]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blobdiff - config/rootfiles/core/76/update.sh
projects / people / teissler / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add missing default values for firewall options of the new firewall.
[people/teissler/ipfire-2.x.git] / config / rootfiles / core / 76 / update.sh
diff --git a/config/rootfiles/core/76/update.sh b/config/rootfiles/core/76/update.sh
index 2046a5970d1dbf8e4ffb51f3760c9eafed287d59..1b64a7e52c3664d84eba59bc8c5902a911ce0aad 100644 (file)
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -282,6 +282,59 @@ chown -R nobody:nobody /var/ipfire/fwhosts
 # Remove old firewall configuration files
 rm -rf /var/ipfire/{dmzholes,portfw,outgoing,xtaccess}
 
+# In previously released IPFire versions the DROPOUTPUT and DROPINPUT
+# option have two identical lines in the optionsfw/settings file as long as
+# the user hasn't done any changes on the WUI.
+#
+# To prevent from any kind of side effects we are going to solve this issue now.
+
+# Fix doubble enties of DROPOUTPUT when the default settings are still in use
+# (the save button on the WUI page never has been clicked) or convert to the
+# new option name required by the firewall of IPFire 2.15.
+
+optionsfw_file="/var/ipfire/optionsfw/settings"
+
+if [ $(grep -c "DROPOUTPUT" ${optionsfw_file}) -gt 1 ] ; then
+
+        # Drop all DROPUTPUT entries.
+        sed -e "/DROPOUTPUT/d" -i ${optionsfw_file}
+
+        # Add default line for new option.
+        echo "DROPOUTGOING=on" >> ${optionsfw_file}
+else
+
+        # Convert option name to new format.
+        sed -e "s/DROPOUTPUT/DROPOUTGOING/g" -i ${optionsfw_file}
+fi
+
+# Fix doubble enties of DROPINPUT when the default settings are still in use
+# (the save button on the WUI page never has been clicked).
+if [ $(grep -c "DROPINPUT" ${optionsfw_file}) -gt 1 ] ; then
+
+        # We only can remove all entries with an defined string.
+        sed -e "/DROPINPUT/d" -i ${optionsfw_file}
+
+        # Afterwards we have to add the required string with the default
+        # value again.
+        echo "DROPINPUT=on" >> ${optionsfw_file}
+fi
+
+# Add strings and default values for new options of the firewall.
+echo "DROPFORWARD=on" >> ${optionsfw_file}
+echo "FWPOLICY=DROP" >> ${optionsfw_file}
+echo "FWPOLICY1=DROP" >> ${optionsfw_file}
+echo "FWPOLICY2=DROP" >> ${optionsfw_file}
+echo "DROPSAMBA=off" >> ${optionsfw_file}
+echo "DROPPROXY=off" >> ${optionsfw_file}
+echo "SHOWREMARK=on" >> ${optionsfw_file}
+echo "SHOWCOLORS=on" >> ${optionsfw_file}
+echo "SHOWTABLES=off" >> ${optionsfw_file}
+echo "SHOWDROPDOWN=off" >> ${optionsfw_file}
+echo "DROPWIRELESSINPUT=on" >> ${optionsfw_file}
+echo "DROPWIRELESSFORWARD=on" >> ${optionsfw_file}
+
+unset optionsfw_file
+
 # Convert inittab and fstab
 sed -i -e "s/tty1 9600$/tty1 9600 --noclear/g" /etc/inittab
 sed -i -e "s/xvc0 9600$/xvc0 9600 --noclear/g" /etc/inittab
Timo's tree of IPFire 2.x