Description: Debconf abstract layer
 Allow reading config settings from a debconf settings file from within the
 main firewall configuration.
Forwarded: not-needed
Author: Michael Hanke <michael.hanke@gmail.com>
--- a/bin/arno-iptables-firewall
+++ b/bin/arno-iptables-firewall
@@ -5,6 +5,7 @@
 # Location of the main configuration file for the firewall
 ##########################################################
 CONFIG_FILE=/etc/arno-iptables-firewall/firewall.conf
+DEBCONF_CONFIG_FILE=/etc/arno-iptables-firewall/debconf.cfg
 
 # ------------------------------------------------------------------------------
 #                           -= Arno's iptables firewall =-
@@ -36,6 +37,14 @@
 printf "\033[40m\033[1;32mArno's Iptables Firewall Script v$MY_VERSION\033[0m\n"
 echo "-------------------------------------------------------------------------------"
 
+# Check if debconf config file exists and if so load it
+# Do not fail if it does not exist. Since the admin
+# might have choosen to manage the configuartion manually
+#########################################################
+if [ -e "$DEBCONF_CONFIG_FILE" ]; then
+  . $DEBCONF_CONFIG_FILE
+fi
+
 # Check if the main config file exists and if so load it
 ########################################################
 if [ -e "$CONFIG_FILE" ]; then
@@ -49,8 +58,8 @@
 # Check if the environment file exists and if so, load it
 #########################################################
 if [ -z "$ENV_FILE" ]; then
-  if [ -f /usr/local/share/arno-iptables-firewall/environment ]; then
-    ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+  if [ -f /usr/share/arno-iptables-firewall/environment ]; then
+    ENV_FILE="/usr/share/arno-iptables-firewall/environment"
   else
     if [ -f /usr/share/arno-iptables-firewall/environment ]; then
       ENV_FILE="/usr/share/arno-iptables-firewall/environment"
--- a/etc/arno-iptables-firewall/firewall.conf
+++ b/etc/arno-iptables-firewall/firewall.conf
@@ -37,12 +37,18 @@
 # modems otherwise it's probably "ethX" (eg. eth0). Multiple interfaces should
 # be space separated.
 # -----------------------------------------------------------------------------
-EXT_IF=""
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+EXT_IF="$DC_EXT_IF"
 
 # Enable if THIS machines (dynamically) obtains its IP through DHCP (from your
 # ISP).
 # -----------------------------------------------------------------------------
-EXT_IF_DHCP_IP=0
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+EXT_IF_DHCP_IP=$DC_EXT_IF_DHCP_IP
 
 # (EXPERT SETTING!) Here you can specify your external(!) subnet(s). You should
 # only use this if you for example have a corporate network and/or running a
@@ -77,14 +83,20 @@
 # interfaces. Note that by default ALL traffic is accepted from these
 # interfaces.
 # -----------------------------------------------------------------------------
-INT_IF=""
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+INT_IF="$DC_INT_IF"
 
 # Specify here the internal subnet which is connected to the internal interface
 # (INT_IF). For multiple interfaces(!) you can either specify multiple subnets
 # here or specify one big subnet for all internal interfaces. Note that this
 # variable is mainly used for antispoofing.
 # -----------------------------------------------------------------------------
-#INTERNAL_NET="192.168.0.0/24"
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+INTERNAL_NET="$DC_INTERNAL_NET"
 
 # (EXPERT SETTING!) Here you can specify the IP address used for broadcasts
 # on your internal subnet. You only need to set this option if you want to use
@@ -121,7 +133,10 @@
 # network (LAN) (eg. share your internet connection with your internal
 # net(s) connected to eg. INT_IF).
 # -----------------------------------------------------------------------------
-NAT=0
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+NAT=$DC_NAT
 
 # (EXPERT SETTING!) In case you would like to use SNAT instead of
 # MASQUERADING then uncomment and set the IP or IPs here of your static
@@ -138,7 +153,10 @@
 # meaningful when NAT is enabled. Note that you can also use this variable if
 # you want to use NAT for your DMZ.
 # -----------------------------------------------------------------------------
-NAT_INTERNAL_NET="$INTERNAL_NET"
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU 
+# KNOW WHAT YOU ARE DOING. 
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+NAT_INTERNAL_NET="$DC_NAT_INTERNAL_NET"
 
 # (EXPERT SETTING!) Enable this if you want to be able to redirect local ports
 # or protocols on your gateway using NAT forwards.
@@ -194,11 +212,11 @@
 
 # (EXPERT SETTING!) Location of the environment file
 # -----------------------------------------------------------------------------
-ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
+ENV_FILE="/usr/share/arno-iptables-firewall/environment"
 
 # (EXPERT SETTING!) Location of plugin binary & config files
 # -----------------------------------------------------------------------------
-PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
+PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
 PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
 
 # Most people don't want to get any firewall logs being spit to the console.
@@ -422,7 +440,7 @@
 # syslogd to log firewall messages to this file (see LOGLEVEL below for further
 # info).
 # -----------------------------------------------------------------------------
-#FIREWALL_LOG="/var/log/firewall.log"
+FIREWALL_LOG="/var/log/arno-iptables-firewall"
 
 # (EXPERT SETTING!) Current log-level ("info": default kernel syslog level)
 # "debug": can be used to log to /var/log/firewall.log, but you have to configure
@@ -1062,13 +1080,19 @@
 
 # Enable this to make the default policy allow for ICMP(ping) for INET access
 # -----------------------------------------------------------------------------
-OPEN_ICMP=0
+# THIS SETTING IS HANDLED BY DEBCONF! DO NOT CHANGE ANYTHING HERE UNLESS YOU
+# KNOW WHAT YOU ARE DOING.
+# Use 'dpkg-reconfigure arno-iptables-firewall' instead.
+OPEN_ICMP=$DC_OPEN_ICMP
 
 # Put in the following variables which ports or IP protocols you want to leave
 # open to the whole world.
 # -----------------------------------------------------------------------------
-OPEN_TCP=""
-OPEN_UDP=""
+# OPEN_TCP and OPEN_UDP are handled by Debconf. If you want to add more open TCP
+# or UDP ports use 'dpkg-reconfigure arno-iptables-firewall'. For more complex
+# setup add them (space separated) after $DC_OPEN_*.
+OPEN_TCP="$DC_OPEN_TCP"
+OPEN_UDP="$DC_OPEN_UDP"
 OPEN_IP=""
 
 # Put in the following variables the TCP/UDP ports you want to DENY(DROP) for
--- a/etc/init.d/arno-iptables-firewall
+++ b/etc/init.d/arno-iptables-firewall
@@ -21,7 +21,7 @@
 ############################################################################################
 
 PATH=/bin:/usr/bin:/sbin:/usr/sbin
-PROGRAM="/usr/local/sbin/arno-iptables-firewall"
+PROGRAM="/usr/sbin/arno-iptables-firewall"
 
 # Be verbose(1)?:
 VERBOSE=0
