From 625dfda15f9bd26d04cfa7b3d9b3e36a44bd2c02 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 21 Mar 2020 17:39:46 +0100 Subject: [PATCH] update_firewall-script_ipt-gateway.sh: support (aufs) ro systems. --- update_firewall-script_ipt-gateway.sh | 47 +++++++++++++++++++++------ 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/update_firewall-script_ipt-gateway.sh b/update_firewall-script_ipt-gateway.sh index 1341e08..1fc6d8e 100755 --- a/update_firewall-script_ipt-gateway.sh +++ b/update_firewall-script_ipt-gateway.sh @@ -198,7 +198,15 @@ DEFAULT_REPOSITORY_NAME="ipt-gateway" DEFAULT_REPOSITORY_BASE_PATH="/usr/local/src" DEFAULT_IPV4_FIREWALL_SCRIPT="ipt-firewall-gateway" DEFAULT_IPV6_FIREWALL_SCRIPT="ip6t-firewall-gateway" -DEFAULT_CONFIG_DIR="/etc/ipt-firewall" +if [[ -d "/ro/etc/ipt-firewall" ]] ; then + BIN_DIR="/ro/usr/local/sbin" + DEFAULT_CONFIG_DIR="/ro/etc/ipt-firewall" + RO_SYSTEM=true +else + BIN_DIR="/usr/local/sbin" + DEFAULT_CONFIG_DIR="/etc/ipt-firewall" + RO_SYSTEM=false +fi DEFAULT_FIREWALL_CONFIGURATION_FILES=" include_functions.conf load_modules_ipv4.conf @@ -253,15 +261,27 @@ if $terminal ; then echo "" fi +if $RO_SYSTEM ; then + echononl "Remount '/ro' writable.." + remountrw > /dev/null 2> "$log_file" + if [[ $? -gt 0 ]]; then + echo_failed + fatal "$(cat "$log_file")" + else + echo_ok + fi + blank_line +fi + restart_ipv6_firewall=false restart_ipv4_firewall=false -echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to /usr/local/sbin/ .." +echononl "Copy firewall script '$IPV4_FIREWALL_SCRIPT' to ${BIN_DIR}/ .." if [[ -f "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ]]; then - if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then + if $(diff "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" "${BIN_DIR}/$IPV4_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then echo_skipped else - cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1 + cp "${REPOSITORY_PATH}/$IPV4_FIREWALL_SCRIPT" ${BIN_DIR}/ > "$log_file" 2>&1 if [[ $? -gt 0 ]]; then echo_failed error "$(cat "$log_file")" @@ -275,12 +295,12 @@ else warn "No file '$IPV4_FIREWALL_SCRIPT' found at repository '$REPOSITORY_NAME'" fi -echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to /usr/local/sbin/ .." +echononl "Copy firewall script '$IPV6_FIREWALL_SCRIPT' to ${BIN_DIR}/ .." if [[ -f "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ]]; then - if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then + if $(diff "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" "${BIN_DIR}/$IPV6_FIREWALL_SCRIPT" > /dev/null 2>&1) ; then echo_skipped else - cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" /usr/local/sbin/ > "$log_file" 2>&1 + cp "${REPOSITORY_PATH}/$IPV6_FIREWALL_SCRIPT" ${BIN_DIR}/ > "$log_file" 2>&1 if [[ $? -gt 0 ]]; then echo_failed error "$(cat "$log_file")" @@ -332,7 +352,7 @@ blank_line echononl "Restart IPv4 Firewall.." if $restart_ipv4_firewall ; then - /usr/local/sbin/$IPV4_FIREWALL_SCRIPT > /dev/null 2> "$log_file" + ${BIN_DIR}/$IPV4_FIREWALL_SCRIPT > /dev/null 2> "$log_file" if [[ $? -gt 0 ]]; then echo_failed else @@ -345,8 +365,8 @@ fi echononl "Restart IPv6 Firewall.." if $restart_ipv6_firewall \ && [[ -f "/etc/ipt-firewall/main_ipv6.conf" ]] \ - && [[ -f "/usr/local/sbin/$IPV6_FIREWALL_SCRIPT" ]]; then - /usr/local/sbin/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file" + && [[ -f "${BIN_DIR}/$IPV6_FIREWALL_SCRIPT" ]]; then + ${BIN_DIR}/$IPV6_FIREWALL_SCRIPT > /dev/null 2> "$log_file" if [[ $? -gt 0 ]]; then echo_failed else @@ -356,6 +376,13 @@ else echo_skipped fi +if $RO_SYSTEM ; then + blank_line + echononl "Remount '/ro' readonly.." + remountro > /dev/null 2> "$log_file" + echo_done +fi + info "Configuration files \033[1mmain_ipv[4|6].conf\033[m are not considered."