From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] CU184-update.sh: Add drop hostile in & out logging entries Date: Sat, 16 Mar 2024 10:32:54 +0100 Message-ID: <20240316093254.8643-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2992306108314512420==" List-Id: --===============2992306108314512420== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - My drop hostile patch set updated the WUI entries to include in and out log= ging options but the values need to be added to the optionsfw entries for existing syst= ems being upgraded. - After the existing CU184 update the LOGDROPHOSTILEIN and LOGDROPHO)STILEOUT= entries are not in the settings file which trewats them as being set to off, even = though they are enabled in the WUI update. - This patch adds the LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries into the= settings file and then runs the firewallctrl command to apply to the firewall. - Ran a CU184 update on a CU183 vm system and then ran the comands added into= the update.sh script and then did a reboot. Entries include and DROP_HOSTILE entries sta= rt to be logged again. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/core/184/update.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/= update.sh index aa593047d..1a0e67c66 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -80,6 +80,12 @@ xz --check=3Dcrc32 --lzma2=3Ddict=3D512KiB /lib/modules/6.= 6.15-ipfire/extra/wlan/8812a # Apply local configuration to sshd_config /usr/local/bin/sshctrl =20 +# Add the drop hostile in and out logging options +# into the optionsfw settings file and apply to firewall +sed -i '$ a\LOGDROPHOSTILEIN=3Don' /var/ipfire/optionsfw/settings +sed -i '$ a\LOGDROPHOSTILEOUT=3Don' /var/ipfire/optionsfw/settings +/usr/local/bin/firewallctrl + # Start services telinit u /etc/init.d/vnstat start --=20 2.44.0 --===============2992306108314512420==--