From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: IPFire 2.29 - Core Update 185 is available for testing Date: Mon, 25 Mar 2024 17:29:11 +0100 Message-ID: <01a9d3fb-91da-44a0-a322-b5be135ab797@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6517506979944203636==" List-Id: --===============6517506979944203636== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Nick, On 25/03/2024 16:49, Nick Howitt wrote: > I don't have the answer to why it is adding the lines, but can I ask=20 > if this scriptlet is safe? > > If you have one line and not the other in the file you will end up=20 > with three lines, the original plus two new. Also, if someone has=20 > preffed the lines off, they will gain two lines preffed on. > Good point. If the lines are present with =3Don or =3Doff then the options=20 have been saved and the update code would not be needed. > Perhaps it is safer to run the tests independently, just checking for=20 > ^LOGDROPHOSTILEIN=3D and ^LOGDROPHOSTILEOUT=3D > > if ! grep "^LOGDROPHOSTILEIN=3D" /var/ipfire/optionsfw/settings; then > =C2=A0=C2=A0=C2=A0 sed -i '$ a\LOGDROPHOSTILEIN=3Don' /var/ipfire/optionsfw= /settings > =C2=A0=C2=A0=C2=A0 /usr/local/bin/firewallctrl > fi > if ! grep "^LOGDROPHOSTILEOUT=3D" /var/ipfire/optionsfw/settings; then > =C2=A0=C2=A0=C2=A0 sed -i '$ a\LOGDROPHOSTILEOUT=3Don' /var/ipfire/optionsf= w/settings > =C2=A0=C2=A0=C2=A0 /usr/local/bin/firewallctrl > fi > I will look at making that update. The only problem is I can't easily test that it solves the problem I=20 have found from the update as the original script does not cause the=20 same result when I manually run it. However, definitely want to change the script anyway to make sure that I=20 don't end up with both =3Don and =3Doff fore the same setting which might=20 occur if someone has already adjusted their preferences. I will probably have to submit a patch for the modification and then=20 test it in the CU185 Testing release when it is updated. Regards, Adolf. > It does, however, cost another firewall restart, which could be evaded=20 > with a few more lines of script. > > Regards, > > Nick > > On 25/03/2024 15:02, Adolf Belka wrote: >> >> Hi All, >> >> I am having difficulty understanding something that is happening with=20 >> the Core Update to 185. >> >> I added the following code into the update.sh script >> >> # Check if the drop hostile in and out logging options need to be added >> # into the optionsfw settings file and apply to firewall >> if ! [ $(grep "LOGDROPHOSTILEIN=3Don" /var/ipfire/optionsfw/settings) ]=20 >> && \ >> =C2=A0=C2=A0=C2=A0 ! [ $(grep "LOGDROPHOSTILEOUT=3Don" /var/ipfire/options= fw/settings)=20 >> ]; then >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sed -i '$ a\LOGDROPHOSTIL= EIN=3Don' /var/ipfire/optionsfw/settings >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sed -i '$ a\LOGDROPHOSTIL= EOUT=3Don'=20 >> /var/ipfire/optionsfw/settings >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 /usr/local/bin/firewallct= rl >> fi >> >> If I do an update with a Core Update 183 version that has the=20 >> LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries in optionsfw/settings=20 >> missing then the update adds in the two lines shown. So working=20 >> correctly. >> >> However if the Core Update 183 has the two entries already in the=20 >> optionsfw/settings file then the above code ends up with two more=20 >> copies of each put into the file as following. >> >> FWPOLICY=3DDROP >> SHOWTABLES=3Don >> DROPPROXY=3Doff >> LOGDROPHOSTILEIN=3Don >> LOGDROPHOSTILEOUT=3Don >> LOGDROPHOSTILEIN=3Don >> LOGDROPHOSTILEOUT=3Don >> >> However if I take a vm with optionsfw/settings containing the two=20 >> entries already and run the update code shown above manually via a=20 >> script on the vm then it does not add any extra lines in. If the vm=20 >> has the two entries missing and I run the script manually then it=20 >> adds in one entry for each. >> >> So I do not understand at all why the code I put into the update.sh file >> >> 1) Does not recognise that the entries already exist in the settings=20 >> file. >> 2) Then prints the entries twice. >> >> when it is run in the update.sh via an upgrade. >> >> Any help with understanding what is going wrong with the code I wrote=20 >> would be very much appreciated. >> >> Regards, >> Adolf. >> >> On 25/03/2024 10:15, IPFire Project wrote: >>> This update is another testing version for IPFire: It comes with the=20 >>> brand release of the IPFire IPS, a number of bug fixes across the=20 >>> entire system and a good amount of package updates. Test it while=20 >>> it's still hot! >>> =E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2= =A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2= =A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2= =A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C >>> >>> >>> =C2=A0 IPFire_ >>> >>> >>> =C2=A0 IPFire 2.29 - Core Update 185 is available for testing >>> >>> This update is another testing version for IPFire: It comes with the=20 >>> brand release of the IPFire IPS, a number of bug fixes across the=20 >>> entire system and a good amount of package updates. Test it while=20 >>> it's still hot! >>> >>> Read The Full Post On Our Blog=20 >>> >>> >>> The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstra=C3=9Fe 8,=20 >>> 45711 Datteln, Germany >>> >>> Unsubscribe >>> --=20 Sent from my laptop --===============6517506979944203636==--