Re: IPFire 2.29 - Core Update 185 is available for testing

[Nick Howitt <nick@howitts.co.uk>]

[-- Attachment #1: Type: text/plain, Size: 3976 bytes --]

I don't have the answer to why it is adding the lines, but can I ask if 
this scriptlet is safe?

If you have one line and not the other in the file you will end up with 
three lines, the original plus two new. Also, if someone has preffed the 
lines off, they will gain two lines preffed on.

Perhaps it is safer to run the tests independently, just checking for 
^LOGDROPHOSTILEIN= and ^LOGDROPHOSTILEOUT=

if ! grep "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings; then
     sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
     /usr/local/bin/firewallctrl
fi
if ! grep "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings; then
     sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
     /usr/local/bin/firewallctrl
fi

It does, however, cost another firewall restart, which could be evaded 
with a few more lines of script.

Regards,

Nick

On 25/03/2024 15:02, Adolf Belka wrote:
> 
> Hi All,
> 
> I am having difficulty understanding something that is happening with 
> the Core Update to 185.
> 
> I added the following code into the update.sh script
> 
> # Check if the drop hostile in and out logging options need to be added
> # into the optionsfw settings file and apply to firewall
> if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \
>     ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; 
> then
>          sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
>          sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
>          /usr/local/bin/firewallctrl
> fi
> 
> If I do an update with a Core Update 183 version that has the 
> LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries in optionsfw/settings 
> missing then the update adds in the two lines shown. So working correctly.
> 
> However if the Core Update 183 has the two entries already in the 
> optionsfw/settings file then the above code ends up with two more copies 
> of each put into the file as following.
> 
> FWPOLICY=DROP
> SHOWTABLES=on
> DROPPROXY=off
> LOGDROPHOSTILEIN=on
> LOGDROPHOSTILEOUT=on
> LOGDROPHOSTILEIN=on
> LOGDROPHOSTILEOUT=on
> 
> However if I take a vm with optionsfw/settings containing the two 
> entries already and run the update code shown above manually via a 
> script on the vm then it does not add any extra lines in. If the vm has 
> the two entries missing and I run the script manually then it adds in 
> one entry for each.
> 
> So I do not understand at all why the code I put into the update.sh file
> 
> 1) Does not recognise that the entries already exist in the settings file.
> 2) Then prints the entries twice.
> 
> when it is run in the update.sh via an upgrade.
> 
> Any help with understanding what is going wrong with the code I wrote 
> would be very much appreciated.
> 
> Regards,
> Adolf.
> 
> On 25/03/2024 10:15, IPFire Project wrote:
>> This update is another testing version for IPFire: It comes with the 
>> brand release of the IPFire IPS, a number of bug fixes across the 
>> entire system and a good amount of package updates. Test it while it's 
>> still hot!
>> ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌
>>
>>
>>   IPFire_
>>
>>
>>   IPFire 2.29 - Core Update 185 is available for testing
>>
>> This update is another testing version for IPFire: It comes with the 
>> brand release of the IPFire IPS, a number of bug fixes across the 
>> entire system and a good amount of package updates. Test it while it's 
>> still hot!
>>
>> Read The Full Post On Our Blog 
>> <https://www.ipfire.org/blog/ipfire-2-29-core-update-185-is-available-for-testing?utm_medium=email&utm_source=blog-announcement>
>>
>> The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstraße 8, 
>> 45711 Datteln, Germany
>>
>> Unsubscribe <https://www.ipfire.org/unsubscribe>
>>