strongswan creates rules in iptables which are being dropped when the firewall is being restarted.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/scripts/convert-to-location | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/src/scripts/convert-to-location b/src/scripts/convert-to-location index 9149b854d..428a91d34 100755 --- a/src/scripts/convert-to-location +++ b/src/scripts/convert-to-location @@ -47,6 +47,11 @@ if [ -f "$FW_CONF_DIR/geoipblock" ]; then
# Regenerate firewall chains. /etc/init.d/firewall restart + + # Restart IPsec for dropped iptables rules + if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + /etc/init.d/ipsec restart + fi fi
# Finished.
This process takes a long time and stalls the update process.
Since the cronjob is being called once an hour, all systems will very quickly pull a recent database which will then be extracted in the background not disrupting the Core Update process.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/rootfiles/core/148/update.sh | 1 - 1 file changed, 1 deletion(-)
diff --git a/config/rootfiles/core/148/update.sh b/config/rootfiles/core/148/update.sh index c77e72276..d4bcc45bc 100644 --- a/config/rootfiles/core/148/update.sh +++ b/config/rootfiles/core/148/update.sh @@ -52,7 +52,6 @@ ldconfig
# update location database /usr/local/bin/convert-to-location -/usr/local/bin/update-location-database
# Update Language cache /usr/local/bin/update-lang-cache