Core 76: Don't extract firewall config files.
authorStefan Schantl <stefan.schantl@ipfire.org>
Sat, 18 Jan 2014 22:36:41 +0000 (23:36 +0100)
committerStefan Schantl <stefan.schantl@ipfire.org>
Thu, 23 Jan 2014 16:56:23 +0000 (17:56 +0100)
While updating the configfiles of the firewall has been extracted and replaced,
the existing one's if the new firewall was allready installed. As a result of
this behaviour all firewall rules, settings or created groups were lost. We now
try to create them by using touch if they do not exist.

config/rootfiles/core/76/filelists/firewall
config/rootfiles/core/76/update.sh

index 3edde8e..0d6a2ee 100644 (file)
@@ -9,19 +9,19 @@ usr/sbin/convert-outgoingfw
 usr/sbin/convert-portfw
 usr/sbin/convert-xtaccess
 usr/sbin/firewall-policy
 usr/sbin/convert-portfw
 usr/sbin/convert-xtaccess
 usr/sbin/firewall-policy
-var/ipfire/firewall
+#var/ipfire/firewall
 var/ipfire/firewall/bin/firewall-lib.pl
 var/ipfire/firewall/bin/rules.pl
 var/ipfire/firewall/bin/firewall-lib.pl
 var/ipfire/firewall/bin/rules.pl
-var/ipfire/firewall/config
-var/ipfire/firewall/input
-var/ipfire/firewall/outgoing
-var/ipfire/firewall/p2protocols
-var/ipfire/firewall/settings
-var/ipfire/fwhosts
-var/ipfire/fwhosts/customhosts
-var/ipfire/fwhosts/customnetworks
-var/ipfire/fwhosts/customgroups
-var/ipfire/fwhosts/customservices
-var/ipfire/fwhosts/customservicegrp
+#var/ipfire/firewall/config
+#var/ipfire/firewall/input
+#var/ipfire/firewall/outgoing
+#var/ipfire/firewall/p2protocols
+#var/ipfire/firewall/settings
+#var/ipfire/fwhosts
+#var/ipfire/fwhosts/customhosts
+#var/ipfire/fwhosts/customnetworks
+#var/ipfire/fwhosts/customgroups
+#var/ipfire/fwhosts/customservices
+#var/ipfire/fwhosts/customservicegrp
 var/ipfire/fwhosts/icmp-types
 var/ipfire/menu.d/50-firewall.menu
 var/ipfire/fwhosts/icmp-types
 var/ipfire/menu.d/50-firewall.menu
index cf0d2f9..0eca9e6 100644 (file)
@@ -192,6 +192,10 @@ fi
 
 ln -svf ../run /var/run
 
 
 ln -svf ../run /var/run
 
+# Creating directories for new firewall.
+mkdir -p /var/ipfire/firewall
+mkdir -p /var/ipfire/fwhosts
+
 #
 #Extract files
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
 #
 #Extract files
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
@@ -253,6 +257,22 @@ rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
 /sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
 /sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
 
 /sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
 /sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
 
+# Create config files for firewall and fix permissions.
+touch /var/ipfire/firewall/config
+touch /var/ipfire/firewall/input
+touch /var/ipfire/firewall/outgoing
+touch /var/ipfire/firewall/p2protocols
+touch /var/ipfire/firewall/settings
+touch /var/ipfire/fwhosts/customhosts
+touch /var/ipfire/fwhosts/customnetworks
+touch /var/ipfire/fwhosts/customgroups
+touch /var/ipfire/fwhosts/customservices
+touch /var/ipfire/fwhosts/customservicegrp
+
+# Fix ownership.
+chown -R nobody:nobody /var/ipfire/firewall
+chown -R nobody:nobody /var/ipfire/fwhosts
+
 # Convert firewall configuration
 /usr/sbin/convert-xtaccess
 /usr/sbin/convert-outgoingfw
 # Convert firewall configuration
 /usr/sbin/convert-xtaccess
 /usr/sbin/convert-outgoingfw