Append two new lines before additional text using sed

Question

I've hit a bit of a stumper (for me). I'm attempting to insert two newline characters into the RHEL5 /etc/sysconfig/iptables file during our server build process (using kickstart post-installation scripts).

The specific sed command is:

${SED} -i "/-i lo/ a\
\n\n#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n" ${IPTABLES}

This is actually part of a larger script. ${SED}and ${IPTABLES} are already set to the necessary values.

All of the newlines work with the exception of the first two. Or, more accurately, the second of the first two. Even the last two newlines after ACCEPT work. What happens with the first two newlines is that the first works, creating a newline after matching the iptables entry which contains -i lo . The second, however, simply inserts a literal 'n' prior to the #Trusted Traffic text.

It ends up looking like

(snip)
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
n#Trusted Traffic
-A INPUT (snip)

I've tried various methods of ensuring the second newline is inserted. I've used two blank lines instead of \\n\\n . I've used two newline characters on separate lines, I've used \\\\n\\\\n . Everything I've tried so far results in the same outcome: A literal 'n' being inserted instead of a second newline.

Does sed simply not work with two newline characters at the beginning of appended text? Is there a way to make this work that I'm simply ignorant of?

Answer 1

Interesting, I would have thought that one of your attempted solutions would work, but I am seeing the same behavior. Here is one potential solution:

${SED} -i -e "s/-i lo.*/\0\n\n/" -e "// a\
#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n" ${IPTABLES}

This works by first appending the two newlines to the end of the previous line, and then doing the append.

Answer 2

我不明白为什么它也不起作用，但你也可以使用替换选项而不是追加：

${SED} -i "s%-i lo.*%&\n\n#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n%" ${IPTABLES}

Answer 3

Not sure about portability, but try:

${SED} '/-i lo/ a\
\
\
'"#Trusted Traffic\\
-A INPUT -s 10.153.156...
"

This technique works on BSD sed. You can maintain double quotes throughout with:

${SED} "/-i lo/ a\\
\\
\\
#Trusted Traffic\\
-A INPUT -s 10.153.156...
"

In either case, there must be no whitespace between the backslash and the end of the line.