Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Feature Requests

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th April 2007, 23:09
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default Restore Firewall Settings on ISPC Upgrade

I thought all went well with the upgrade to 2.2.12 until I saw blocked IPs appearing in my security logs.

Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?

Thank God you already make a backup first.
Reply With Quote
Sponsored Links
  #2  
Old 21st April 2007, 13:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by Hawker
Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?
I'm not sure if this isn't already done?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st April 2007, 15:18
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

I double checked the install script. The /etc/Bastille directory is backed up in it's entirety but the /etc/Bastille/firewall.d directory is not recreated or copied when the upgrade is complete.

Code:
if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date), $FILE, __LINE__);
  @mkdir("/etc/Bastille", octdec($directory_mode));
  caselog("cp -f isp/conf/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__);
  caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__);
  $conf = rf("/etc/Bastille/bastille-firewall.cfg");
  $conf = str_replace("{DNS_SERVERS}", "", $conf);

  $tcp_public_services = '';
  $udp_public_services = '';
  if($conn = mysql_query("SELECT dienst_port, dienst_typ FROM isp_firewall WHERE dienst_aktiv = 'ja'")){
    while($row = mysql_fetch_array($conn)){
      if($row['dienst_typ'] == 'tcp') $tcp_public_services .= $row['dienst_port'].' ';
      if($row['dienst_typ'] == 'udp') $udp_public_services .= $row['dienst_port'].' ';
    }
    $tcp_public_services = trim($tcp_public_services);
    $udp_public_services = trim($udp_public_services);
  } else {
    $tcp_public_services = '21 22 25 53 80 81 110 443 10000';
    $udp_public_services = '53';
  }
  $conf = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $conf);
  $conf = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $conf);

  wf("/etc/Bastille/bastille-firewall.cfg", $conf);
Perhaps this would work inserted after the last line shown...

Code:
  if(is_dir("/etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d") {
  @mkdir("/etc/Bastille/firewall.d", octdec($directory_mode));
  caselog("cp -f /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  }

Last edited by Hawker; 21st April 2007 at 15:24.
Reply With Quote
The Following User Says Thank You to Hawker For This Useful Post:
till (23rd April 2007)
  #4  
Old 22nd April 2007, 23:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

I've added this to our bug tracker.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 2nd May 2007, 13:30
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

Have you ever been doing something totally unrelated to ISPC and suddenly had something come to mind that could be a problem for ISPC? Well I just did...

If you use my solution above, this should be place in a variable...
Code:
date("m_d_Y__H_i_s", $current_date)
Such as...
Code:
$backup_date == date("m_d_Y__H_i_s", $current_date);
Changing the code sections to...
Code:
$backup_date == date("m_d_Y__H_i_s", $current_date);
if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".$backup_date, $FILE, __LINE__);
  @mkdir("/etc/Bastille", octdec($directory_mode));
....
....
Code:
if(is_dir("/etc/Bastille.backup_".$backup_date."/firewall.d") {
  @mkdir("/etc/Bastille/firewall.d", octdec($directory_mode));
  caselog("cp -f /etc/Bastille.backup_".$backup_date."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__);
  }
Otherwise if a user begins this part of the code at 23:59:59:XX it is possible that the current date will change and the part of the code to copy the directory will fail.
Reply With Quote
  #6  
Old 10th May 2007, 13:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by Hawker
Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade?
I've just added this to the SVN repository, so it will be in the next update.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Modify default firewall settings wr19026 Feature Requests 3 28th February 2007 19:21
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42
Will i lose my settings if I upgrade from FC4 to FC5? sbovisjb1 Kernel Questions 5 6th April 2006 00:37
I need a suitable firewall. agul Server Operation 4 23rd November 2005 00:12
Firewall rules missing after Upgrade. jernis Installation/Configuration 2 17th August 2005 12:46


All times are GMT +2. The time now is 06:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.