- configure a firewall by default in secure level >= 3

- allow auto_install parameter {firewall_ports}

2 files changed, 18 insertions, 1 deletions

diff --git a/perl-install/install_steps.pm b/perl-install/install_steps.pm
index 8ccaa2ecd..7705794ee 100644
--- a/perl-install/install_steps.pm
+++ b/perl-install/install_steps.pm
@@ -658,6 +658,21 @@ sub configureNetwork {
 	$o->{netcnx}{type} = 'lan';
 	$o->{netcnx}{$_} = $o->{netc}{$_} foreach qw(NET_DEVICE NET_INTERFACE);
     }
+
+    configure_firewall($o) if !$o->{isUpgrade};
+}
+
+sub configure_firewall {
+    my ($o) = @_;
+
+    if (!exists $o->{firewall_ports} && $o->{security} >= 3) {
+	require network::drakfirewall;
+	$o->{firewall_ports} = network::drakfirewall::default_ports($o->do_pkgs);
+    }
+    if ($o->{firewall_ports}) {
+	require network::drakfirewall;
+	network::drakfirewall::set_ports($o->do_pkgs, 0, $o->{firewall_ports});
+    }
 }
 
 #------------------------------------------------------------------------------
diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm
index 9b5fb997e..a23c6e060 100644
--- a/perl-install/install_steps_interactive.pm
+++ b/perl-install/install_steps_interactive.pm
@@ -1101,7 +1101,9 @@ sub summary {
 	},
 	clicked => sub { 
 	    require network::drakfirewall;
-	    network::drakfirewall::main($o, $o->{security} <= 3);
+	    if (my @rc = network::drakfirewall::main($o, $o->{security} <= 3)) {
+		$o->{firewall_ports} = !$rc[0] && $rc[1];
+	    }
 	},
     } if detect_devices::getNet();