--- loncom/configuration/Firewall.pm	2019/06/09 02:35:45	1.18
+++ loncom/configuration/Firewall.pm	2020/01/11 22:07:54	1.20
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Firewall configuration to allow internal LON-CAPA communication between servers   
 #
-# $Id: Firewall.pm,v 1.18 2019/06/09 02:35:45 raeburn Exp $
+# $Id: Firewall.pm,v 1.20 2020/01/11 22:07:54 raeburn Exp $
 #
 # The LearningOnline Network with CAPA
 #
@@ -51,7 +51,7 @@ sub uses_firewalld {
         if ($1 >= 18) {
             $checkfirewalld = 1;
         }
-    } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) {
+    } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) {
         if ($1 >= 7) {
             $checkfirewalld = 1;
         }
@@ -276,6 +276,7 @@ sub firewall_is_port_open {
     # for other ports returns 1 if the firewall port is open, 0 if not.
     # if firewalld is in use, checks for rich rules only.
     my $count = 0;
+    # check if firewall is active or installed
     return $count if (! &firewall_is_active());
     if ($firewalld) {
         my $zone = &get_default_zone();
@@ -307,12 +308,7 @@ sub firewall_is_port_open {
                 close(PIPE);
             }
         }
-	return $count; 
-    }
-    return $count unless ($fw_chain !~ /^[\w-]+$/);
-    if (open(PIPE,"$iptables -L $fw_chain -n |")) {
-        # check if firewall is active or installed
-        return if (! &firewall_is_active());
+    } elsif (($fw_chain =~ /^[\w-]+$/) && (open(PIPE,"$iptables -L $fw_chain -n |"))) {
         while(<PIPE>) {
             if ($port eq $lond_port) {
                 if (ref($iphost) eq 'HASH') {
@@ -640,8 +636,8 @@ sub get_fw_chains {
     my $firewalld = &uses_firewalld($distro);
     if ($firewalld) {
         my ($dist,$version) = ($distro =~ /^([\D]+)(\d+)$/);
-        if ((($dist eq 'rhes') || ($dist eq 'centos')) &&
-             ($version >= 8)) {
+        if (((($dist eq 'rhes') || ($dist eq 'centos')) &&
+             ($version >= 8)) || (($dist eq 'oracle') && ($version >= 7))) {
             push(@fw_chains,'INPUT');
         } else {
             my $zone = &get_default_zone();
@@ -660,7 +656,7 @@ sub get_fw_chains {
         } else {
             if ($distro =~ /^(debian|ubuntu|suse|sles)/) {
                 @posschains = ('INPUT'); 
-            } elsif ($distro =~ /^(fedora|rhes|centos|scientific)(\d+)$/) {
+            } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle)(\d+)$/) {
                 if ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) {
                     @posschains = ('INPUT');
                 } else {
@@ -673,7 +669,7 @@ sub get_fw_chains {
                         print("Unable to find iptables file containing static definitions.\n");
                     }
                 }
-                if ($distro =~ /^(fedora|rhes|centos|scientific)(\d+)$/) {
+                if ($distro =~ /^(fedora|rhes|centos|scientific|oracle)(\d+)$/) {
                     unless ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) {
                         push(@fw_chains,'RH-Firewall-1-INPUT');
                     }