--- loncom/configuration/Firewall.pm 2020/07/09 13:42:37 1.21 +++ loncom/configuration/Firewall.pm 2024/04/24 21:34:44 1.26 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Firewall configuration to allow internal LON-CAPA communication between servers # -# $Id: Firewall.pm,v 1.21 2020/07/09 13:42:37 raeburn Exp $ +# $Id: Firewall.pm,v 1.26 2024/04/24 21:34:44 raeburn Exp $ # # The LearningOnline Network with CAPA # @@ -51,7 +51,7 @@ sub uses_firewalld { if ($1 >= 18) { $checkfirewalld = 1; } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { $checkfirewalld = 1; } @@ -119,6 +119,10 @@ sub firewall_open_port { @lond_port_curropen); if (ref($iphost) eq 'HASH') { if (keys(%{$iphost}) > 0) { + my $count = scalar(keys(%{$iphost})); + if ($count > 1) { + print "Please be patient. Checking $count IPs.\n"; + } my %curropen; if ($firewalld) { &firewall_close_anywhere($iptables,$zone,$port,$firewalld); @@ -132,6 +136,7 @@ sub firewall_open_port { $lond_port,$iphost,\%curropen); } } + my $countok = 0; foreach my $key (keys(%{$iphost})) { my $ip = ''; if ($key =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) { @@ -179,6 +184,18 @@ sub firewall_open_port { } } } + if ($count > 1) { + $countok ++; + print '.'; + if ($countok%40 == 0) { + print "\n"; + } + } + } + if ($count > 1) { + if ($countok%40) { + print "\n"; + } } } else { print "no key found in \$iphost hash ref.\n". @@ -348,6 +365,18 @@ sub firewall_is_active { } close(PIPE); } + unless ($status) { + if (open(PIPE,'nft list tables |')) { + while() { + chomp(); + if (/filter$/) { + $status = 1; + last; + } + } + close(PIPE); + } + } } unless ($status) { $status = &uses_firewalld(); @@ -638,8 +667,8 @@ sub get_fw_chains { my $ubuntu_config = "/etc/ufw/ufw.conf"; my $firewalld = &uses_firewalld($distro); if ($firewalld) { - my ($dist,$version) = ($distro =~ /^([\D]+)(\d+)$/); - if (((($dist eq 'rhes') || ($dist eq 'centos')) && + my ($dist,$version) = ($distro =~ /^([\D]+)(\d+)(?:|\-stream)$/); + if (((($dist eq 'rhes') || ($dist eq 'centos') || ($dist eq 'rocky') || ($dist eq 'alma')) && ($version >= 8)) || (($dist eq 'oracle') && ($version >= 7))) { push(@fw_chains,'INPUT'); } else { @@ -659,7 +688,7 @@ sub get_fw_chains { } else { if ($distro =~ /^(debian|ubuntu|suse|sles)/) { @posschains = ('INPUT'); - } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle)(\d+)$/) { + } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)(?:|\-stream)$/) { if ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) { @posschains = ('INPUT'); } else { @@ -672,7 +701,7 @@ sub get_fw_chains { print("Unable to find iptables file containing static definitions.\n"); } } - if ($distro =~ /^(fedora|rhes|centos|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)(?:|\-stream)$/) { unless ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) { push(@fw_chains,'RH-Firewall-1-INPUT'); }