X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=config%2Frootfiles%2Fcore%2F76%2Fupdate.sh;fp=config%2Frootfiles%2Fcore%2F76%2Fupdate.sh;h=1b64a7e52c3664d84eba59bc8c5902a911ce0aad;hp=2046a5970d1dbf8e4ffb51f3760c9eafed287d59;hb=37013b3a47523e8fa3317e1ef20340c27a15f451;hpb=0a79ec45053014034d3ec947d625463ebdf956db

diff --git a/config/rootfiles/core/76/update.sh b/config/rootfiles/core/76/update.sh
index 2046a5970..1b64a7e52 100644
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -282,6 +282,59 @@ chown -R nobody:nobody /var/ipfire/fwhosts
 # Remove old firewall configuration files
 rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
 
+# In previously released IPFire versions the DROPOUTPUT and DROPINPUT
+# option have two identical lines in the optionsfw/settings file as long as
+# the user hasn't done any changes on the WUI.
+#
+# To prevent from any kind of side effects we are going to solve this issue now.
+
+# Fix doubble enties of DROPOUTPUT when the default settings are still in use
+# (the save button on the WUI page never has been clicked) or convert to the
+# new option name required by the firewall of IPFire 2.15.
+
+optionsfw_file="/var/ipfire/optionsfw/settings"
+
+if [ $(grep -c "DROPOUTPUT" ${optionsfw_file}) -gt 1 ] ; then
+
+        # Drop all DROPUTPUT entries.
+        sed -e "/DROPOUTPUT/d" -i ${optionsfw_file}
+
+        # Add default line for new option.
+        echo "DROPOUTGOING=on" >> ${optionsfw_file}
+else
+
+        # Convert option name to new format.
+        sed -e "s/DROPOUTPUT/DROPOUTGOING/g" -i ${optionsfw_file}
+fi
+
+# Fix doubble enties of DROPINPUT when the default settings are still in use
+# (the save button on the WUI page never has been clicked).
+if [ $(grep -c "DROPINPUT" ${optionsfw_file}) -gt 1 ] ; then
+
+        # We only can remove all entries with an defined string.
+        sed -e "/DROPINPUT/d" -i ${optionsfw_file}
+
+        # Afterwards we have to add the required string with the default
+        # value again.
+        echo "DROPINPUT=on" >> ${optionsfw_file}
+fi
+
+# Add strings and default values for new options of the firewall.
+echo "DROPFORWARD=on" >> ${optionsfw_file}
+echo "FWPOLICY=DROP" >> ${optionsfw_file}
+echo "FWPOLICY1=DROP" >> ${optionsfw_file}
+echo "FWPOLICY2=DROP" >> ${optionsfw_file}
+echo "DROPSAMBA=off" >> ${optionsfw_file}
+echo "DROPPROXY=off" >> ${optionsfw_file}
+echo "SHOWREMARK=on" >> ${optionsfw_file}
+echo "SHOWCOLORS=on" >> ${optionsfw_file}
+echo "SHOWTABLES=off" >> ${optionsfw_file}
+echo "SHOWDROPDOWN=off" >> ${optionsfw_file}
+echo "DROPWIRELESSINPUT=on" >> ${optionsfw_file}
+echo "DROPWIRELESSFORWARD=on" >> ${optionsfw_file}
+
+unset optionsfw_file
+
 # Convert inittab and fstab
 sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
 sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab