Hi Nick,
On 25/03/2024 16:49, Nick Howitt wrote:
I don't have the answer to why it is adding the lines, but can I ask if this scriptlet is safe?
If you have one line and not the other in the file you will end up with three lines, the original plus two new. Also, if someone has preffed the lines off, they will gain two lines preffed on.
Good point. If the lines are present with =on or =off then the options have been saved and the update code would not be needed.
Perhaps it is safer to run the tests independently, just checking for ^LOGDROPHOSTILEIN= and ^LOGDROPHOSTILEOUT=
if ! grep "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings; then sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings /usr/local/bin/firewallctrl fi if ! grep "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings; then sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings /usr/local/bin/firewallctrl fi
I will look at making that update. The only problem is I can't easily test that it solves the problem I have found from the update as the original script does not cause the same result when I manually run it.
However, definitely want to change the script anyway to make sure that I don't end up with both =on and =off fore the same setting which might occur if someone has already adjusted their preferences.
I will probably have to submit a patch for the modification and then test it in the CU185 Testing release when it is updated.
Regards, Adolf.
It does, however, cost another firewall restart, which could be evaded with a few more lines of script.
Regards,
Nick
On 25/03/2024 15:02, Adolf Belka wrote:
Hi All,
I am having difficulty understanding something that is happening with the Core Update to 185.
I added the following code into the update.sh script
# Check if the drop hostile in and out logging options need to be added # into the optionsfw settings file and apply to firewall if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \ ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; then sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings /usr/local/bin/firewallctrl fi
If I do an update with a Core Update 183 version that has the LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries in optionsfw/settings missing then the update adds in the two lines shown. So working correctly.
However if the Core Update 183 has the two entries already in the optionsfw/settings file then the above code ends up with two more copies of each put into the file as following.
FWPOLICY=DROP SHOWTABLES=on DROPPROXY=off LOGDROPHOSTILEIN=on LOGDROPHOSTILEOUT=on LOGDROPHOSTILEIN=on LOGDROPHOSTILEOUT=on
However if I take a vm with optionsfw/settings containing the two entries already and run the update code shown above manually via a script on the vm then it does not add any extra lines in. If the vm has the two entries missing and I run the script manually then it adds in one entry for each.
So I do not understand at all why the code I put into the update.sh file
- Does not recognise that the entries already exist in the settings
file. 2) Then prints the entries twice.
when it is run in the update.sh via an upgrade.
Any help with understanding what is going wrong with the code I wrote would be very much appreciated.
Regards, Adolf.
On 25/03/2024 10:15, IPFire Project wrote:
This update is another testing version for IPFire: It comes with the brand release of the IPFire IPS, a number of bug fixes across the entire system and a good amount of package updates. Test it while it's still hot!
IPFire_
IPFire 2.29 - Core Update 185 is available for testing
This update is another testing version for IPFire: It comes with the brand release of the IPFire IPS, a number of bug fixes across the entire system and a good amount of package updates. Test it while it's still hot!
Read The Full Post On Our Blog https://www.ipfire.org/blog/ipfire-2-29-core-update-185-is-available-for-testing?utm_medium=email&utm_source=blog-announcement
The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstraße 8, 45711 Datteln, Germany
Unsubscribe https://www.ipfire.org/unsubscribe