From a2eb21bfe25045ab2959af4ed70543cbf6aa2bb5 Mon Sep 17 00:00:00 2001
From: Darren 'Tadgy' Austin <darren@afterdark.org.uk>
Date: Sat, 30 May 2026 16:12:40 +0100
Subject: [PATCH] Handle merge conflicts.

---
 firewall-initscript | 62 +++++++++++++++++++++++++++------------------
 1 file changed, 38 insertions(+), 24 deletions(-)

diff --git a/firewall-initscript b/firewall-initscript
index f19c2f1..cf00b53 100755
--- a/firewall-initscript
+++ b/firewall-initscript
@@ -1,34 +1,37 @@
 #!/bin/bash
 # Restore firewall state at boot, and store it at shutdown.
+# Version: 0.1.1
 ### BEGIN INIT INFO
 # Provides:          firewall
 # Required-Start:    $network
 # Required-Stop:     $network
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
+# Default-Start:     1 2 3 4 5
+# Default-Stop:      0 6
 # Short-Description: Firewalls' state save/restore/flush
 # Description:       Store the firewalls' state at shutdown, and restores it at boot.
 #                    Aalso set the firewalls to a default state, and flush all rules.
 ### END INIT INFO
 
-DEFAULT_V4="/etc/firewall/default_v4.rules"
-DEFAULT_V6="/etc/firewall/default_v6.rules"
-STATE_V4="/etc/firewall/state_v4.rules"
-STATE_V6="/etc/firewall/state_v6.rules"
+SYSTEM_DIR="/etc/firewall"
+LOCAL_DIR="/root/.local/etc/firewall"
+DEFAULT_V4="default_v4.rules"
+DEFAULT_V6="default_v6.rules"
+STATE_V4="state_v4.rules"
+STATE_V6="state_v6.rules"
 
 # Confirm the iptables utilities are available.
 [[ ! -x "/usr/sbin/iptables" ]] || [[ ! -x "/usr/sbin/ip6tables" ]] || [[ ! -x "/usr/sbin/iptables-save" ]] || [[ ! -x "/usr/sbin/iptables-restore" ]] || [[ ! -x "/usr/sbin/ip6tables-save" ]] || [[ ! -x "/usr/sbin/ip6tables-restore" ]] && {
-  printf "%s: %s\\n" "${0##*/}" "iptables package not installed!" >&2
+  printf "%s: %s\\n" "${0##*/}" "iptables package not installed" >&2
   exit 1
 }
 
-firewall_states_restore() {
+states_restore() {
   local ERR=0
 
   # Restore the saved (or default) v4 firewall state.
-  iptables-restore "$STATE_V4" 2>/dev/null || {
+  iptables-restore "$RULES_DIR/$STATE_V4" 2>/dev/null || {
     printf "%s: %s" "${0##*/}" "failed to restore saved" >&2
-    if iptables-restore "$DEFAULT_V4" 2>/dev/null; then
+    if iptables-restore "$$RULES_DIR/DEFAULT_V4" 2>/dev/null; then
       printf "%s" ", only default" >&2
     else
       printf " %s" "and default" >&2
@@ -38,9 +41,9 @@ firewall_states_restore() {
   }
 
   # Restore the saved (or default) v6 firewall state.
-  ip6tables-restore "$STATE_V6" 2>/dev/null || {
+  ip6tables-restore "$RULES_DIR/$STATE_V6" 2>/dev/null || {
     printf "%s: %s" "${0##*/}" "failed to restore saved" >&2
-    if ip6tables-restore "$DEFAULT_V6" 2>/dev/null; then
+    if ip6tables-restore "$RULES_DIR/$DEFAULT_V6" 2>/dev/null; then
       printf "%s" ", only default" >&2
     else
       printf " %s" "and default" >&2
@@ -52,17 +55,17 @@ firewall_states_restore() {
   return "$ERR"
 }
 
-firewall_states_save() {
+states_save() {
   local ERR=0
 
   # Store the state of the v4 firewall.
-  iptables-save >"$STATE_V4" 2>/dev/null || {
+  iptables-save >"$RULES_DIR/$STATE_V4" 2>/dev/null || {
     printf "%s: %s\\n" "${0##*/}" "failed to save v4 firewall state" >&2
     ERR=1
   }
 
   # Store the state of the v6 firewall.
-  ip6tables-save >"$STATE_V6" 2>/dev/null || {
+  ip6tables-save >"$RULES_DIR/$STATE_V6" 2>/dev/null || {
     printf "%s: %s\\n" "${0##*/}" "failed to save v6 firewall state" >&2
     ERR=1
   }
@@ -70,17 +73,17 @@ firewall_states_save() {
   return "$ERR"
 }
 
-firewall_defaults_restore() {
+defaults_restore() {
   local ERR=0
 
   # Restore the default v4 firewall state.
-  iptables-restore "$DEFAULT_V4" 2>/dev/null || {
+  iptables-restore "$RULES_DIR/$DEFAULT_V4" 2>/dev/null || {
     printf "%s: %s\\n" "${0##*/}" "failed to restore default v4 firewall state" >&2
     ERR=1
   }
 
   # Restore the default v6 firewall state.
-  ip6tables-restore "$DEFAULT_V6" 2>/dev/null || {
+  ip6tables-restore "$RULES_DIR/$DEFAULT_V6" 2>/dev/null || {
     printf "%s: %s\\n" "${0##*/}" "failed to restore default v6 firewall state" >&2
     ERR=1
   }
@@ -88,7 +91,7 @@ firewall_defaults_restore() {
   return "$ERR"
 }
 
-firewall_flush() {
+flush() {
   # Set the default policies to ACCEPT.
   iptables -P INPUT ACCEPT
   ip6tables -P INPUT ACCEPT
@@ -116,24 +119,35 @@ firewall_flush() {
   return 0	# All the above commands should never fail.
 }
 
+# Locate the rules directory.
+# We need to support the LOCAL_DIR because on the SANs you can't put config files in /etc and have them persist over a reboot or upgrade.
+if [[ -d "$LOCAL_DIR" ]]; then
+  RULES_DIR="$LOCAL_DIR"
+elif [[ -d "$SYSTEM_DIR" ]]; then
+  RULES_DIR="$SYSTEM_DIR"
+else
+  printf "%s: %s\\n" "${0##*/}" "no rules directory found"
+  exit 1
+fi
+
 case "$1" in
   start|restart|reload|force-reload)
-    firewall_states_restore
+    states_restore
     exit "$?"
     ;;
   stop)
-    firewall_states_save
+    states_save
     exit "$?"
     ;;
   defaults)
-    firewall_defaults_restore || {
+    defaults_restore || {
       printf "%s: %s\\n" "${0##*/}" "failed to restore default firewall state" >&2
       exit 1
     }
-    echo "$?"
+    exit "$?"
     ;;
   flush)
-    firewall_flush	# Should never fail.
+    flush	# Should never fail.
     ;;
   *)
     printf "%s %s\\n" "${0##*/}" "<start|stop|restart|reload|force-reload|defaults|flush>"