--- loncom/init.d/loncontrol 2004/08/19 18:31:42 1.19 +++ loncom/init.d/loncontrol 2004/12/02 18:49:55 1.20 @@ -22,6 +22,74 @@ $command=$ARGV[0]; $command=~s/[^a-z]//g $ENV{'PATH'}="/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin"; $ENV{'BASH_ENV'}=""; +{ # Firewall variable scoping + # Firewall code is based on the code in FC2 /etc/init.d/ntpd + my $fw_chain = 'RH-Firewall-1-INPUT'; + my $iptables = '/sbin/iptables'; + my $port = 5663; + +sub firewall_open_port { + return if (! &firewall_is_active); + print "Opening firewall access on port $port\n"; + if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) { return; } + # iptables is running with our chain + # + # We could restrict the servers allowed to attempt to communicate + # here, but the logistics of updating the /home/httpd/lonTabs/host.tab + # file are likely to be a problem + my $firewall_command = + "$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; + system($firewall_command); + my $return_status = $?>>8; + if ($return_status == 1) { + # Error + print "Error opening port.\n"; + } elsif ($return_status == 2) { + # Bad command + print "Bad command error opening port. Command was\n". + " ".$firewall_command."\n"; + } +} + +sub firewall_is_port_open { + # returns 1 if the firewall port is open, 0 if not. + # + # check if firewall is active or installed + return if (! &firewall_is_active); + if (`$iptables -L -n 2>/dev/null | grep "tcp dpt:$port"`) { + return 1; + } else { + return 0; + } +} + +sub firewall_is_active { + if (-e '/proc/net/ip_tables_names') { + return 1; + } else { + return 0; + } +} + +sub firewall_close_port { + return if (! &firewall_is_active); + print "Closing firewall access on port $port\n"; + my $firewall_command = + "$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; + system($firewall_command); + my $return_status = $?>>8; + if ($return_status == 1) { + # Error + print "Error closing port.\n"; + } elsif ($return_status == 2) { + # Bad command + print "Bad command error closing port. Command was\n". + " ".$firewall_command."\n"; + } +} + +} # End firewall variable scope + sub stop_daemon { my ($daemon,$killallname)=@_; my $pidfile="/home/httpd/perl/logs/$daemon.pid"; @@ -55,6 +123,7 @@ sub stop_daemon { print("\n"); } + if (($command eq "restartold") or ($command eq "reloadold")) { print 'Restarting LON-CAPA'."\n"; print 'Ending LON-CAPA client and daemon processes'."\n"; @@ -82,12 +151,15 @@ if (($command eq "restartold") or ($comm if ($daemon eq 'lonc') { $killallname='loncnew'; } &stop_daemon($daemon,$killallname); } + &firewall_close_port(); } elsif ($command eq "startold") { + &firewall_open_port(); print 'Starting LON-CAPA'."\n"; print 'Starting LON-CAPA client and daemon processes (please be patient)'. "\n"; system("su www -c '/home/httpd/perl/loncron --oldlonc --justcheckdaemons'"); } elsif ($command eq "start") { + &firewall_open_port(); print 'Starting LON-CAPA'."\n"; print 'Starting LON-CAPA client and daemon processes (please be patient)'. "\n"; @@ -100,6 +172,14 @@ if (($command eq "restartold") or ($comm print 'LON-CAPA is running.'."\n"; system("su www -c '/home/httpd/perl/loncron --justcheckconnections'"); } + if (! &firewall_is_active) { + print 'The iptables firewall is not active'."\n"; + } + if (&firewall_is_port_open()) { + print 'The LON-CAPA port is open in firewall.'."\n"; + } elsif (&firewall_is_active) { + print 'The LON-CAPA port is NOT open in running firewall!'."\n"; + } } else { print 'You need to specify one of restart|stop|start|status on the command line.'."\n"; }