From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] CU184-update.sh: Add drop hostile in & out logging entries Date: Mon, 18 Mar 2024 10:15:33 +0000 Message-ID: In-Reply-To: <20240316093254.8643-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5842258796477085659==" List-Id: --===============5842258796477085659== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hallo Adolf, Okay. I have merged this and as soon as the build is done I will push the new= update out. What are we doing with the people who have already installed the update? -Michael > On 16 Mar 2024, at 09:32, Adolf Belka wrote: >=20 > - My drop hostile patch set updated the WUI entries to include in and out l= ogging options > but the values need to be added to the optionsfw entries for existing sys= tems being > upgraded. > - After the existing CU184 update the LOGDROPHOSTILEIN and LOGDROPHO)STILEO= UT entries > are not in the settings file which trewats them as being set to off, even= though they > are enabled in the WUI update. > - This patch adds the LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries into t= he settings > file and then runs the firewallctrl command to apply to the firewall. > - Ran a CU184 update on a CU183 vm system and then ran the comands added in= to the update.sh > script and then did a reboot. Entries include and DROP_HOSTILE entries st= art to be > logged again. >=20 > Tested-by: Adolf Belka > Signed-off-by: Adolf Belka > --- > config/rootfiles/core/184/update.sh | 6 ++++++ > 1 file changed, 6 insertions(+) >=20 > diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/18= 4/update.sh > index aa593047d..1a0e67c66 100644 > --- a/config/rootfiles/core/184/update.sh > +++ b/config/rootfiles/core/184/update.sh > @@ -80,6 +80,12 @@ xz --check=3Dcrc32 --lzma2=3Ddict=3D512KiB /lib/modules/= 6.6.15-ipfire/extra/wlan/8812a > # Apply local configuration to sshd_config > /usr/local/bin/sshctrl >=20 > +# Add the drop hostile in and out logging options > +# into the optionsfw settings file and apply to firewall > +sed -i '$ a\LOGDROPHOSTILEIN=3Don' /var/ipfire/optionsfw/settings > +sed -i '$ a\LOGDROPHOSTILEOUT=3Don' /var/ipfire/optionsfw/settings > +/usr/local/bin/firewallctrl > + > # Start services > telinit u > /etc/init.d/vnstat start > --=20 > 2.44.0 >=20 --===============5842258796477085659==--