Release 5.7

ChangeLog

+firetable (5.7) stable; urgency=low
+
+  * Small improvements.
+
+ -- Hugo Leisink <hugo@leisink.net>  Mon,  3 Jan 2021 18:56:07 +0100
+
+firetable (5.6) stable; urgency=low
+
+  * PHP7 compatibility.
+  * Added Systemd init script to Debian package
+  * Small improvements.
+
+ -- Hugo Leisink <hugo@leisink.net>  Wed, 31 Aug 2016 13:01:28 +0200
+
 firetable (5.5) stable; urgency=low
 
   * Using ip instead of ifconfig to prevent language issues.
@@ -148,7 +162,7 @@ firetable (3.1) stable; urgency=low
 
 firetable (3.0) stable; urgency=low
 
-  * Splitted firewallscript (/usr/sbin/firetable and /etc/init.d/firetable).
+  * Splitted firewall script (/usr/sbin/firetable and /etc/init.d/firetable).
   * /etc/firetable/interfaces removed.
   * /etc/default/firetable added.
 

README.md

 Firetable
 =========
-Firetable is a tool written in PHP to maintain IPtables firewalls under Linux. Firetable has been written by Hugo Leisink <hugo@leisink.net>.
+Firetable is a tool written in PHP to maintain IPtables firewalls under Linux. Firetable has been written by Hugo Leisink \<hugo@leisink.net\>. The source can be found at https://gitlab.com/hsleisink/firetable.
 
 Installation
 ------------
-To install Firetable, run 'make install'. This will install the Firetable script in /usr/sbin and the Firetable configuration in /etc/firetable. Use the DESTDIR parameter to install Firetable in a different location. In that case, also change the CONFIG_DIR setting inside the Firetable script.
+To install Firetable, run 'make install'. This will install the Firetable script in /usr/sbin and the Firetable configuration in /etc/firetable. Use the DESTDIR parameter to install Firetable in a different location. In that case, also change the CONFIG\_DIR setting inside the Firetable script.
 
-To create a Firetable Debian package, execute the script 'extra/make_debian_package'.
+To create a Debian package, execute the script 'extra/make\_debian\_package'.

config/firetable.conf

@@ -17,3 +17,8 @@ enable_on_boot = all
 # notice, warning, error, crit, alert or panic.
 #
 log_priority = info
+
+# Location of the iptables binaries.
+#
+#iptables4 = /usr/sbin/iptables
+#iptables6 = /usr/sbin/ip6tables

config/ipv4_eth0

@@ -8,7 +8,7 @@ set subnetmask 32
 
 # Incoming traffic
 #
-accept incoming tcp to server:{22, 25, 80, 443, 993, 995}
+accept incoming tcp to server:{22,25,80,443,993,995}
 accept incoming udp to server:53
 accept incoming icmp type 11 from anywhere to server # Traceroute
 drop incoming udp to anywhere:{137,138}

config/ipv6_eth0

@@ -8,11 +8,9 @@ set subnetmask 48
 
 # Incoming traffic
 #
-accept incoming tcp to server.{22, 25, 80, 443, 993, 995}
-accept incoming icmp type {1,2,3,4,133,134,136,137} to server
-accept incoming icmp type 135 to anywhere
-drop incoming udp to anywhere.{137,138}
-
+accept incoming tcp to server.{22,25,80,443,993,995}
+accept incoming icmp type {1,2,3,4,133,134,136,137} to anywhere
+acce[t incoming udp to anywhere.{137,138}
 
 # Outgoing traffic
 #

extra/debian/compat

-5
+10

extra/debian/control

@@ -2,12 +2,11 @@ Source: firetable
 Section: net
 Priority: optional
 Maintainer: Hugo Leisink <hugo@leisink.net>
-Homepage: http://projects.leisink.net/firetable
+Homepage: https://gitlab.com/hsleisink/firetable
 Standards-Version: 3.6.2
 
 Package: firetable
 Architecture: any
 Depends: netbase, iptables, php-cli
 Conflicts:
-Description: IPtables firewall management script
- Script to maintain an IPtables firewall
+Description: Firetable, the iptables firewall manager

extra/debian/copyright

 Firetable is written by Hugo Leisink <hugo@leisink.net>.
 
-It was downloaded from http://projects.leisink.net/Firetable.
+It was downloaded from https://github.com/hsleisink/firetable
 
 Copyright (C) 2012 by Hugo Leisink <hugo@leisink.net>
 

extra/debian/firetable.dsc

@@ -4,7 +4,7 @@ Binary: firetable
 Architecture: any
 Version: <VERSION>
 Maintainer: Hugo Leisink <hugo@leisink.net>
-Homepage: http://projects.leisink.net/firetable
+Homepage: https://github.com/hsleisink/firetable
 Standards-Version: 3.6.2
 Build-Depends:<DEPENDS>
 Package-List:

extra/debian/firetable.service

+[Unit]
+Description=Firetable, the iptables firewall manager
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/firetable start
+ExecStop=/usr/sbin/firetable stop
+RemainAfterExit=true
+
+[Install]
+WantedBy=network.target

extra/debian/init.d

@@ -12,6 +12,13 @@
 # Description:       Firetable, a script for IPtable firewalls
 ### END INIT INFO
 
+NAME=hiawatha
+SCRIPT=/usr/sbin/firetable
+
+# /etc/init.d/hiawatha: start and stop the Hiawatha webserver daemon
+
+test -x $SCRIPT || exit 0
+( ${SCRIPT} -\v 2>&1 | grep -q Firetable ) 2>/dev/null || exit 0
 
 # Defaults
 if [ -r /etc/firetable/firetable.conf ]; then 
@@ -20,9 +27,9 @@ fi
 
 function firetable {
 	if [ "${INTERFACES}" = "all" ]; then
-		/usr/sbin/firetable $1
+		${SCRIPT} $1
 	elif [ "${INTERFACES}" != "" ]; then
-		/usr/sbin/firetable $1 ${INTERFACES}
+		${SCRIPT} $1 ${INTERFACES}
 	fi
 }
 
@@ -30,13 +37,15 @@ case "$1" in
 	start|stop)
 		firetable $1
 		;;
-	restart|force-reload)
+
+	restart)
 		firetable stop
 		firetable start
 		;;
-	*)
-		echo "Usage: /etc/init.d/firetable {start|stop|restart|force-reload}"
-		exit 1 
+
+    *)
+        log_action_msg "Usage: /etc/init.d/firetable {start|stop|restart}" || true
+        exit 1
 esac
 
 exit 0

man/firetable.1

@@ -190,4 +190,4 @@ Specify the path of the iptables binaries. Default points to /sbin/iptables for
 .SH AUTHOR
 Firetable is written by Hugo Leisink <hugo@leisink.net> in PHP. More info about Firetable at website:
 .br
-\fIhttp://projects.leisink.net/\fP
+\fIhttps://github.com/hsleisink/firetable\fP

src/firetable

@@ -13,7 +13,7 @@
 	 * GNU General Public License for more details.
 	 */
 
-	define("VERSION", "5.5");
+	define("VERSION", "5.6");
 	define("CONFIG_DIR", "/etc/firetable");
 
 	define("NORMAL", "\x1b[0m");
@@ -128,8 +128,8 @@
 		private $script = null;
 		private $server = null;
 		private $settings = array(
-			"iptables4"    => "/sbin/iptables",
-			"iptables6"    => "/sbin/ip6tables",
+			"iptables4"    => "/usr/sbin/iptables",
+			"iptables6"    => "/usr/sbin/ip6tables",
 			"enable_ipv4"  => false,
 			"enable_ipv6"  => false,
 			"enable_nat"   => false,
@@ -189,6 +189,8 @@
 				return false;
 			}
 
+			$previous = "";
+
 			$content = array();
 			while (($line = fgets($fp)) !== false) {
 				$line = trim(preg_replace('/#.*/', "", $line));
@@ -198,7 +200,14 @@
 				$line = str_replace("\t", " ", $line);
 				$line = preg_replace('/  +/', " ", $line);
 
+				if (substr($previous, -1) == "\\") {
+					array_pop($content);
+					$line = substr($previous, 0, -1).$line;
+				}
+
 				array_push($content, $line);
+
+				$previous = $line;
 			}
 
 			fclose($fp);
@@ -805,9 +814,9 @@
 
 			foreach ($interfaces as $interface) {
 				if ($this->ip_version == 4) {
-					$this->server = trim(exec("ip addr list ".$interface." | grep 'inet ' | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1"));
+					$this->server = trim(exec("ip addr list ".$interface." | grep 'inet ' | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1 | head -n 1"));
 				} else {
-					$this->server = trim(exec("ip addr list ".$interface." | grep 'scope global' | grep inet6 | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1"));
+					$this->server = trim(exec("ip addr list ".$interface." | grep inet6 | grep 'scope global' | sed 's/^ *//' | cut -d' ' -f2 | cut -d/ -f1 | head -n 1"));
 				}
 
 				if ($this->server == "") {
@@ -1175,8 +1184,12 @@
 		 * ERROR:  -
 		 */
 		private function show_usage() {
-			print "Usage: ".$this->script." [-4|-6] {start|stop|restart|debug} [<interface>...]\n";
-			print "       ".$this->script." {flush|status}\n";
+			print "Usage: ".$this->script." [options]\n";
+			print "Options: [-4|-6] {start|stop|restart|debug} [<interface>...]\n";
+			print "         flush: flush all firewall rules\n";
+			print "         status: show the active rules\n";
+			print "         -h: show this help information\n";
+			print "         -v: show version information\n";
 		}
 
 		/* Main firetable routine
@@ -1187,16 +1200,25 @@
 		 */
 		public function execute($args) {
 			if ($this->settings["enable_ipv".$this->ip_version] == false) {
-				return;
+				return true;
 			}
 
+			/* Check binaries
+			 */
+			$binary = $this->settings["iptables".$this->ip_version];
+			if (file_exists($binary) == false) {
+				printf("Binary %s not found.\n", $binary);
+				return false;
+			}
+
+
 			$this->script = array_shift($args);
 			$command = array_shift($args);
 
 			if (count($args) == 0) {
 				if (($dp = opendir(CONFIG_DIR)) == false) {
 					print "Error reading configuration directory.\n";
-					return;
+					return false;
 				}
 
 				while (($file = readdir($dp)) != false) {
@@ -1245,9 +1267,13 @@
 					$this->debug = true;
 					$this->iptables->debug = true;
 					return $this->start($args);
-				default:
+				case "-h":
+				case "":
 					$this->show_usage();
 					return false;
+				default:
+					print "Unknown option. Use '-h' for help.\n";
+					return false;
 			}
 
 			return true;
@@ -1279,8 +1305,7 @@
 	error_reporting(E_ALL & ~E_NOTICE);
 
 	if ($argv[1] == "-v") {
-		printf("Firetable v%s (iptables firewall management tool)\n", VERSION);
-		printf("Copyright (C) by Hugo Leisink <hugo@leisink.net>\n");
+		printf("Firetable v%s, copyright (C) by Hugo Leisink <hugo@leisink.net>\n", VERSION);
 		return;
 	}