--- loncom/configuration/Firewall.pm 2019/07/02 19:40:22 1.19 +++ loncom/configuration/Firewall.pm 2021/12/20 03:13:29 1.23 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Firewall configuration to allow internal LON-CAPA communication between servers # -# $Id: Firewall.pm,v 1.19 2019/07/02 19:40:22 raeburn Exp $ +# $Id: Firewall.pm,v 1.23 2021/12/20 03:13:29 raeburn Exp $ # # The LearningOnline Network with CAPA # @@ -51,7 +51,7 @@ sub uses_firewalld { if ($1 >= 18) { $checkfirewalld = 1; } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { $checkfirewalld = 1; } @@ -119,6 +119,10 @@ sub firewall_open_port { @lond_port_curropen); if (ref($iphost) eq 'HASH') { if (keys(%{$iphost}) > 0) { + my $count = scalar(keys(%{$iphost})); + if ($count > 1) { + print "Please be patient. Checking $count IPs.\n"; + } my %curropen; if ($firewalld) { &firewall_close_anywhere($iptables,$zone,$port,$firewalld); @@ -132,6 +136,7 @@ sub firewall_open_port { $lond_port,$iphost,\%curropen); } } + my $countok = 0; foreach my $key (keys(%{$iphost})) { my $ip = ''; if ($key =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { @@ -179,12 +184,27 @@ sub firewall_open_port { } } } + if ($count > 1) { + $countok ++; + print '.'; + if ($countok%40 == 0) { + print "\n"; + } + } + } + if ($count > 1) { + if ($countok%40) { + print "\n"; + } } } else { - print "no key found in $iphost hash ref\n"; + print "no key found in \$iphost hash ref.\n". + "Domain Name Service (DNS) may not be available.\n". + "If this LON-CAPA node is standalone, then you can fix this issue by modifying /etc/hosts.\n". + "Use a text editor to add: IPaddress Hostname\n"; } } else { - print "$iphost is not a reference to a hash\n"; + print "\$iphost is not a reference to a hash\n"; } if (@lond_port_curropen) { unless (grep(/^\Q$port\E$/,@opened)) { @@ -276,6 +296,7 @@ sub firewall_is_port_open { # for other ports returns 1 if the firewall port is open, 0 if not. # if firewalld is in use, checks for rich rules only. my $count = 0; + # check if firewall is active or installed return $count if (! &firewall_is_active()); if ($firewalld) { my $zone = &get_default_zone(); @@ -307,12 +328,7 @@ sub firewall_is_port_open { close(PIPE); } } - return $count; - } - return $count unless ($fw_chain !~ /^[\w-]+$/); - if (open(PIPE,"$iptables -L $fw_chain -n |")) { - # check if firewall is active or installed - return if (! &firewall_is_active()); + } elsif (($fw_chain =~ /^[\w-]+$/) && (open(PIPE,"$iptables -L $fw_chain -n |"))) { while() { if ($port eq $lond_port) { if (ref($iphost) eq 'HASH') { @@ -640,7 +656,7 @@ sub get_fw_chains { my $firewalld = &uses_firewalld($distro); if ($firewalld) { my ($dist,$version) = ($distro =~ /^([\D]+)(\d+)$/); - if (((($dist eq 'rhes') || ($dist eq 'centos')) && + if (((($dist eq 'rhes') || ($dist eq 'centos') || ($dist eq 'rocky') || ($dist eq 'alma')) && ($version >= 8)) || (($dist eq 'oracle') && ($version >= 7))) { push(@fw_chains,'INPUT'); } else { @@ -660,7 +676,7 @@ sub get_fw_chains { } else { if ($distro =~ /^(debian|ubuntu|suse|sles)/) { @posschains = ('INPUT'); - } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle)(\d+)$/) { + } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)$/) { if ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) { @posschains = ('INPUT'); } else { @@ -673,7 +689,7 @@ sub get_fw_chains { print("Unable to find iptables file containing static definitions.\n"); } } - if ($distro =~ /^(fedora|rhes|centos|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)$/) { unless ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) { push(@fw_chains,'RH-Firewall-1-INPUT'); }