--- loncom/configuration/Firewall.pm	2021/12/20 03:13:29	1.23
+++ loncom/configuration/Firewall.pm	2024/06/13 17:18:38	1.27
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Firewall configuration to allow internal LON-CAPA communication between servers   
 #
-# $Id: Firewall.pm,v 1.23 2021/12/20 03:13:29 raeburn Exp $
+# $Id: Firewall.pm,v 1.27 2024/06/13 17:18:38 raeburn Exp $
 #
 # The LearningOnline Network with CAPA
 #
@@ -332,7 +332,7 @@ sub firewall_is_port_open {
         while(<PIPE>) {
             if ($port eq $lond_port) {
                 if (ref($iphost) eq 'HASH') {
-                    if (/^ACCEPT\s+tcp\s+\-{2}\s+(\S+)\s+\S+\s+tcp\s+dpt\:\Q$port\E/) {
+                    if (/^ACCEPT\s+(?:tcp|6)\s+\-{2}\s+(\S+)\s+\S+\s+tcp\s+dpt\:\Q$port\E/) {
                         my $ip = $1;
                         if ($iphost->{$ip}) {
                             $count ++;
@@ -365,6 +365,18 @@ sub firewall_is_active {
             }
             close(PIPE);
         }
+        unless ($status) {
+            if (open(PIPE,'nft list tables |')) {
+                while(<PIPE>) {
+                    chomp();
+                    if (/filter$/) {
+                        $status = 1;
+                        last;
+                    }   
+                }           
+                close(PIPE);      
+            }           
+        }
     }
     unless ($status) {
         $status = &uses_firewalld();
@@ -458,7 +470,7 @@ sub firewall_close_port {
                         while (<PIPE>) {
                             chomp();
                             next unless (/dpt:\Q$port\E/);
-                            if (/^ACCEPT\s+tcp\s+\-{2}\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+/) {
+                            if (/^ACCEPT\s+(?:tcp|6)\s+\-{2}\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+/) {
                                 my $ip = $1;
                                 my $keepopen = 0;
                                 if (ref($iphost) eq 'HASH') {
@@ -613,7 +625,7 @@ sub firewall_close_anywhere {
         while (<PIPE>) {
             next unless (/dpt:\Q$port\E/);
             chomp();
-            if (/^(\d+)\s+ACCEPT\s+tcp\s+\-{2}\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0/) {
+            if (/^(\d+)\s+ACCEPT\s+(?:tcp|6)\s+\-{2}\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0/) {
                 my $firewall_command = "$iptables -D $fw_chain $1";
                 system($firewall_command);
                 my $return_status = $?>>8;
@@ -655,7 +667,7 @@ sub get_fw_chains {
     my $ubuntu_config = "/etc/ufw/ufw.conf";
     my $firewalld = &uses_firewalld($distro);
     if ($firewalld) {
-        my ($dist,$version) = ($distro =~ /^([\D]+)(\d+)$/);
+        my ($dist,$version) = ($distro =~ /^([\D]+)(\d+)(?:|\-stream)$/);
         if (((($dist eq 'rhes') || ($dist eq 'centos') || ($dist eq 'rocky') || ($dist eq 'alma')) &&
              ($version >= 8)) || (($dist eq 'oracle') && ($version >= 7))) {
             push(@fw_chains,'INPUT');
@@ -676,7 +688,7 @@ sub get_fw_chains {
         } else {
             if ($distro =~ /^(debian|ubuntu|suse|sles)/) {
                 @posschains = ('INPUT'); 
-            } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)$/) {
+            } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)(?:|\-stream)$/) {
                 if ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) {
                     @posschains = ('INPUT');
                 } else {
@@ -689,7 +701,7 @@ sub get_fw_chains {
                         print("Unable to find iptables file containing static definitions.\n");
                     }
                 }
-                if ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)$/) {
+                if ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)(?:|\-stream)$/) {
                     unless ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) {
                         push(@fw_chains,'RH-Firewall-1-INPUT');
                     }