HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Feature Requests (http://www.howtoforge.com/forums/forumdisplay.php?f=17)
-   -   Restore Firewall Settings on ISPC Upgrade (http://www.howtoforge.com/forums/showthread.php?t=12222)

Hawker 20th April 2007 23:09

Restore Firewall Settings on ISPC Upgrade
 
I thought all went well with the upgrade to 2.2.12 until I saw blocked IPs appearing in my security logs.

Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?

Thank God you already make a backup first.

falko 21st April 2007 13:22

Quote:

Originally Posted by Hawker
Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?

I'm not sure if this isn't already done?

Hawker 21st April 2007 15:18

I double checked the install script. The /etc/Bastille directory is backed up in it's entirety but the /etc/Bastille/firewall.d directory is not recreated or copied when the upgrade is complete.

Code:

if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date), $FILE, __LINE__);
  @mkdir("/etc/Bastille", octdec($directory_mode));
  caselog("cp -f isp/conf/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__);
  caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__);
  $conf = rf("/etc/Bastille/bastille-firewall.cfg");
  $conf = str_replace("{DNS_SERVERS}", "", $conf);

  $tcp_public_services = '';
  $udp_public_services = '';
  if($conn = mysql_query("SELECT dienst_port, dienst_typ FROM isp_firewall WHERE dienst_aktiv = 'ja'")){
    while($row = mysql_fetch_array($conn)){
      if($row['dienst_typ'] == 'tcp') $tcp_public_services .= $row['dienst_port'].' ';
      if($row['dienst_typ'] == 'udp') $udp_public_services .= $row['dienst_port'].' ';
    }
    $tcp_public_services = trim($tcp_public_services);
    $udp_public_services = trim($udp_public_services);
  } else {
    $tcp_public_services = '21 22 25 53 80 81 110 443 10000';
    $udp_public_services = '53';
  }
  $conf = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $conf);
  $conf = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $conf);

  wf("/etc/Bastille/bastille-firewall.cfg", $conf);

Perhaps this would work inserted after the last line shown...

Code:

  if(is_dir("/etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d") {
  @mkdir("/etc/Bastille/firewall.d", octdec($directory_mode));
  caselog("cp -f /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  }


falko 22nd April 2007 23:15

I've added this to our bug tracker.

Hawker 2nd May 2007 13:30

Have you ever been doing something totally unrelated to ISPC and suddenly had something come to mind that could be a problem for ISPC? Well I just did...

If you use my solution above, this should be place in a variable...
Code:

date("m_d_Y__H_i_s", $current_date)
Such as...
Code:

$backup_date == date("m_d_Y__H_i_s", $current_date);
Changing the code sections to...
Code:

$backup_date == date("m_d_Y__H_i_s", $current_date);
if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".$backup_date, $FILE, __LINE__);
  @mkdir("/etc/Bastille", octdec($directory_mode));
....
....

Code:

if(is_dir("/etc/Bastille.backup_".$backup_date."/firewall.d") {
  @mkdir("/etc/Bastille/firewall.d", octdec($directory_mode));
  caselog("cp -f /etc/Bastille.backup_".$backup_date."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  }

Otherwise if a user begins this part of the code at 23:59:59:XX it is possible that the current date will change and the part of the code to copy the directory will fail.

falko 10th May 2007 13:55

Quote:

Originally Posted by Hawker
Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?

I've just added this to the SVN repository, so it will be in the next update. :)


All times are GMT +2. The time now is 14:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.