"Fossies" - the Fresh Open Source Software Archive 
Member "aif-2.1.1/install.sh" (16 Sep 2020, 13679 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "install.sh":
2.1.0_vs_2.1.1.
1 #!/bin/bash
2
3 MY_VERSION="1.13c"
4
5 # ------------------------------------------------------------------------------------------
6 # -= Arno's Iptables Firewall(AIF) =-
7 # Single- & multi-homed firewall script with DSL/ADSL support
8 #
9 # ~ In memory of my dear father ~
10 #
11 # (C) Copyright 2001-2020 by Arno van Amersfoort
12 # Homepage : https://rocky.eld.leidenuniv.nl/
13 # Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
14 # (note: you must remove all spaces and substitute the @ and the .
15 # at the proper locations!)
16 # ------------------------------------------------------------------------------------------
17 # This program is free software; you can redistribute it and/or
18 # modify it under the terms of the GNU General Public License
19 # version 2 as published by the Free Software Foundation.
20
21 # This program is distributed in the hope that it will be useful,
22 # but WITHOUT ANY WARRANTY; without even the implied warranty of
23 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 # GNU General Public License for more details.
25
26 # You should have received a copy of the GNU General Public License
27 # along with this program; if not, write to the Free Software
28 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 # ------------------------------------------------------------------------------------------
30
31 EOL='
32 '
33
34 # Check if the environment file exists and if so, load it
35 #########################################################
36 if [ -f ./share/arno-iptables-firewall/environment ]; then
37 . ./share/arno-iptables-firewall/environment
38 else
39 printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n" >&2
40 exit 2
41 fi
42
43 sanity_check()
44 {
45 # root check
46 if [ "$(id -u)" != "0" ]; then
47 printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\033[0m\n" >&2
48 exit 1
49 fi
50
51 check_command_error iptables
52 if [ "$IPV6_DETECTED" = "1" ]; then
53 check_command_error ip6tables
54 fi
55 check_command_error awk
56 check_command_error tr
57 check_command_error ip
58 check_command_error cut
59 check_command_error uname
60 check_command_error sed
61 check_command_error cat
62 check_command_error date
63 check_command_error modprobe
64 check_command_error sysctl
65 check_command_error head
66 check_command_error tail
67 check_command_error wc
68 check_command_error gzip
69 check_command_error logger
70 check_command_error chmod
71 check_command_error chown
72 check_command_error find
73 check_command_error cp
74 check_command_error rm
75 check_command_error mkdir
76 check_command_error rmdir
77 check_command_error ln
78 check_command_warning dig nslookup
79 }
80
81
82 shell_diff()
83 {
84 local FILE1_DATA="$(cat "$1")"
85 local FILE2_DATA="$(cat "$2")"
86
87 if [ "$FILE1_DATA" != "$FILE2_DATA" ]; then
88 # If mismatch, check whether it's only the comments that differ
89 FILE1_DATA="$(echo "$FILE1_DATA" |sed 's/#.*//')"
90 FILE2_DATA="$(echo "$FILE2_DATA" |sed 's/#.*//')"
91
92 if [ "$FILE1_DATA" = "$FILE2_DATA" ]; then
93 return 1 # Only comments differ
94 fi
95
96 return 2 # Full mismatch
97 fi
98
99 return 0 # Match
100 }
101
102
103 copy_ask_if_exist()
104 {
105 local diff_retval=-1
106 local retval
107 local default_yn="${3:-'n'}" # Default to n(o)
108 local fallback_ext="$4"
109
110 if [ -z "$(find "$1" -type f)" ]; then
111 echo "ERROR: Missing source file(s) \"$1\"" >&2
112 exit 2
113 fi
114
115 unset IFS
116 for source in `find "$1" -type f |grep -v -e '/\.svn/' -e '/\.git/'`; do
117 if echo "$2" |grep -q '/$'; then
118 fn="$(echo "$source" |sed "s,^$1,,")"
119 if [ -z "$fn" ]; then
120 target="${2}$(basename "$1")"
121 else
122 target="${2}${fn}"
123 fi
124 target_dir="$2"
125 else
126 target="$2"
127 target_dir="$(dirname "$2")"
128 fi
129
130 if [ ! -d "$target_dir" ]; then
131 printf "\033[40m\033[1;31m* WARNING: Target directory $target_dir does not exist. Skipping copy of $source!\033[0m\n" >&2
132 continue
133 fi
134
135 if [ -f "$source" -a -f "$target" ]; then
136 # Ignore files that are the same in the target
137 shell_diff "$source" "$target"
138 diff_retval=$? # 0 = full match, 1 = match (excluding comments), 2 = full mismatch (including comments)
139
140 if [ $diff_retval -eq 2 ] && ! get_user_yn "File \"$target\" already exists. Overwrite" "$default_yn"; then
141 if [ -z "$fallback_ext" ]; then
142 echo "Skipped..."
143 continue
144 else
145 # Copy as e.g. .dist-file:
146 target="${target}.${fallback_ext}"
147 rm -f "$target"
148 fi
149 fi
150 fi
151
152 retval=0
153 if [ $diff_retval -eq 2 ]; then
154 # copy file & create backup of old file if exists
155 cp -bv --preserve=mode,timestamps "$source" "$target"
156 retval=$?
157 else
158 # Only comments mismatch, so no point in keeping a backup file
159 cp -v --preserve=mode,timestamps "$source" "$target"
160 retval=$?
161 fi
162
163 if [ $retval -ne 0 ]; then
164 echo "ERROR: Copy of \"$source\" to \"$target\" failed!" >&2
165 exit 3
166 fi
167
168 chown 0:0 "$target"
169 done
170
171 return 0
172 }
173
174
175 copy_skip_if_exist()
176 {
177 if [ -z "$(find "$1" -type f)" ]; then
178 echo "ERROR: Missing source file(s) \"$1\"" >&2
179 exit 2
180 fi
181
182 unset IFS
183 for source in `find "$1" -type f |grep -v -e '/\.svn/' -e '/\.git/'`; do
184 if echo "$2" |grep -q '/$'; then
185 fn="$(echo "$source" |sed "s,^$1,,")"
186 if [ -z "$fn" ]; then
187 target="$2$(basename "$1")"
188 else
189 target="$2$fn"
190 fi
191 target_dir="$2"
192 else
193 target="$2"
194 target_dir="$(dirname "$2")"
195 fi
196
197 if [ ! -d "$target_dir" ]; then
198 printf "\033[40m\033[1;31m* WARNING: Target directory $target_dir does not exist. Skipping copy of $source!\033[0m\n" >&2
199 continue
200 fi
201
202 if [ -f "$target" ]; then
203 if [ -z "$3" ]; then
204 echo "* File \"$target\" already exists. Skipping copy of $source"
205 continue
206 else
207 # Copy as e.g. .dist-file:
208 target="${target}.${3}"
209 rm -f "$target"
210 fi
211 fi
212
213 # NOTE: Always copy, even if contents is the same to make sure permissions are updated
214 if ! cp -v --preserve=mode,timestamps "$source" "$target"; then
215 echo "ERROR: Copy of \"$source\" to \"$target!\" failed!" >&2
216 exit 3
217 fi
218
219 chown 0:0 "$target"
220 done
221
222 return 0
223 }
224
225
226 copy_overwrite()
227 {
228 if [ -z "$(find "$1" -type f)" ]; then
229 echo "ERROR: Missing source file(s) \"$1\"" >&2
230 exit 2
231 fi
232
233 unset IFS
234 for source in `find "$1" -type f |grep -v -e '/\.svn/' -e '/\.git/'`; do
235 if echo "$2" |grep -q '/$'; then
236 fn="$(echo "$source" |sed "s,^$1,,")"
237 if [ -z "$fn" ]; then
238 target="$2$(basename "$1")"
239 else
240 target="$2$fn"
241 fi
242 target_dir="$2"
243 else
244 target="$2"
245 target_dir="$(dirname "$2")"
246 fi
247
248 if [ ! -d "$target_dir" ]; then
249 printf "\033[40m\033[1;31m* WARNING: Target directory $target_dir does not exist. Skipping copy of $source!\033[0m\n" >&2
250 continue
251 fi
252
253 # NOTE: Always copy, even if contents is the same to make sure permissions are updated
254 if ! cp -fv --preserve=mode,timestamps "$source" "$target"; then
255 echo "ERROR: Copy of \"$source\" to \"$target\" failed!" >&2
256 exit 3
257 fi
258
259 chown 0:0 "$target"
260 done
261
262 return 0
263 }
264
265
266 get_user_yn()
267 {
268 if [ "$2" = "y" ]; then
269 printf "$1 (Y/n)? "
270 else
271 printf "$1 (y/N)? "
272 fi
273
274 read answer_with_case
275
276 ANSWER=`echo "$answer_with_case" |tr A-Z a-z`
277
278 if [ "$ANSWER" = "y" -o "$ANSWER" = "yes" ]; then
279 return 0
280 fi
281
282 if [ "$ANSWER" = "n" -o "$ANSWER" = "no" ]; then
283 return 1
284 fi
285
286 # Fallback to default
287 if [ "$2" = "y" ]; then
288 return 0
289 else
290 return 1
291 fi
292 }
293
294
295 check_18_version()
296 {
297 if grep -q "^MY_VERSION=" "/etc/init.d/arno-iptables-firewall" 2>/dev/null; then
298 if get_user_yn "WARNING: An old version is still installed. Removing it first is *STRONGLY* recommended. Remove" "y"; then
299 rm -fv /etc/init.d/arno-iptables-firewall
300 mv -fv /etc/arno-iptables-firewall/custom-rules /etc/arno-iptables-firewall/custom-rules.old
301 mv -fv /etc/arno-iptables-firewall/firewall.conf /etc/arno-iptables-firewall/firewall.conf.old
302 rm -fv /etc/arno-iptables-firewall/plugins/*.plugin
303 rm -fv /etc/rc*.d/*arno-iptables-firewall
304 fi
305 fi
306 }
307
308
309 check_dist_version()
310 {
311 if [ -f /usr/sbin/arno-iptables-firewall ]; then
312 if ! get_user_yn "WARNING: It seems a distribution version is already installed. It's *STRONGLY* recommended to remove it first. Continue anyway" "y"; then
313 return 1
314 fi
315 fi
316
317 return 0
318 }
319
320
321 # Check plugins for (old) versions with different priority
322 check_plugins()
323 {
324 if [ -d /usr/local/share/arno-iptables-firewall/plugins ] && ls /usr/local/share/arno-iptables-firewall/plugins/*.plugin >/dev/null 2>&1; then
325 unset IFS
326 for PLUGIN_FILE in ./share/arno-iptables-firewall/plugins/*.plugin; do
327 PLUGIN_NAME="$(basename "$PLUGIN_FILE" |sed 's/^[0-9]*//')"
328
329 ls /usr/local/share/arno-iptables-firewall/plugins/*.plugin 2>/dev/null |grep "/[0-9]*${PLUGIN_NAME}$" |grep -v "/$(basename "$PLUGIN_FILE")$" |while IFS=$EOL read PLUGIN_OLD; do
330 echo "* Removing old plugin: $PLUGIN_OLD"
331 rm -fv "$PLUGIN_OLD"
332 done
333 done
334 fi
335 }
336
337
338 # main line:
339 AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
340
341 printf "\033[40m\033[1;32mArno's Iptables Firewall Script(AIF) v$AIF_VERSION\033[0m\n"
342 printf "Install Script v$MY_VERSION\n"
343 echo "-------------------------------------------------------------------------------"
344
345 sanity_check
346
347 # We want to run in the dir the install script is in
348 cd "$(dirname $0)"
349
350 if ! get_user_yn "Continue install" "n"; then
351 echo "*Install aborted"
352 exit 1
353 fi
354
355 # Make sure an old version is not still installed
356 check_18_version
357
358 # Make sure a dist version is not already installed
359 if ! check_dist_version; then
360 echo "*Install aborted"
361 exit 1
362 fi
363
364 copy_overwrite ./bin/arno-iptables-firewall /usr/local/sbin/
365 copy_overwrite ./bin/arno-fwfilter /usr/local/bin/
366
367 # Remove old version:
368 rm -f /usr/local/sbin/arno-fwfilter
369
370 mkdir -pv /usr/local/share/arno-iptables-firewall/plugins || exit 1
371 copy_overwrite ./share/arno-iptables-firewall/ /usr/local/share/arno-iptables-firewall/
372
373 if [ ! -f /usr/local/sbin/traffic-accounting-show ]; then
374 ln -sv /usr/local/share/arno-iptables-firewall/plugins/traffic-accounting-show /usr/local/sbin/traffic-accounting-show
375 fi
376
377 mkdir -pv /usr/local/share/man/man1 || exit 1
378 mkdir -pv /usr/local/share/man/man8 || exit 1
379 gzip -c -v ./share/man/man8/arno-iptables-firewall.8 >/usr/local/share/man/man8/arno-iptables-firewall.8.gz
380 gzip -c -v ./share/man/man1/arno-fwfilter.1 >/usr/local/share/man/man8/arno-fwfilter.1.gz
381
382 mkdir -pv /usr/local/share/doc/arno-iptables-firewall || exit 1
383 copy_overwrite ./README /usr/local/share/doc/arno-iptables-firewall/
384
385 # Install init.d script, but only if init.d folder exists
386 if [ -d "/etc/init.d" ]; then
387 copy_overwrite ./etc/init.d/arno-iptables-firewall /etc/init.d/
388 fi
389
390 # Make sure only one service file exists in /lib/.. or /usr/lib/ where we prefer /lib/
391 rm -f /usr/lib/systemd/system/arno-iptables-firewall.service
392
393 # Install service file if systemd directory is available, use fallbacks to support different systems
394 if [ -d "/lib/systemd/system" ]; then
395 copy_overwrite ./lib/systemd/system/arno-iptables-firewall.service /lib/systemd/system/
396 elif [ -d "/usr/lib/systemd/system" ]; then
397 copy_overwrite ./lib/systemd/system/arno-iptables-firewall.service /usr/lib/systemd/system/
398 elif [ -d "/etc/systemd/system" ]; then
399 copy_ask_if_exist ./lib/systemd/system/arno-iptables-firewall.service /etc/systemd/system/ "y"
400 else
401 echo "NOTE: Could not find any systemd/system directory, skipping systemd configuration" >&2
402 fi
403
404 # Install rsyslog config file (if rsyslog is available)
405 if [ -d "/etc/rsyslog.d" ]; then
406 copy_ask_if_exist ./etc/rsyslog.d/arno-iptables-firewall.conf /etc/rsyslog.d/ "y"
407 fi
408
409 copy_ask_if_exist ./etc/logrotate.d/arno-iptables-firewall /etc/logrotate.d/ "y"
410
411 mkdir -pv /etc/arno-iptables-firewall || exit 1
412
413 copy_overwrite ./etc/arno-iptables-firewall/firewall.conf /etc/arno-iptables-firewall/firewall.conf.dist
414 copy_ask_if_exist ./etc/arno-iptables-firewall/firewall.conf /etc/arno-iptables-firewall/
415
416 copy_skip_if_exist ./etc/arno-iptables-firewall/custom-rules /etc/arno-iptables-firewall/
417
418 mkdir -pv /etc/arno-iptables-firewall/plugins || exit 1
419 copy_ask_if_exist ./etc/arno-iptables-firewall/plugins/ /etc/arno-iptables-firewall/plugins/ "n" "dist"
420
421 mkdir -pv /etc/arno-iptables-firewall/conf.d || exit 1
422 echo "Files with a .conf extension in this directory will be sourced by the environment file" >/etc/arno-iptables-firewall/conf.d/README
423
424 check_plugins
425
426 echo ""
427 echo "** Install done **"
428 echo ""
429
430 if get_user_yn "Do you want to run the configuration script"; then
431 ./configure.sh
432 fi
433
434 echo ""
435 echo "-------------------------------------------------------------------------------"
436 echo "** NOTE: You can now (manually) start the firewall by executing **"
437 echo "** \"/usr/local/sbin/arno-iptables-firewall start\" **"
438 echo "** It is recommended however to first review the settings in **"
439 echo "** /etc/arno-iptables-firewall/firewall.conf! **"
440 echo "-------------------------------------------------------------------------------"
441 echo ""
442
443 if get_user_yn "(Re)start firewall"; then
444 /usr/local/sbin/arno-iptables-firewall restart
445 fi
446
447 exit 0