diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh
index 002f92bbb..f86013c0d 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -117,19 +117,17 @@ chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
 
 # Check if the drop hostile in and out logging options need to be added
 # into the optionsfw settings file and apply to firewall
-optionsfw=""
-if ! [ $(grep "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings) ]; then
-    sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
-    optionsfw="updated"
+if ! grep -q "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings; then
+	echo "LOGDROPHOSTILEIN=on" >> /var/ipfire/optionsfw/settings
 fi
-if ! [ $(grep "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings) ]; then
-    sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
-    optionsfw="updated"
-fi
-if ! [ -z "$optionsfw" ]; then
-    /usr/local/bin/firewallctrl
+
+if ! grep -q "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings; then
+	echo "LOGDROPHOSTILEOUT=on" >> /var/ipfire/optionsfw/settings
 fi
 
+# Reload all firewall rules
+/usr/local/bin/firewallctrl
+
 # Rebuild initial ramdisks
 dracut --regenerate-all --force
 KVER="xxxKVERxxx"