r8: - don't import ssh bruteforce rules if there are already some rules

author Dinko Korunic <Dinko.Korunic@CARNet.hr>

Thu, 20 Sep 2007 14:10:31 +0000 (14:10 +0000)

committer Dinko Korunic <Dinko.Korunic@CARNet.hr>

Thu, 20 Sep 2007 14:10:31 +0000 (14:10 +0000)
author Dinko Korunic <Dinko.Korunic@CARNet.hr>
Thu, 20 Sep 2007 14:10:31 +0000 (14:10 +0000)
committer Dinko Korunic <Dinko.Korunic@CARNet.hr>
Thu, 20 Sep 2007 14:10:31 +0000 (14:10 +0000)
diff --git a/debian/postinst b/debian/postinst

index 9293ede..54c8a67 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -48,12 +48,12 @@ fi
  # REJECT recent if there is none..
  # also, save current set of rules into active and inactive configuration
  if [ ! -e /var/lib/iptables/active ]; then
-    . /usr/share/doc/iptables-cn/examples/ssh-bruteforce
-    iptables-save > /var/lib/iptables/active
+    if ! iptables-save | grep '^-' >/dev/null; then
+        echo "CN: Netfilter rules empty: importing SSH bruteforce rules"
+        . /usr/share/doc/iptables-cn/examples/ssh-bruteforce
+        iptables-save > /var/lib/iptables/active
+    fi
  fi
-if [ ! -e /var/lib/iptables/inactive ]; then
-   cp /var/lib/iptables/active /var/lib/iptables/inactive 
-fi 
  
  # dh_installdeb will replace this with shell code automatically
  # generated by other debhelper scripts.
author	Dinko Korunic <Dinko.Korunic@CARNet.hr>
	Thu, 20 Sep 2007 14:10:31 +0000 (14:10 +0000)
committer	Dinko Korunic <Dinko.Korunic@CARNet.hr>
	Thu, 20 Sep 2007 14:10:31 +0000 (14:10 +0000)