Description: Debconf abstract layer
 Allow reading config settings from a debconf settings file from within the
 main firewall configuration.
Forwarded: not-needed
Author: Michael Hanke <michael.hanke@gmail.com>
--- a/bin/arno-iptables-firewall
+++ b/bin/arno-iptables-firewall
@@ -5,6 +5,7 @@
 # Location of the main configuration file for the firewall
 ##########################################################
 CONFIG_FILE=/etc/arno-iptables-firewall/firewall.conf
+DEBCONF_CONFIG_FILE=/etc/arno-iptables-firewall/debconf.cfg
 
 # ------------------------------------------------------------------------------
 #                           -= Arno's iptables firewall =-
@@ -37,6 +38,14 @@
 printf "\033[40m\033[1;32mArno's Iptables Firewall Script v$MY_VERSION\033[0m\n"
 echo "-------------------------------------------------------------------------------"
 
+# Check if debconf config file exists and if so load it
+# Do not fail if it does not exist. Since the admin
+# might have choosen to manage the configuartion manually
+#########################################################
+if [ -e "$DEBCONF_CONFIG_FILE" ]; then
+  . $DEBCONF_CONFIG_FILE
+fi
+
 # Check if the main config file exists and if so load it
 ########################################################
 if [ -e "$CONFIG_FILE" ]; then
@@ -50,8 +59,8 @@
 # Check if the environment file exists and if so, load it
 #########################################################
 if [ -z "$ENV_FILE" ]; then
-  if [ -f /usr/local/share/arno-iptables-firewall/environment ]; then
-    ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+  if [ -f /usr/share/arno-iptables-firewall/environment ]; then
+    ENV_FILE="/usr/share/arno-iptables-firewall/environment"
   else
     if [ -f /usr/share/arno-iptables-firewall/environment ]; then
       ENV_FILE="/usr/share/arno-iptables-firewall/environment"
--- a/etc/arno-iptables-firewall/firewall.conf
+++ b/etc/arno-iptables-firewall/firewall.conf
@@ -38,12 +38,18 @@
 # modems otherwise it's probably "ethX" (eg. eth0). Multiple interfaces should
 # be space separated.
 # -----------------------------------------------------------------------------
-EXT_IF=""
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+EXT_IF="$DC_EXT_IF"
 
 # Enable if THIS machines (dynamically) obtains its IP through (IPv4) DHCP
 # and/or (IPv6) DHCPv6 (from your ISP)
 # -----------------------------------------------------------------------------
-EXT_IF_DHCP_IP=0
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+EXT_IF_DHCP_IP=$DC_EXT_IF_DHCP_IP
 
 # (EXPERT SETTING!) Here you can specify your external(!) IPv4 subnet(s). You
 # should only use this if you for example have a corporate network and/or
@@ -84,14 +90,20 @@
 # interfaces. Note that by default ALL traffic is accepted from these
 # interfaces.
 # -----------------------------------------------------------------------------
-INT_IF=""
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+INT_IF="$DC_INT_IF"
 
 # Specify here the internal IPv4 subnet(s) which is/are connected to the
 # internal interface(s). For multiple interfaces(!) you can either specify
 # multiple subnets here or specify one big subnet for all internal interfaces.
 # Note that this variable is mainly used for antispoofing.
 # -----------------------------------------------------------------------------
-#INTERNAL_NET="192.168.0.0/24"
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+INTERNAL_NET="$DC_INTERNAL_NET"
 
 # Set this variable to 0 to disable antispoof checking for the internal nets
 # (EXPERT SETTING!)
@@ -137,7 +149,10 @@
 # network (LAN) (eg. share your internet connection with your internal
 # net(s) connected to eg. INT_IF)
 # -----------------------------------------------------------------------------
-NAT=0
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+NAT=$DC_NAT
 
 # (EXPERT SETTING!) In case you would like to use SNAT instead of
 # MASQUERADING then uncomment and set the IP or IPs here of your static
@@ -154,7 +169,10 @@
 # meaningful when NAT is enabled. Note that you can also use this variable if
 # you want to use NAT for your DMZ.
 # -----------------------------------------------------------------------------
-NAT_INTERNAL_NET="$INTERNAL_NET"
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+NAT_INTERNAL_NET="$DC_NAT_INTERNAL_NET"
 
 # (EXPERT SETTING!) Enable this if you want to be able to redirect local ports
 # or protocols on your gateway using NAT forwards.
@@ -241,11 +259,11 @@
 
 # (EXPERT SETTING!) Location of the environment file
 # -----------------------------------------------------------------------------
-ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+ENV_FILE="/usr/share/arno-iptables-firewall/environment"
 
 # (EXPERT SETTING!) Location of plugin binary & config files
 # -----------------------------------------------------------------------------
-PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
+PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
 PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
 
 # Most people don't want to get any firewall logs being spit to the console.
@@ -494,7 +512,7 @@
 # syslogd to log firewall messages to this file (see LOGLEVEL below for further
 # info).
 # -----------------------------------------------------------------------------
-#FIREWALL_LOG="/var/log/firewall.log"
+FIREWALL_LOG="/var/log/arno-iptables-firewall"
 
 # (EXPERT SETTING!) Current log-level ("info": default kernel syslog level)
 # "debug": can be used to log to /var/log/firewall.log, but you have to configure
@@ -1135,7 +1153,10 @@
 # Enable (1) to make the default policy allow for IPv4 ICMP (ping) for INET access
 # Note: Other ICMP variables apply to both IPv4 and IPv6 unless otherwise noted.
 # -----------------------------------------------------------------------------
-OPEN_ICMP=0
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU
+# KNOW WHAT YOU ARE DOING.
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+OPEN_ICMP=$DC_OPEN_ICMP
 
 # Disable (0) to make the default policy drop IPv6 ICMPv6 for INET access
 # Note: Other ICMP variables apply to both IPv4 and IPv6 unless otherwise noted.
@@ -1145,8 +1166,11 @@
 # Put in the following variables which ports or IP protocols you want to leave
 # open to the whole world.
 # -----------------------------------------------------------------------------
-OPEN_TCP=""
-OPEN_UDP=""
+# OPEN_TCP and OPEN_UDP are handled by Debconf. If you want to add more open TCP
+# or UDP ports use 'dpkg-reconfigure arno-iptables-firewall'. For more complex
+# setup add them (space separated) after $DC_OPEN_*.
+OPEN_TCP="$DC_OPEN_TCP"
+OPEN_UDP="$DC_OPEN_UDP"
 OPEN_IP=""
 
 # Put in the following variables the TCP/UDP ports you want to DENY(DROP) for
--- a/etc/init.d/arno-iptables-firewall
+++ b/etc/init.d/arno-iptables-firewall
@@ -21,7 +21,7 @@
 ############################################################################################
 
 PATH=/bin:/usr/bin:/sbin:/usr/sbin
-PROGRAM="/usr/local/sbin/arno-iptables-firewall"
+PROGRAM="/usr/sbin/arno-iptables-firewall"
 
 # Be verbose(1)?:
 VERBOSE=0
