Append two new lines before additional text using sed

Question

I've hit a bit of a stumper (for me). I'm attempting to insert two newline characters into the RHEL5 /etc/sysconfig/iptables file during our server build process (using kickstart post-installation scripts).

The specific sed command is:

${SED} -i "/-i lo/ a\
\n\n#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n" ${IPTABLES}

This is actually part of a larger script. ${SED}and ${IPTABLES} are already set to the necessary values.

All of the newlines work with the exception of the first two. Or, more accurately, the second of the first two. Even the last two newlines after ACCEPT work. What happens with the first two newlines is that the first works, creating a newline after matching the iptables entry which contains -i lo. The second, however, simply inserts a literal 'n' prior to the #Trusted Traffic text.

It ends up looking like

(snip)
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
n#Trusted Traffic
-A INPUT (snip)

I've tried various methods of ensuring the second newline is inserted. I've used two blank lines instead of \n\n. I've used two newline characters on separate lines, I've used \\n\\n. Everything I've tried so far results in the same outcome: A literal 'n' being inserted instead of a second newline.

Does sed simply not work with two newline characters at the beginning of appended text? Is there a way to make this work that I'm simply ignorant of?

Answer 1

I don't see why it's not working either, but you can do this also with the substitute option instead of append:

${SED} -i "s%-i lo.*%&\n\n#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n%" ${IPTABLES}

Answer 2

Interesting, I would have thought that one of your attempted solutions would work, but I am seeing the same behavior. Here is one potential solution:

${SED} -i -e "s/-i lo.*/\0\n\n/" -e "// a\
#Trusted Traffic\n-A INPUT -s 10.153.156.0/25,10.153.174.160/27 -d ${MGTIP} -m state --state NEW -j ACCEPT\n\n#Remote Access\n-A INPUT -s 10.120.80.0/21,10.152.80.0/21,10.153.193.0/24,172.18.1.0/24,${MGTNET}/${NUMBITS} -d ${MGTIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n#Backups\n-A INPUT -s 10.153.147.192/26 -d ${BKPIP} -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT\n\n" ${IPTABLES}

This works by first appending the two newlines to the end of the previous line, and then doing the append.