--- ipkungfu-0.6.1.orig/debian/README.Debian +++ ipkungfu-0.6.1/debian/README.Debian @@ -0,0 +1,19 @@ +ipkungfu for Debian +------------------- + + IPKUNGFU STARTING AT BOOT + + The package ipkungfu will now no longer start during boot, unless you have modified the file + /etc/default/ipkungfu. Please make sure you have edited /etc/ipkungfu/ipkungfu.conf before you disable this + security feature. The correct way of disabling this feature is to change the line "IPKFSTART = 0" to "IPKFSTART=1 + in /etc/default/ipkungfu + + Note that this has no effect when ipkungfu is run directly from the command line. + + + GENERAL + + I've got a feeling there are still some things I may have missed/messed up, if you see anything wrong can you + please submit a bug to Debian bug tracker (via reportbug or other means). + + -- Nigel Jones Fri, 24 June 2005 22:54:32 +1200 --- ipkungfu-0.6.1.orig/debian/changelog +++ ipkungfu-0.6.1/debian/changelog @@ -0,0 +1,159 @@ +ipkungfu (0.6.1-6.2) unstable; urgency=medium + + * Non-maintainer upload. + * Depend on iproute2 instead of transitional package iproute. + (Closes: #824679) + + -- Luca Boccassi Fri, 05 Jan 2018 22:59:11 +0000 + +ipkungfu (0.6.1-6.1) unstable; urgency=medium + + * Non-maintainer upload. + * Switch from module-init-tools to kmod. (Closes: #733693) + * Bump debhelper compat level to 5. (Closes: #817504) + * Fix init.d-script-missing-dependency-on-remote_fs. + + -- Andreas Beckmann Thu, 21 Apr 2016 15:59:21 +0200 + +ipkungfu (0.6.1-6) unstable; urgency=low + + * debian/control + - Bump debian standards version to 3.7.3 (No changes) + - Add ${shlibs:Depends} to Depends: + - Remove modutils from Depends: and Build-Depends: + * debian/changelog + - The correct email in past changelog is: Marco Rodrigues + * debian/preinst + - Add file to force recreate of cache files if they are present. + * debian/rules + - Add dh_shlibdeps + * debian/init.d + - Remove a bashism. (Closes: #480601) + + -- Luis Uribe Tue, 21 Mar 2008 18:48:09 -0500 + +ipkungfu (0.6.1-5) unstable; urgency=low + + * debian/init.d + - Applied a patch from ubuntu for version 0.6.1-4ubuntu1: Fixed + debian/init.d script to use only /bin/sh instructions. Thanks to + Marcos Rodriguez (gothicx@sapo.p) + * debian/rules: + - Correct debian-rules-ignores-make-clean-error lintian warning. + + -- Luis Uribe Wed, 22 Aug 2007 06:03:55 -0500 + +ipkungfu (0.6.1-4) unstable; urgency=low + + * debian/watch: Correct file format + + -- Luis Uribe Fri, 11 May 2007 23:50:54 -0500 + +ipkungfu (0.6.1-3) unstable; urgency=low + + * debian/rules + - The location of the config files was wrong + + -- Luis Uribe Sun, 25 Feb 2007 19:25:41 -0500 + +ipkungfu (0.6.1-2) unstable; urgency=low + + * debian/rules + - Move the build commands from binary-indep to binary-arch, in order to + build arch-independent packages. (Closes: #410432) + + -- Luis Uribe Mon, 12 Feb 2007 22:42:42 -0500 + +ipkungfu (0.6.1-1) unstable; urgency=low + + * New upstream release + * Adding the man page for dummy_server (8) + * Now ipkungfu has a configurable list of conntrackt modules: (Closes: #332945) + * debian/rules + - Remove the value of ANSI color variables from ipkungfu automatically + - Adding dh_strip + * debian/postrm + - Now we need to delete /etc/ipkungfu/cache too. + * debian/control + - Adding iptables and module-init-tools | modutils in Build-Depends and + Depends + + -- Luis Uribe Mon, 22 Jan 2007 21:44:45 -0500 + +ipkungfu (0.5.2-8) unstable; urgency=low + + * New maintainter (Closes: #387475) + * Applying patch from Erik Schanze to quote some variables + (Closes: #386553). Already fixed in upstream + * debian/control + - Update debian policy to 3.7.2 + * debian/rules + - Remove duplicate creation of manpage + - Remove dh_link + * debian/init.d + - Remove the skeleton comments + - Make the script LSB-compliant + + -- Luis Uribe Tue, 24 Oct 2006 10:03:20 -0500 + +ipkungfu (0.5.2-7) unstable; urgency=low + + * New maintainer (Closes: #327437). + * Fixed the bad whatis entry for the manpage. + + -- William Vera Sun, 23 Oct 2005 18:40:16 -0500 + +ipkungfu (0.5.2-6) unstable; urgency=low + + * QA upload. + * ipkungfu: Fix a copy-paste error which prevented ip_nat_ftp from being + loaded. Closes first half of #332945. + + -- Matej Vela Mon, 17 Oct 2005 21:50:33 +0200 + +ipkungfu (0.5.2-5) unstable; urgency=low + + * QA upload. + * Package is orphaned (see #327437); set maintainer to Debian QA Group. + * Change architecture to all. Closes: #316090. + * debian/rules: + - Handle installation here instead of patching ./install. + - Remove ANSI color sequences from ipkungfu automatically (instead + of patching it). + - Automatically adjust paths in ipkungfu(8). + * debian/init.d: Make force-reload an alias for reload. + * debian/postrm: Don't abort if there are no log files to be removed. + * debian/watch: Add. + + -- Matej Vela Mon, 26 Sep 2005 13:55:32 +0200 + +ipkungfu (0.5.2-4) unstable; urgency=low + + * altered init.d to check for real defaults file (Closes: #315076) + * changed ipkungfu install to create above meantioned defaults file, to stop major system problems (i.e. making + it in accessible) (Closes: #315074, #311880) + + -- Nigel Jones Fri, 24 Jun 2005 21:28:58 +1200 + +ipkungfu (0.5.2-3) unstable; urgency=low + + * purge not working (Closes: #311881) + * remade init.d script to prevent verbose output (Closes: #311882) + * setup logging & postrm script for log files - help clean verbose output + + -- Nigel Jones Sat, 4 Jun 2005 22:50:59 +1200 + +ipkungfu (0.5.2-2) unstable; urgency=low + + * Fixed debian/rules which caused uploaded .deb's not to have binaries etc... (Closes: #311570) + + -- Nigel Jones Fri, 3 Jun 2005 22:27:06 +1200 + +ipkungfu (0.5.2-1) unstable; urgency=low + + * Initial Release on debian. + * ITP/RFP are now done (Closes: #188362, #311219) + * Sorted out various build problems. + + -- Nigel Jones Tue, 31 May 2005 23:28:56 +1200 + --- ipkungfu-0.6.1.orig/debian/compat +++ ipkungfu-0.6.1/debian/compat @@ -0,0 +1 @@ +5 --- ipkungfu-0.6.1.orig/debian/control +++ ipkungfu-0.6.1/debian/control @@ -0,0 +1,24 @@ +Source: ipkungfu +Section: net +Priority: optional +Maintainer: Luis Uribe +Build-Depends: debhelper (>= 5), + iptables (>= 1.2.7), + kmod, +Standards-Version: 3.7.3 + +Package: ipkungfu +Architecture: any +Depends: + iptables (>= 1.2.7), + iproute2, + kmod, + ${shlibs:Depends}, + ${misc:Depends} +Description: iptables-based Linux firewall + ipkungfu is an advanced iptables script that can be also used by + people who have only limited knowledge of proper security and IP + filtering practices. Many advanced features are included in + ipkungfu, although IPv6 support is still not included. + . + Homepage http://www.linuxkungfu.org --- ipkungfu-0.6.1.orig/debian/copyright +++ ipkungfu-0.6.1/debian/copyright @@ -0,0 +1,22 @@ +This package was debianized by Nigel Jones on +Mon, 30 May 2005 13:37:09 +1200. + +It was downloaded from http://www.linuxkungfu.org + +Copyright Holder: Rocco Stanzione + +License: + + Copyright 2002 by Rocco Stanzione + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + On Debian systems, the complete text of the GNU General Public License + can be found in `/usr/share/common-licenses/GPL'. --- ipkungfu-0.6.1.orig/debian/default +++ ipkungfu-0.6.1/debian/default @@ -0,0 +1,12 @@ +# Defaults for ipkungfu initscript +# sourced by /etc/init.d/ipkungfu +# installed at /etc/default/ipkungfu by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# Additional options that are passed to the Daemon. +DAEMON_OPTS="" +IPKFSTART=0 + --- ipkungfu-0.6.1.orig/debian/dummy_server.8 +++ ipkungfu-0.6.1/debian/dummy_server.8 @@ -0,0 +1,20 @@ +.TH dummy_server 8 "February 2007" +.SH NAME +dummy_server \- A simple server that binds to a user-specified port and does nothing +.SH SYNOPSIS +.B dummy_server +.I "listen_port" +.I "max_connections_in_queue" + +.SH DESCRIPTION +.B dummy_server +is a simple server that binds to a user-specified port and does nothing. + +.SH "OPTIONS" +.B dummy_server +needs two parameters: the port that will be used to listen and the number of maximum connections in queue. + +.SH SEE ALSO +.BR ipkungfu (8). +.SH AUTHOR +This manual page was written by Luis Uribe for the Debian project (but may be used by others). --- ipkungfu-0.6.1.orig/debian/init.d +++ ipkungfu-0.6.1/debian/init.d @@ -0,0 +1,84 @@ +#! /bin/sh +# ipkungfu: An iptables-based Linux firewall +# +### BEGIN INIT INFO +# Provides: ipkungfu +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the ipkungfu firewall at boot time +# Description: Script to start/stop/reload the ipkungfu script +### END INIT INFO +# +# The user must change /etc/default/ipkungfu (as per recommendation in # Bug#315074). +# Created on 2005 by Nigel Jones +# Make LSB-compliant on 2006 by Luis Uribe + + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/ipkungfu +NAME=ipkungfu +DESC="iptables based firewall" +LOGFILE=/var/log/ipkungfu.log +SCRIPTNAME=/etc/init.d/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +ipkf_configerr () { + echo "Not starting $NAME: Please read /usr/share/doc/ipkungfu/README.Debian for details" + exit 0 +} + +test -x $DAEMON || exit 0 + +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +if [ "$IPKFSTART" != "1" ] +then + ipkf_configerr +fi + +case "$1" in + start|reload|force-reload) + #In IPKungfu reload and start are the same things... + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + if $DAEMON 2>&1 >>$LOGFILE ; then + [ "$VERBOSE" != no ] && log_end_msg 0 ; + else + [ "$VERBOSE" != no ] && log_end_msg 1 ; + fi + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + if $DAEMON -d 2>&1 >>$LOGFILE ; then + [ "$VERBOSE" != no ] && log_end_msg 0 ; + else + [ "$VERBOSE" != no ] && log_end_msg 1 ; + fi + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + if ! $DAEMON -d 2>&1 >>$LOGFILE ; then + [ "$VERBOSE" != no ] && log_end_msg 1 ; + fi + sleep 1 + if $DAEMON 2>&1 >>$LOGFILE ; then + [ "$VERBOSE" != no ] && log_end_msg 0 ; + else + [ "$VERBOSE" != no ] && log_end_msg 1 ; + fi + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +exit 0 --- ipkungfu-0.6.1.orig/debian/ipkungfu.8 +++ ipkungfu-0.6.1/debian/ipkungfu.8 @@ -0,0 +1,100 @@ +.TH ipkungfu 8 "January 2003" +.SH NAME +ipkungfu \- An iptables-based firewall for Linux +.SH SYNOPSIS +.B ipkungfu +[ +.B \-c +] [ +.B \-t +] [ +.B \-d +] [ +.B \-h +] [ +.B \-v +] [ +.BI \-\-quiet +] [ +.BI \-\-panic +] [ +.BI \-\-no\-caching + +.SH DESCRIPTION +.B ipkungfu +is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order. It takes advantage of advanced features of iptables, tcpwrappers, and the Linux kernel. It also simplifies the configuration of internet connection sharing, advanced routing, and other networking needs. + +.SH OPTIONS +.TP 12 + +.B \-c " (or " \-\-check) +Check whether \fIipkungfu\fP is loaded, and report any command line options it may have been loaded with. +.TP + +.B \-t " (or " \-\-test) +Runs a configuration test, and displays the results. Note that this does not test or display all configuration options. This gives you an opportunity to verify that major configuration options are correct before putting them into action. +.TP + +.B \-d " (or " \-\-disable) +Disables the firewall. It is important to know exactly what this option does. All traffic is allowed in and out, and in the case of a gateway, all NATed traffic is forwarded (the option retains your connection sharing options). Custom rules are not implemented, and \fIdeny_hosts.conf\fP is ignored. +.TP + +.B \-f " (or " \-\-flush) +Disables the firewall COMPLETELY. All rules are flushed, all chains are removed. Any port forwarding or internet connection sharing will cease to work. +.TP + +.B \-h " (or " \-\-help) +Displays brief usage information and exits. +.TP + +.B \-v " (or " \-\-version) +Displays version information and exits. +.TP + +.B \-\-quiet +Runs ipkungfu with no standard output +.TP + +.B \-\-panic +Drops ALL traffic in all directions on all network interfaces. You should probably never use this option. The \fI--panic\fP option is available for the highly unusual situation where you know that an attack is underway but you know of no other way to stop it. +.TP + +.B \-\-failsafe +If ipkungfu fails, \fI--failsafe\fP will cause all firewall policies to revert to ACCEPT. This is useful when working with ipkungfu remotely, to prevent loss of remote access due to firewall failure. +.TP + +.B \-\-no\-caching +Disables rules caching feature. + +.SH FILES +.PD 0 +.B /etc/ipkungfu/ipkungfu.conf +.br +.B /etc/ipkungfu/advanced.conf +.br +.B /etc/ipkungfu/accept_hosts.conf +.br +.B /etc/ipkungfu/deny_hosts.conf +.br +.B /etc/ipkungfu/custom.conf +.br +.B /etc/ipkungfu/log.conf +.br +.B /etc/ipkungfu/redirect.conf +.br +.B /etc/ipkungfu/services.conf +.br +.B /usr/sbin/ipkungfu +.br +.B /usr/share/doc/ipkungfu/AUTHORS +.br +.B /usr/share/doc/ipkungfu/README +.br +.B /usr/share/doc/ipkungfu/FAQ +.br +.B /usr/share/doc/ipkungfu/ChangeLog +.br +.B /usr/share/doc/ipkungfu/COPYING +.PD +.SH SEE ALSO +.BR iptables (8). --- ipkungfu-0.6.1.orig/debian/logrotate +++ ipkungfu-0.6.1/debian/logrotate @@ -0,0 +1,7 @@ +/var/log/ipkungfu.log { + size=100k + rotate 2 + compress + missingok + create 0640 root adm +} --- ipkungfu-0.6.1.orig/debian/manpages +++ ipkungfu-0.6.1/debian/manpages @@ -0,0 +1,2 @@ +debian/ipkungfu.8 +debian/dummy_server.8 --- ipkungfu-0.6.1.orig/debian/postrm +++ ipkungfu-0.6.1/debian/postrm @@ -0,0 +1,9 @@ +#! /bin/sh +set -e + +if [ "$1" = purge ]; then + rm -f /var/log/ipkungfu.* + rm -rf /etc/ipkungfu/ +fi + +#DEBHELPER# --- ipkungfu-0.6.1.orig/debian/preinst +++ ipkungfu-0.6.1/debian/preinst @@ -0,0 +1,8 @@ +#! /bin/sh +set -e + +if [ -d /etc/ipkungfu/cache ]; then + rm -rf /etc/ipkungfu/cache +fi + +#DEBHELPER# --- ipkungfu-0.6.1.orig/debian/rules +++ ipkungfu-0.6.1/debian/rules @@ -0,0 +1,56 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. +# +# This version is for packages that are architecture independent. + +# Uncomment this to turn on verbose mode. +# export DH_VERBOSE=1 + +build: + dh_testdir + mkdir -p build + ./configure --prefix=/usr + $(MAKE) + sed 's/\\033\[[0-9;]*m//g' ipkungfu > build/ipkungfu + sed 's/\-[0-9].[0-9].[0-9]//g' man/ipkungfu.8 > debian/ipkungfu.8 + +clean: + dh_testdir + dh_testroot + rm -rf build + [ ! -f Makefile ] || $(MAKE) distclean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + dh_install build/ipkungfu usr/sbin + dh_install dummy_server usr/sbin/ + dh_install files/conf/* etc/ipkungfu + +# Build architecture-independent files here. +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs FAQ README + dh_installlogrotate + dh_installinit + dh_installman + dh_shlibdeps + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: clean binary-indep binary-arch binary install --- ipkungfu-0.6.1.orig/debian/watch +++ ipkungfu-0.6.1/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.linuxkungfu.org/ipkungfu/ipkungfu-(.*)\.tar.gz