--- apf-firewall-9.7+rev1.orig/debian/README.Debian
+++ apf-firewall-9.7+rev1/debian/README.Debian
@@ -0,0 +1,30 @@
+apf-firewall for Debian
+-----------------------
+
+On your first installation of APF it will come pretty bare in the way of 
+preconfigured options, this is intentional. The most common issue with many
+firewalls is that they come configured with so many options that a user may
+never use or disable, that it leaves systems riddled with firewall holes.
+
+APF comes configured with only a single incoming port
+enabled by default and that is port 22 (SSH)
+
+The main APF configuration file is located at /etc/apf-firewall/conf.apf and has 
+detailed usage information above all configuration variables. The file uses
+integer based values for setting configuration options and they are
+0 = disabled
+1 = enabled
+
+DEVEL_MODE
+----------
+This tells APF to run in a development mode which in short means
+that the firewall will shut itself off every 5 minutes from a cronjob. When
+you install any version of APF, upgrade or new install, this feature is by 
+default enabled to make sure the user does not lock themself out of the 
+system with configuration errors. Once you are satisfied that you have the
+firewall configured and operating as intended then you must disable it.
+
+When you are ready, you should edit /etc/default/apf-firewall and APF will start
+at boot.
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 18 Aug 2008 11:21:41 +0200
--- apf-firewall-9.7+rev1.orig/debian/README.source
+++ apf-firewall-9.7+rev1/debian/README.source
@@ -0,0 +1,58 @@
+This package uses quilt to manage all modifications to the upstream
+source.  Changes are stored in the source package as diffs in
+debian/patches and applied during the build.
+
+To configure quilt to use debian/patches instead of patches, you want
+either to export QUILT_PATCHES=debian/patches in your environment
+or use this snippet in your ~/.quiltrc:
+
+    for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do
+        if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then
+                export QUILT_PATCHES=debian/patches
+                break
+        fi
+    done
+
+To get the fully patched source after unpacking the source package, cd to
+the root level of the source package and run:
+
+    quilt push -a
+
+The last patch listed in debian/patches/series will become the current
+patch.
+
+To add a new set of changes, first run quilt push -a, and then run:
+
+    quilt new <patch>
+
+where <patch> is a descriptive name for the patch, used as the filename in
+debian/patches.  Then, for every file that will be modified by this patch,
+run:
+
+    quilt add <file>
+
+before editing those files.  You must tell quilt with quilt add what files
+will be part of the patch before making changes or quilt will not work
+properly.  After editing the files, run:
+
+    quilt refresh
+
+to save the results as a patch.
+
+Alternately, if you already have an external patch and you just want to
+add it to the build system, run quilt push -a and then:
+
+    quilt import -P <patch> /path/to/patch
+    quilt push -a
+
+(add -p 0 to quilt import if needed). <patch> as above is the filename to
+use in debian/patches.  The last quilt push -a will apply the patch to
+make sure it works properly.
+
+To remove an existing patch from the list of patches that will be applied,
+run:
+
+    quilt delete <patch>
+
+You may need to run quilt pop -a to unapply patches first before running
+this command.
--- apf-firewall-9.7+rev1.orig/debian/apf-firewall.cron.daily
+++ apf-firewall-9.7+rev1/debian/apf-firewall.cron.daily
@@ -0,0 +1,10 @@
+#! /bin/sh
+
+. /etc/default/apf-firewall
+if [ "x$RUN" != "xyes" ] ; then
+	exit 0
+fi
+
+/usr/sbin/apf -f >> /dev/null 2>&1
+/usr/sbin/apf -s >> /dev/null 2>&1
+
--- apf-firewall-9.7+rev1.orig/debian/apf-firewall.default
+++ apf-firewall-9.7+rev1/debian/apf-firewall.default
@@ -0,0 +1,8 @@
+# Defaults for apf-firewall initscript
+# sourced by /etc/init.d/apf-firewall
+# installed at /etc/default/apf-firewall by the maintainer scripts
+
+# Configure APF editing /etc/apf-firewall files (conf.apf is the principal config files)
+# Modify to RUN="yes" when you are ready
+RUN="no"
+
--- apf-firewall-9.7+rev1.orig/debian/apf-firewall.init
+++ apf-firewall-9.7+rev1/debian/apf-firewall.init
@@ -0,0 +1,70 @@
+#!/bin/sh
+#
+### BEGIN INIT INFO
+# Provides:          apf-firewall
+# Required-Start:    $network $local_fs $remote_fs
+# Required-Stop:     $network $local_fs $remote_fs
+# Should-Start:      
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start apf-firewall at boot time
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+DAEMON=/usr/sbin/apf
+INAME="apf-firewall"
+DESC="easy iptables based firewall system"
+LOGDIR=/var/log  # Log directory to use
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+
+# Include defaults if available
+if [ -f /etc/default/$INAME ] ; then
+	. /etc/default/$INAME
+fi
+
+# Use this if you want the user to explicitly set 'RUN' in
+# /etc/default/
+if [ "x$RUN" != "xyes" ] ; then
+    log_failure_msg "$INAME disabled, please adjust the configuration to your needs "
+    log_failure_msg "and then set RUN to 'yes' in /etc/default/$INAME to enable it."
+    exit 0
+fi
+
+set -e
+
+case "$1" in
+  start)
+	log_daemon_msg "Starting $DESC " "$INAME"
+	/usr/sbin/apf --start >> /dev/null 2>&1
+	log_end_msg $?
+	;;
+  stop)
+        log_daemon_msg "Stopping $DESC" "$INAME"
+        /usr/sbin/apf --stop >> /dev/null 2>&1
+	log_end_msg $?
+        ;;
+  restart|force-reload)
+        log_daemon_msg "Restarting $DESC" "$INAME"
+	log_end_msg $?
+	$0 stop
+	$0 start
+	;;
+  reload)
+        log_daemon_msg "Reloading $DESC configuration files" "$iNAME"
+	/usr/sbin/apf --refresh >> /dev/null 2>&1
+	log_end_msg $?
+        ;;
+  *)
+	N=/etc/init.d/$INAME
+	echo "Usage: $N {start|stop|restart|force-reload|reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
--- apf-firewall-9.7+rev1.orig/debian/apf-firewall.install
+++ apf-firewall-9.7+rev1/debian/apf-firewall.install
@@ -0,0 +1,3 @@
+files/apf usr/sbin
+files/* etc/apf-firewall
+.ca.def usr/share/doc/apf-firewall/extras
--- apf-firewall-9.7+rev1.orig/debian/apf-firewall.logrotate
+++ apf-firewall-9.7+rev1/debian/apf-firewall.logrotate
@@ -0,0 +1,9 @@
+/var/log/apfados_log /var/log/apf_log {
+	missingok
+	weekly
+	rotate 7
+	compress
+	postrotate
+	endscript
+}
+
--- apf-firewall-9.7+rev1.orig/debian/apf.1
+++ apf-firewall-9.7+rev1/debian/apf.1
@@ -0,0 +1,77 @@
+.TH APF 1 "August 17, 2008"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+apf \- easy iptables based firewall system
+.SH SYNOPSIS
+.B apf
+.SH DESCRIPTION
+This manual page documents briefly the
+.B apf 
+command.
+This manual page was written for the Debian distribution
+because the original program does not have a manual page.
+.PP
+Advanced Policy Firewall (\fBAPF\fP) is an iptables (netfilter) based firewall
+system designed around the essential needs of today's Internet deployed
+servers and the unique needs of custom deployed Linux installations. The
+configuration of APF is designed to be very informative and present the
+user with an easy to follow process, from top to bottom of the
+configuration file. The management of APF on a day-to-day basis is
+conducted from the command line with the 'apf' command, which includes
+detailed usage information and all the features one would expect from a
+current and forward thinking firewall solution.
+.SH OPTIONS
+.B apf
+follow the usual GNU command line syntax, with long
+options starting with two dashes (`-').
+A summary of options is included below.
+.TP
+.TP
+.B \-s|\-\-start
+load all firewall rules
+.TP
+.B \-r|\-\-restart
+stop (flush) & reload firewall rules
+.TP
+.B \-l|\-\-list
+list all firewall rules
+.TP
+.B \-t|\-\-status
+output firewall status log
+.TP
+.B \-e|\-\-refresh
+refresh & resolve dns names in trust rules
+.TP
+.B \-a <HOST CMT|\-\-allow <HOST COMMENT>
+add host (IP/FQDN) to allow_hosts.rules and
+immediately load new rule into firewall
+.TP
+.B \-d <HOST CMT|\-\-deny <HOST COMMENT>
+add host (IP/FQDN) to deny_hosts.rules and
+immediately load new rule into firewall
+.TP
+.B \-u <HOST>|\-\-remove <HOST>
+remove host from [glob]*_hosts.rules
+and immediately remove rule from firewall
+.TP
+.B \-o|\-\-ovars
+output all configuration options
+.SH COPYRIGHT
+Copyright \(co 1999-2007, R-fx Networks <proj@r-fx.org>
+.br
+Copyright \(co 2007, Ryan MacDonald <ryan@r-fx.org>
+This program may be freely redistributed under the terms of the GNU GPL
+.PP
+This manual page was written by Giuseppe Iuculano <giuseppe@iuculano.it>,
+for the Debian project (but may be used by others).
--- apf-firewall-9.7+rev1.orig/debian/changelog
+++ apf-firewall-9.7+rev1/debian/changelog
@@ -0,0 +1,67 @@
+apf-firewall (9.7+rev1-3+deb8u1) jessie; urgency=medium
+
+  * QA upload.
+  * Set maintainer field to Debian QA Group.
+  * Add patch from Christoph Biedl to make it work with
+    kernel 3.x and newer. (Closes: #701674)
+
+ -- Adrian Bunk <bunk@debian.org>  Fri, 28 Apr 2017 14:01:55 +0300
+
+apf-firewall (9.7+rev1-3) unstable; urgency=low
+
+  * [7e08452] Added iproute in Depends (Closes: #631594)
+  * [a219c1e] Refreshed reserved.networks files (Closes: #627157)
+  * [77f1a7c] Fixed the check_rab function (Closes: #633649)
+  * [803f5fb] Bump to Standards-Version 3.9.2, no changes needed
+
+ -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 15 Jul 2011 11:54:59 +0200
+
+apf-firewall (9.7+rev1-2) unstable; urgency=low
+
+  * [979a674] Updated my email address
+  * [a64f71f] Bump Standards-Version, no changes needed
+  * [f8d719f] init: Added $network $local_fs $remote_fs in Required-Stop
+  * [cc35d15] Added a README.source
+
+ -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 03 Mar 2010 15:38:09 +0100
+
+apf-firewall (9.7+rev1-1) unstable; urgency=low
+
+  * [2a35eda] Imported Upstream version 9.7+rev1
+  * [99a4772] Refreshing patches
+  * [00800d6] debian/control: Updated homepage field
+  * [9e8cb5e] Updated to standards version 3.8.2 (No changes needed)
+  * [b0e956e] Added wget in Depends
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 14 Jul 2009 17:46:08 +0200
+
+apf-firewall (9.6+rev5-3) unstable; urgency=low
+
+  * [ee70a07] Do not run cron.daily if /etc/default/apf-firewall hasn't
+    RUN=yes. (Closes: #517961)
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 03 Mar 2009 21:47:15 +0100
+
+apf-firewall (9.6+rev5-2) unstable; urgency=low
+
+  * [a5773ac] debian/rules: Use dh_prep instead of dh_clean -k and fix
+    dh-clean-k-is-deprecated lintian warning
+  * [79ba2e5] debian/copyright: Use © symbol and fix copyright-with-old-
+    dh-make-debian-copyright lintian warning
+  * [623ba1e] debian/apf-firewall.init: Added log_end_msg to avoid bad
+    formatting
+  * [0c18b65] Switch to quilt
+  * [ade7c24] debian/patches/01_fix_path.patch: Use /usr/sbin/apf
+    instead of /etc/apf-firewall/apf
+  * [928ef93] debian/rules: Do not install /etc/apf-firewall/apf
+  * [cb21d95] debian/apf-firewall.logrotate: Added weekly, rotate 7, and
+    compress options
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Wed, 25 Feb 2009 15:30:31 +0100
+
+apf-firewall (9.6+rev5-1) unstable; urgency=low
+
+  * Initial release (Closes: #495284)
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Fri, 29 Aug 2008 10:43:29 +0200
+
--- apf-firewall-9.7+rev1.orig/debian/compat
+++ apf-firewall-9.7+rev1/debian/compat
@@ -0,0 +1 @@
+7
--- apf-firewall-9.7+rev1.orig/debian/control
+++ apf-firewall-9.7+rev1/debian/control
@@ -0,0 +1,62 @@
+Source: apf-firewall
+Section: net
+Priority: optional
+Maintainer: Debian QA Group <packages@qa.debian.org>
+Build-Depends: quilt (>= 0.40), debhelper (>= 7)
+Standards-Version: 3.9.2
+Homepage: http://www.rfxn.com/projects/advanced-policy-firewall/
+
+Package: apf-firewall
+Architecture: all
+Depends: ${misc:Depends}, iptables, lsb-base, wget, iproute
+Description: easy iptables based firewall system
+ Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall
+ system designed around the essential needs of today's Internet deployed
+ servers and the unique needs of custom deployed Linux installations. The
+ configuration of APF is designed to be very informative and present the
+ user with an easy to follow process, from top to bottom of the
+ configuration file. The management of APF on a day-to-day basis is
+ conducted from the command line with the 'apf' command, which includes
+ detailed usage information and all the features one would expect from a
+ current and forward thinking firewall solution.
+ .
+ Summary of features:
+   * detailed and well commented configuration file
+   * granular inbound and outbound network filtering
+   * user id based outbound network filtering
+   * application based network filtering
+   * trust based rule files with an optional advanced syntax
+   * global trust system where rules can be downloaded from a central
+     management server
+   * reactive address blocking (RAB), next generation in-line intrusion
+     prevention
+   * debug mode provided for testing new features and configuration setups
+   * fast load feature that allows for 1000+ rules to load in under 1 second
+   * inbound and outbound network interfaces can be independently configured
+   * global tcp/udp port & icmp type filtering with multiple methods of
+     executing filters (drop, reject, prohibit)
+   * configurable policies for each ip on the system with convenience variables
+     to import settings
+   * packet flow rate limiting that prevents abuse on the most widely abused
+     protocol, icmp
+   * prerouting and postrouting rules for optimal network performance
+   * dshield.org block list support to ban networks exhibiting suspicious
+     activity
+   * spamhaus Don't Route Or Peer List support to ban known "hijacked zombie"
+     IP blocks
+   * any number of additional interfaces may be configured as firewalled
+     (untrusted) or trusted (not firewalled)
+   * additional firewalled interfaces can have there own unique firewall
+     policies applied
+   * intelligent route verification to prevent embarrassing configuration
+     errors
+   * advanced packet sanity checks to make sure traffic coming and going meets
+     the strictest of standards
+   * filter attacks such as fragmented UDP, port zero floods, stuffed routing,
+     arp poisoning and more
+   * configurable type of service options to dictate the priority of different
+     types of network traffic
+   * intelligent default settings to meet every day server setups
+   * dynamic configuration of your servers local DNS revolvers into the firewall
+   * optional filtering of common p2p applications
+   * optional filtering of private & reserved IP address space
--- apf-firewall-9.7+rev1.orig/debian/copyright
+++ apf-firewall-9.7+rev1/debian/copyright
@@ -0,0 +1,37 @@
+This package was debianized by Giuseppe Iuculano <giuseppe@iuculano.it> on
+Sun, 17 Aug 2008 17:45:41 +0200.
+
+It was downloaded from http://www.r-fx.org/apf.php
+
+Upstream Author: R-fx Networks <proj@r-fx.org>
+
+Copyright:
+	Copyright (C) 1999-2007, R-fx Networks <proj@r-fx.org>
+	Copyright (C) 2007, Ryan MacDonald <ryan@r-fx.org>
+
+License:
+
+    This package is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This package is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this package; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.
+
+The Debian packaging is © 2008, Giuseppe Iuculano <giuseppe@iuculano.it> and
+is licensed under the GPL, see above.
+
+files/extras/dshield/dshield-3.2.tar.gz:
+    Copyright (c) 2001, 2002 Eelco Lempsink (eelcolempsink@gmx.net)
+                  and Andrew R. Jones (arjones@simultan.dyndns.org)
+    License: GPL (See above)
--- apf-firewall-9.7+rev1.orig/debian/dirs
+++ apf-firewall-9.7+rev1/debian/dirs
@@ -0,0 +1,2 @@
+usr/sbin
+etc/apf-firewall
--- apf-firewall-9.7+rev1.orig/debian/docs
+++ apf-firewall-9.7+rev1/debian/docs
@@ -0,0 +1,2 @@
+README.apf
+files/extras
--- apf-firewall-9.7+rev1.orig/debian/patches/01_fix_path.patch
+++ apf-firewall-9.7+rev1/debian/patches/01_fix_path.patch
@@ -0,0 +1,436 @@
+Author: Giuseppe Iuculano <giuseppe@iuculano.it>
+Description: Use /etc/apt-firewall
+--- a/files/apf
++++ b/files/apf
+@@ -21,7 +21,7 @@
+ ###
+ #
+ VER="9.7"
+-CNF="/etc/apf/conf.apf"
++CNF="/etc/apf-firewall/conf.apf"
+ 
+ head() {
+ echo "APF version $VER <apf@r-fx.org>"
+@@ -92,13 +92,13 @@ if [ ! -f "$INSTALL_PATH/internals/.md5.
+ fi
+ 
+ if [ ! -f "$INSTALL_PATH/internals/.last.vars" ]; then
+-	$INSTALL_PATH/apf -o > $INSTALL_PATH/internals/.last.vars
++	/usr/sbin/apf -o > $INSTALL_PATH/internals/.last.vars
+ 	SKIP_FASTLOAD_VARS=1
+ else
+-	$INSTALL_PATH/apf -o > $INSTALL_PATH/internals/.last.vars.new
++	/usr/sbin/apf -o > $INSTALL_PATH/internals/.last.vars.new
+ 	VARS_DIFF=`$DIFF $INSTALL_PATH/internals/.last.vars.new $INSTALL_PATH/internals/.last.vars`
+ 	if [ ! "$VARS_DIFF" == "" ]; then
+-	        $INSTALL_PATH/apf -o > $INSTALL_PATH/internals/.last.vars
++	        /usr/sbin/apf -o > $INSTALL_PATH/internals/.last.vars
+ 		SKIP_FASTLOAD_VARS=1
+ 	fi
+ fi
+--- a/files/conf.apf
++++ b/files/conf.apf
+@@ -20,7 +20,7 @@
+ DEVEL_MODE="1"
+ 
+ # The installation path of APF; this can be changed but it is not recommended.
+-INSTALL_PATH="/etc/apf"
++INSTALL_PATH="/etc/apf-firewall"
+ 
+ # Untrusted Network interface(s); all traffic on defined interface will be
+ # subject to all firewall rules. This should be your internet exposed
+@@ -51,7 +51,7 @@ SET_VERBOSE="1"
+ SET_FASTLOAD="0"
+ 
+ # Virtual Network Sub-System (VNET) creates independent policy rule set for
+-# each IP on a system to /etc/apf/vnet/IP.rules. These rule files can be 
++# each IP on a system to /etc/apf-firewall/vnet/IP.rules. These rule files can be
+ # configured with conf.apf variables for unique but convenient firewall 
+ # policies or custom iptables entries for even greater flexibility.
+ SET_VNET="0"
+--- a/files/extras/importconf
++++ b/files/extras/importconf
+@@ -20,24 +20,24 @@
+ #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ ###
+ #
+-INSTALL_PATH="/etc/apf"
++INSTALL_PATH="/etc/apf-firewall"
+ DEF=".ca.def"
+ DOUT=".conf.apf"
+ 
+-if [ -d "/etc/apf.bk.last" ]; then
++if [ -d "/etc/apf-firewall.bk.last" ]; then
+ # get all the vars from current release
+-. /etc/apf/conf.apf
++. /etc/apf-firewall/conf.apf
+ # replace with any vars old release had
+-. /etc/apf.bk.last/conf.apf
++. /etc/apf-firewall.bk.last/conf.apf
+ # generate new conf
+ . $DEF
+ 
+ cp -f $INSTALL_PATH/conf.apf $INSTALL_PATH/conf.apf.orig
+ cp -f $DOUT $INSTALL_PATH/conf.apf
+-cp -f /etc/apf.bk.last/*_hosts.rules /etc/apf/
+-cp -f /etc/apf.bk.last/vnet/*.rules /etc/apf/vnet/
++cp -f /etc/apf-firewall.bk.last/*_hosts.rules /etc/apf-firewall/
++cp -f /etc/apf-firewall.bk.last/vnet/*.rules /etc/apf-firewall/vnet/
+ 
+-OV=`cat /etc/apf.bk.last/VERSION | awk '{print$2}'`
+-NV=`cat /etc/apf/VERSION | awk '{print$2}'`
++OV=`cat /etc/apf-firewall.bk.last/VERSION | awk '{print$2}'`
++NV=`cat /etc/apf-firewall/VERSION | awk '{print$2}'`
+         echo "  Imported options from $OV to $NV."
+ fi
+--- a/files/firewall
++++ b/files/firewall
+@@ -20,7 +20,7 @@
+ #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ ###
+ #
+-CNF="/etc/apf/conf.apf"
++CNF="/etc/apf-firewall/conf.apf"
+ 
+ if [ -f "$CNF" ] && [ ! "$CNF" == "" ]; then
+    source $CNF
+--- a/files/internals/functions.apf
++++ b/files/internals/functions.apf
+@@ -41,20 +41,20 @@ if [ "$DEVEL_MODE" == "1" ]; then
+ 	eout "{glob} !!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes."
+ 	echo "!!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes."
+  fi
+-APF_CJ=`cat $CRON | grep -w /etc/init.d/apf`
++APF_CJ=`cat $CRON | grep -w /etc/init.d/apf-firewall`
+         if [ "$APF_CJ" == "" ]; then
+                 cp -f $CRON $CRON.bk
+                 cat > $TMP_CJ <<EOF
+ 
+-*/5 * * * * root /etc/init.d/apf stop >> /dev/null 2>&1
++*/5 * * * * root /etc/init.d/apf-firewall stop >> /dev/null 2>&1
+ EOF
+                 cat $TMP_CJ >> $CRON
+                 rm -f $TMP_CJ
+         fi
+ elif [ "$DEVEL_MODE" == "0" ]; then
+-APF_CJ=`cat $CRON | grep -w /etc/init.d/apf`
++APF_CJ=`cat $CRON | grep -w /etc/init.d/apf-firewall`
+         if [ ! "$APF_CJ" == "" ]; then
+-                cat $CRON | grep -vw "/etc/init.d/apf" > $CRON.tmp
++                cat $CRON | grep -vw "/etc/init.d/apf-firewall" > $CRON.tmp
+                 cp -f $CRON $CRON.bk
+                 mv $CRON.tmp $CRON
+                 chmod 644 $CRON
+@@ -230,25 +230,25 @@ DIP=$1
+         $IPT -D TGDENY -s $DIP -j $ALL_STOP
+         $IPT -D TGDENY -d $DIP -j $ALL_STOP
+ 
+-	val=`cat /etc/apf/allow_hosts.rules | grep "$DIP"`
++	val=`cat /etc/apf-firewall/allow_hosts.rules | grep "$DIP"`
+ 	if [ ! "$val" == "" ]; then
+-		cat /etc/apf/allow_hosts.rules | grep -v "$DIP" > /etc/apf/allow_hosts.rules.new
+-		mv /etc/apf/allow_hosts.rules.new /etc/apf/allow_hosts.rules
++		cat /etc/apf-firewall/allow_hosts.rules | grep -v "$DIP" > /etc/apf-firewall/allow_hosts.rules.new
++		mv /etc/apf-firewall/allow_hosts.rules.new /etc/apf-firewall/allow_hosts.rules
+ 	fi
+-	val=`cat /etc/apf/deny_hosts.rules | grep "$DIP"`
++	val=`cat /etc/apf-firewall/deny_hosts.rules | grep "$DIP"`
+         if [ ! "$val" == "" ]; then
+-        	cat /etc/apf/deny_hosts.rules | grep -v "$DIP" > /etc/apf/deny_hosts.rules.new
+-	        mv /etc/apf/deny_hosts.rules.new /etc/apf/deny_hosts.rules
++        	cat /etc/apf-firewall/deny_hosts.rules | grep -v "$DIP" > /etc/apf-firewall/deny_hosts.rules.new
++	        mv /etc/apf-firewall/deny_hosts.rules.new /etc/apf-firewall/deny_hosts.rules
+ 	fi
+-	val=`cat /etc/apf/glob_allow_hosts.rules | grep "$DIP"`
++	val=`cat /etc/apf-firewall/glob_allow_hosts.rules | grep "$DIP"`
+         if [ ! "$val" == "" ]; then
+-        	cat /etc/apf/glob_allow_hosts.rules | grep -v "$DIP" > /etc/apf/glob_allow_hosts.rules.new
+-	        mv /etc/apf/glob_allow_hosts.rules.new /etc/apf/glob_allow_hosts.rules
++        	cat /etc/apf-firewall/glob_allow_hosts.rules | grep -v "$DIP" > /etc/apf-firewall/glob_allow_hosts.rules.new
++	        mv /etc/apf-firewall/glob_allow_hosts.rules.new /etc/apf-firewall/glob_allow_hosts.rules
+ 	fi
+-	val=`cat /etc/apf/glob_deny_hosts.rules | grep "$DIP"`
++	val=`cat /etc/apf-firewall/glob_deny_hosts.rules | grep "$DIP"`
+         if [ ! "$val" == "" ]; then
+-        	cat /etc/apf/glob_deny_hosts.rules | grep -v "$DIP" > /etc/apf/glob_deny_hosts.rules.new
+-	        mv /etc/apf/glob_deny_hosts.rules.new /etc/apf/glob_deny_hosts.rules
++        	cat /etc/apf-firewall/glob_deny_hosts.rules | grep -v "$DIP" > /etc/apf-firewall/glob_deny_hosts.rules.new
++	        mv /etc/apf-firewall/glob_deny_hosts.rules.new /etc/apf-firewall/glob_deny_hosts.rules
+ 	fi
+ 
+ 	dil=`$IPT --numeric --list INPUT --line-numbers | grep $DIP | awk '{print$1}'`
+@@ -378,7 +378,7 @@ fi
+ 
+ list() {
+ echo "Loading chain rules..."
+-iptc=/etc/apf/.ipt.chains
++iptc=/etc/apf-firewall/.ipt.chains
+ :> $iptc ; chmod 600 $iptc
+ $IPT --verbose --numeric --line-numbers --list >> $iptc
+ echo "Opening editor"
+@@ -519,7 +519,7 @@ fi
+ }
+ 
+ ovars() {
+-	nice -n 16 cat /etc/apf/conf.apf /etc/apf/internals/internals.conf | grep -v "#" | grep "=" | tr '=' ' ' | awk '{print""$"$1"}'
++	nice -n 16 cat /etc/apf-firewall/conf.apf /etc/apf-firewall/internals/internals.conf | grep -v "#" | grep "=" | tr '=' ' ' | awk '{print""$"$1"}'
+ }
+ 
+ allow_hosts() {
+@@ -1126,7 +1126,7 @@ dlist_resnet() {
+         chmod 600 $RESNET $RESNET.bk
+  fi
+ if [ -f "$WGET" ] && [ -f "$RESNET" ]; then
+-   URL_TMP="/etc/apf/.apf-$$"
++   URL_TMP="/etc/apf-firewall/.apf-$$"
+    rm -rf $URL_TMP
+    URL_FILE=`echo $DLIST_RESERVED_URL | tr '/' '\n' | grep "." | tail -n 1`
+    RD_CON="$DLIST_RESERVED_URL_PROT://$DLIST_RESERVED_URL"
+@@ -1145,7 +1145,7 @@ if [ -f "$WGET" ] && [ -f "$RESNET" ]; t
+ 	 fi
+    fi
+    rm -rf $URL_TMP
+-   cd /etc/apf
++   cd /etc/apf-firewall
+ else
+  if [ -f "$RESNET" ]; then
+ 	cp $RESNET.bk $RESNET
+@@ -1156,8 +1156,8 @@ fi
+ 
+ dlist_php() {
+ if [ ! "$DLIST_PHP_URL_PROT" == "" ] && [ ! "$DLIST_PHP_URL" == "" ] && [ "$DLIST_PHP" == "1" ] && [ -f "$WGET" ]; then
+-   URL_TMP="/etc/apf/.apf-$$"
+-   rm -rf $URL_TMP /etc/apf/.apf-*
++   URL_TMP="/etc/apf-firewall/.apf-$$"
++   rm -rf $URL_TMP /etc/apf-firewall/.apf-*
+    URL_FILE=`echo $DLIST_PHP_URL | tr '/' '\n' | grep "." | tail -n 1`
+    URL_CON="$DLIST_PHP_URL_PROT://$DLIST_PHP_URL"
+    mkdir $URL_TMP
+@@ -1178,7 +1178,7 @@ if [ ! "$DLIST_PHP_URL_PROT" == "" ] && 
+         eout "{php} download of $DLIST_PHP_URL_PROT://$DLIST_PHP_URL failed"
+    fi
+    rm -rf $URL_TMP
+-   cd /etc/apf
++   cd /etc/apf-firewall
+ else
+    rm -f $PHP_HOSTS
+    touch $PHP_HOSTS
+@@ -1207,8 +1207,8 @@ fi
+ 
+ dlist_dshield() {
+ if [ ! "$DLIST_DSHIELD_URL_PROT" == "" ] && [ ! "$DLIST_DSHIELD_URL" == "" ] && [ "$DLIST_DSHIELD" == "1" ] && [ -f "$WGET" ]; then
+-   URL_TMP="/etc/apf/.apf-$$"
+-   rm -rf $URL_TMP /etc/apf/.apf-*
++   URL_TMP="/etc/apf-firewall/.apf-$$"
++   rm -rf $URL_TMP /etc/apf-firewall/.apf-*
+    URL_FILE=`echo $DLIST_DSHIELD_URL | tr '/' '\n' | grep "." | tail -n 1`
+    URL_CON="$DLIST_DSHIELD_URL_PROT://$DLIST_DSHIELD_URL"
+    mkdir $URL_TMP
+@@ -1229,7 +1229,7 @@ if [ ! "$DLIST_DSHIELD_URL_PROT" == "" ]
+         eout "{dshield} download of $DLIST_DSHIELD_URL_PROT://$DLIST_DSHIELD_URL failed"
+    fi
+    rm -rf $URL_TMP
+-   cd /etc/apf
++   cd /etc/apf-firewall
+ else
+    rm -f $DS_HOSTS
+    touch $DS_HOSTS
+@@ -1258,8 +1258,8 @@ fi
+ 
+ dlist_spamhaus() {
+ if [ ! "$DLIST_SPAMHAUS_URL_PROT" == "" ] && [ ! "$DLIST_SPAMHAUS_URL" == "" ] && [ "$DLIST_SPAMHAUS" == "1" ] && [ -f "$WGET" ]; then
+-   URL_TMP="/etc/apf/.apf-$$"
+-   rm -rf $URL_TMP /etc/apf/.apf-*
++   URL_TMP="/etc/apf-firewall/.apf-$$"
++   rm -rf $URL_TMP /etc/apf-firewall/.apf-*
+    URL_FILE=`echo $DLIST_SPAMHAUS_URL | tr '/' '\n' | grep "." | tail -n 1`
+    URL_CON="$DLIST_SPAMHAUS_URL_PROT://$DLIST_SPAMHAUS_URL"
+    mkdir $URL_TMP
+@@ -1280,7 +1280,7 @@ if [ ! "$DLIST_SPAMHAUS_URL_PROT" == "" 
+         eout "{sdrop} download of $DLIST_SPAMHAUS_URL_PROT://$DLIST_SPAMHAUS_URL failed"
+    fi
+    rm -rf $URL_TMP
+-   cd /etc/apf
++   cd /etc/apf-firewall
+ else
+    rm -f $DROP_HOSTS
+    touch $DROP_HOSTS
+@@ -1310,8 +1310,8 @@ fi
+ 
+ dlist_ecnshame() {
+ if [ ! "$DLIST_ECNSHAME_URL_PROT" == "" ] && [ ! "$DLIST_ECNSHAME_URL" == "" ] && [ "$DLIST_ECNSHAME" == "1" ] && [ -f "$WGET" ]; then
+-   URL_TMP="/etc/apf/.apf-$$"
+-   rm -rf $URL_TMP /etc/apf/.apf-*
++   URL_TMP="/etc/apf-firewall/.apf-$$"
++   rm -rf $URL_TMP /etc/apf-firewall/.apf-*
+    URL_FILE=`echo $DLIST_ECNSHAME_URL | tr '/' '\n' | grep "." | tail -n 1`
+    URL_CON="$DLIST_ECNSHAME_URL_PROT://$DLIST_ECNSHAME_URL"
+    mkdir $URL_TMP
+@@ -1332,7 +1332,7 @@ if [ ! "$DLIST_ECNSHAME_URL_PROT" == "" 
+         eout "{ecnshame} download of $DLIST_ECNSHAME_URL_PROT://$DLIST_ECNSHAME_URL failed"
+    fi
+    rm -rf $URL_TMP
+-   cd /etc/apf
++   cd /etc/apf-firewall
+ else
+    rm -f $ECNSHAME_HOSTS
+    touch $ECNSHAME_HOSTS
+@@ -1353,7 +1353,7 @@ fi
+ 
+ glob_allow_download() {
+ if [ ! "$GA_URL_PROT" == "" ] && [ ! "$GA_URL" == "" ] && [ "$USE_RGT" == "1" ] && [ -f "$WGET" ]; then
+-   URL_TMP="/etc/apf/.apf-$$"
++   URL_TMP="/etc/apf-firewall/.apf-$$"
+    rm -rf $URL_TMP
+    URL_FILE=`echo $GA_URL | tr '/' '\n' | grep "." | tail -n 1`
+    GA_URL_CON="$GA_URL_PROT://$GA_URL"
+@@ -1368,7 +1368,7 @@ if [ ! "$GA_URL_PROT" == "" ] && [ ! "$G
+         eout "{trust} download of $GA_URL_PROT://$GA_URL failed"
+    fi
+    rm -rf $URL_TMP
+-   cd /etc/apf
++   cd /etc/apf-firewall
+ else
+    rm -f $GALLOW_HOSTS
+    touch $GALLOW_HOSTS
+@@ -1378,7 +1378,7 @@ fi
+ 
+ glob_deny_download() {
+ if [ ! "$GD_URL_PROT" == "" ] && [ ! "$GD_URL" == "" ] && [ "$USE_RGT" == "1" ] && [ -f "$WGET" ]; then
+-   URL_TMP="/etc/apf/.apf-$$"
++   URL_TMP="/etc/apf-firewall/.apf-$$"
+    rm -rf $URL_TMP
+    URL_FILE=`echo $GD_URL | tr '/' '\n' | grep "." | tail -n 1`
+    GD_URL_CON="$GD_URL_PROT://$GD_URL"
+@@ -1393,7 +1393,7 @@ if [ ! "$GD_URL_PROT" == "" ] && [ ! "$G
+         eout "{trust} download of $GD_URL_PROT://$GD_URL failed"
+    fi
+    rm -rf $URL_TMP
+-   cd /etc/apf
++   cd /etc/apf-firewall
+ else
+    rm -f $GDENY_HOSTS
+    touch $GDENY_HOSTS
+@@ -1479,9 +1479,9 @@ cl_cports() {
+ 
+ refresh() {
+ 	eout "{glob} refreshing trust system rules."
+-	/sbin/iptables-save | grep -E "TDENY|TGDENY" | grep -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | awk '{print$4}' | sort -n | uniq  | sort > /etc/apf/internals/refresh.drop.temp
++	/sbin/iptables-save | grep -E "TDENY|TGDENY" | grep -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | awk '{print$4}' | sort -n | uniq  | sort > /etc/apf-firewall/internals/refresh.drop.temp
+ 	$IPT -F TMP_DROP
+-        for i in `cat /etc/apf/internals/refresh.drop.temp | grep -v "#"`; do
++        for i in `cat /etc/apf-firewall/internals/refresh.drop.temp | grep -v "#"`; do
+ 		if [ ! "$i" == "" ]; then
+         	 $IPT -A TMP_DROP -s $i -d 0/0 -j $ALL_STOP
+ 	         $IPT -A TMP_DROP -d $i -s 0/0 -j $ALL_STOP
+@@ -1507,7 +1507,7 @@ if [ ! "$SET_REFRESH" == "0" ] && [ ! "$
+ cat<<EOF > $INSTALL_PATH/internals/cron.refresh
+ MAILTO=
+ SHELL=/bin/bash
+-*/$SET_REFRESH * * * * root /etc/apf/apf --refresh >> /dev/null 2>&1 &
++*/$SET_REFRESH * * * * root /usr/sbin/apf --refresh >> /dev/null 2>&1 &
+ EOF
+ 	chmod 644 $INSTALL_PATH/internals/cron.refresh
+ 	ln -fs $INSTALL_PATH/internals/cron.refresh /etc/cron.d/refresh.apf
+--- a/files/main.rules
++++ b/files/main.rules
+@@ -5,4 +5,4 @@ eout "{glob} loading main.rules"
+ 
+ #
+ # conf.apf configurable common ports
+-. /etc/apf/internals/cports.common
++. /etc/apf-firewall/internals/cports.common
+--- a/files/vnet/main.vnet
++++ b/files/vnet/main.vnet
+@@ -19,7 +19,7 @@
+ #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ ###
+ #
+-INSTALL_PATH="/etc/apf"
++INSTALL_PATH="/etc/apf-firewall"
+ if [ "$SET_VNET" == "1" ]; then
+         eout "{glob} virtual network enabled, loading vnet rules."
+ for i in `ls $INSTALL_PATH/vnet/ | grep .rules`; do
+--- a/files/vnet/vnetgen
++++ b/files/vnet/vnetgen
+@@ -19,7 +19,7 @@
+ #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ ###
+ #
+-CNF="/etc/apf/conf.apf"
++CNF="/etc/apf-firewall/conf.apf"
+ if [ -f $CNF ]; then
+    source $CNF
+ else
+--- a/files/vnet/vnetgen.def
++++ b/files/vnet/vnetgen.def
+@@ -1,4 +1,4 @@
+-cat > /etc/apf/vnet/$addr.rules <<EOF
++cat > /etc/apf-firewall/vnet/$addr.rules <<EOF
+ eout "{glob} loading $addr.rules"
+ 
+ # $addr.rules
+--- a/README.apf
++++ b/README.apf
+@@ -84,7 +84,7 @@ These three key filtering methods employ
+ of how the firewall is constructed on a technical design level, there are a
+ great many more features in APF that can be put to use. For a detailed
+ description of all APF features you should review the configuration file
+-/etc/apf/conf.apf which has well outlined captions above all options. Below is
++/etc/apf-firewall/conf.apf which has well outlined captions above all options. Below is
+ a point form summary of most APF features for reference and review:
+ 
+ - detailed and well commented configuration file
+@@ -227,7 +227,7 @@ inside the install.sh script followed by
+ the conf.apf and internals.conf files. This is however not recommends and the 
+ default paths should meet all user needs, they are:
+ 
+-Install Path: /etc/apf
++Install Path: /etc/apf-firewall
+ Bin Path: /usr/local/sbin/apf
+ 
+ The package includes two convenience scripts, the first is importconf which will
+@@ -237,11 +237,11 @@ systems currently in use 'server' ports 
+ process in an effort to aid in configuring port settings. 
+ 
+ All previous versions of APF are saved upon the installation of newer
+-versions and stored in /etc/apf.bkDDMMYY-UTIME format. In addition, there is a 
+-/etc/apf.bk.last sym-link created to the last version of APF you had installed.
++versions and stored in /etc/apf-firewall.bkDDMMYY-UTIME format. In addition, there is a
++/etc/apf-firewall.bk.last sym-link created to the last version of APF you had installed.
+ 
+ After installation is completed the documentation and convenience scripts are
+-copied to /etc/apf/docs and /etc/apf/extras respective.
++copied to /etc/apf-firewall/docs and /etc/apf-firewall/extras respective.
+ 
+ 2.1) Installation: Boot Loading
+ On installation APF will install an init script to /etc/init.d/apf
+@@ -260,7 +260,7 @@ chkconfig --level 345 apf on
+ Secondly, you can add the following string too the bottom of the
+ /etc/rc.local file:
+ 
+-sh -c "/etc/apf/apf -s" &
++sh -c "/etc/apf-firewall/apf -s" &
+ 
+ It is NOT recommended that you use both of these startup methods together,
+ for most systems the init script via chkconfig should be fine.
+@@ -282,7 +282,7 @@ real advanced options APF has to offer a
+ outbound (egress) port filtering, reactive address blocking (rab) and the
+ virtual network subsystem to name a few.
+  
+-The main APF configuration file is located at /etc/apf/conf.apf and has 
++The main APF configuration file is located at /etc/apf-firewall/conf.apf and has
+ detailed usage information above all configuration variables. The file uses
+ integer based values for setting configuration options and they are
+ 0 = disabled
+@@ -662,8 +662,8 @@ trust levels then have a look at the ext
+ following section 4.2 then the advanced trust syntax in 4.3.
+ 
+ The two basic trust level files are located at:
+-/etc/apf/allow_hosts.rules
+-/etc/apf/deny_hosts.rules
++/etc/apf-firewall/allow_hosts.rules
++/etc/apf-firewall/deny_hosts.rules
+ 
+ These files by nature are static, meaning that once you add an entry to them,
+ they will remain in the files till you remove them yourself. The trust files
--- apf-firewall-9.7+rev1.orig/debian/patches/02_make_interpreter.patch
+++ apf-firewall-9.7+rev1/debian/patches/02_make_interpreter.patch
@@ -0,0 +1,23 @@
+Author: Giuseppe Iuculano <giuseppe@iuculano.it>
+Description: Add #!/bin/sh interpreter
+--- a/.ca.def
++++ b/.ca.def
+@@ -1,3 +1,4 @@
++#!/bin/sh
+ cat > .conf.apf <<EOF
+ #!/bin/sh
+ #
+--- a/files/vnet/vnetgen
++++ b/files/vnet/vnetgen
+@@ -1,3 +1,4 @@
++#! /bin/bash
+ #
+ # APF 9.7 [apf@r-fx.org]
+ ###
+--- a/files/vnet/vnetgen.def
++++ b/files/vnet/vnetgen.def
+@@ -1,3 +1,4 @@
++#! /bin/sh
+ cat > /etc/apf-firewall/vnet/$addr.rules <<EOF
+ eout "{glob} loading $addr.rules"
+ 
--- apf-firewall-9.7+rev1.orig/debian/patches/rab.patch
+++ apf-firewall-9.7+rev1/debian/patches/rab.patch
@@ -0,0 +1,11 @@
+--- a/files/internals/functions.apf
++++ b/files/internals/functions.apf
+@@ -152,7 +152,7 @@ fi
+ }
+ 
+ check_rab() {
+-if [ "$RAB" == "1" ] && [ ! -f "/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ipt_recent.$MEXT" ]; then
++if [ "$RAB" == "1" ] && [ `grep -c "recent" /proc/net/ip_tables_matches` == "0" ]; then
+ 	RAB="0"
+ 	eout "{rab} force set RAB disabled, kernel module ipt_recent not found."
+ fi
--- apf-firewall-9.7+rev1.orig/debian/patches/reserved.patch
+++ apf-firewall-9.7+rev1/debian/patches/reserved.patch
@@ -0,0 +1,78 @@
+--- a/files/internals/reserved.networks
++++ b/files/internals/reserved.networks
+@@ -1,65 +1,13 @@
+ # Unassigned/reserved address space
+ # refer to: http://www.iana.org/assignments/ipv4-address-space
+ #
+-1.0.0.0/8
+-2.0.0.0/8
+-5.0.0.0/8
+-23.0.0.0/8
+-27.0.0.0/8
+-31.0.0.0/8
+-36.0.0.0/8
+-37.0.0.0/8
+-39.0.0.0/8
+-42.0.0.0/8
+-46.0.0.0/8
+-94.0.0.0/8
+-95.0.0.0/8
+-100.0.0.0/8
+-101.0.0.0/8
+-102.0.0.0/8
+-103.0.0.0/8
+-104.0.0.0/8
+-105.0.0.0/8
+-106.0.0.0/8
+-107.0.0.0/8
+-108.0.0.0/8
+-109.0.0.0/8
+-110.0.0.0/8
+-111.0.0.0/8
+-112.0.0.0/8
+-113.0.0.0/8
+-114.0.0.0/8
+-115.0.0.0/8
+-173.0.0.0/8
+-174.0.0.0/8
+-175.0.0.0/8
+-176.0.0.0/8
+-177.0.0.0/8
+-178.0.0.0/8
+-179.0.0.0/8
+-180.0.0.0/8
+-181.0.0.0/8
+-182.0.0.0/8
+-183.0.0.0/8
+-184.0.0.0/8
+-185.0.0.0/8
+-186.0.0.0/8
+-187.0.0.0/8
+-197.0.0.0/8
+-223.0.0.0/8
+-240.0.0.0/8
+-241.0.0.0/8
+-242.0.0.0/8
+-243.0.0.0/8
+-244.0.0.0/8
+-245.0.0.0/8
+-246.0.0.0/8
+-247.0.0.0/8
+-248.0.0.0/8
+-249.0.0.0/8
+-250.0.0.0/8
+-251.0.0.0/8
+-252.0.0.0/8
+-253.0.0.0/8
+-254.0.0.0/8
+-255.0.0.0/8
++0.0.0.0/8
++127.0.0.0/8
++169.254.0.0/16
++192.0.0.0/24
++192.0.2.0/24
++198.18.0.0/15
++198.51.100.0/24
++203.0.113.0/24
++224.0.0.0/4
++240.0.0.0/4
--- apf-firewall-9.7+rev1.orig/debian/patches/series
+++ apf-firewall-9.7+rev1/debian/patches/series
@@ -0,0 +1,5 @@
+01_fix_path.patch
+02_make_interpreter.patch
+reserved.patch
+rab.patch
+support-kernel-3-and-later.patch
--- apf-firewall-9.7+rev1.orig/debian/patches/support-kernel-3-and-later.patch
+++ apf-firewall-9.7+rev1/debian/patches/support-kernel-3-and-later.patch
@@ -0,0 +1,18 @@
+Subject: Make work with kernel 3.x and newer
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Bug-Debian: https://bugs.debian.org/701674
+
+--- a/files/internals/functions.apf
++++ b/files/internals/functions.apf
+@@ -65,9 +65,10 @@
+ ml() {
+ MOD=$1
+ VALMOD=$2
++KREL_MAJOR="${KREL%%.*}"
+ if [ "$KREL" == "2.4" ]; then
+ 	MEXT="o"
+-elif [ "$KREL" == "2.6" ]; then
++elif [ "$KREL" == "2.6" ] || [ "$KREL_MAJOR" -ge 3 ]; then
+ 	MEXT="ko"
+ elif [ ! "$KREL" == "2.4" ] && [ ! "$KREL" == "2.6" ]; then
+ 	if [ ! "$SET_VERBOSE" == "1" ]; then
--- apf-firewall-9.7+rev1.orig/debian/postrm
+++ apf-firewall-9.7+rev1/debian/postrm
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    purge)
+
+        rm -rf /etc/apf-firewall/
+	rm -f /var/log/apf_log
+	rm -f /etc/cron.d/refresh.apf
+        ;;
+    remove)
+
+    	rm -f /var/log/apf_log
+	rm -f /etc/cron.d/refresh.apf
+	;;
+    upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+
+        ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+
+esac
+
+
+#DEBHELPER#
+
--- apf-firewall-9.7+rev1.orig/debian/rules
+++ apf-firewall-9.7+rev1/debian/rules
@@ -0,0 +1,53 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+
+
+include /usr/share/quilt/quilt.make
+
+build: build-stamp
+
+build-stamp: $(QUILT_STAMPFN)
+	dh_testdir
+	touch $@
+
+clean: unpatch
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp
+	dh_clean 
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_prep 
+	dh_installdirs
+
+
+# Build architecture-independent files here.
+binary-indep: build install
+	dh_testdir
+	dh_testroot
+	dh_installchangelogs CHANGELOG
+	dh_installdocs
+	dh_installexamples
+	dh_install -Xfiles/extras -Xfiles/doc
+	chmod 750 debian/apf-firewall/etc/apf-firewall/internals/functions.apf debian/apf-firewall/etc/apf-firewall/conf.apf
+	rm -f debian/apf-firewall/etc/apf-firewall/apf
+	dh_installlogrotate
+	dh_installinit
+	dh_installcron
+	dh_installman debian/apf.1
+	dh_link
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep
+.PHONY: build clean binary-indep binary install
--- apf-firewall-9.7+rev1.orig/debian/watch
+++ apf-firewall-9.7+rev1/debian/watch
@@ -0,0 +1,3 @@
+# apf-firewall upstream uses a distribution mechanism that cannot be meaningfully monitored by
+# uscan and the Debian External Health Status project.
+# Latest version is always: http://www.r-fx.ca/downloads/apf-current.tar.gz