Core 76: Don't extract firewall config files.

While updating the configfiles of the firewall has been extracted and replaced, the existing one's if the new firewall was allready installed. As a result of this behaviour all firewall rules, settings or created groups were lost. We now try to create them by using touch if they do not exist.
2026-04-28 03:33:25 +02:00 · 2014-01-18 23:36:41 +01:00
parent 240acdfd87
commit 5bdefccbbc
2 changed files with 32 additions and 12 deletions
--- a/config/rootfiles/core/76/filelists/firewall
+++ b/config/rootfiles/core/76/filelists/firewall
@@ -9,19 +9,19 @@ usr/sbin/convert-outgoingfw
 usr/sbin/convert-portfw
 usr/sbin/convert-xtaccess
 usr/sbin/firewall-policy
-var/ipfire/firewall
+#var/ipfire/firewall
 var/ipfire/firewall/bin/firewall-lib.pl
 var/ipfire/firewall/bin/rules.pl
-var/ipfire/firewall/config
-var/ipfire/firewall/input
-var/ipfire/firewall/outgoing
-var/ipfire/firewall/p2protocols
-var/ipfire/firewall/settings
-var/ipfire/fwhosts
-var/ipfire/fwhosts/customhosts
-var/ipfire/fwhosts/customnetworks
-var/ipfire/fwhosts/customgroups
-var/ipfire/fwhosts/customservices
-var/ipfire/fwhosts/customservicegrp
+#var/ipfire/firewall/config
+#var/ipfire/firewall/input
+#var/ipfire/firewall/outgoing
+#var/ipfire/firewall/p2protocols
+#var/ipfire/firewall/settings
+#var/ipfire/fwhosts
+#var/ipfire/fwhosts/customhosts
+#var/ipfire/fwhosts/customnetworks
+#var/ipfire/fwhosts/customgroups
+#var/ipfire/fwhosts/customservices
+#var/ipfire/fwhosts/customservicegrp
 var/ipfire/fwhosts/icmp-types
 var/ipfire/menu.d/50-firewall.menu
--- a/config/rootfiles/core/76/update.sh
+++ b/config/rootfiles/core/76/update.sh
@@ -192,6 +192,10 @@ fi

 ln -svf ../run /var/run

+# Creating directories for new firewall.
+mkdir -p /var/ipfire/firewall
+mkdir -p /var/ipfire/fwhosts
+
 #
 #Extract files
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
@@ -253,6 +257,22 @@ rm -f /srv/web/ipfire/cgi-bin/{dmzholes,outgoingfw,portfw,xtaccess}.cgi
 /sbin/iptables -t nat -N NAT_SOURCE 2>/dev/null
 /sbin/iptables -t nat -N NAT_DESTINATION 2>/dev/null

+# Create config files for firewall and fix permissions.
+touch /var/ipfire/firewall/config
+touch /var/ipfire/firewall/input
+touch /var/ipfire/firewall/outgoing
+touch /var/ipfire/firewall/p2protocols
+touch /var/ipfire/firewall/settings
+touch /var/ipfire/fwhosts/customhosts
+touch /var/ipfire/fwhosts/customnetworks
+touch /var/ipfire/fwhosts/customgroups
+touch /var/ipfire/fwhosts/customservices
+touch /var/ipfire/fwhosts/customservicegrp
+
+# Fix ownership.
+chown -R nobody:nobody /var/ipfire/firewall
+chown -R nobody:nobody /var/ipfire/fwhosts
+
 # Convert firewall configuration
 /usr/sbin/convert-xtaccess
 /usr/sbin/convert-outgoingfw