Re: IPFire 2.29 - Core Update 185 is available for testing

[Adolf Belka <adolf.belka@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2824 bytes --]

Hi All,

I am having difficulty understanding something that is happening with the Core Update to 185.

I added the following code into the update.sh script

# Check if the drop hostile in and out logging options need to be added
# into the optionsfw settings file and apply to firewall
if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \
    ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; then
         sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
         sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
         /usr/local/bin/firewallctrl
fi

If I do an update with a Core Update 183 version that has the LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries in optionsfw/settings missing then the update adds in the two lines shown. So working correctly.

However if the Core Update 183 has the two entries already in the optionsfw/settings file then the above code ends up with two more copies of each put into the file as following.

FWPOLICY=DROP
SHOWTABLES=on
DROPPROXY=off
LOGDROPHOSTILEIN=on
LOGDROPHOSTILEOUT=on
LOGDROPHOSTILEIN=on
LOGDROPHOSTILEOUT=on

However if I take a vm with optionsfw/settings containing the two entries already and run the update code shown above manually via a script on the vm then it does not add any extra lines in. If the vm has the two entries missing and I run the script manually then it adds in one entry for each.

So I do not understand at all why the code I put into the update.sh file

1) Does not recognise that the entries already exist in the settings file.
2) Then prints the entries twice.

when it is run in the update.sh via an upgrade.

Any help with understanding what is going wrong with the code I wrote would be very much appreciated.

Regards,
Adolf.

On 25/03/2024 10:15, IPFire Project wrote:
> This update is another testing version for IPFire: It comes with the brand release of the IPFire IPS, a number of bug fixes across the entire system and a good amount of package updates. Test it while it's still hot!
> ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
> 
> 
>   IPFire_
> 
> 
>   IPFire 2.29 - Core Update 185 is available for testing
> 
> This update is another testing version for IPFire: It comes with the brand release of the IPFire IPS, a number of bug fixes across the entire system and a good amount of package updates. Test it while it's still hot!
> 
> Read The Full Post On Our Blog <https://www.ipfire.org/blog/ipfire-2-29-core-update-185-is-available-for-testing?utm_medium=email&utm_source=blog-announcement>
> 
> The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstraße 8, 45711 Datteln, Germany
> 
> Unsubscribe <https://www.ipfire.org/unsubscribe>
>