More fun with scripting ipfw.conf changes using grep and echo

Okay here goes…I think I almost have this but it’s not working…what am I missing? Please help!


-- Check to see if DHCP fix has been applied

set current_grep_item to "00050 allow"
set path_to_grep to "/usr/local/etc/ipfw.conf"

try
	set x to do shell script "/usr/bin/grep --count " & quoted form of current_grep_item & " " & quoted form of POSIX path of path_to_grep
on error theErr
	set x to "no search string"
	return x
end try

-- if DHCP fix has been applied, script will now quit

if x = "4" then
	display alert "The DHCP fix has already been applied to this Mac.
	
	Please click Exit to end this installer." buttons {"Exit"} default button {"Exit"}
	
	if button returned of the result is "Exit" then
		
		quit
		
	end if
	
	-- if DHCP fix has not been applied, the required change will now take place.
	-- This change requires a restart.
	
else if x = "no search string" then
	do shell script "echo '
add 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf" with administrator privileges
	
	display alert "The DHCP fix has been applied to this Mac. 

	Please click Restart for changes to take place." buttons {"Restart"} default button {"Restart"}
	
	if button returned of the result is "Restart" then
		do shell script "shutdown -r now"
		
	end if
end if

Where does it went wrong. I mean there is no ipfw configuration file on my machine, there is no folder /usr/local/etc on my machine either. So it would be more useful to declare that out than just posting some code.

There are some comments and no special things you’re doing wrong (i can say right now)

where is the check if the file exists?
why do you let grep count four lines instead of 1?
Why else if x = “no string…” then? This will never be executed.

Something like this would make much more sense to me:


set ipfwConfigFile to "/usr/local/etc/ipfw.conf"

if (((do shell script "test -e " & quoted form of ipfwConfigFile & " ; echo $?") as integer) as boolean) then
	return false --file doesnt exists
end if

if (do shell script "cat " & quoted form of ipfwConfigFile & " | grep --count '^00050'") as integer > 0 then
	--the rule exists
else
	--the rule doesn't exists
	do shell script "echo -en '\\nadd 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf" with administrator privileges
end if

Thank you for pointing me in the right direction.

A few notes: The ipfw.conf file is basically a file which contains custom firewall information that is passed to ipfw on login. We don’t want to push out a new ipfw.conf file as it may have been customized by a user. Adding the single line of text adds improved DHCP connectivity in our environment.

This is what I have now and I’m pretty comfortable with it but would love a second opinion?

-- search to see if there is an ipfw.conf file

if (do shell script "test -e /usr/local/etc/ipfw.conf ; echo $?; exit 0") as integer > 0 then
	
	-- search to see if the 00050 modification has been made
	
	if (do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0") as integer > 0 then
		
		-- Add the 00050 modification
		
		do shell script "sudo echo -ne '\\nadd 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf"
		
	end if
end if

code looks nice but still have a question about:

(do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0") as integer > 0

It gives me an error, so I’m not sure if that works when you run the code twice.

I prefer (i’m not saying you have to) the following line if you don’t like my count example.

--returns true if there is no line containing 00050 and false when there is.
(do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0")'s length = 0

Thanks for the great addition and all your help…I’m down to the very last bit and have finally got it to run without error! I thought I’d share in case someone somewhere needs to do something similar…

if (do shell script "test -e /usr/local/etc/ipfw.conf ; echo $?; exit 0") as integer = 0 then
	set ipfw_exists to "true"
else
	set ipfw_exists to "false"
end if


if ipfw_exists = "true" then
	display dialog "The ipfw.conf file has been located. 

	Let's check if the 00050 fix has been added.

	Please click Continue." buttons {"Continue"} default button {"Continue"}
	
	if (do shell script "cat /usr/local/etc/ipfw.conf | grep -a '00050'; exit 0")'s length = 0 then
		set run_ipfw_fix to "true"
	else
		set run_ipfw_fix to "false"
	end if
	
else
	if ipfw_exists = "false" then
		display dialog "The 00050 fix is not required on this Mac. 
	
		Please click Quit." buttons {"Quit"} default button {"Quit"}
		
		quit
	end if
end if

if run_ipfw_fix = "true" then
	display dialog "The 00050 fix will now be applied. 

	Please click Continue." buttons {"Continue"} default button {"Continue"}
	
	do shell script "echo 'add 00050 allow udp from any to any src-port 67 dst-port 68 in' >> /usr/local/etc/ipfw.conf" with administrator privileges
	
	display alert "Your Mac has been updated. 
	
		Please Restart now." buttons {"Restart"} default button {"Restart"}
	
	tell application "Finder"
		
		restart
		
	end tell
	
else
	if run_ipfw_fix = "false" then
		display dialog "The 00050 fix is not required on this Mac. 
	
		Please click Quit." buttons {"Quit"} default button {"Quit"}
		
		quit
		
	end if
end if