I thought all went well with the upgrade to 2.2.12 until I saw blocked IPs appearing in my security logs.

Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?

Thank God you already make a backup first.

Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?

I'm not sure if this isn't already done?

I double checked the install script. The /etc/Bastille directory is backed up in it's entirety but the /etc/Bastille/firewall.d directory is not recreated or copied when the upgrade is complete.

if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date), $FILE, __LINE__);
@mkdir("/etc/Bastille", octdec($directory_mode));
caselog("cp -f isp/conf/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__);
caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__);
$conf = rf("/etc/Bastille/bastille-firewall.cfg");
$conf = str_replace("{DNS_SERVERS}", "", $conf);

$tcp_public_services = '';
$udp_public_services = '';
if($conn = mysql_query("SELECT dienst_port, dienst_typ FROM isp_firewall WHERE dienst_aktiv = 'ja'")){
while($row = mysql_fetch_array($conn)){
if($row['dienst_typ'] == 'tcp') $tcp_public_services .= $row['dienst_port'].' ';
if($row['dienst_typ'] == 'udp') $udp_public_services .= $row['dienst_port'].' ';
}
$tcp_public_services = trim($tcp_public_services);
$udp_public_services = trim($udp_public_services);
} else {
$tcp_public_services = '21 22 25 53 80 81 110 443 10000';
$udp_public_services = '53';
}
$conf = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $conf);
$conf = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $conf);

wf("/etc/Bastille/bastille-firewall.cfg", $conf);

Perhaps this would work inserted after the last line shown...

if(is_dir("/etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d") {
@mkdir("/etc/Bastille/firewall.d", octdec($directory_mode));
caselog("cp -f /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
}

I've added this to our bug tracker.

Have you ever been doing something totally unrelated to ISPC and suddenly had something come to mind that could be a problem for ISPC? Well I just did...

If you use my solution above, this should be place in a variable...
date("m_d_Y__H_i_s", $current_date)

Such as...
$backup_date == date("m_d_Y__H_i_s", $current_date);

Changing the code sections to...
$backup_date == date("m_d_Y__H_i_s", $current_date);
if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".$backup_date, $FILE, __LINE__);
@mkdir("/etc/Bastille", octdec($directory_mode));
....
....

if(is_dir("/etc/Bastille.backup_".$backup_date."/firewall.d") {
@mkdir("/etc/Bastille/firewall.d", octdec($directory_mode));
caselog("cp -f /etc/Bastille.backup_".$backup_date."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
}
Otherwise if a user begins this part of the code at 23:59:59:XX it is possible that the current date will change and the part of the code to copy the directory will fail.

Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?

I've just added this to the SVN repository, so it will be in the next update. :)