webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 12:15:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2d81a451e1c0200ac46723618e778d6422c4e8de
bpfire/src/scripts/convert-to-location
Michael Tremer 2ae1c23f62 location: Restart IPsec after firewall was restarted 
strongswan creates rules in iptables which are being dropped when
the firewall is being restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-07-28 18:32:20 +00:00

59 lines
2.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2020 IPFire Development Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
CONF_DIR="/var/ipfire"
FW_CONF_DIR="$CONF_DIR/firewall"
HOSTS_CONF_DIR="$CONF_DIR/fwhosts"
# Check if the old blocking configuration file exists.
if [ -f "$FW_CONF_DIR/geoipblock" ]; then
# Convert variable, if blocking is enabled or not.
sed -i 's/GEOIPBLOCK/LOCATIONBLOCK/g' "$FW_CONF_DIR/geoipblock"
# Rename file to the new name.
mv "$FW_CONF_DIR/geoipblock" "$FW_CONF_DIR/locationblock"
# Loop through the firewall config directory.
for file in "$FW_CONF_DIR/config" "$FW_CONF_DIR/input" "$FW_CONF_DIR/outgoing"; do
# Convert pattern which indicates location based rules to the new
# ones.
sed -i 's/cust_geoip/cust_location/g' "$file"
done
# Rename indicator for location based groups to the new one.
sed -i 's/GeoIP Group/Location Group/g' "$HOSTS_CONF_DIR/customgeoipgrp"
# Rename file to the new name.
mv "$HOSTS_CONF_DIR/customgeoipgrp" "$HOSTS_CONF_DIR/customlocationgrp"
# Regenerate firewall chains.
/etc/init.d/firewall restart
# Restart IPsec for dropped iptables rules
if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
/etc/init.d/ipsec restart
fi
fi
# Finished.
exit 0
Reference in New Issue View Git Blame Copy Permalink