From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nick Howitt To: development@lists.ipfire.org Subject: Re: IPFire 2.29 - Core Update 185 is available for testing Date: Mon, 25 Mar 2024 15:49:53 +0000 Message-ID: In-Reply-To: <21c2dedc-1579-486e-89ea-539e5f5a85ce@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8160420744595949601==" List-Id: --===============8160420744595949601== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I don't have the answer to why it is adding the lines, but can I ask if=20 this scriptlet is safe? If you have one line and not the other in the file you will end up with=20 three lines, the original plus two new. Also, if someone has preffed the=20 lines off, they will gain two lines preffed on. Perhaps it is safer to run the tests independently, just checking for=20 ^LOGDROPHOSTILEIN=3D and ^LOGDROPHOSTILEOUT=3D if ! grep "^LOGDROPHOSTILEIN=3D" /var/ipfire/optionsfw/settings; then sed -i '$ a\LOGDROPHOSTILEIN=3Don' /var/ipfire/optionsfw/settings /usr/local/bin/firewallctrl fi if ! grep "^LOGDROPHOSTILEOUT=3D" /var/ipfire/optionsfw/settings; then sed -i '$ a\LOGDROPHOSTILEOUT=3Don' /var/ipfire/optionsfw/settings /usr/local/bin/firewallctrl fi It does, however, cost another firewall restart, which could be evaded=20 with a few more lines of script. Regards, Nick On 25/03/2024 15:02, Adolf Belka wrote: >=20 > Hi All, >=20 > I am having difficulty understanding something that is happening with=20 > the Core Update to 185. >=20 > I added the following code into the update.sh script >=20 > # Check if the drop hostile in and out logging options need to be added > # into the optionsfw settings file and apply to firewall > if ! [ $(grep "LOGDROPHOSTILEIN=3Don" /var/ipfire/optionsfw/settings) ] && \ > =C2=A0=C2=A0 ! [ $(grep "LOGDROPHOSTILEOUT=3Don" /var/ipfire/optionsfw/set= tings) ];=20 > then > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sed -i '$ a\LOGDROPHOSTILEIN=3D= on' /var/ipfire/optionsfw/settings > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sed -i '$ a\LOGDROPHOSTILEOUT= =3Don' /var/ipfire/optionsfw/settings > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 /usr/local/bin/firewallctrl > fi >=20 > If I do an update with a Core Update 183 version that has the=20 > LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries in optionsfw/settings=20 > missing then the update adds in the two lines shown. So working correctly. >=20 > However if the Core Update 183 has the two entries already in the=20 > optionsfw/settings file then the above code ends up with two more copies=20 > of each put into the file as following. >=20 > FWPOLICY=3DDROP > SHOWTABLES=3Don > DROPPROXY=3Doff > LOGDROPHOSTILEIN=3Don > LOGDROPHOSTILEOUT=3Don > LOGDROPHOSTILEIN=3Don > LOGDROPHOSTILEOUT=3Don >=20 > However if I take a vm with optionsfw/settings containing the two=20 > entries already and run the update code shown above manually via a=20 > script on the vm then it does not add any extra lines in. If the vm has=20 > the two entries missing and I run the script manually then it adds in=20 > one entry for each. >=20 > So I do not understand at all why the code I put into the update.sh file >=20 > 1) Does not recognise that the entries already exist in the settings file. > 2) Then prints the entries twice. >=20 > when it is run in the update.sh via an upgrade. >=20 > Any help with understanding what is going wrong with the code I wrote=20 > would be very much appreciated. >=20 > Regards, > Adolf. >=20 > On 25/03/2024 10:15, IPFire Project wrote: >> This update is another testing version for IPFire: It comes with the=20 >> brand release of the IPFire IPS, a number of bug fixes across the=20 >> entire system and a good amount of package updates. Test it while it's=20 >> still hot! >> =E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2= =A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2= =A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C=C2= =A0=E2=80=8C=C2=A0=E2=80=8C=C2=A0=E2=80=8C >> >> >> =C2=A0 IPFire_ >> >> >> =C2=A0 IPFire 2.29 - Core Update 185 is available for testing >> >> This update is another testing version for IPFire: It comes with the=20 >> brand release of the IPFire IPS, a number of bug fixes across the=20 >> entire system and a good amount of package updates. Test it while it's=20 >> still hot! >> >> Read The Full Post On Our Blog=20 >> >> >> The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstra=C3=9Fe 8,=20 >> 45711 Datteln, Germany >> >> Unsubscribe >> --===============8160420744595949601==--