debian/0000775000000000000000000000000012304122334007162 5ustar debian/compat0000664000000000000000000000000211731120001010350 0ustar 5 debian/20-ufw.conf0000664000000000000000000000046711731120001011050 0ustar # Log kernel generated UFW log messages to file :msg,contains,"[UFW " /var/log/ufw.log # Uncomment the following to stop logging anything that matches the last rule. # Doing this will stop logging kernel generated UFW log messages to the file # normally containing kern.* messages (eg, /var/log/kern.log) #& ~ debian/ufw.install0000664000000000000000000000046411775611606011377 0ustar debian/changelog.Debian.pre-0.27.1 usr/share/doc/ufw/ debian/*md5sum usr/share/ufw/ debian/20-ufw.conf etc/rsyslog.d/ debian/sysctl.conf etc/ufw/ debian/tmp/usr/sbin/ufw debian/tmp/etc debian/tmp/lib debian/tmp/usr/lib/python3*/dist-packages/ufw* debian/tmp/usr/share tests/check-requirements usr/share/ufw/ debian/config0000664000000000000000000000365211731120001010350 0ustar #!/bin/sh -e # debconf . /usr/share/debconf/confmodule db_version 2.0 CONFFILE="/etc/ufw/ufw.conf" USER_PATH="/lib/ufw" TEMPLATE_PATH="/usr/share/ufw" has_existing() { if [ ! -e "$USER_PATH/user.rules" ]; then return 1 fi orig=`md5sum $TEMPLATE_PATH/user.rules | cut -d ' ' -f 1` orig_md5file="$TEMPLATE_PATH/user.rules.md5sum" user=`md5sum $USER_PATH/user.rules | cut -d ' ' -f 1` orig6=`md5sum $TEMPLATE_PATH/user6.rules | cut -d ' ' -f 1` orig6_md5file="$TEMPLATE_PATH/user6.rules.md5sum" user6=`md5sum $USER_PATH/user6.rules | cut -d ' ' -f 1` if [ "$orig" != "$user" ] && ! grep -q "$user" "$orig_md5file" 2>/dev/null ; then return 0 elif [ "$orig6" != "$user6" ] && ! grep -q "$user6" "$orig6_md5file" 2>/dev/null ; then return 0 else return 1 fi } # https://bugs.launchpad.net/ufw/+bug/400208 OLD_USER_PATH="/var/lib/ufw" if dpkg --compare-versions "$2" lt 0.28-1 ; then test -d $USER_PATH || mkdir $USER_PATH for f in user.rules user6.rules do test -f $OLD_USER_PATH/$f && mv -f $OLD_USER_PATH/$f $USER_PATH/$f done fi # If ufw is enabled (eg during an upgrade), then update debconf if [ -f "$CONFFILE" ]; then if egrep -q '^ENABLED=yes$' "$CONFFILE" ; then db_set ufw/enable true || true else db_set ufw/enable false || true fi fi db_get ufw/enable previous="$RET" db_input medium ufw/enable || true db_go db_get ufw/enable # only use existing_configuration/allow_known_ports if the user changed from # false to true if [ ! -z "$RET" ] && [ "$previous" = "false" ] && [ "$RET" = true ]; then if has_existing ; then # Can't reliably configure ports in an existing configuration db_text low ufw/existing_configuration || true db_go else db_input medium ufw/allow_known_ports || true db_go db_input low ufw/allow_custom_ports || true db_go fi fi debian/ufw.prerm0000664000000000000000000000032712002330411011024 0ustar #!/bin/sh -e case "$1" in remove) # Unload ufw (will only happen if enabled) if [ -x /lib/ufw/ufw-init ]; then /lib/ufw/ufw-init stop || true fi ;; esac #DEBHELPER# debian/before.rules.md5sum0000664000000000000000000000076012304121745012721 0ustar dd5050aa836d8a344c756367865a7c17 /usr/share/ufw/before.rules 8cfcfe296c7da50940e06fc0314f7523 /usr/share/ufw/before.rules 92023757ab10549ac2bba7c75b6000f3 /usr/share/ufw/before.rules e5f58e321f38dd7534380937b470c928 /usr/share/ufw/before.rules e30217e2a69b3da17edaf2b54374fe4f /usr/share/ufw/before.rules 8e482ff92456fcb9ea15ecbd96ea8cf5 /usr/share/ufw/before.rules 56d63ca8194e54030efb54141f42b32c /usr/share/ufw/before.rules 5fee8ec1341cebdd2d20c4946ef3cb5b /usr/share/ufw/before.rules debian/ufw.upstart.ubuntu0000664000000000000000000000073111731120001012721 0ustar # ufw - Uncomplicated Firewall # # The Uncomplicated Firewall is a front-end for iptables, to make managing a # Netfilter firewall easier. description "Uncomplicated firewall" # Make sure we start before an interface receives traffic start on (starting network-interface or starting network-manager or starting networking) stop on runlevel [!023456] console output pre-start exec /lib/ufw/ufw-init start quiet post-stop exec /lib/ufw/ufw-init stop debian/source/0000775000000000000000000000000011731120173010464 5ustar debian/source/format0000664000000000000000000000001411731120173011672 0ustar 3.0 (quilt) debian/ufw.postrm0000664000000000000000000000164512002330357011240 0ustar #!/bin/sh -e RULES_PATH="/etc/ufw" USER_PATH="/lib/ufw" UFW_CONF="/etc/ufw/ufw.conf" case "$1" in remove) ;; purge) if [ -e /usr/share/debconf/confmodule ]; then . /usr/share/debconf/confmodule db_purge fi for f in before.rules before6.rules after.rules after6.rules do if which ucf > /dev/null 2>&1; then ucf -p $RULES_PATH/$f fi rm -f $RULES_PATH/$f rm -f $RULES_PATH/$f.ucf-old $RULES_PATH/$f.ucf-new $RULES_PATH/$f.ucf-dist done rm -f $RULES_PATH/ufw.rules $RULES_PATH/ufw.rules.dpkg-old rm -f $USER_PATH/user.rules $USER_PATH/user6.rules rm -f "$UFW_CONF" ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument '$1'" >&2 exit 1 ;; esac #DEBHELPER# debian/po/0000775000000000000000000000000012304122334007600 5ustar debian/po/es.po0000664000000000000000000001044611731120001010544 0ustar # ufw po-debconf translation to Spanish # Copyright (C) 2009 Software in the Public Interest # This file is distributed under the same license as the ufw package. # # Changes: # - Initial translation # Francisco Javier Cuadrado , 2009 # # Traductores, si no conocen el formato PO, merece la pena leer la # documentación de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traducción al español, por favor, lean antes de traducir # los siguientes documentos: # # - El proyecto de traducción de Debian al español # http://www.debian.org/intl/spanish/ # especialmente las notas de traducción en # http://www.debian.org/intl/spanish/notas # # - La guía de traducción de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # msgid "" msgstr "" "Project-Id-Version: ufw 0.27.1-2\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-06-17 13:05+0200\n" "Last-Translator: Francisco Javier Cuadrado \n" "Language-Team: Debian l10n Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Se ha encontrado la configuración existente" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Se ha encontrado una configuración de ufw existente. Las reglas existentes " "se deberán gestionar manualmente." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Debería leer la página del manual ufw(8) para los detalles sobre la " "configuración de ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "¿Desea iniciar ufw automáticamente?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Si escoge esta opción, las reglas que está a punto de configurar se " "activarán durante el inicio del sistema de modo que esta máquina este " "protegida lo antes posible." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Para proteger esta máquina inmediatamente, debe iniciar ufw manualmente." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Servicios autorizados:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Escoja los servicios que deberían estar disponibles para las conexiones " "entrantes." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" "Se pueden especificar otros servicios en el siguiente paso de la " "configuración." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Servicios autorizados adicionales:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Introduzca una lista de los puertos que querría abrir, separados por " "espacios. Debe utilizar un nombre de servicio (se puede encontrar en el " "archivo «/etc/services»), un número de puerto o un número de puerto con un " "protocolo." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Por ejemplo: para permitir un servidor web, el puerto 53 y el puerto 22 de " "TCP, debería introducir «www 53 22/tcp»." debian/po/pt.po0000664000000000000000000000701211731120001010553 0ustar # translation of ufw debconf to Portuguese # Copyright (C) 2009 the ufw's copyright holder # This file is distributed under the same license as the ufw package. # # Américo Monteiro , 2009. msgid "" msgstr "" "Project-Id-Version: ufw 0.28-1\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-07-25 16:16+0100\n" "Last-Translator: Américo Monteiro \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Foi encontrada configuração existente" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Foi encontrada uma configuração existente para o ufw. As regras existentes " "terão que ser geridas manualmente." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Você deverá ler o manual do ufw(8) para detalhes acerca da configuração do " "ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Arrancar o ufw automaticamente?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Se você escolher esta opção, as regras que está prestes a definir irão ser " "activadas durante o arranque do sistema para que esta máquina fique " "protegida o mais cedo possível." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Para proteger esta máquina imediatamente, você deve arrancar manualmente o " "ufw." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Serviços autorizados:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Por favor escolha os serviços que deverão estar disponíveis para ligações " "recebidas." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" "Outros serviços podem ser especificados no próximo passo de configuração." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Serviços adicionais autorizados:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Por favor indique uma lista separada por espaços de quaisquer portos " "adicionais que deseja abrir. Você pode usar um nome de serviço (conforme /" "etc/services), um número de porto, ou um número de porto com protocolo." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Exemplo: para permitir um servidor web, porto 53 e porto tcp 22, você deve " "indicar \"www 53 22/tcp\"." debian/po/templates.pot0000664000000000000000000000454611731120001012323 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" debian/po/ja.po0000664000000000000000000000705011731120001010524 0ustar # Copyright (C) 2009 Jamie Strandboge # This file is distributed under the same license as the ufw package. # Hideki Yamane (Debian-JP), 2009. # msgid "" msgstr "" "Project-Id-Version: ufw 0.28-1\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-07-26 21:32+0900\n" "Last-Translator: Hideki Yamane (Debian-JP) \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "既存の設定が見つかりました" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "ufw の既存の設定が見つかりました。既存のルールは手動で管理する必要がありま" "す。" #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "ufw の設定の詳細については、ufw(8) の man ページを読んでください。" #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "ufw を自動的に開始しますか?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "このオプションを選んだ場合、適用しようとしているルールはシステム起動時に有効" "になるので、可能な限り早くにこのホストは保護されることになります。" #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "このホストを今すぐに保護するには、ufw を手動で開始する必要があります。" #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "許可するサービス:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "外部からの接続を可能にする必要があるサービスを選んでください。" #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "他のサービスについては次の設定項目で指定します。" #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "許可するサービスの追加:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "追加で開放したいポートを空白で区切ったリストで入力してください。(/etc/" "services に記述がある) サービス名、ポート番号、ポート番号とプロトコルが使えま" "す。" #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "例: ウェブサーバと53番ポート、そして tcpの22番ポートを許可するには、「www 53 " "22/tcp」と入力してください。" debian/po/eu.po0000664000000000000000000000663611731120001010554 0ustar # translation of templates(2).po to Euskara # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Piarres Beobide EGaña , 2009. msgid "" msgstr "" "Project-Id-Version: templates(2)\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-07-28 22:35+0200\n" "Last-Translator: Piarres Beobide \n" "Language-Team: Basque \n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 0.3\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Konfigurazioa aurkituta" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Aurreko ufw konfigurazio bat aurkitu da. Dauden arauak eskuz kudeatu behar " "dira." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "ufw(8) manual orria irakurri beharko zenuke ufw konfigurazio " "xehetasunetarako." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Abiarazi ufw automatikoki?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Aukera hau hautatzen baduzu ezartzen dituzun arauak sistema abioan gaituko " "dira, honela sistema hala bezain azkar babesteko." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "Ostalari hau berehala babesteko ufw eskuz abiarazi beharko duzu." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Autorizatutako zerbitzuak:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Mesedez hautatu zein zerbitzu baimendu behar dira kanpoaldetik konektatzeko." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" "Beste zerbitzu batzuek hurrengo konfigurazio urratsean zehaztu daitezke." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Autorizatutako zerbitzu gehigarriak:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Mesedez idatzi zuriunez bereizirik irekitzea nahi dituzun ataka gehigarrien " "zerrenda. Zerbitzu izen bat (/etc/services-en zehazturikoak), ataka zenbaki " "bat edo ataka zenbakia protokolo batez erabili ditzakezu." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Adibidez: web zerbitzari bat, 53 ataka eta 22 atakako tcp onartzeko \"www 53 " "22/tcp\" idatzi beharko duzu." debian/po/cs.po0000664000000000000000000000650311731120001010541 0ustar # Czech debconf template translation of ufw # Copyright (C) 2009 Michal Simunek # This file is distributed under the same license as the ufw package. # msgid "" msgstr "" "Project-Id-Version: ufw 0.27.1-2\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-07-25 14:13+0200\n" "Last-Translator: Michal Simunek \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Nalezena existující konfigurace" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Pro ufw byla nalezena existující konfigurace. Existující pravidla musí být " "spravována ručně." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Pro podrobnosti o konfiguraci ufw si přečtěte manuálovou stránku ufw(8)." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Spustit ufw automaticky?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Pokud zvolíte tuto možnost, pravidla, která nastavíte, budou povolena při " "startu systému, takže tento host je chráněn nejdříve, jak je to možné." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "Pro okamžitou ochranu tohoto hosta musíte spustit ufw ručně." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Autorizované služby:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "Zvolte prosím služby, které mají být povoleny pro příchozí spojení." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Další služby mohou být uvedeny v následujícím kroku konfigurace." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Další autorizované služby:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Vložte prosím seznam dalších portů oddělený mezerami, které chcete otevřít." "Můžete použít název služby (lze najít v /etc/services), číslo portu, nebo " "číslo portu s protokolem." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Příklad: pro povolení webového serveru, portu 53 a tcp portu 22 vložte „www " "53 22/tcp“." debian/po/da.po0000664000000000000000000000652311737121215010540 0ustar # Danish translation ufw. # Copyright (C) 2012 ufw & nedenstående oversættere. # This file is distributed under the same license as the ufw package. # Joe Hansen (joedalton2@yahoo.dk), 2012. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2012-03-31 12:42+0000\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Eksisterende konfiguration fundet" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Der er fundet en eksisterende konfiguration for ufw. Eksisterende regler " "skal håndteres manuelt." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "Du bør læse manualsiden ufw(8) for detaljer om ufw-konfiguration." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Start ufw automatisk?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Hvis du vælger denne indstilling, så vil reglerne du er ved at angive blive " "aktiveret ved systemopstart, så at denne vært bliver beskyttet så tidlig " "som muligt." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "For at beskytte denne vært øjeblikkelig, så skal du starte ufw manuelt." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Autoriserede tjenester:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Vælg venligst de tjenester som skal være tilgængelige for indgående forbindelser." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Andre tjenester kan angives i det næste konfigurationstrin." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Yderligere autoriserede tjenester:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Indtast venligst en mellemrumsadskilt liste over yderligere porte du ønsker " "at åbne. Du kan bruge et tjenestenavn (som fundet i /etc/services), et " "portnummer eller et portnummer med protokol." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Eksempel: For at tillade en internetserver, port 53 og tcp port 22, skal " "du indtaste »www 53 22/tcp«." debian/po/gl.po0000664000000000000000000000700111731120001010530 0ustar # Copyright (C) 2009 # This file is distributed under the same license as the ufw package. # # Marce Villarino , 2009. msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-07-25 14:08+0200\n" "Last-Translator: Marce Villarino \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 0.3\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Achouse unha configuración xa existente" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Atopouse unha configuración de ufw preexistente. As regras xa existentes " "deben xestionarse manualmente." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Debería ler a páxina de manual de ufw(8) para coñecer máis detalles " "acerca da configuración de ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Desexa iniciar ufw automaticamente?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Se escolle esta opción activaranse durante o arrinque do sistema as regras " "que está a piques de estabelecer, de tal xeito que este servidor estarÃ" "¡ protexido tan axiña como se poda." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Para protexer esta máquina inmediatamente debe iniciar manualmente ufw." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Servizos autorizados:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Escolla os servizos que deben estar dispoñíbeis para as conexións " "entrantes." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" "Poden especificarse outros servizos no seguinte paso da configuración." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Servizos adicionais autorizados:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Introduza unha lista delimitada por espazos cos portos adicionais que desexa " "abrir. Pode empregar o nome do servizo (tal como aparece en /etc/services), " "o número de porto, ou un número de porto xunto co protocolo." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Exemplo: para permitir un servidor web, o porto 53 e o porto tcp 22, debería " "escribir: «www 53 22/tcp»." debian/po/vi.po0000664000000000000000000000706711731120001010560 0ustar # Vietnamese translation for UFW. # Copyright © 2009 Free Software Foundation, Inc. # Clytie Siddall , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw 0.28-1\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-09-23 00:31+0930\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: LocFactoryEditor 1.8\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Tìm thấy cấu hình đã có" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Một cấu hình ufw đã tồn tại đã được tìm. Bạn cần tự thao tác những quy tắc " "đã có." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "Hãy đọc trang hướng dẫn ufw(8) để tìm chi tiết về cấu hình ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Tự động khởi chạy ufw ?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Bật tùy chọn này thì những quy tắc sắp đặt sẽ được hiệu lực trong khi khởi " "chạy hệ thống, để bảo vệ máy này vào lúc sớm nhất có thể." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "Để bảo vệ máy này ngay lập tức, bạn cần phải tự khởi chạy ufw." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Dịch vụ được phép:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "Hãy chọn những dịch vụ nên sẵn sàng cho kết nối gửi đến." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Dịch vụ khác có thể được xác định trong bước cấu hình kế tiếp." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Dịch vụ bổ sung được phép:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Hãy nhập một danh sách định giới bằng dấu cách chứa những cổng bổ sung nào " "bạn muốn mở. Có thể dùng một tên dịch vụ (như được ghi trong « /etc/services " "»), một số thứ tự cộng, hay một số thứ tự cộng với giao thức." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Ví dụ, để cho phép một trình phục vụ Web, cổng 53 và cổng TCP 22, bạn nên gõ " "« www 53 22/tcp »." debian/po/ru.po0000664000000000000000000001021511731120001010555 0ustar # translation of ru.po to Russian # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Yuri Kozlov , 2009. msgid "" msgstr "" "Project-Id-Version: ufw 0.27.1-2\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-06-21 16:30+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Найдены предыдущие настройки программы" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Найдены предыдущие настройки ufw. Существующие правила нужно изменять " "вручную." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Подробней о настройке ufw можно прочитать в справочной странице ufw(8)." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Запускать ufw автоматически?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Если вы ответите утвердительно, то настроенные вами правила будут " "активированы при загрузке операционной системы, что позволит защитить " "компьютер уже на этой стадии." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Чтобы защитить компьютер сразу после установки, вам нужно запустить ufw " "вручную." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Разрешённые службы:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "Выберите службы, которые должны быть доступны извне." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Отсутствующие здесь необходимые вам службы можно будет указать далее." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Дополнительные разрешённые службы:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Введите через пробел дополнительные порты, которые нужно открыть. Вы можете " "указывать имя службы (из /etc/services), номер порта или номер порта с " "протоколом." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Пример: чтобы разрешить доступ к веб-серверу, порту 53 и tcp порту 22, нужно " "ввести \"www 53 22/tcp\"." debian/po/POTFILES.in0000664000000000000000000000004411731120001011343 0ustar [type: gettext/rfc822deb] templates debian/po/nl.po0000664000000000000000000000656211731120001010552 0ustar # Dutch translation of ufw debconf templates. # Copyright (C) 2012 THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the ufw package. # Jeroen Schot , 2012. # msgid "" msgstr "" "Project-Id-Version: ufw 0.30.1-2\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2012-02-03 15:22+0100\n" "Last-Translator: Jeroen Schot \n" "Language-Team: Debian l10n Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Bestaande configuratie gevonden" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Er is een bestaande configuratie voor ufw gevonden. De bestaande regels " "moeten handmatig beheerd worden." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Lees de man-pagina van ufw(8) voor details over de configuratie van ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Ufw automatisch opstarten?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Als u voor deze optie kiest, dan worden de regels die u straks instelt " "ingeschakeld tijdens de systeemstart zodat deze computer zo snel mogelijk " "wordt beschermd." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "Om deze computer direct te beschermen moet u ufw handmatig starten." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Geautoriseerde diensten:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Welke diensten moeten beschikbaar zijn voor binnenkomende verbindingen?" #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "U kunt bij de volgende configuratiestap andere diensten aangeven." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Aanvullende geautoriseerde diensten:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Voer alstublieft een door spaties gescheiden lijst van extra poorten die u " "wilt openen. U kunt een dienstnaam (zoals in /etc/services), poortnummer of " "poortnummer met protocol gebruiken." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Voorbeeld: Om een webserver, poort 53 en TCP-poort 22 toe te staan moet u " "\"www 53 22/tcp\" opgeven." debian/po/it.po0000664000000000000000000000671711731120001010557 0ustar # Italian translation of ufw # Copyright (C) 2009 Software in the Public Interest # This file is distributed under the same license as the ufw package. # Luca Monducci , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw 0.28\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-08-06 16:33+0200\n" "Last-Translator: Luca Monducci \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Trovata una configurazione già esistente" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "È stata trovata una configurazione per ufw già esistente. Le regole " "esistenti devono essere gestite manualmente." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Si veda la pagina man di ufw(8) per i dettagli sulla configurazione di ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Avviare ufw automaticamente?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Se si accetta, le regole che si stanno per impostare verranno attivate " "durante l'avvio del sistema, così facendo questo host sarà protetto il prima " "possibile." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Per proteggere questo host immediatamente è necessario avviare ufw " "manualmente." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Servizi autorizzati:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Scegliere quali servizi devono essere disponibili per le connessioni " "entranti." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" "Nel prossimo passo di configurazione è possibile specificare anche altri " "servizi." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Altri servizi autorizzati:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Inserire l'elenco di tutte le ulteriori porte che si vuole aprire usando uno " "spazio come separatore. Si può usare il nome di un servizio (come elencato " "in /etc/services), il numero di una porta oppure il numero e il protocollo " "di una porta." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Esempio: per permettere su server web, la porta 53 e la porta tcp 22, si " "deve inserire \"www 53 22/tcp\"." debian/po/de.po0000664000000000000000000000675011731120001010530 0ustar # Translation of ufw debconf templates to German # Copyright (C) Helge Kreutzmann , 2009. # This file is distributed under the same license as the ufw package. # msgid "" msgstr "" "Project-Id-Version: ufw 0.27.1-2\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-06-22 19:26+0200\n" "Last-Translator: Helge Kreutzmann \n" "Language-Team: de \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Bestehende Konfiguration gefunden" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Eine existierende Konfiguration für Ufw wurde gefunden. Existierende Regeln " "müssen manuell verwaltet werden." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Sie sollten die Handbuchseite ufw(8) für weitere Hinweise zur Konfiguration " "von Ufw lesen." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Ufw automatisch starten?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Falls Sie diese Option wählen, werden die in Kürze erstellten Regeln wÃ" "¤hrend des Systemstartes aktiviert, so dass dieser Rechner so früh wie " "möglich geschützt wird." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Um diesen Rechner sofort zu schützen, müssen Sie Ufw manuell starten." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Berechtigte Dienste:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Bitte wählen Sie die Dienste aus, die für eingehende Verbindungen " "verfügbar sein sollen." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" "Andere Dienste können im nächsten Konfigurationsschritt festgelegt werden." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Zusätzliche autorisierte Dienste:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Bitte geben Sie die Liste der zusätzlichen Ports, die geöffnet werden " "sollen, durch Leerzeichen getrennt an. Sie können Dienstenamen (wie in /etc/" "services angegeben), Portnummern oder Portnummern mit Protokoll verwenden." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Beispiel: um einem Webserver, Port 53 und TCP-Port 22 zu erlauben sollten " "Sie »www 53 22/tcp« eingeben." debian/po/fi.po0000664000000000000000000000646511731120001010541 0ustar # Copyright (C) 2009 # This file is distributed under the same license as the ufw package. # # Esko Arajärvi , 2009. msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-06-17 21:39+0300\n" "Last-Translator: Esko Arajärvi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 0.3\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Asetustiedosto löytyi" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Järjestelmästä löytyi ufw:n asetustiedosto. Olemassa olevia sääntöjä täytyy " "pitää yllä käsin." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "Lisätietoja ufw:n asetuksista löytyy man-ohjesivulta ufw(8)." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Käynnistetäänkö ufw automaattisesti?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Jos valitset tämän vaihtoehdon, asetettavat säännöt otetaan käyttöön " "järjestelmän käynnistyessä siten, että kone on suojattuna mahdollisimman " "aikaisin." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "Jos haluat suojata tämän koneen heti, ufw täytyy käynnistää käsin." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Sallitut palvelut:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "Valitse palvelut, joihin voidaan ottaa yhteyksiä ulkopuolelta." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Voit seuraavassa vaiheessa määritellä muita palveluita." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Muut sallitut palvelut:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Anna välilyönnein eroteltu lista porteista, jotka haluat avata. Voit käyttää " "palvelun nimeä (tiedostosta /etc/services löytyvässä muodossa), portin " "numeroa tai portin numeroa ja protokollaa." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Esimerkki: Salliaksesi www-palvelimen, portin 53 ja TCP-portin 22, syötä " "”www 53 22/tcp”." debian/po/sv.po0000664000000000000000000000665711731120001010576 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-07-24 23:56+0100\n" "Last-Translator: Martin Bagge \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Swedish\n" "X-Poedit-Country: Sweden\n" "X-Poedit-SourceCharset: utf-8\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Äldre inställningar funna" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Inställningar för en tidigare version av ufw har hittats. Existerande regler " "måste hanteras manuellt." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Du bör läsa manualsidan ufw(8) för detaljerad information om ufws " "inställningar." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Starta ufw automatiskt?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Om du väljer detta alternativ kommer reglerna du anger att aktiveras vid " "systemets uppstart för att försäkra att värden är så skyddad som möjligt." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "För att skydda värden omedelbart måste du starta ufw manuellt." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Tillåtna tjänster:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Ange vilka tjänster som ska vara tillgängliga för inkommande anslutningar." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Andra tjänster kan anges i nästa inställningssteg." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Ytterligare tillåtna tjänster:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Ange en lista separerad med mellanslag över ytterligare portar som du vill " "ha öppna. Du kan ange tjänstenamn (enligt vad som specificeras i /etc/" "services), ett portnummer eller ett portnummer tillsammans med protokoll." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Exempel: för att tillåta en webbserver, port 53 och tcp-port 22 kan du ange " "\"www 53 22/tcp\"." debian/po/sk.po0000664000000000000000000000666111731120001010556 0ustar # Slovak translation of ufw. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the ufw package. # Ivan Masár , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-06-24 14:52+0100\n" "Last-Translator: Ivan Masár \n" "Language-Team: Slovak \n" "Language: sk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=((n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2);\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Nájdená existujúca konfigurácia" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Našla sa existujúca konfigurácia ufw. Existujúce pravidlá je potrebné " "spravovať manuálne." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Mali by ste si prečítať podrobnosti o konfigurácii v manuálovej stránke ufw" "(8)." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Spúšťať ufw automaticky?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Ak zvolíte túto možnosť, pravidlá, ktoré sa chystáte nastaviť budú zapnuté " "pri spustení systému aby bol tento počítač chránený čo najskôr." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "Ak chcete tento počítač chrániť okamžite, musíte spustiť ufw ručne." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Oprávnené služby:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "Zvoľte prosím služby, ktoré budú dostupné pre prichádzajúce spojenia." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Ďalšie služby možno uviesť v nasledovnom kroku konfigurácie." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Ďalšie oprávnené služby:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Zadajte prosím zoznam hodnôt oddelených medzerami ďalších portov, ktoré " "chcete otvoriť. Môžete použiť názov služby (podľa definície v /etc/" "services), číslo portu alebo číslo portu a protokol." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Príklad: ak chcete povoliť webový server, port 53 a tcp port 22, mali by ste " "zadať „www 53 22/tcp“." debian/po/fr.po0000664000000000000000000000706011731120001010542 0ustar # Translation of ufw debconf templates to French # Copyright © 2009 Debian French l10n team # This file is distributed under the same license as the ufw package. # # Nicolas Sauzede , 2009. msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2009-06-17 15:25+0100\n" "Last-Translator: Nicolas Sauzede \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Configuration existante trouvée" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Une configuration existante a été trouvée pour ufw. Les règles qui y sont " "utilisées doivent être gérées manuellement." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Vous devriez lire la page de manuel ufw(8) pour plus de détails sur la " "configuration de ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Démarrer ufw automatiquement ?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Si vous choisissez cette option, les règles que vous allez définir seront " "activées au démarrage du système afin que cette machine soit protégée le " "plus tôt possible." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Pour protéger cette machine immédiatement, vous devrez démarrer ufw vous-" "même." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Services autorisés :" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Veuillez choisir les services qui devraient rester disponibles pour les " "connections entrantes." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "" "D'autres services peuvent être indiqués dans la prochaine étape de " "configuration." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Services supplémentaires autorisés :" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Veuillez indiquer la liste des ports additionnels à ouvrir, séparés par des " "espaces. Vous pouvez utiliser un nom de service (comme ceux de /etc/" "services), un numéro de port, ou un numéro de port avec protocole." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Exemple : pour autoriser un serveur web, le port 53 et le port TCP 22, vous " "devriez saisir « www 53 22/tcp »." debian/po/pl.po0000664000000000000000000000707512245167617010605 0ustar # Translation of ufw debconf templates to Polish. # Copyright (C) 2009 # This file is distributed under the same license as the ufw package. # # Michał Kułach , 2012. msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: ufw@packages.debian.org\n" "POT-Creation-Date: 2009-06-16 23:11+0100\n" "PO-Revision-Date: 2012-04-06 23:44+0200\n" "Last-Translator: Michał Kułach \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #. Type: error #. Description #: ../templates:2001 msgid "Existing configuration found" msgstr "Znaleziono istniejącą konfigurację" #. Type: error #. Description #: ../templates:2001 msgid "" "An existing configuration for ufw has been found. Existing rules must be " "managed manually." msgstr "" "Znaleziono istniejącą konfigurację ufw. Konieczne jest ręczne zarządzanie " "istniejącymi regułami." #. Type: error #. Description #: ../templates:2001 msgid "You should read the ufw(8) manpage for details about ufw configuration." msgstr "" "Proszę zapoznać się ze stroną man ufw(8), aby poznać szczegóły na temat " "konfiguracji ufw." #. Type: boolean #. Description #: ../templates:3001 msgid "Start ufw automatically?" msgstr "Uruchamiać ufw automatycznie?" #. Type: boolean #. Description #: ../templates:3001 msgid "" "If you choose this option, the rules you are about to set will be enabled " "during system startup so that this host is protected as early as possible." msgstr "" "Jeśli ta opcja zostanie wybrana, reguły, które zostaną za chwilę " "skonfigurowane, będą uruchamiane podczas rozruchu systemu, aby chronić " "komputer tak wcześnie, jak to tylko możliwe." #. Type: boolean #. Description #: ../templates:3001 msgid "To protect this host immediately, you must start ufw manually." msgstr "" "Aby zacząć chronić komputer w tej chwili, konieczne jest ręczne uruchomienie " "ufw." #. Type: multiselect #. Description #: ../templates:4001 msgid "Authorized services:" msgstr "Autoryzowane usługi:" #. Type: multiselect #. Description #: ../templates:4001 msgid "" "Please choose the services that should be available for incoming connections." msgstr "" "Proszę wybrać usługi, które powinny być dostępne dla połączeń przychodzących." #. Type: multiselect #. Description #: ../templates:4001 msgid "Other services may be specified in the next configuration step." msgstr "Inne usługi mogą być podane w kolejnym kroku konfiguracyjnym." #. Type: string #. Description #: ../templates:5001 msgid "Additional authorized services:" msgstr "Dodatkowe autoryzowane usługi:" #. Type: string #. Description #: ../templates:5001 msgid "" "Please enter a space separated list of any additional ports you would like " "to open. You may use a service name (as found in /etc/services), a port " "number, or a port number with protocol." msgstr "" "Proszę wpisać listę, oddzielonych spacją, dodatkowych portów, które mają być " "otwarte. Można użyć nazwy usługi (zgodnie z /etc/services), numeru portu lub " "numeru portu z protokołem." #. Type: string #. Description #: ../templates:5001 msgid "" "Example: to allow a web server, port 53 and tcp port 22, you should enter " "\"www 53 22/tcp\"." msgstr "" "Przykładowo: aby otworzyć serwerowi WWW port 53 i port tcp 22, proszę wpisać " "\"www 53 22/tcp\"." debian/watch0000664000000000000000000000013612057413542010224 0ustar version=3 https://launchpad.net/ufw/+download/ https://launchpad.net/ufw/.*/ufw-(.*)\.tar\.gz debian/ufw.dirs0000664000000000000000000000034311775404560010665 0ustar etc/bash_completion.d etc/default etc/init.d etc/logrotate.d etc/rsyslog.d etc/ufw/applications.d/ lib/ufw usr/sbin usr/share/doc/ufw usr/share/man/man8 usr/share/lintian/overrides usr/share/ufw/iptables usr/share/ufw/messages debian/before6.rules.md5sum0000664000000000000000000000077012304122047013004 0ustar a7b14bf9705a040952d019f424cf1dfa /usr/share/ufw/before6.rules 1fb72d56ecc76dcb7069ba2b842b50f9 /usr/share/ufw/before6.rules ad9220f08e0fc4abcc04b06d01baa1ec /usr/share/ufw/before6.rules 9cdc37360d39d2623111bd3190d53839 /usr/share/ufw/before6.rules 328286ed8c23b67cee3e5c1bccae8540 /usr/share/ufw/before6.rules 0ad4a3e3e5fe552ee7f72e6b8e074365 /usr/share/ufw/before6.rules 223263b7a9e98a233cb10ad8d62baa67 /usr/share/ufw/before6.rules 60adbb20185004d2e33cd4ffb4ef607c /usr/share/ufw/before6.rules debian/triggers0000664000000000000000000000004111731120001010716 0ustar interest /etc/ufw/applications.d debian/ufw.preinst0000664000000000000000000000167211731120001011367 0ustar #!/bin/sh -e if [ "$1" = "upgrade" ] && [ -f /etc/ufw/ufw.conf ]; then if dpkg --compare-versions "$2" lt 0.29.1-1 ; then level=`grep '^LOGLEVEL=.*' /etc/ufw/ufw.conf | cut -f 2 -d '=' | tr A-Z a-z` if [ -z "$level" ]; then # Convert old-style logging mechanism to the new. This is # primarly useful for Ubuntu 8.04 LTS to Ubuntu 10.04 LTS # upgrades, but also will cover some other odd situations. if grep -q '^\-A ufw-after-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "\[UFW BLOCK INPUT\]: "$' /etc/ufw/after.rules ; then level="low" else level="off" fi echo "# AUTOMATICALLY ADDED ON UPGRADE:" >> /etc/ufw/ufw.conf echo "# set to one of 'off', 'low', 'medium', 'high'" >> /etc/ufw/ufw.conf echo "LOGLEVEL=$level" >> /etc/ufw/ufw.conf fi fi fi #DEBHELPER# debian/control0000664000000000000000000000247312301215172010573 0ustar Source: ufw Section: admin XS-Python-Version: >= 2.5 X-Python3-Version: >= 3.2 Priority: optional Maintainer: Jamie Strandboge Build-Depends-Indep: iptables, lsb-release, netbase, sed (>= 3.95) Build-Depends: debhelper (>= 7.3.15ubuntu2), po-debconf, python (>= 2.6.6-3~), python3 (>= 3.2) Standards-Version: 3.9.5 Homepage: https://launchpad.net/ufw Vcs-Bzr: https://bazaar.launchpad.net/~jdstrand/ufw/ufw-debian Package: ufw Architecture: all Suggests: rsyslog Depends: debconf, iptables, ucf, ${python3:Depends}, ${misc:Depends} XB-Python-Version: ${python3:Versions} Description: program for managing a Netfilter firewall The Uncomplicated FireWall is a front-end for iptables, to make managing a Netfilter firewall easier. It provides a command line interface with syntax similar to OpenBSD's Packet Filter. It is particularly well-suited as a host-based firewall. Package: python-ufw Section: python Architecture: all Depends: ${python:Depends}, ${misc:Depends} XB-Python-Version: ${python:Versions} Breaks: ufw (<< 0.32-0ubuntu1) Replaces: ufw (<< 0.32-0ubuntu1) Description: Uncomplicated FireWall Python modules The Uncomplicated FireWall is a front-end for iptables, to make managing a Netfilter firewall easier. This package includes the Python modules for the Uncomplicated FireWall. debian/ufw.postinst0000664000000000000000000000776412301515172011611 0ustar #!/bin/sh -e # Only source /usr/share/debconf/confmodule when not called with 'triggered' # to avoid LP: #618410. if [ "$1" != "triggered" ]; then . /usr/share/debconf/confmodule fi RULES_PATH="/etc/ufw" USER_PATH="/lib/ufw" TEMPLATE_PATH="/usr/share/ufw" enable_ufw() { ans="" if [ "$1" = "true" ]; then ans="yes" elif [ "$1" = "false" ]; then ans="no" else return 1 fi test -f /etc/ufw/ufw.conf && sed -i "s/^ENABLED=.*/ENABLED=$ans/" /etc/ufw/ufw.conf } allow_port() { ufw allow "$@" >/dev/null || true } allow_service() { service=`echo "$@" | sed 's/#/ /g'` if [ "$service" = "CUPS" ]; then allow_port 631 elif [ "$service" = "DNS" ]; then allow_port 53 elif [ "$service" = "IMAPS" ]; then allow_port 993/tcp elif [ "$service" = "POP3S" ]; then allow_port 995/tcp elif [ "$service" = "SSH" ]; then allow_port 22/tcp elif [ "$service" = "CIFS (Samba)" ]; then allow_port 137/udp allow_port 138/udp allow_port 139/tcp allow_port 445/tcp elif [ "$service" = "SMTP" ]; then allow_port 25/tcp elif [ "$service" = "HTTP" ]; then allow_port 80/tcp elif [ "$service" = "HTTPS" ]; then allow_port 443/tcp fi } # If a primary chain is added to upstream, we should add it on upgrade so # reload works correctly add_primary_chain() { chain="$1" builtin="$2" ver="$3" exe="iptables" if [ "$ver" = "6" ]; then exe="ip6tables" fi if $exe -L "$chain" -n >/dev/null 2>&1 ; then return fi $exe -N "$chain" || true $exe -A "$builtin" -j "$chain" || true } case "$1" in configure) # these files are required, but don't want to change them if # the user modified them for f in before.rules before6.rules after.rules after6.rules do ucf --debconf-ok $TEMPLATE_PATH/iptables/$f $RULES_PATH/$f test -f $RULES_PATH/$f && chmod 640 $RULES_PATH/$f done for f in user.rules user6.rules do if [ ! -e "$USER_PATH/$f" ]; then # if no config, copy the template cp $TEMPLATE_PATH/iptables/$f $USER_PATH/$f chmod 640 $USER_PATH/$f fi done for f in before.init after.init do if [ ! -e "/etc/ufw/$f" ]; then cp $TEMPLATE_PATH/$f /etc/ufw chmod 640 /etc/ufw/$f fi done if [ ! -e "/etc/ufw/ufw.conf" ]; then cp $TEMPLATE_PATH/ufw.conf /etc/ufw fi # configure ufw with debconf values db_get ufw/enable enabled="$RET" db_fget ufw/existing_configuration seen seen_warning="$RET" if [ "$enabled" = "true" ] && [ "$seen_warning" = "false" ] ; then db_get ufw/allow_known_ports CHOICES="$RET" for service in `echo "$CHOICES" | sed 's/, /\n/g' | sed 's/ /#/g'`; do allow_service "$service" done db_get ufw/allow_custom_ports PORTS="$RET" for port in $PORTS ; do allow_port "$port" done db_fset ufw/existing_configuration seen true fi # need to do this after all 'allow_service' calls, otherwise ufw may # try to use iptables, which breaks the installer enable_ufw "$enabled" # add new primary chains on upgrade if [ "$enabled" = "true" ] && [ ! -z "$2" ] && dpkg --compare-versions "$2" lt "0.34~rc-0ubuntu2" ; then add_primary_chain ufw-track-forward FORWARD add_primary_chain ufw6-track-forward FORWARD 6 fi ;; triggered) ufw app update all || echo "Processing ufw triggers failed. Ignoring." exit 0 ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument '$1'" >&2 exit 1 ;; esac #DEBHELPER# debian/changelog0000664000000000000000000004037012304122272011041 0ustar ufw (0.34~rc-0ubuntu2) trusty; urgency=medium * debian/patches/0002-lp1078665.patch: distinguish between v4 and v6 rules when both addresses are 'any' (LP: #1078665). This can be dropped with 0.34 release. * debian/ufw.postinst: - drop old reload of policy for upgrades to 0.30.1-2 - add new ufw[6]-track-forward primary chains on upgrade * debian/patches/0003-manpage-hook-path.patch: update locations of hook scripts. This can be dropped with 0.34 release. * debian/patches/0004-add-safe-icmp-to-forward.patch: update before*.rules to add safe icmp to ufw-before-forward. This can be dropped with 0.34 release. * debian/before[6].rules.md5sum: adjusted for new release -- Jamie Strandboge Fri, 28 Feb 2014 08:59:13 -0600 ufw (0.34~rc-0ubuntu1) trusty; urgency=medium * New upstream pre-release (LP: #1059060, #1065297, #1062521, #1101304, LP: #1075975, #1089262, #262421) * Dropped the following patches now included upstream: - 0002-lp1044361.patch - 0003-fix-typeerror-on-error.patch - 0004-lp1039729.patch - 0005-lp1191197.patch * Remaining changes: - 0001-optimize-boot.patch: only read in /etc/ufw/ufw.conf when disabled * debian/before[6].rules.md5sum: adjusted for new release * debian/control: update Standards-Version to 3.9.5 * debian/rules: - only ship /usr/share/ufw/iptables/*rules and not /usr/share/ufw/ - *.init files should also be config files * debian/ufw.links: added to makes symlinks from /usr/share/ufw/iptables/* to /usr/share/ufw/ (so ucf is happy on upgrades) * debian/ufw.postinst: - use TEMPLATE_PATH/iptables/*rules instead of TEMPLATE_PATH/*rules (not strictly required since we are using dh_link, but makes the intent clearer) - copy /usr/share/ufw/*.init in to /etc/ufw -- Jamie Strandboge Thu, 20 Feb 2014 09:23:54 -0600 ufw (0.33-2) unstable; urgency=low * debian/control: python-ufw should Breaks/Replaces on ufw << 0.32-0ubuntu1 (Closes: 731863) -- Jamie Strandboge Tue, 10 Dec 2013 10:44:48 -0600 ufw (0.33-1) unstable; urgency=low * New upstream release (Closes: 711711, Closes: 691135, Closes: 704728). Sync back up with Ubuntu (all changes here except for Polish debconf translation and Standards-Version already in Ubuntu). Add the following patches from Ubuntu which can be dropped in 0.34: - debian/patches/0002-lp1044361.patch: move netfilter capabilities checking into initcaps(), and call initcaps() only when we need it - 0003-fix-typeerror-on-error.patch: fix TypeError on error when using zh_CN - debian/patches/0004-lp1039729.patch: Skip get_netfilter_capabilities() with ipv6 if ipv6 is disabled - debian/patches/0005-lp1191197.patch: add check for -m rt --rt-type 0 * debian/po/pl.po: add Polish translation of debconf templates. Thanks to Michal Kulach (Closes: 667942) * debian/watch: use https instead of http * debian/(after|before)6.rules.md5sum: adjust for recently missed shipped configurations * debian/control: - clean up Depends and Build-Depends - Build-Depends on python3 - add python-ufw for installing python2 modules - add X-Python3-Version: >= 3.2 - update Standards-Version to 3.9.4 * add debian/python-ufw.install * debian/rules: - use --install-layout=deb - adjust PYTHON to use python3 - adjust PYVERS to use py3versions - add PYTHON2 - run tests for both PYTHON and PYTHON2 - run setup.py with both PYTHON and PYTHON2 - use dh_python3 for ufw - use dh_python2 for python-ufw * debian/ufw.lintian-overrides - remove old unneeded override - add postrm-does-not-call-updaterc.d-for-init.d-script since Ubuntu's debhelper adds code to postinst that does nothing on Ubuntu, but doesn't add the corresponding code to postrm -- Jamie Strandboge Tue, 26 Nov 2013 12:51:51 -0600 ufw (0.31.1-2) unstable; urgency=low * Simplify unload of firewall and play nicely with other firewall tools by using ufw-init instead of iptables directly. 'ufw-init stop' by design leaves a few empty chains around, but they won't get in the way of anything and are gone after the next reboot. Using upstream's ufw-init has the important benefit of always cleaning what it needs. (Closes: 672439). - debian/prerm: call '/lib/ufw/ufw-init stop' on removal - debian/postrm: don't flush the chains on purge -- Jamie Strandboge Fri, 20 Jul 2012 15:05:39 -0500 ufw (0.31.1-1) unstable; urgency=low * New upstream release (Closes: 663677, Closes: 625681) * debian/control: update to standards 3.9.3 * convert to source format 3.0 (quilt) * 0001-optimize-boot.patch: only read in /etc/ufw/ufw.conf when disabled * debian/rules: adjust to only install the application profiles when not Ubuntu * debian/po/nl.po: add Dutch translation of debconf templates. Thanks to Jeroen Schot (Closes: 658495) * debian/po/da.po: add Danish translation of debconf templates. Thanks to Joe Dalton (Closes: 666557) -- Jamie Strandboge Wed, 04 Apr 2012 12:12:25 -0500 ufw (0.30.1-2) unstable; urgency=low * debian/control: make lintian clean: - update Standards-Version to 3.9.2 - Build-Depends on python (>= 2.6.6-3~) * conf/ufw.defaults: - remove IRC connection tracking, which is only required for DCC. Cherrypick r741 from trunk - allow nf_conntrack_netbios_ns (Samba). Cherrypick r744 from trunk. LP: #360975 (Closes: 631737) * enable IPv6 by default and fix 'allow to any ipv6' when IPv6 is enabled. Cherrypick r742 from trunk. * update manpage references to ufw and ufw-framework to include the section. Cherrypick r743 from trunk. * ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service discovery just like we do for mDNS (ie, allow discovery, but not connections to the services). LP: #764933 * debian/ufw.logrotate.debian, debian/ufw.logrotate.ubuntu, debian/rules: use 'rotate' option in Debian logrotate file and split out ufw.logrotate like we do the initscript since because Ubuntu's rsyslog doesn't have the 'rotate' option yet. (Closes: 628605) * Cherrypick r746 from trunk to update check-requirements to prompt to continue with tests that may autoload modules. Add '-f' option to check-requirements and update test suite accordingly (LP: #782816) * Cherrypick r747 from trunk to not fail when running 'show listening' under fakeroot (LP: #812516) * debian/postinst: - remove some old upgrade transition code for unsupported upgrade paths - reload ufw if it is enabled and we are upgrading to this version since this is needed after enabling IPv6 * debian/rules: add build-arch and build-indep targets -- Jamie Strandboge Mon, 18 Jul 2011 16:35:57 -0500 ufw (0.30.1-1.1) unstable; urgency=low * Non-maintainer upload. * Rebuild to add Python 2.7 support -- Piotr Ożarowski Sun, 08 May 2011 16:45:46 +0200 ufw (0.30.1-1) unstable; urgency=low * New upstream release which fixes the following: - LP: #501140 - LP: #740249 - LP: #740256 - LP: #720605 * debian/ufw.logrotate: remove upstartism thanks to Michael Biebl (Closes: 607696) * debian/sysctl.conf: merge in upstream (commented out) changes surrounding ipv6 forwarding and privacy addresses * debian/before*.rules.md5sum: updated for recent changes -- Jamie Strandboge Mon, 21 Mar 2011 14:45:03 -0500 ufw (0.30.0-3) unstable; urgency=low * convert to dh_python2: - debian/control: remove python-central dependency - debian/rules: use dh_python2 instead of dh_pycentral * debian/rules: run 'make clean' in the clean target * debian/ufw.init.debian: look for /lib/ufw, not /usr/sbin/ufw to see if we should quit (ie, when ufw is removed and not purged). Also, only have /bin and /sbin in PATH * add lintian override - debian/rules: add dh_lintian - debian/dirs: add usr/share/lintian/overrides - ignore init.d-script-possible-missing-stop * debian/install, debian/rules: update to use debian/install primarily * renamed debian/changelog.pre-0.27.1 to debian/changelog.Debian.pre-0.27.1 * no longer install upstream ChangeLog.pre-0.25 * grab man page updates from upstream: - mention quoting of application profile names with spaces. Upstream r714. (LP: #715676) - fix man-page hyphenation in ufw.8. Upstream r716. - fix manpage reference to /etc/defaults/ufw. Upstream r713. (Closes: 601111) * fix typo in warning. Upstream r711. (LP: #637876) * run_tests.sh: adjust PATH if iptables can't be found. Upstream r717. -- Jamie Strandboge Wed, 23 Feb 2011 08:10:55 -0600 ufw (0.30.0-2) unstable; urgency=low * src/frontend.py: display unicode error messages properly. Thanks to Serguey Basalaev. - upstream commit r700 - LP: #580032 * src/backend_iptables.py: fix gettext warning - upstream commit r701 * run debconf-updatepo, but adjust debian/po/de.po and debian/po/es.po to add correct "Language:" tag * profiles/ufw-mailserver: remove Postfix specific language - upstream commit r705, r707 * debian/rules: do install the upstream application profiles now -- Jamie Strandboge Mon, 30 Aug 2010 13:50:15 -0500 ufw (0.30.0-1) unstable; urgency=low * New upstream release. Use 0.30.0 as the version even though upstream uses 0.30 in order to sync to Ubuntu. Fixes: - LP: #568877 - LP: #611982 - LP: #606997 - LP: #624199 - LP: #625340 - LP: #521359 - LP: #436608 * don't flush chains if ufw is not enabled (LP: #581744) * debian/postinst: don't source /usr/share/debconf/confmodule when $1 = triggered. Fix thanks to Colin Watson. (LP: #618410) * debian/control: - drop versioned depends on iptables. This helps with backporting now that the test suite can handle it - updated Standards-Version * debian/rules: - pass interpreter to run_tests.sh - don't install upstream application profiles for now * add rsyslog support * add debian/source/format * debian/before6.rules.md5sum: updated for ucf -- Jamie Strandboge Fri, 27 Aug 2010 15:44:18 -0500 ufw (0.29.3-1) unstable; urgency=low * New upstream release. Fixes: LP: #490366 LP: #512131 LP: #488032 LP: #513387 * debian/ufw.upstart.ubuntu: start before an interface receives traffic * debian/postinst: don't sed or chmod a file that doesn't exist (LP: #503039) * debian/after*.rules.md5sum: updated for ucf (added additional sums for people using the workaround in LP: #488032) -- Jamie Strandboge Thu, 28 Jan 2010 17:30:37 -0600 ufw (0.29.1-1) unstable; urgency=low * new upstream release, fixing LP: #459925 and LP: #480789 * debian/postinst: run 'ufw logging ' to update the user rules for logging (this action does nothing when ufw is not enabled) * debian/ufw.upstart.ubuntu: don't use 'quiet' since we also now look for QUIET * debian/rules: - only install upstart on Ubuntu 9.10 and later - use $(PYTHON) with setup.py -- Jamie Strandboge Wed, 11 Nov 2009 14:26:56 -0600 ufw (0.29-5) unstable; urgency=low * reduce console output when using Upstart so that ufw is quiet when ufw is disabled or enabled and no errors - src/ufw-init: add add 'quiet' option on start - debian/ufw.upstart.ubuntu: use 'quiet' option on start * Debconf translation updates: - Vietnamese (thanks to Clytie Siddall. closes: #547919) -- Jamie Strandboge Wed, 23 Sep 2009 18:06:56 -0500 ufw (0.29-4) unstable; urgency=low * debian/rules: add missing dot for update-rc.d invocation (closes: #547330) -- Jamie Strandboge Fri, 18 Sep 2009 13:26:53 -0500 ufw (0.29-3) unstable; urgency=low * use upstart instead of sysv initscript on Ubuntu (LP: #431804) - debian/control: Bump build-dependency on debhelper for Upstart-aware dh_installinit. Add Build-Dep on lsb-release - add debian/ufw.upstart.ubuntu - move debian/ufw.init to debian/ufw.init.debian - debian/ufw.init: rename to debian/ufw.init.debian and update insserv info to reflect reality - debian/rules: use upstart if Ubuntu and sysv if Debian - debian/postinst and debian/postrm: remove calls to update-rc.d * error out when filesystem is read-only. Merge from trunk (LP: #430053) * catch exception if can't find parent pid when refreshing application profiles. Merge from trunk (LP: #424528) * add doc/upstart.example and update README for Debian users who want to use upstart -- Jamie Strandboge Wed, 16 Sep 2009 13:32:39 -0500 ufw (0.29-2) unstable; urgency=low * Debconf translation updates: - unfuzzied Italian (closes: #540204) - ran debconf-updatepo -- Jamie Strandboge Tue, 01 Sep 2009 16:26:07 -0500 ufw (0.29-1) unstable; urgency=low * new upstream release: - adds egress filtering support (LP: #382932) - new translations - new man page: ufw-framework.8 - new check-requirements to help debug systems with custom kernels - fixes deletion of non-existent application rules (LP: #407810) * Debconf translation updates: - Galician (thanks to Marce Villarino. closes: #538383) - Japanese (thanks to Hideki Yamane. closes: #539595) - Italian (thanks to Luca Monducci. closes: #540204) - Portuguese (thanks to Américo Monteiro. closes: #538908) - Basque (thanks to Piarres Beobide. closes: #539077) - Czech (thanks to Michal Simunek) - Slovak (thanks to Ivan Masár. closes: #534450) - Swedish (thanks to Martin Bagge. closes: #538336) - verify/update the above to fix typo in template (closes: #534231) * debian/rules: install tests/check-requirements into /usr/share/ufw * update ucf md5sums for before.rules and before6.rules * remove no longer used lintian override * debian/dirs: remove unused /var/lib/ufw -- Jamie Strandboge Tue, 25 Aug 2009 09:12:26 -0500 ufw (0.28-2) unstable; urgency=low * debian/templates: also fix typo in master template -- Jamie Strandboge Sat, 25 Jul 2009 07:01:56 -0500 ufw (0.28-1) unstable; urgency=low * new upstream release. Fixes: - filtering by interface (LP: #247450) - ufw help does not mention 'limit' command (LP: #358964) - install rules files 0640 (LP: #393187) * install user rules and init script helper to /lib/ufw (LP: #400208) - debian/config: update USER_PATH and migrate user rules files from /var/lib/ufw to /lib/ufw - debian/dirs: use lib/ufw - debian/postinst: update USER_PATH - debian/postrm: update USER_PATH - debian/rules: update for new path - debian/ufw.init: update for new path * debian/po: fix typo in translations -- Jamie Strandboge Fri, 24 Jul 2009 15:34:57 -0500 ufw (0.27.1-2) unstable; urgency=low [ Jonathan Wiltshire ] * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Closes: #530956 - LP: #379591 * Debconf translation updates: - Slovak (closes: #531782) - Swedish (closes: #533375) - Finnish (closes: #533454) - Czech (closes: #533552) - Portuguese (closes: #534098) - German (closes: #534230) - Basque (closes: #534298, #534298) - Russian (closes: #534720) - Spanish (closes: #534859) - French (closes: #535032) [ Jamie Strandboge ] * debian/postinst: update for translation fixes * add bash completion. Based on work by Didier Roche - shell-completion/bash: process app and regular commands - debian/dirs: add etc/bash_completion.d - debian/rules: install bash_completion.ufw * install rules files 0640 (LP: #393187) * debian/postinst: make allow_custom_ports actually work and set existing_configuration as seen after doing initial configuration, to prevent calling ufw on already added rules * debian/control: bump Standards-Version * debian/control: update Vcs-Bzr -- Jamie Strandboge Fri, 10 Jul 2009 22:34:38 -0500 ufw (0.27.1-1) unstable; urgency=low * Initial release. (closes: #506215) -- Jamie Strandboge Fri, 08 May 2009 10:39:30 -0500 debian/python-ufw.install0000664000000000000000000000005711775404266012716 0ustar debian/tmp/usr/lib/python2*/dist-packages/ufw* debian/user.rules.md5sum0000664000000000000000000000007411731120001012416 0ustar e952cf6dfd1eeb102fca427686ebd0c5 /usr/share/ufw/user.rules debian/ufw.logrotate.ubuntu0000664000000000000000000000026211731120001013216 0ustar /var/log/ufw.log { rotate 4 weekly missingok notifempty compress delaycompress sharedscripts postrotate invoke-rc.d rsyslog reload >/dev/null 2>&1 || true endscript } debian/user6.rules.md5sum0000664000000000000000000000007511731120001012505 0ustar 17cfc3d4736a7b51ae8e9a934635cd9f /usr/share/ufw/user6.rules debian/rules0000775000000000000000000000725612301407206010255 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 PYTHON := /usr/bin/python3 PYVERS := $(shell py3versions -vr) PYTHON2 := /usr/bin/python2 PKGVERS := $(shell dpkg-parsechangelog | grep ^Version: | cut -d ' ' -f 2) DISTRIB := $(shell lsb_release -i -s) ifneq (,$(filter $(DISTRIB),Ubuntu)) DISTRIB_VERSION_MAJOR := $(shell lsb_release -s -r | cut -d '.' -f 1) DISTRIB_VERSION_MINOR := $(shell lsb_release -s -r | cut -d '.' -f 2) endif build-arch: build-stamp build-indep: build-stamp build: build-arch build-indep build-stamp: dh_testdir touch $@ clean: dh_testdir dh_testroot rm -f build-stamp make clean rm -f $(CURDIR)/debian/ufw.init $(CURDIR)/debian/ufw.upstart $(CURDIR)/debian/ufw.logrotate -find . -name '*.py[co]' | xargs rm -f dh_clean debconf-updatepo install: build dh_testdir dh_testroot dh_clean -k dh_installdirs # make sure the version is in sync with our changelog sed -i "s/^ufw_version = .*/ufw_version = '$(PKGVERS)'/" ./setup.py ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) ./run_tests.sh -i $(PYTHON2) ./run_tests.sh -i $(PYTHON) endif $(PYTHON2) ./setup.py install --root=$(CURDIR)/debian/tmp --install-layout=deb $(PYTHON) ./setup.py install --root=$(CURDIR)/debian/tmp --install-layout=deb # these shouldn't be conffiles mv $(CURDIR)/debian/tmp/etc/ufw/ufw.conf $(CURDIR)/debian/tmp/usr/share/ufw mv $(CURDIR)/debian/tmp/etc/ufw/*.init $(CURDIR)/debian/tmp/usr/share/ufw # these shouldn't be conffiles either, but we'll use the rules from # /usr/share/ufw/iptables so just delete these and we'll use dh_link # later rm -f $(CURDIR)/debian/tmp/etc/ufw/*.rules rm -f $(CURDIR)/debian/tmp/lib/ufw/*.rules dh_link # Rename and install the shell-completion file cp $(CURDIR)/shell-completion/bash $(CURDIR)/debian/ufw/etc/bash_completion.d/ufw binary-arch: build binary-indep: build install dh_testdir dh_testroot dh_installchangelogs dh_installchangelogs ChangeLog dh_installdocs dh_installdocs README dh_installexamples doc/skel-ui.example dh_install : # only use upstart in Ubuntu 9.10 and higher if [ "$(DISTRIB)" != "Ubuntu" ]; then \ cp $(CURDIR)/debian/ufw.logrotate.debian $(CURDIR)/debian/ufw.logrotate ; \ cp $(CURDIR)/debian/ufw.init.debian $(CURDIR)/debian/ufw.init ; \ dh_installinit --no-start --no-restart-on-upgrade --update-rcd-params="start 39 S . stop 39 1 ." ; \ else \ cp $(CURDIR)/debian/ufw.logrotate.ubuntu $(CURDIR)/debian/ufw.logrotate ; \ if [ "$(DISTRIB_VERSION_MAJOR)" = "9" ] && \ [ "$(DISTRIB_VERSION_MINOR)" = "10" ] || \ [ "$(DISTRIB_VERSION_MAJOR)" -gt "9" ]; then \ cp $(CURDIR)/debian/ufw.upstart.ubuntu $(CURDIR)/debian/ufw.upstart ; \ dh_installinit --no-start --no-restart-on-upgrade ; \ else \ cp $(CURDIR)/debian/ufw.init.debian $(CURDIR)/debian/ufw.init ; \ dh_installinit --no-start --no-restart-on-upgrade --update-rcd-params="start 39 S . stop 39 1 ." ; \ fi \ fi dh_installlogrotate dh_installman dh_installdebconf dh_lintian : # Replace all '#!' calls to python with $(PYTHON) : # and make them executable for i in `find debian -mindepth 3 -type f`; do \ sed '1s,#!.*python[^ ]*\(.*\),#! $(PYTHON)\1,' \ $$i > $$i.temp; \ if cmp --quiet $$i $$i.temp; then \ rm -f $$i.temp; \ else \ mv -f $$i.temp $$i; \ chmod 755 $$i; \ echo "fixed interpreter: $$i"; \ fi; \ done # Don't install profiles on Ubuntu if [ "$(DISTRIB)" = "Ubuntu" ]; then \ rm -f $(CURDIR)/debian/ufw/etc/ufw/applications.d/ufw-* ; \ fi dh_python2 -p python-ufw dh_python3 -p ufw dh_compress dh_fixperms dh_installdeb dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary install debian/after.rules.md5sum0000664000000000000000000000046111731120001012541 0ustar a7775bfb75ae1db0ffb864ffdb8d1a8c /usr/share/ufw/after.rules 64b0c46e974d8fdb84ae3694da153097 /usr/share/ufw/after.rules 3a51c36bfd12a053c50860a6b332e2d2 /usr/share/ufw/after.rules 4ccebb1697335dec480cb1326d0cb018 /usr/share/ufw/after.rules def3ea0d3a1e470665c33ab5432d1ce8 /usr/share/ufw/after.rules debian/patches/0000775000000000000000000000000012304121675010620 5ustar debian/patches/0004-add-safe-icmp-to-forward.patch0000664000000000000000000001555212304121675016706 0ustar Origin: r856 - 858 Description: update before*.rules to add safe icmp to ufw-before-forward, update doc/ufw.8 to describe the defaults, update section on default policy in README Index: ufw-0.34~rc/conf/before6.rules =================================================================== --- ufw-0.34~rc.orig/conf/before6.rules 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/conf/before6.rules 2014-02-28 08:55:52.064702418 -0600 @@ -46,13 +46,20 @@ -A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny -A ufw6-before-input -m conntrack --ctstate INVALID -j DROP -# ok icmp codes +# ok icmp codes for INPUT -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT +# ok icmp code for FORWARD +-A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT +-A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT +-A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT +-A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT +-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT + # allow dhcp client to work -A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT Index: ufw-0.34~rc/conf/before.rules =================================================================== --- ufw-0.34~rc.orig/conf/before.rules 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/conf/before.rules 2014-02-28 08:55:52.064702418 -0600 @@ -30,13 +30,20 @@ -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack --ctstate INVALID -j DROP -# ok icmp codes +# ok icmp codes for INPUT -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT +# ok icmp code for FORWARD +-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT + # allow dhcp client to work -A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT Index: ufw-0.34~rc/doc/ufw.8 =================================================================== --- ufw-0.34~rc.orig/doc/ufw.8 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/doc/ufw.8 2014-02-28 08:55:52.064702418 -0600 @@ -431,7 +431,27 @@ .PP On installation, \fBufw\fR is disabled with a default incoming policy of deny, a default forward policy of deny, and a default outgoing policy of allow, with -stateful tracking for NEW connections. +stateful tracking for NEW connections for incoming and forwarded connections. +In addition to the above, a default ruleset is put in place that does the +following: +.TP +- DROP packets with RH0 headers +.TP +- DROP INVALID packets +.TP +- ACCEPT certain icmp packets (INPUT and FORWARD): destination-unreachable, source-quench, time-exceeded, parameter-problem, and echo-request for IPv4. destination-unreachable, packet-too-big, time-exceeded, parameter-problem, and echo-request for IPv6. +.TP +- ACCEPT icmpv6 packets for stateless autoconfiguration (INPUT) +.TP +- ACCEPT ping replies from IPv6 link-local (ffe8::/10) addresses (INPUT) +.TP +- ACCEPT DHCP client traffic (INPUT) +.TP +- DROP non-local traffic (INPUT) +.TP +- ACCEPT mDNS (zeroconf/bonjour/avahi 224.0.0.251 for IPv4 and ff02::fb for IPv6) for service discovery (INPUT) +.TP +- ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service discovery (INPUT) .PP Rule ordering is important and the first match wins. Therefore when adding @@ -439,7 +459,7 @@ .PP \fBufw\fR is not intended to provide complete firewall functionality via its command interface, but instead provides an easy way to add or remove -simple rules. It is currently mainly used for host\-based firewalls. +simple rules. .PP The status command shows basic information about the state of the firewall, as well as rules managed via the \fBufw\fR command. It does not show rules from the @@ -480,8 +500,9 @@ ufw allow to 10.0.0.1 from 10.4.0.0/16 proto ah .PP In addition to the command\-line interface, \fBufw\fR also provides a -framework which allows administrators to take full advantage of netfilter. -See the \fBufw\-framework\fR manual page for more information. +framework which allows administrators to modify default behavior as well as +take full advantage of netfilter. See the \fBufw\-framework\fR manual page for +more information. .SH SEE ALSO .PP Index: ufw-0.34~rc/README =================================================================== --- ufw-0.34~rc.orig/README 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/README 2014-02-28 08:55:52.064702418 -0600 @@ -239,22 +239,19 @@ - ACCEPT all RELATED and ESTABLISHED on FORWARD (ip forwarding must be enabled via sysctl for this to be in effect) - DROP INVALID packets (packets not associated with a known connection) -- ACCEPT certain icmp packets: +- ACCEPT certain icmp packets (INPUT and FORWARD): - destination-unreachable, source-quench, time-exceeded, parameter-problem, and echo-request for IPv4 - - neighbor-solicitation, neighbor-advertisement, router-solicitation, - destination-unreachable, packet-too-big, time-exceeded, parameter-problem, + - destination-unreachable, packet-too-big, time-exceeded, parameter-problem, and echo-request +- ACCEPT certain icmpv6 packets for stateless autoconfiguration (INPUT): + neighbor-solicitation, neighbor-advertisement, router-solicitation - ACCEPT mDNS (zeroconf/bonjour/avahi 224.0.0.251 for IPv4 and ff02::fb for - IPv6) for service discovery + IPv6) for service discovery (INPUT) - ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service - discovery -- ACCEPT ping replies from IPv6 link-local (ffe8::/10) addresses -- DROP non-local, broadcast and multicast traffic -- ACCEPT DHCP client traffic -- Silently DROP SMB/CIFS traffic -- Silently DROP DHCP traffic not associated with host's use of DHCP client -- Silently DROP BROADCAST (IPv4) traffic + discovery (INPUT) +- ACCEPT ping replies from IPv6 link-local (ffe8::/10) addresses (INPUT) +- ACCEPT DHCP client traffic (INPUT) - Log all blocked packets not matching the default policy with rate limiting If you are using a packaged version of ufw supplied by your distribution, the debian/patches/0003-manpage-hook-path.patch0000664000000000000000000000131112302661704015515 0ustar Origin: r855 Description: doc/ufw-framework.8: update locations of hook scripts Index: ufw-0.34~rc/doc/ufw-framework.8 =================================================================== --- ufw-0.34~rc.orig/doc/ufw-framework.8 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/doc/ufw-framework.8 2014-02-24 09:22:13.410706850 -0600 @@ -21,10 +21,10 @@ #STATE_PREFIX#/ufw\-init initialization script .TP -#CONFIG_PREFIX#/before.init +#CONFIG_PREFIX#/ufw/before.init initialization customization script run before ufw is initialized .TP -#CONFIG_PREFIX#/after.init +#CONFIG_PREFIX#/ufw/after.init initialization customization script run after ufw is initialized .TP #CONFIG_PREFIX#/ufw/before[6].rules debian/patches/series0000664000000000000000000000015712304121517012033 0ustar 0001-optimize-boot.patch 0002-lp1078665.patch 0003-manpage-hook-path.patch 0004-add-safe-icmp-to-forward.patch debian/patches/0002-lp1078665.patch0000664000000000000000000002441312301515557013423 0ustar Origin: r853 Description: distinguish between v4 and v6 rules when both addresses are 'any' Bug: https://launchpad.net/bugs/1078665 Index: ufw-0.34~rc/src/backend_iptables.py =================================================================== --- ufw-0.34~rc.orig/src/backend_iptables.py 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/src/backend_iptables.py 2014-02-20 18:18:06.685653427 -0600 @@ -364,6 +364,11 @@ if show_proto and r.protocol != "any" and \ r.dport == r.sport: location[loc] += "/" + r.protocol + elif r.v6 and r.src == "::/0" and r.dst == "::/0" \ + and ' (v6)' not in location[loc]: + # Add v6 if have port but no addresses so it doesn't look + # a duplicate of the v4 rule + location[loc] += " (v6)" # Reporting the interfaces is different in route rules and # non-route rules. With route rules, the reporting should be Index: ufw-0.34~rc/tests/root/bugs/result =================================================================== --- ufw-0.34~rc.orig/tests/root/bugs/result 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/tests/root/bugs/result 2014-02-20 18:18:06.685653427 -0600 @@ -333,10 +333,10 @@ [ 2] 2 ALLOW IN Anywhere [ 3] 3 ALLOW IN Anywhere [ 4] 4 ALLOW IN Anywhere -[ 5] 1 ALLOW IN Anywhere (v6) -[ 6] 2 ALLOW IN Anywhere (v6) -[ 7] 3 ALLOW IN Anywhere (v6) -[ 8] 4 ALLOW IN Anywhere (v6) +[ 5] 1 (v6) ALLOW IN Anywhere (v6) +[ 6] 2 (v6) ALLOW IN Anywhere (v6) +[ 7] 3 (v6) ALLOW IN Anywhere (v6) +[ 8] 4 (v6) ALLOW IN Anywhere (v6) Index: ufw-0.34~rc/tests/root/live_apps/result =================================================================== --- ufw-0.34~rc.orig/tests/root/live_apps/result 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/tests/root/live_apps/result 2014-02-20 18:18:06.685653427 -0600 @@ -84,8 +84,8 @@ Samba (v6) ALLOW Anywhere (v6) Anywhere (v6) ALLOW Samba (v6) Samba (v6) ALLOW Bind9 (v6) -Samba (v6) ALLOW 22 -Apache (v6) ALLOW 88 +Samba (v6) ALLOW 22 (v6) +Apache (v6) ALLOW 88 (v6) 2001:db8::/32 Samba ALLOW Anywhere (v6) Anywhere (v6) ALLOW 2001:db8::/32 Samba 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 @@ -120,9 +120,9 @@ Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) -137,138/udp (Samba (v6)) ALLOW IN 22/udp -139,445/tcp (Samba (v6)) ALLOW IN 22/tcp -80/tcp (Apache (v6)) ALLOW IN 88/tcp +137,138/udp (Samba (v6)) ALLOW IN 22/udp (v6) +139,445/tcp (Samba (v6)) ALLOW IN 22/tcp (v6) +80/tcp (Apache (v6)) ALLOW IN 88/tcp (v6) 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba) @@ -459,8 +459,8 @@ Samba (v6) ALLOW Anywhere (v6) Anywhere (v6) ALLOW Samba (v6) Samba (v6) ALLOW Bind9 (v6) -Samba (v6) ALLOW 22 -Apache (v6) ALLOW 88 +Samba (v6) ALLOW 22 (v6) +Apache (v6) ALLOW 88 (v6) 2001:db8::/32 Samba ALLOW Anywhere (v6) Anywhere (v6) ALLOW 2001:db8::/32 Samba 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 @@ -495,9 +495,9 @@ Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) -137,138/udp (Samba (v6)) ALLOW IN 22/udp -139,445/tcp (Samba (v6)) ALLOW IN 22/tcp -80/tcp (Apache (v6)) ALLOW IN 88/tcp +137,138/udp (Samba (v6)) ALLOW IN 22/udp (v6) +139,445/tcp (Samba (v6)) ALLOW IN 22/tcp (v6) +80/tcp (Apache (v6)) ALLOW IN 88/tcp (v6) 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba) @@ -538,8 +538,8 @@ Samba (v6) ALLOW Anywhere (v6) Anywhere (v6) ALLOW Samba (v6) Samba (v6) ALLOW Bind9 (v6) -Samba (v6) ALLOW 22 -Apache (v6) ALLOW 88 +Samba (v6) ALLOW 22 (v6) +Apache (v6) ALLOW 88 (v6) 2001:db8::/32 Samba ALLOW Anywhere (v6) Anywhere (v6) ALLOW 2001:db8::/32 Samba 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 @@ -574,9 +574,9 @@ Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) 138,9999/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) -138,9999/udp (Samba (v6)) ALLOW IN 22/udp -139,445/tcp (Samba (v6)) ALLOW IN 22/tcp -8888/tcp (Apache (v6)) ALLOW IN 88/tcp +138,9999/udp (Samba (v6)) ALLOW IN 22/udp (v6) +139,445/tcp (Samba (v6)) ALLOW IN 22/tcp (v6) +8888/tcp (Apache (v6)) ALLOW IN 88/tcp (v6) 2001:db8::/32 138,9999/udp (Samba) ALLOW IN Anywhere (v6) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 2001:db8::/32 138,9999/udp (Samba) Index: ufw-0.34~rc/tests/root/live/result =================================================================== --- ufw-0.34~rc.orig/tests/root/live/result 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/tests/root/live/result 2014-02-20 18:18:06.685653427 -0600 @@ -104,10 +104,10 @@ 514/udp DENY 1.2.3.4 1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp 22/tcp LIMIT Anywhere -53 ALLOW Anywhere (v6) -23/tcp ALLOW Anywhere (v6) -25/tcp ALLOW Anywhere (v6) -80/tcp DENY Anywhere (v6) +53 (v6) ALLOW Anywhere (v6) +23/tcp (v6) ALLOW Anywhere (v6) +25/tcp (v6) ALLOW Anywhere (v6) +80/tcp (v6) DENY Anywhere (v6) 25/tcp DENY 2001:db8::/32 2001:db8:3:4:5:6:7:8 DENY 2001:db8::/32 26 @@ -476,9 +476,9 @@ 113 REJECT Anywhere 114/tcp REJECT Anywhere 115/udp REJECT Anywhere -113 REJECT Anywhere (v6) -114/tcp REJECT Anywhere (v6) -115/udp REJECT Anywhere (v6) +113 (v6) REJECT Anywhere (v6) +114/tcp (v6) REJECT Anywhere (v6) +115/udp (v6) REJECT Anywhere (v6) @@ -700,10 +700,10 @@ [ 9] 514/udp DENY IN 1.2.3.4 [10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp [11] 22/tcp LIMIT IN Anywhere -[12] 53 ALLOW IN Anywhere (v6) -[13] 23/tcp ALLOW IN Anywhere (v6) -[14] 25/tcp ALLOW IN Anywhere (v6) -[15] 80/tcp DENY IN Anywhere (v6) +[12] 53 (v6) ALLOW IN Anywhere (v6) +[13] 23/tcp (v6) ALLOW IN Anywhere (v6) +[14] 25/tcp (v6) ALLOW IN Anywhere (v6) +[15] 80/tcp (v6) DENY IN Anywhere (v6) [16] 25/tcp DENY IN 2001:db8::/32 [17] 2001:db8:3:4:5:6:7:8 DENY IN 2001:db8::/32 26 Index: ufw-0.34~rc/tests/root/live_route/result =================================================================== --- ufw-0.34~rc.orig/tests/root/live_route/result 2014-02-20 14:17:17.000000000 -0600 +++ ufw-0.34~rc/tests/root/live_route/result 2014-02-20 18:18:06.685653427 -0600 @@ -93,10 +93,10 @@ 514/udp DENY FWD 1.2.3.4 1.2.3.4 5469/udp ALLOW FWD 1.2.3.5 5469/udp 22/tcp LIMIT FWD Anywhere -53 ALLOW FWD Anywhere (v6) -23/tcp ALLOW FWD Anywhere (v6) -25/tcp ALLOW FWD Anywhere (v6) -80/tcp DENY FWD Anywhere (v6) +53 (v6) ALLOW FWD Anywhere (v6) +23/tcp (v6) ALLOW FWD Anywhere (v6) +25/tcp (v6) ALLOW FWD Anywhere (v6) +80/tcp (v6) DENY FWD Anywhere (v6) 25/tcp DENY FWD 2001:db8::/32 2001:db8:3:4:5:6:7:8 DENY FWD 2001:db8::/32 26 @@ -444,9 +444,9 @@ 113 REJECT FWD Anywhere 114/tcp REJECT FWD Anywhere 115/udp REJECT FWD Anywhere -113 REJECT FWD Anywhere (v6) -114/tcp REJECT FWD Anywhere (v6) -115/udp REJECT FWD Anywhere (v6) +113 (v6) REJECT FWD Anywhere (v6) +114/tcp (v6) REJECT FWD Anywhere (v6) +115/udp (v6) REJECT FWD Anywhere (v6) @@ -668,10 +668,10 @@ [ 9] 514/udp DENY FWD 1.2.3.4 [10] 1.2.3.4 5469/udp ALLOW FWD 1.2.3.5 5469/udp [11] 22/tcp LIMIT FWD Anywhere -[12] 53 ALLOW FWD Anywhere (v6) -[13] 23/tcp ALLOW FWD Anywhere (v6) -[14] 25/tcp ALLOW FWD Anywhere (v6) -[15] 80/tcp DENY FWD Anywhere (v6) +[12] 53 (v6) ALLOW FWD Anywhere (v6) +[13] 23/tcp (v6) ALLOW FWD Anywhere (v6) +[14] 25/tcp (v6) ALLOW FWD Anywhere (v6) +[15] 80/tcp (v6) DENY FWD Anywhere (v6) [16] 25/tcp DENY FWD 2001:db8::/32 [17] 2001:db8:3:4:5:6:7:8 DENY FWD 2001:db8::/32 26 debian/patches/0001-optimize-boot.patch0000664000000000000000000000130611731121112015005 0ustar Author: Jamie Strandboge Description: to improve boot speed when disabled, don't source all of ufw-init-functions (which also sources in other files). Index: ufw-0.31/src/ufw-init =================================================================== --- ufw-0.31.orig/src/ufw-init 2012-03-09 17:07:11.000000000 -0600 +++ ufw-0.31/src/ufw-init 2012-03-17 09:37:51.000000000 -0500 @@ -18,6 +18,12 @@ # set -e +# Debian/Ubuntu: small boot speed improvement +. "#CONFIG_PREFIX#/ufw/ufw.conf" +if [ "$1" = "start" ] && [ "$2" = "quiet" ] && [ "$ENABLED" = "no" ]; then + exit 0 +fi + if [ -s "#STATE_PREFIX#/ufw-init-functions" ]; then . "#STATE_PREFIX#/ufw-init-functions" else debian/ufw.links0000664000000000000000000000060012301410626011022 0ustar /usr/share/ufw/iptables/after.rules /usr/share/ufw/after.rules /usr/share/ufw/iptables/after6.rules /usr/share/ufw/after6.rules /usr/share/ufw/iptables/before.rules /usr/share/ufw/before.rules /usr/share/ufw/iptables/before6.rules /usr/share/ufw/before6.rules /usr/share/ufw/iptables/user.rules /usr/share/ufw/user.rules /usr/share/ufw/iptables/user6.rules /usr/share/ufw/user6.rules debian/changelog.Debian.pre-0.27.10000664000000000000000000003401411731120001013517 0ustar ufw (0.28-0ubuntu1) UNRELEASED; urgency=low * new upstream release - properly return translated string with formatted text (LP: #346563) -- Jamie Strandboge Fri, 03 Apr 2009 08:57:25 -0500 ufw (0.27-0ubuntu1) jaunty; urgency=low * new upstream release (bug fix only) - insert rules in proper order when ufw is enabled (LP: #344971) -- Jamie Strandboge Wed, 18 Mar 2009 22:10:08 -0500 ufw (0.27~r416-0ubuntu5) jaunty; urgency=low * Don't traceback when ufw modules aren't available (LP: #337705) -- Jamie Strandboge Wed, 04 Mar 2009 15:10:13 -0600 ufw (0.27~r416-0ubuntu4) jaunty; urgency=low * debian/templates: rephrase boolean description so it works with both cli yes/no question and gui checkbox (LP: #337890) -- Jamie Strandboge Wed, 04 Mar 2009 13:29:15 -0600 ufw (0.27~r416-0ubuntu3) jaunty; urgency=low * debian/rules: adjust dh_pycentral call to make sure dist-package symlinks are available at dpkg unpack. Patch thanks to Michael Vogt (LP: #337705) -- Jamie Strandboge Wed, 04 Mar 2009 09:20:11 -0600 ufw (0.27~r416-0ubuntu2) jaunty; urgency=low * debian/templates: fix lintian error * get rid of DeprecationWarnings from 2.6 transition, which cause a FTBFS due to tests failing (grab commits 420-422 from trunk) * debian/control: update Vcs-Bzr url -- Jamie Strandboge Mon, 02 Mar 2009 14:44:48 -0600 ufw (0.27~r416-0ubuntu1) jaunty; urgency=low * new upstream release - don't do symlink check anymore (LP: #317700) - don't do hidden file check anymore (LP: #319226) - add insert rule support (LP: #260745) - clear up status output (LP: #262975) - add log level support - add per rule logging * debian/ufw.init: use mountall for Required-Start rather than mountall.sh * added allow_custom_ports debconf option * debian/postinst: don't exit on ufw error * ship debian/sysctl.conf instead of upstream. This file now only lists settings that do are non-default in Ubuntu * adjust initscript to tell it is using /etc/ufw/sysctl.conf * debian/*md5sums: updated for new upstream defaults * debian/config: update has_existing() to also check old md5sums * debian/postinst: don't error out when processing triggers, as this causes dpkg errors (LP: #270285, #328728) -- Jamie Strandboge Wed, 18 Feb 2009 16:53:15 -0600 ufw (0.26-0ubuntu1) jaunty; urgency=low * new upstream release, which fixes: - formatting of dpkg output incorrect on upgrades (LP: #300726) - new REJECT functionality (LP: #197322) - ufw shouldn't flush built-in chains by default. New MANAGE_BUILTINS configuration option can be used to restore the old (flush) behavior * debian/control: - Build-Depends-Indep on iptables (required for iptables version check in setup.py) - add ${misc:Depends} to Depends and bump Standards-Version to 3.8.0 - update Description - move po-debconf to Build-Depends * added debian/watch * debian/source.lintian-overrides: don't complain about no-complete-debconf-translation * debian/rules: - rename and gzip upstream changelogs - rename initscript.ubuntu to ufw.init and use dh_installinit (but continue to use /etc/defaults/ufw installed via setup.py for now) - cleanup dh_installdirs - use dh_installexamples for example files - run debconf-updatepo in clean target * debian/postinst: remove old ufw.rules check because ufw.rules existed for only a short time during the Hardy development cycle, it's ignored by ufw and its existence is harmless. * debian/config and debian/templates: remove ufw/oldrules * provide debconf mechanism for enabling the firewall and setting some basic rules (LP: #307715) -- Jamie Strandboge Fri, 16 Jan 2009 08:02:36 -0600 ufw (0.25-0ubuntu1) jaunty; urgency=low * new upstream release (no longer a native package) - fixes LP: #311066 (initscript flushes rules on stop when not enabled) * add debian/initscript.ubuntu since upstream doesn't ship an initscript anymore * dirs: add etc/init.d * debian/rules: install initscript.ubuntu, examples from doc/ and upstream changelogs -- Jamie Strandboge Mon, 22 Dec 2008 08:45:59 -0600 ufw (0.24.1) jaunty; urgency=low * remove existing stop links for runlevels 0 and 6, thus completing the fix for LP: #298736. * adjust tarball Makefile target -- Jamie Strandboge Sun, 21 Dec 2008 11:47:45 -0600 ufw (0.24) jaunty; urgency=low * debian/rules: check for 'nocheck' in DEB_BUILD_OPTIONS * debian/postrm: don't fail if iptables or ip6tables fails (LP: #278670) * fix typo in error message (LP: #280348) * allow case-insensitive matches for application rules (LP: #263757). Based on work by Didier Roche * add skel-ui for UI example * debian/postinst: don't stop in runlevels 0 and 6 (LP: #298736) * before6.rules: adjust hop limit to 255 for NDP messages (LP: #299268) per RFC 4890 secton 4.2. Thanks to Ryan Giobbi * before6.rules: restrict multicast (LP: #304216). Thanks to Ryan Giobbi * before.rules: don't use ctstate as it is not supported on all kernels and we don't use the extra information anyway (LP: #289906) * fix translations for input strings (LP: #302426) * update ucf md5sums for before.rules and before6.rules * adjust root/destructive tests for when we can't unmount /proc -- Jamie Strandboge Fri, 12 Dec 2008 13:43:11 -0500 ufw (0.23) intrepid; urgency=low * show protocol in status when no ports are specified (LP: #263308) * update after*.rules when setting default policy (LP: #273278) * give useful message when trying to delete a non-existent rule (LP: #251136) * don't print useless newlines * add 'translations' support to Makefile (but don't use it in build yet) * updated README for advanced usage * updated TODO * References LP: #275984 -- Jamie Strandboge Mon, 29 Sep 2008 11:52:53 -0500 ufw (0.22) intrepid; urgency=low * fix confusing output of 'app update' command (LP: #261932) * only reload during 'app update' if the profile name is used in the current ruleset (LP: #261323) * don't reload user rules if not enabled and don't toggle ENABLED=yes if failure in starting the firewall (LP: #262451) * don't traceback if /proc not mounted (LP: #268084) -- Jamie Strandboge Wed, 27 Aug 2008 11:51:14 -0500 ufw (0.21) intrepid; urgency=low * add confirmation on enable when running under ssh (LP: #253840) * don't reload the firewall on 'app update' when running under ssh * update ufw.pot * fix some pygettext errors * warn if profile name is found in /etc/services * don't delete application rules when the action doesn't match (LP: #260881) * add reload command * added debian/triggers and update debian/postinst for use with dpkg triggers (thanks Colin Watson for the suggestion) * add 'app update all' command * update man page for reload and 'app update all' -- Jamie Strandboge Mon, 18 Aug 2008 20:22:32 -0400 ufw (0.20) intrepid; urgency=low * add 'verbose' option to status command * implement application (package) integration * update run_tests.sh to honor subclass * debian/control: Depends on iptables >= 1.4.0 for ipv6 comment support -- Jamie Strandboge Thu, 07 Aug 2008 12:04:05 -0400 ufw (0.19) intrepid; urgency=low * don't modify the chains when --dry-run is specified (LP: #247352) * add dotted netmask support * don't have util.py import common.py * normalize rules so what is added to chains and what is displayed to the user is consistent (LP: #237446) * documentation updates (LP: #247177) * implement port ranges (LP: #231103) * fix initscript to properly set default DROP when ipv6 is available and set to 'no' in /etc/default/ufw (LP: #251355) * don't give confusing output when ipv6 and/or ip6_tables is not available (LP: #194844) * update ucf historical checksums to include those in 0.16.2 * update manpage for 'status' clarifications (LP: #251153) * update before*.rules to count outgoing packets on lo (LP: #255092) * update status output so it is more consistent with rule syntax -- Jamie Strandboge Mon, 07 Jul 2008 16:22:45 -0400 ufw (0.18) intrepid; urgency=low * bump version * src/ufw: make reusable * src/ufw: show default policy and logging in 'status' (LP: #240271) * refactor code and split out into modules: - updated src/* - updated setup.py - updated run_tests.sh - updated README - updated README.translations and messages/ufw.pot - updated README.Design * properly implement --root and --home (LP: #231771): - setup.py: --root works as expected now (eg as DESTDIR in Debian) - updated run_test.sh for new setup.py - updated README.Debian for now setup.py * add new 'limit' command for connection rate limiting: - updated src/* - updated README and ufw.8 - updated messages/ufw.pot - updated tests for limit -- Jamie Strandboge Thu, 12 Jun 2008 10:28:36 -0400 ufw (0.17) intrepid; urgency=low * implement status in initscript * warn on group/world writable and wrong owner files in _do_checks() * debian/rules: use 'g' with sed when stripping paths (LP: #207476) * debian/control: Standards-Version: 3.7.3 * don't log INVALID packets by default (LP: #207156) * don't log noisy services by default (LP: #209709) * consult /etc/services for protocol (LP: #209845) * manpage updates * add internationalization support * prevent traceback with dotted decimal netmasks (LP: #224842) * update tests to test for more valid and invalid netmasks * adjust conf/sysctl.conf to have clear message regarding /etc/sysctl.conf * adjust conf/sysctl.conf to have explanations for the tunables (taken from procps) -- Jamie Strandboge Wed, 12 Mar 2008 16:11:22 -0400 ufw (0.16) hardy; urgency=low * bump version * fix tests for when ipv6 is blacklisted (fix FTBFS on Ubuntu buildd) * adjust root tests for new output -- Jamie Strandboge Tue, 11 Mar 2008 16:11:59 -0400 ufw (0.15) hardy; urgency=low * fix man page typo * debian/control: added Homepage (LP: #199722) * fix python version check (upstream #199790) * properly handle when ipv6 is not loaded or blacklisted (LP: #199724) * man page fixes * clarify 'status' output (LP: #199873) * fix ipv6 stateless autoconfiguration (upstream #200921) -- Jamie Strandboge Sat, 08 Mar 2008 07:36:04 -0500 ufw (0.14) hardy; urgency=low * conf/initscript - move sysctl to after rules load (LP: #192123) - don't make sysctl and modprobe failures fatal (LP: #197285) - make output less verbose and fix formatting (LP: #198211) * debian/rules: update setup.py version with changelog version * debian/control - update maintainer to Ubuntu Core Developers - add Vcs-Bzr url -- Jamie Strandboge Fri, 15 Feb 2008 08:56:24 -0500 ufw (0.13) hardy; urgency=low * added ipv6 and (commented out) forwarding entries in sysctl.conf -- Jamie Strandboge Wed, 13 Feb 2008 22:31:47 -0500 ufw (0.12) hardy; urgency=low * new upstream version: - initscript implements 'stop' as default ACCEPT - initscript restart and force-reload now use 'stop' and 'start' * debian/postinst: stop on runlevels 0, 1 and 6 * debian/postrm: default ACCEPT on purge * debian/README.Debian: provide useful notes -- Jamie Strandboge Thu, 07 Feb 2008 09:47:10 -0500 ufw (0.11) hardy; urgency=low * comply with Ubuntu policy of syncookies off (LP: 189565) * debian/control: Build-Depends on debhelper (>= 5.0.38) -- Jamie Strandboge Wed, 06 Feb 2008 14:08:36 -0500 ufw (0.10) hardy; urgency=low * new upstream version: - ipv6 support (LP: 188934) - added more tests - updated docs * updated packaging for ipv6 files * fixed email typo (LP: 189418) * use ucf for /etc/ufw/*.rules files * move ENABLED to ufw.conf -- Jamie Strandboge Tue, 05 Feb 2008 22:24:51 -0500 ufw (0.9) hardy; urgency=low * new upstream version: - bugfix for logging - bugfix for default policy -- Jamie Strandboge Tue, 29 Jan 2008 06:37:01 -0500 ufw (0.8) hardy; urgency=low * new upstream version: - use PF-style syntax for extended rule syntax - migrate ufw.rules to separate chains and files * added debconf note about ufw.rules -- Jamie Strandboge Mon, 28 Jan 2008 13:26:10 -0500 ufw (0.7) hardy; urgency=low * new version - fix two lintian warnings - manpage updates - fix for buggy get_status -- Jamie Strandboge Thu, 24 Jan 2008 11:27:30 +0000 ufw (0.6) hardy; urgency=low * debian/control: Build-Depends-Indep on netbase so tests can run in buildds -- Jamie Strandboge Wed, 23 Jan 2008 16:24:58 +0000 ufw (0.5) hardy; urgency=low * update tests for better failure reporting and maintainability -- Jamie Strandboge Wed, 23 Jan 2008 13:14:20 +0000 ufw (0.4) hardy; urgency=low * new upstream version - supports specifying service from /etc/services - requires python 2.5 - put rules in ufw-* chains - status is more user-friendly (but not complete) - bug fixes - ufw.rules fine-tuning -- Jamie Strandboge Tue, 22 Jan 2008 08:01:06 +0000 ufw (0.3) hardy; urgency=low * new upstream version: - fix licensing - PEP8 compliant - uses distutils to install - now supports /etc/services names -- Jamie Strandboge Sun, 20 Jan 2008 17:43:03 -0500 ufw (0.2) hardy; urgency=low * ufw: actually use DROP instead of DENY * typo in README.Debian -- Jamie Strandboge Wed, 16 Jan 2008 14:32:06 -0500 ufw (0.1) hardy; urgency=low * Initial release -- Jamie Strandboge Mon, 07 Jan 2008 20:44:16 -0500 debian/copyright0000664000000000000000000000214611731120001011110 0ustar Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=178 Upstream-Name: ufw Upstream-Maintainer: Jamie Strandboge Upstream-Source: https://code.launchpad.net/ufw Files: * Copyright: Copyright 2007-2010, Canonical Ltd. License: GPL-3 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems the full text of the GNU General Public License can be found in the `/usr/share/common-licenses/GPL-3' file. Files: locales/po/*.po Copyright: 2010, Rosetta Contributors and Canonical Ltd. debian/ufw.lintian-overrides0000664000000000000000000000015311775634404013363 0ustar # Don't need to supply 'stop' for a firewall ufw binary: postrm-does-not-call-updaterc.d-for-init.d-script debian/README.Debian0000664000000000000000000000246111731120001011216 0ustar ufw --- On installation, ufw is not automatically enabled. To load the firewall and enable it on boot, run: # ufw enable See 'man ufw' and README for more information. Upgrading --------- It is important to note that to properly support remote users, the firewall will not be automatically restarted during upgrades. After an upgrade, either reboot or perform: # /etc/init.d/ufw restart Please note that the above command will briefly open the firewall before reloading the rules. Preseeding ---------- ufw has support for preseeding. To enable a default deny firewall, add to your preseed file: ufw ufw/enable boolean true And to allow a service, use: ufw ufw/allow_known_ports multiselect SSH, WWW Currently, ufw knows about the following services: Cups # tcp and udp port 631 DNS # tcp and udp port 53 Imap (Secure) # tcp port 993 Pop3 (Secure) # tcp port 995 SSH # tcp port 22 Samba # udp ports 137, 138 and tcp ports 139, 445 Smtp # tcp port 25 WWW # tcp port 80 WWW (Secure) # tcp port 443 You may also add additional ports by supplying a space separated list of services from /etc/services, a port number or a port/protocol combination. Eg: ufw ufw/allow_custom_ports string auth 8080 1194/udp Please keep in mind that these ports and services are not associated with ufw application profiles. debian/ufw.init.debian0000664000000000000000000000400111731120001012054 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: ufw # Required-Start: $local_fs # Required-Stop: $local_fs # Default-Start: S # Default-Stop: 1 # Short-Description: start firewall ### END INIT INFO set -e PATH="/sbin:/bin" [ -d /lib/ufw ] || exit 0 . /lib/lsb/init-functions for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do if [ -s "$s" ]; then . "$s" else log_failure_msg "Could not find $s (aborting)" exit 1 fi done error=0 case "$1" in start) if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then log_action_begin_msg "Starting firewall:" "ufw" output=`ufw_start` || error="$?" if [ "$error" = "0" ]; then log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)" fi if [ ! -z "$output" ]; then echo "$output" | while read line ; do log_action_cont_msg "$line" done fi else log_action_begin_msg "Skip starting firewall:" "ufw (not enabled)" fi log_action_end_msg $error exit $error ;; stop) if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then log_action_begin_msg "Stopping firewall:" "ufw" output=`ufw_stop` || error="$?" if [ ! -z "$output" ]; then log_action_cont_msg "$output" fi else log_action_begin_msg "Skip stopping firewall:" "ufw (not enabled)" fi log_action_end_msg $error exit $error ;; restart|force-reload) log_action_begin_msg "Reloading firewall:" "ufw" output=`ufw_reload` || error="$?" if [ ! -z "$output" ]; then log_action_cont_msg "$output" fi log_action_end_msg $error exit $error ;; status) output=`ufw_status` || error="$?" if [ ! -z "$output" ]; then log_action_cont_msg "$output" fi log_action_end_msg $error exit $error ;; *) echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0 debian/ufw.logrotate.debian0000664000000000000000000000026211731120001013116 0ustar /var/log/ufw.log { rotate 4 weekly missingok notifempty compress delaycompress sharedscripts postrotate invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true endscript } debian/templates0000664000000000000000000000304211731120001011072 0ustar # These templates have been reviewed by the debian-l10n-english # team # # If modifications/additions/rewording are needed, please ask # debian-l10n-english@lists.debian.org for advice. # # Even minor modifications require translation updates and such # changes should be coordinated with translators and reviewers. Template: ufw/existing_configuration Type: error _Description: Existing configuration found An existing configuration for ufw has been found. Existing rules must be managed manually. . You should read the ufw(8) manpage for details about ufw configuration. Template: ufw/enable Type: boolean Default: false _Description: Start ufw automatically? If you choose this option, the rules you are about to set will be enabled during system startup so that this host is protected as early as possible. . To protect this host immediately, you must start ufw manually. Template: ufw/allow_known_ports Type: multiselect Choices: CUPS, DNS, IMAPS, POP3S, SSH, CIFS (Samba), SMTP, HTTP, HTTPS _Description: Authorized services: Please choose the services that should be available for incoming connections. . Other services may be specified in the next configuration step. Template: ufw/allow_custom_ports Type: string _Description: Additional authorized services: Please enter a space separated list of any additional ports you would like to open. You may use a service name (as found in /etc/services), a port number, or a port number with protocol. . Example: to allow a web server, port 53 and tcp port 22, you should enter "www 53 22/tcp". debian/sysctl.conf0000664000000000000000000000255711731120001011353 0ustar # # Configuration file for setting network variables. Please note these settings # override /etc/sysctl.conf and /etc/sysctl.d. If you prefer to use # /etc/sysctl.conf, please adjust IPT_SYSCTL in /etc/default/ufw. See # Documentation/networking/ip-sysctl.txt in the kernel source code for more # information. # # Uncomment this to allow this host to route packets between interfaces #net/ipv4/ip_forward=1 #net/ipv6/conf/default/forwarding=1 #net/ipv6/conf/all/forwarding=1 # Disable ICMP redirects. ICMP redirects are rarely used but can be used in # MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate # traffic to those sites. net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/default/accept_redirects=0 net/ipv6/conf/all/accept_redirects=0 net/ipv6/conf/default/accept_redirects=0 # Ignore bogus ICMP errors net/ipv4/icmp_echo_ignore_broadcasts=1 net/ipv4/icmp_ignore_bogus_error_responses=1 net/ipv4/icmp_echo_ignore_all=0 # Don't log Martian Packets (impossible addresses) # packets net/ipv4/conf/all/log_martians=0 net/ipv4/conf/default/log_martians=0 #net/ipv4/tcp_fin_timeout=30 #net/ipv4/tcp_keepalive_intvl=1800 # Uncomment this to turn off ipv6 autoconfiguration #net/ipv6/conf/default/autoconf=1 #net/ipv6/conf/all/autoconf=1 # Uncomment this to enable ipv6 privacy addressing #net/ipv6/conf/default/use_tempaddr=2 #net/ipv6/conf/all/use_tempaddr=2 debian/after6.rules.md5sum0000664000000000000000000000037012013516711012641 0ustar 0dca0120ffb1ffc538b1bf83f69dbbeb /usr/share/ufw/after6.rules b38e5acdf170f90c04bd3c644aaa248f /usr/share/ufw/after6.rules 5ed581e9a4035a58c768d92d81a0e7ce /usr/share/ufw/after6.rules 5d543566c1e643829452cf7c06869ea2 /usr/share/ufw/after6.rules