From patchwork Tue Jul 28 17:18:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3279 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4BGNgD1f2Cz3xVH for ; Tue, 28 Jul 2020 17:18:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4BGNgC0MkDz2cd; Tue, 28 Jul 2020 17:18:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4BGNg95n6mz306v; Tue, 28 Jul 2020 17:18:29 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4BGNg8360Jz306j for ; Tue, 28 Jul 2020 17:18:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 4BGNg73GJJzNG; Tue, 28 Jul 2020 17:18:27 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1595956707; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Xq26/rjuBvRArxkZMqQI//lMoOFZSddVQIbPCDLlu4o=; b=9PUqaqiPF9MQKf/VnXrXWF4l90j26Hjocv9GlipQX8B32ElJ0vcclvhapKw+G5DiiMPKys rmeAVZusrybTrJAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1595956707; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Xq26/rjuBvRArxkZMqQI//lMoOFZSddVQIbPCDLlu4o=; b=Yv1L5SUTjZCyqAKgJjK0bZGgk3jm0uqoBZNSjTnJjuSYVy2lXxrj7c+tdd0VmcZTqt/YKv X6O5Ig7uILVxLUH5TQJksyWp6VxZvqI9yV8rN7c44RIo6KNypKOCG8oiwUtGVUJr2TcDNw GfMgs6B4Cw09diNWZ/0kFK2AH2ICLjJOVjWL9pqHOi9P5ZwMWKLYDgBTGtZrlmjXeikVIp zP11s1yUHQtPSW+nRGLBdMPhYn5EWWzar1+wib/1AqffV+xZzq7rgMjQneb135F3+8NLMu CNVPKvQTI+OThRHRNTB4FDZlw4ieF0BBpL22Iajop2hsplxBqtmwqjiBzelFfg== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 1/2] location: Restart IPsec after firewall was restarted Date: Tue, 28 Jul 2020 17:18:18 +0000 Message-Id: <20200728171819.13597-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" strongswan creates rules in iptables which are being dropped when the firewall is being restarted. Signed-off-by: Michael Tremer --- src/scripts/convert-to-location | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/scripts/convert-to-location b/src/scripts/convert-to-location index 9149b854d..428a91d34 100755 --- a/src/scripts/convert-to-location +++ b/src/scripts/convert-to-location @@ -47,6 +47,11 @@ if [ -f "$FW_CONF_DIR/geoipblock" ]; then # Regenerate firewall chains. /etc/init.d/firewall restart + + # Restart IPsec for dropped iptables rules + if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + /etc/init.d/ipsec restart + fi fi # Finished. From patchwork Tue Jul 28 17:18:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3278 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4BGNgD1PHmz3wdN for ; Tue, 28 Jul 2020 17:18:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4BGNgB326QzNG; Tue, 28 Jul 2020 17:18:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4BGNg9556mz2yvp; Tue, 28 Jul 2020 17:18:29 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4BGNg82wlMz2xYR for ; Tue, 28 Jul 2020 17:18:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 4BGNg809gXz1gF; Tue, 28 Jul 2020 17:18:28 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1595956708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t/qMZ0IhoQqLWZYGAujfK0kHKUQOamVX+g2rVUtK+bA=; b=VQmbFQgJOdsK7D44Vr9l2rwTtd8QItsuSkvO0GBKqQKoEkxsIixXDynNl2Fge+9ycQukhn eIHI/nUtbYhUm9BA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1595956708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t/qMZ0IhoQqLWZYGAujfK0kHKUQOamVX+g2rVUtK+bA=; b=wfJK4bCspise67jmo4m9a/IhcQEyGkbFSZybXchzs31PVsqoSeq71AceBkzcgg6OO/KoMT Ps8KPcbacc6l/IbcmLhebNmc99J5LJR7TjkHVGvsOLo0HE8lduF9nfcASeRFo6NgxvQJAu q7tNVWlSBKGEFHDLWCr+tDdDjHUxJO8dhOCTAK7M4B0ei7lOINScvJx3dp82RZMfA9FBQs DxPe6ZEN7yG9e8CaxFDkPf8g9RAidKeMEq85eyCyy1RXyT00Ol9++82IKSSIeKaOh8td+0 AxHqxEYnYC57mVXkgwcmiaqvp+oqYwSkbI9mv/eH3qezTufjSE923ofPImxtvg== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 2/2] core148: Do not update the location database straight away Date: Tue, 28 Jul 2020 17:18:19 +0000 Message-Id: <20200728171819.13597-2-michael.tremer@ipfire.org> In-Reply-To: <20200728171819.13597-1-michael.tremer@ipfire.org> References: <20200728171819.13597-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This process takes a long time and stalls the update process. Since the cronjob is being called once an hour, all systems will very quickly pull a recent database which will then be extracted in the background not disrupting the Core Update process. Signed-off-by: Michael Tremer --- config/rootfiles/core/148/update.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/config/rootfiles/core/148/update.sh b/config/rootfiles/core/148/update.sh index c77e72276..d4bcc45bc 100644 --- a/config/rootfiles/core/148/update.sh +++ b/config/rootfiles/core/148/update.sh @@ -52,7 +52,6 @@ ldconfig # update location database /usr/local/bin/convert-to-location -/usr/local/bin/update-location-database # Update Language cache /usr/local/bin/update-lang-cache