchetto. Per informazioni su come mantenere aggiornato il file delle regole " +"vedere le pagine del manuale di ip6tables-save(8)." + diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 0000000..2641720 --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,73 @@ +# Copyright (C) 2011 Jonathan Wiltshire +# This file is distributed under the same license as iptables-persistent package. +# Hideki Yamane , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.5.1\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-04-30 17:26+0900\n" +"Last-Translator: Hideki Yamane \n" +"Language-Team: Japanese \n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "現在の IPv4 ルールを保存しますか?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"現在の iptables のルールは、設定ファイル /etc/iptables/rules.v4 に保存できます。" +"このルールは、システムの起動時に自動的に読み込まれるようになります。" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"ルールは、パッケージのインストール時にのみ自動的に保存されます。ルールのファイル" +"を最新に保つには、iptables-save(8) のマニュアルページを参照してください。" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "現在の IPv6 ルールを保存しますか?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"現在の iptables のルールは、設定ファイル /etc/iptables/rules.v6 に保存できます。" +"このルールは、システムの起動時に自動的に読み込まれるようになります。" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"ルールは、パッケージのインストール時にのみ自動的に保存されます。ルールのファイル" +"を最新に保つには、ip6tables-save(8) のマニュアルページを参照してください。" + diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 0000000..f77c6ee --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,77 @@ +# Dutch translation of iptables-persistent debconf templates. +# Copyright (C) 2012 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the iptables-persistent package. +# Jeroen Schot , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.5.3\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2012-02-10 15:52+0100\n" +"Last-Translator: Jeroen Schot \n" +"Language-Team: Debian l10n Dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Huidige IPv4-regels opslaan?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"De huidige iptables-regels kunnen opgeslagen worden in het " +"configuratiebestand /etc/iptables/rules.v4. Deze regels worden dan " +"automatisch geladen tijdens de systeemstart." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"De regels worden alleen automatisch opgeslagen tijdens de pakketinstallatie. " +"Zie de man-pagina van iptables-save(8) voor instructies over het bijgewerkt " +"houden van het regelsbestand." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Huidige IPv6-regels opslaan?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"De huidige iptables-regels kunnen opgeslagen worden in het " +"configuratiebestand /etc/iptables/rules.v6. Deze regels worden dan " +"automatisch geladen tijdens de systeemstart." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"De regels worden alleen automatisch opgeslagen tijdens de pakketinstallatie. " +"Zie de man-pagina van ip6tables-save(8) voor instructies over het bijgewerkt " +"houden van het regelsbestand." diff --git a/debian/po/pl.po b/debian/po/pl.po new file mode 100644 index 0000000..7c96793 --- /dev/null +++ b/debian/po/pl.po @@ -0,0 +1,80 @@ +# Translation of iptables-persistent debconf templates to Polish. +# Copyright (C) 2011 +# This file is distributed under the same license as the iptables-persistent package. +# +# Michał Kułach , 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2012-04-16 18:57+0200\n" +"Last-Translator: Michał Kułach \n" +"Language-Team: Polish \n" +"Language: pl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Zachować bieżące reguły IPv4?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Bieżące reguły iptables mogą zostać zachowane do pliku konfiguracyjnego /etc/" +"iptables/rules.v4. Będą one wówczas ładowane automatycznie podczas " +"uruchamiania systemu." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Reguły są zachowywane automatycznie jedynie podczas instalacji pakietu. " +"Proszę zapoznać się ze stroną podręcznika iptables-save(8), aby dowiedzieć " +"się jak zachowywać plik reguł w stanie zaktualizowanym." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Zachować bieżące reguły IPv6?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Bieżące reguły iptables mogą zostać zachowane do pliku konfiguracyjnego /etc/" +"iptables/rules.v6. Będą one wówczas ładowane automatycznie podczas " +"uruchamiania systemu." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Reguły są zachowywane automatycznie jedynie podczas instalacji pakietu. " +"Proszę zapoznać się ze stroną podręcznika ip6tables-save(8), aby dowiedzieć " +"się jak zachowywać plik reguł w stanie zaktualizowanym." diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 0000000..b3c6275 --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,81 @@ +# Translation of iptables-persistent debconf to Portuguese +# Copyright (C) 2011 the iptables-persistent's copyright holder +# This file is distributed under the same license as the iptables-persistent package. +# +# Américo Monteiro , 2011. +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.5\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-17 00:03+0000\n" +"Last-Translator: Américo Monteiro \n" +"Language-Team: Portuguese \n" +"Language: Pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Guardar as regras IPv4 actuais?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"As regras iptables actuais podem ser guardadas no ficheiro de configuração " +"/etc/iptables/rules.v4. Estas regras serão carregadas automaticamente " +"durante o arranque do sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"As regras apenas são guardadas automaticamente durante a instalação do " +"pacote. Veja o manual do iptables-save(8) para instruções em manter o " +"ficheiro de regras actualizado." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Guardar as regras IPv6 actuais?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"As regras iptables actuais podem ser guardadas no ficheiro de configuração " +"/etc/iptables/rules.v6. Estas regras serão carregadas automaticamente " +"durante o arranque do sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"As regras apenas são guardadas automaticamente durante a instalação do " +"pacote. Veja o manual do ip6tables-save(8) para instruções em manter o " +"ficheiro de regras actualizado." + + diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 0000000..432bc8e --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,78 @@ +# Debconf translations for iptables-persistent. +# Copyright (C) 2011 THE iptables-persistent'S COPYRIGHT HOLDER +# This file is distributed under the same license as the iptables-persistent package. +# Adriano Rafael Gomes , 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-21 14:19-0200\n" +"Last-Translator: Adriano Rafael Gomes \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Salvar as regras IPv4 atuais?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"As regras atuais do iptables podem ser salvas no arquivo de configuração /" +"etc/iptables/rules.v4. Essas regras serão carregadas automaticamente durante " +"a inicialização do sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"As regras são salvas automaticamente somente durante a instalação do pacote. " +"Veja a página de manual do iptables-save(8) para instruções sobre como " +"manter o arquivo de regras atualizado." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Salvar as regras IPv6 atuais?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"As regras atuais do iptables podem ser salvas no arquivo de configuração /" +"etc/iptables/rules.v6. Essas regras serão carregadas automaticamente durante " +"a inicialização do sistema." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"As regras são salvas automaticamente somente durante a instalação do pacote. " +"Veja a página de manual do ip6tables-save(8) para instruções sobre como " +"manter o arquivo de regras atualizado." diff --git a/debian/po/ro.po b/debian/po/ro.po new file mode 100644 index 0000000..4bac076 --- /dev/null +++ b/debian/po/ro.po @@ -0,0 +1,83 @@ +# Mesajele în limba română pentru pachetul iptables-persistent. +# Romanian translation of iptables-persistent. +# Copyright © 2023 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the iptables-persistent package. +# +# Remus-Gabriel Chelu , 2023. +# +# Cronologia traducerii fișierului „iptables-persistent”: +# Traducerea inițială, făcută de R-GC, pentru versiunea iptables-persistent 1.0.18(2011-01-15). +# Actualizare a traducerii pentru versiunea Y, făcută de X, Y(anul). +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 1.0.18\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2023-02-21 11:19+0100\n" +"Last-Translator: Remus-Gabriel Chelu \n" +"Language-Team: Romanian \n" +"Language: ro\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n==0 || (n!=1 && n%100>=1 && " +"n%100<=19) ? 1 : 2);\n" +"X-Bugs: Report translation errors to the Language-Team address.\n" +"X-Generator: Poedit 3.2.2\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Salvați regulile IPv4 actuale?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system startup." +msgstr "" +"Regulile actuale pentru iptables pot fi salvate în fișierul de configurare „/" +"etc/iptables/rules.v4”. Aceste reguli vor fi apoi încărcate automat în timpul " +"pornirii sistemului." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the manual " +"page of iptables-save(8) for instructions on keeping the rules file up-to-date." +msgstr "" +"Regulile sunt salvate automat numai în timpul instalării pachetului. Consultați " +"pagina de manual a iptables-save(8) pentru instrucțiuni despre menținerea la zi " +"a fișierului de reguli." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Salvați regulile IPv6 actuale?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system startup." +msgstr "" +"Regulile actuale pentru iptables pot fi salvate în fișierul de configurare „/" +"etc/iptables/rules.v6”. Aceste reguli vor fi apoi încărcate automat în timpul " +"pornirii sistemului." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the manual " +"page of ip6tables-save(8) for instructions on keeping the rules file up-to-date." +msgstr "" +"Regulile sunt salvate automat numai în timpul instalării pachetului. Consultați " +"pagina de manual a ip6tables-save(8) pentru instrucțiuni despre menținerea la " +"zi a fișierului de reguli." diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 0000000..ea75f2f --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,82 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the iptables-persistent package. +# +# Yuri Kozlov , 2011. +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.6\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-20 21:28+0300\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"Language: Russian\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Сохранить имеющиеся правила IPv4?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Текущие правила iptables можно сохранить в файл настройки " +"/etc/iptables/rules.v4. " +"Данные правила будут загружаться автоматически при запуске операционной " +"системы." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Правила сохраняются автоматически только при установке пакета. " +"О том, как обновлять файл правил, смотрите в справочной странице " +"iptables-save(8)." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Сохранить имеющиеся правила IPv6?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Текущие правила iptables можно сохранить в файл настройки " +"/etc/iptables/rules.v4. " +"Данные правила будут загружаться автоматически при запуске операционной " +"системы." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Правила сохраняются автоматически только при установке пакета. " +"О том, как обновлять файл правил, смотрите в справочной странице " +"iptables6-save(8)." + diff --git a/debian/po/sk.po b/debian/po/sk.po new file mode 100644 index 0000000..955daf1 --- /dev/null +++ b/debian/po/sk.po @@ -0,0 +1,82 @@ +# Slovak translations for iptables-persistent package +# Slovenské preklady pre balík iptables-persistent. +# Copyright (C) 2012 THE iptables-persistent'S COPYRIGHT HOLDER +# This file is distributed under the same license as the iptables-persistent package. +# Automatically generated, 2012. +# Slavko , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent 0.5.3\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2012-04-11 18:56+0200\n" +"Last-Translator: Slavko \n" +"Language-Team: slovenčina \n" +"Language: sk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" +"X-POFile-SpellExtra: iptables iptables-save rules ip6-save etc v4 IPv4 v6\n" +"X-POFile-SpellExtra: IPv6\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Uložiť aktuálne pravidlá IPv4?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Aktuálne pravidlá iptables môžu byť uložené do konfiguračného súboru /etc/" +"iptables/rules.v4. Tieto pravidlá budú potom automaticky načítané pri štarte " +"systému." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Pravidlá sú automaticky uložené len pri inštalácii balíka. Podrobnosti o " +"tom, ako zachovať súbor s pravidlami v aktuálnom stave, nájdete v manuálovej " +"stránke iptables-save(8)." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Uložiť aktuálne pravidlá IPv6?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" +"Aktuálne pravidlá iptables môžu byť uložené do konfiguračného súboru /etc/" +"iptables/rules.v6. Tieto pravidlá budú potom automaticky načítané pri štarte " +"systému." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" +"Pravidlá sú automaticky uložené len pri inštalácii balíka. Podrobnosti o " +"tom, ako zachovať súbor s pravidlami v aktuálnom stave, nájdete v manuálovej " +"stránke ip6tables-save(8)." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 0000000..1ba14e6 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,56 @@ +# Translation of iptables-persistent debconf template to Swedish +# Copyright (C) 2011 Martin Bagge +# This file is distributed under the same license as the iptables-persistent package. +# +# Martin Bagge , 2011 +msgid "" +msgstr "" +"Project-Id-Version: iptables-persistent\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: 2011-01-26 01:21+0100\n" +"Last-Translator: Martin Bagge / brother \n" +"Language-Team: Swedish \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Swedish\n" +"X-Poedit-Country: Sweden\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "Spara aktuella IPv4-regler?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Current iptables rules can be saved to the configuration file /etc/iptables/rules.v4. These rules will then be loaded automatically during system startup." +msgstr "Aktuella iptables-regler kan sparas i inställningsfilen /etc/iptables/rules.v4. Dessa regler kommer då att läsas in automatiskt vid systemets uppstart." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Rules are only saved automatically during package installation. See the manual page of iptables-save(8) for instructions on keeping the rules file up-to-date." +msgstr "Reglerna sparas automatiskt vid paketinstallationen. Instruktioner för att hålla regelfilen aktuellt finns i manualsidan för iptables-save(8)." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "Spara aktuella IPv6-regler?" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Current iptables rules can be saved to the configuration file /etc/iptables/rules.v6. These rules will then be loaded automatically during system startup." +msgstr "Aktuella iptables-regler kan sparas i inställningsfilen /etc/iptables/rules.v6. Dessa regler kommer då att läsas in automatiskt vid systemets uppstart." + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Rules are only saved automatically during package installation. See the manual page of ip6tables-save(8) for instructions on keeping the rules file up-to-date." +msgstr "Reglerna sparas automatiskt vid paketinstallationen. Instruktioner för att hålla regelfilen aktuellt finns i manualsidan för ip6tables-save(8)." + diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..2fc71a6 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,66 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: iptables-persistent@packages.debian.org\n" +"POT-Creation-Date: 2011-01-15 20:39+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "Save current IPv4 rules?" +msgstr "" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v4. These rules will then be loaded automatically during system " +"startup." +msgstr "" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:2001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of iptables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "Save current IPv6 rules?" +msgstr "" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Current iptables rules can be saved to the configuration file /etc/iptables/" +"rules.v6. These rules will then be loaded automatically during system " +"startup." +msgstr "" + +#. Type: boolean +#. Description +#: ../iptables-persistent.templates:3001 +msgid "" +"Rules are only saved automatically during package installation. See the " +"manual page of ip6tables-save(8) for instructions on keeping the rules file " +"up-to-date." +msgstr "" diff --git a/debian/source/format b/debian/source/format index 163aaf8..89ae9db 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1 @@ -3.0 (quilt) +3.0 (native) diff --git a/iptb-expflush-plugin b/iptb-expflush-plugin new file mode 100755 index 0000000..433bbea --- /dev/null +++ b/iptb-expflush-plugin @@ -0,0 +1,125 @@ +#!/bin/sh + +# This file is part of netfilter-persistent +# (was iptables-persistent) +# Copyright (C) 2024, Emmanuel BENOÎT +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. +# +# This script manages flushing some chains either explicitly or +# based on the contents of /etc/iptables/rules.v[46] when the +# --no-flush option is being used for ip{6,}tables-restore. + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + +case "`basename $0`" in + *iptb4*) + RULES_FILE=/etc/iptables/rules.v4 + IPTB_CMD=iptables + RESTORE_NOFLUSH="${IPTABLES_RESTORE_NOFLUSH}" + EXPLICIT_FLUSH="${IPTABLES_EXPLICIT_FLUSH}" + ;; + *iptb6*) + RULES_FILE=/etc/iptables/rules.v6 + IPTB_CMD=ip6tables + RESTORE_NOFLUSH="${IP6TABLES_RESTORE_NOFLUSH}" + EXPLICIT_FLUSH="${IP6TABLES_EXPLICIT_FLUSH}" + ;; + *) + echo "Unexpected file name, must contain either iptb4 or iptb6" >&2 + exit 1 +esac + +read_existing_rules() +{ + if [ ! -f $RULES_FILE ]; then + return + fi + + local cur_table="" + local found="" + while read file_line; do + case "$file_line" in + \**) + cur_table="`echo "$file_line" | cut -c2-`" + ;; + -A*) + local chain="`echo "x$file_line" | cut -f2 -d' '`" + if [ "${cur_table}x" = "x" ]; then + echo "Found chain \`$chain' before table start" >&2 + else + local must_add="${cur_table}.${chain}" + if ! echo "$found" | grep -qw "$must_add" ; then + if [ "${found}x" != "x" ]; then + found="${found}," + fi + found="${found}${must_add}" + fi + fi + ;; + *) + ;; + esac + done < $RULES_FILE + + echo "$found" +} + +flush_rules() +{ + if [ "${RESTORE_NOFLUSH}x" != "yesx" ]; then + return + fi + + case "${EXPLICIT_FLUSH}" in + auto) + FLUSH_RULES="`read_existing_rules`" + ;; + + yes:*) + FLUSH_RULES="`echo "${EXPLICIT_FLUSH}" | cut -d: -f2`" + ;; + *) + return + ;; + esac + + IFS="," + for target in ${FLUSH_RULES} + do + local table="`echo "$target" | cut -f1 -d.`" + local chain="`echo "$target" | cut -f2 -d.`" + local err="`LANG=C ${IPTB_CMD} -t $table -F $chain 2>&1`" + # Don't stop on missing chain errors, as it could just be that + # the chain hasn't been created yet. + if [ "x$err" != "x" ] && [ "x$err" != "x${IPTB_CMD}: No chain/target/match by that name." ]; then + echo "When flushing $target: $err" >&2 + return 1 + fi + done + unset IFS +} + +# Rules must be flushed before starting, when restarting, or when explicitly +# requested. +case "$1" in +start|restart|reload|force-reload|flush) + flush_rules + ;; +save|stop) + ;; +*) + echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2 + exit 1 + ;; +esac diff --git a/logcheck/ignore.d.server/netfilter-persistent b/logcheck/ignore.d.server/netfilter-persistent new file mode 100644 index 0000000..06e1ca1 --- /dev/null +++ b/logcheck/ignore.d.server/netfilter-persistent @@ -0,0 +1 @@ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: netfilter-persistent\.service: Dependency Conflict(s|edBy)=(ip(6)?tables|ipset)\.service dropped, merged into netfilter-persistent\.service$ diff --git a/netfilter-persistent b/netfilter-persistent new file mode 100755 index 0000000..6470e2e --- /dev/null +++ b/netfilter-persistent @@ -0,0 +1,52 @@ +#!/bin/sh + +# This file is part of netfilter-persistent +# Copyright (C) 2014 Jonathan Wiltshire +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. + +set -e + +IAM=$(whoami) +PLUGINS=/usr/share/netfilter-persistent/plugins.d + +if [ ${IAM} != "root" ]; then + echo "You must be root to use this utility" +fi + +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + +run_plugins () { + if [ -d ${PLUGINS} ]; then + run-parts -v -a ${1} ${PLUGINS} + fi +} + +case $1 in +start|save|flush) + run_plugins ${1} + ;; +reload|restart) + run_plugins start + ;; +stop) + if [ ${FLUSH_ON_STOP} -gt 0 ]; then + run_plugins flush + else + echo "Automatic flush disabled; use '${0} flush'" + fi + ;; +*) + echo "Usage: ${0} (start|stop|restart|reload|flush|save)" + ;; +esac + + +exit 0 + diff --git a/netfilter-persistent.8 b/netfilter-persistent.8 new file mode 100644 index 0000000..c8a94d7 --- /dev/null +++ b/netfilter-persistent.8 @@ -0,0 +1,81 @@ +.TH netfilter-persistent 8 +.SH NAME +netfilter-persistent \- load, flush and save netfilter rule sets +.SH SYNOPSIS +.B netfilter-persistent +start +.PP +.B netfilter-persistent +stop +.PP +.B netfilter-persistent +flush +.PP +.B netfilter-persistent +save +.SH DESCRIPTION +.B netfilter-persistent +uses a set of plugins to load, flush and save netfilter rules at boot and halt time. +Plugins can be written in any suitable language and stored in +.I /usr/share/netfilter-persistent/plugins.d +.SH OPTIONS +.TP +start +Calls all plugins with the +.I start +argument, causing them to load their rules into netfilter. +.TP +stop +If the configuration +.I FLUSH_ON_STOP +is enabled, calls all plugins with the +.I flush +argument, causing them to remove their rules from netfilter. +Otherwise, emits a warning only. +.TP +flush +Calls all plugins with the +.I flush +argument, causing them to remove their rules from netfilter. +.TP +save +Calls all plugins with the +.I save +argument, causing them to save the currently-loaded rules to persistent storage. +.SH PLUGINS +Plugins can be written in any language and are merely executed by +.B netfilter-persistent +with a single argument. +All plugins are stored in +.I /usr/share/netfilter-persistent/plugins.d +.PP +Plugins must implement the +.I start +.I flush +and +.I save +arguments and must not rely on additional arguments for other functionality. +.br +Plugins must return 0 on success and any other code on failure. +.PP +Plugins are free to use and extend the configuration in +.I /etc/default/netfilter-persistent +and to implement their own configuration files. +.SH FILES +.TP +.I /etc/default/netfilter-persistent +Main configuration file +.TP +.I /usr/share/netfilter-persistent/plugins.d +Plugin directory +.SH COPYRIGHT +Copyright (C) 2009 Simon Richter +.br +Copyright (C) 2010, 2014 Jonathan Wiltshire +.PP +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. +.SH AUTHORS +Jonathan Wiltshire diff --git a/plugins/10-ipset b/plugins/10-ipset new file mode 100755 index 0000000..069c5e6 --- /dev/null +++ b/plugins/10-ipset @@ -0,0 +1,72 @@ +#!/bin/sh + +# This file is part of netfilter-persistent +# (was iptables-persistent) +# Copyright (C) 2018, gustavo panizzo +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. + +# This script saves and/or restores ipset(s) to/from a file +# Flush is implemented in another script, as it has to run after +# iptables flush + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + +# Create the ipsets and populate them +load_sets () +{ + #load ipset rules + if [ ! -f /etc/iptables/ipsets ]; then + echo "Warning: skipping IPSet (no rules to load)" + else + ipset restore -exist < /etc/iptables/ipsets + fi +} + +# Save current contents of the ipsets to file +save_sets () +{ + if [ ! "${IPSET_SKIP_SAVE}x" = "yesx" ]; then + touch /etc/iptables/ipsets + chmod 0640 /etc/iptables/ipsets + ipset save > /etc/iptables/ipsets + fi +} + +# flush sets +flush_sets () +{ + : +} + + +case "$1" in +start|restart|reload|force-reload) + load_sets + ;; +save) + save_sets + ;; +stop) + # While it makes sense to stop (delete) ipsets we keep the same + # semanthics as ip(6)?tables rules + echo "Automatic flushing disabled, use \"flush\" instead of \"stop\"" + ;; +flush) + flush_sets + ;; +*) + echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2 + exit 1 + ;; +esac diff --git a/plugins/15-ip4tables b/plugins/15-ip4tables new file mode 100755 index 0000000..d80bce6 --- /dev/null +++ b/plugins/15-ip4tables @@ -0,0 +1,92 @@ +#!/bin/sh + +# This file is part of netfilter-persistent +# (was iptables-persistent) +# Copyright (C) 2009, Simon Richter +# Copyright (C) 2010, 2014 Jonathan Wiltshire +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + +load_rules() +{ + if [ "${IPTABLES_RESTORE_NOFLUSH}x" = "yesx" ]; then + NOFLUSH='--noflush' + else + NOFLUSH='' + fi + + #load IPv4 rules + if [ ! -f /etc/iptables/rules.v4 ]; then + echo "Warning: skipping IPv4 (no rules to load)" + return + fi + + if [ "${IPTABLES_TEST_RULESET}x" = "yesx" ] ; then + if ! iptables-restore --test $NOFLUSH < /etc/iptables/rules.v4 ; then + echo "Error: IPv4 rules failed test load. New rules NOT loaded" + return + fi + fi + + iptables-restore $NOFLUSH < /etc/iptables/rules.v4 +} + +save_rules() +{ + if [ ! "${IPTABLES_SKIP_SAVE}x" = "yesx" ]; then + touch /etc/iptables/rules.v4 + chmod 0640 /etc/iptables/rules.v4 + iptables-save > /etc/iptables/rules.v4 + fi +} + +flush_rules() +{ + TABLES=$(iptables-save | sed -E -n 's/^\*//p') + for table in $TABLES + do + CHAINS=$(iptables-save -t $table | sed -E -n 's/^:([A-Z]+) [A-Z]+ .*/\1/p') + for chain in $CHAINS + do + # policy can't be set on user-defined chains + iptables -t $table -P $chain ACCEPT || true + done + iptables -t $table -F + iptables -t $table -Z + iptables -t $table -X + done +} + +case "$1" in +start|restart|reload|force-reload) + load_rules + ;; +save) + save_rules + ;; +stop) + # Why? because if stop is used, the firewall gets flushed for a variable + # amount of time during package upgrades, leaving the machine vulnerable + # It's also not always desirable to flush during purge + echo "Automatic flushing disabled, use \"flush\" instead of \"stop\"" + ;; +flush) + flush_rules + ;; +*) + echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2 + exit 1 + ;; +esac diff --git a/plugins/25-ip6tables b/plugins/25-ip6tables new file mode 100755 index 0000000..06c55ae --- /dev/null +++ b/plugins/25-ip6tables @@ -0,0 +1,94 @@ +#!/bin/sh + +# This file is part of netfilter-persistent +# (was iptables-persistent) +# Copyright (C) 2009, Simon Richter +# Copyright (C) 2010, 2014 Jonathan Wiltshire +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Exit fast if IPv6 is disabled +test -e /proc/sys/net/ipv6 || exit 0 + +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + +load_rules() +{ + if [ "${IP6TABLES_RESTORE_NOFLUSH}x" = "yesx" ]; then + NOFLUSH='--noflush' + else + NOFLUSH='' + fi + + #load IPv6 rules + if [ ! -f /etc/iptables/rules.v6 ]; then + echo "Warning: skipping IPv6 (no rules to load)" + fi + + if [ "${IP6TABLES_TEST_RULESET}x" = "yesx" ] ; then + if ! ip6tables-restore --test $NOFLUSH < /etc/iptables/rules.v6 ; then + echo "Error: IPv6 rules failed test load. New rules NOT loaded" + return + fi + fi + + ip6tables-restore $NOFLUSH < /etc/iptables/rules.v6 +} + +save_rules() +{ + if [ ! "${IP6TABLES_SKIP_SAVE}x" = "yesx" ]; then + touch /etc/iptables/rules.v6 + ip6tables-save > /etc/iptables/rules.v6 + chmod 0640 /etc/iptables/rules.v6 + fi +} + +flush_rules() +{ + TABLES=$(ip6tables-save | sed -E -n 's/^\*//p') + for table in $TABLES + do + CHAINS=$(ip6tables-save -t $table | sed -E -n 's/^:([A-Z]+) [A-Z]+ .*/\1/p') + for chain in $CHAINS + do + # policy can't be set on user-defined chains + ip6tables -t $table -P $chain ACCEPT || true + done + ip6tables -t $table -F + ip6tables -t $table -Z + ip6tables -t $table -X + done +} + +case "$1" in +start|restart|reload|force-reload) + load_rules + ;; +save) + save_rules + ;; +stop) + # Why? because if stop is used, the firewall gets flushed for a variable + # amount of time during package upgrades, leaving the machine vulnerable + # It's also not always desirable to flush during purge + echo "Automatic flushing disabled, use \"flush\" instead of \"stop\"" + ;; +flush) + flush_rules + ;; +*) + echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2 + exit 1 + ;; +esac diff --git a/plugins/40-ipset b/plugins/40-ipset new file mode 100755 index 0000000..dc4b374 --- /dev/null +++ b/plugins/40-ipset @@ -0,0 +1,62 @@ +#!/bin/sh + +# This file is part of netfilter-persistent +# (was iptables-persistent) +# Copyright (C) 2018, gustavo panizzo +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 3 +# of the License, or (at your option) any later version. + +# This script only implement flush of rules as ipset have to flushed after +# there are no more references to it (iptables rules calling them) + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Source configuration +if [ -f "/etc/default/netfilter-persistent" ]; then + . /etc/default/netfilter-persistent +fi + +# Create the ipsets and populate them +load_sets () +{ + : +} + +# Save current contents of the ipsets to file +save_sets () +{ + : +} + +# flush sets +flush_sets () +{ + ipset destroy +} + + +case "$1" in +start|restart|reload|force-reload) + load_sets + ;; +save) + save_sets + ;; +stop) + # While it makes sense to stop (delete) ipsets we keep the same + # semanthics as ip(6)?tables rules + echo "Automatic flushing disabled, use \"flush\" instead of \"stop\"" + ;; +flush) + flush_sets + ;; +*) + echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2 + exit 1 + ;; +esac diff --git a/systemd/netfilter-persistent.service b/systemd/netfilter-persistent.service new file mode 100644 index 0000000..7ea9655 --- /dev/null +++ b/systemd/netfilter-persistent.service @@ -0,0 +1,17 @@ +[Unit] +Description=netfilter persistent configuration +DefaultDependencies=no +Wants=network-pre.target systemd-modules-load.service local-fs.target +Before=network-pre.target shutdown.target +After=systemd-modules-load.service local-fs.target +Conflicts=shutdown.target +Documentation=man:netfilter-persistent(8) + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/sbin/netfilter-persistent start +ExecStop=/usr/sbin/netfilter-persistent stop + +[Install] +WantedBy=multi-user.target