From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 18 Jan 2014 22:36:41 +0000 (+0100)
Subject: Core 76: Don't extract firewall config files.
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=5bdefccbbc18f604b39305a84d238d13988b9a78;ds=sidebyside

Core 76: Don't extract firewall config files.

While updating the configfiles of the firewall has been extracted and replaced,
the existing one's if the new firewall was allready installed. As a result of
this behaviour all firewall rules, settings or created groups were lost. We now
try to create them by using touch if they do not exist.
---

diff --git a/config/rootfiles/core/76/filelists/firewall b/config/rootfiles/core/76/filelists/firewall
index 3edde8eb3..0d6a2ee7d 100644
--- a/config/rootfiles/core/76/filelists/firewall
+++ b/config/rootfiles/core/76/filelists/firewall
@@ -9,19 +9,19 @@ usr/sbin/convert-outgoingfw
 usr/sbin/convert-portfw
 usr/sbin/convert-xtaccess
 usr/sbin/firewall-policy
-var/ipfire/firewall
+#var/ipfire/firewall
 var/ipfire/firewall/bin/firewall-lib.pl
 var/ipfire/firewall/bin/rules.pl
-var/ipfire/firewall/config
-var/ipfire/firewall/input
-var/ipfire/firewall/outgoing
-var/ipfire/firewall/p2protocols
-var/ipfire/firewall/settings
-var/ipfire/fwhosts
-var/ipfire/fwhosts/customhosts
-var/ipfire/fwhosts/customnetworks
-var/ipfire/fwhosts/customgroups
-var/ipfire/fwhosts/customservices
-var/ipfire/fwhosts/customservicegrp
+#var/ipfire/firewall/config
+#var/ipfire/firewall/input
+#var/ipfire/firewall/outgoing
+#var/ipfire/firewall/p2protocols
+#var/ipfire/firewall/settings
+#var/ipfire/fwhosts
+#var/ipfire/fwhosts/customhosts
+#var/ipfire/fwhosts/customnetworks
+#var/ipfire/fwhosts/customgroups
+#var/ipfire/fwhosts/customservices
+#var/ipfire/fwhosts/customservicegrp
 var/ipfire/fwhosts/icmp-types
 var/ipfire/menu.d/50-firewall.menu
diff --git a/config/rootfiles/core/76/update.sh b/config/rootfiles/core/76/update.sh
index cf0d2f96d..0eca9e6f8 100644
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -192,6 +192,10 @@ fi
 
 ln -svf ../run /var/run
 
+# Creating directories for new firewall.
+mkdir -p /var/ipfire/firewall
+mkdir -p /var/ipfire/fwhosts
+
 #
 #Extract files
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
@@ -253,6 +257,22 @@ rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
 /sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
 /sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null
 
+# Create config files for firewall and fix permissions.
+touch /var/ipfire/firewall/config
+touch /var/ipfire/firewall/input
+touch /var/ipfire/firewall/outgoing
+touch /var/ipfire/firewall/p2protocols
+touch /var/ipfire/firewall/settings
+touch /var/ipfire/fwhosts/customhosts
+touch /var/ipfire/fwhosts/customnetworks
+touch /var/ipfire/fwhosts/customgroups
+touch /var/ipfire/fwhosts/customservices
+touch /var/ipfire/fwhosts/customservicegrp
+
+# Fix ownership.
+chown -R nobody:nobody /var/ipfire/firewall
+chown -R nobody:nobody /var/ipfire/fwhosts
+
 # Convert firewall configuration
 /usr/sbin/convert-xtaccess
 /usr/sbin/convert-outgoingfw