|
version 1.15, 2018/10/24 02:08:04
|
version 1.17, 2019/05/07 21:18:24
|
|
Line 42 sub uses_firewalld {
|
Line 42 sub uses_firewalld {
|
| if ($distro eq '') { |
if ($distro eq '') { |
| $distro = &get_distro(); |
$distro = &get_distro(); |
| } |
} |
| my ($inuse, $checkfirewalld); |
my ($inuse,$checkfirewalld,$zone); |
| if ($distro =~ /^(suse|sles)([\d\.]+)$/) { |
if ($distro =~ /^(suse|sles)([\d\.]+)$/) { |
| if (($1 eq 'sles') && ($2 >= 15)) { |
if (($1 eq 'sles') && ($2 >= 15)) { |
| $checkfirewalld = 1; |
$checkfirewalld = 1; |
|
Line 58 sub uses_firewalld {
|
Line 58 sub uses_firewalld {
|
| } |
} |
| if ($checkfirewalld) { |
if ($checkfirewalld) { |
| my ($loaded,$active); |
my ($loaded,$active); |
| if (open(PIPE,"systemctl status firewalld |")) { |
if (open(PIPE,"systemctl status firewalld 2>&1 |")) { |
| while (<PIPE>) { |
while (<PIPE>) { |
| chomp(); |
chomp(); |
| if (/^\s*Loaded:\s+(\w+)/) { |
if (/^\s*Loaded:\s+(\w+)/) { |
|
Line 71 sub uses_firewalld {
|
Line 71 sub uses_firewalld {
|
| close(PIPE); |
close(PIPE); |
| } |
} |
| if (($loaded eq 'loaded') || ($active eq 'active')) { |
if (($loaded eq 'loaded') || ($active eq 'active')) { |
| $inuse = 1; |
$inuse = 1; |
| |
my $cmd = 'firewall-cmd --get-default-zone'; |
| |
if (open(PIPE,"$cmd |")) { |
| |
my $result = <PIPE>; |
| |
chomp($result); |
| |
close(PIPE); |
| |
if ($result =~ /^\w+$/) { |
| |
$zone = $result; |
| |
} |
| |
} |
| } |
} |
| } |
} |
| return $inuse; |
return ($inuse,$zone); |
| } |
} |
| |
|
| sub firewall_open_port { |
sub firewall_open_port { |
|
Line 96 sub firewall_open_port {
|
Line 105 sub firewall_open_port {
|
| if (ref($ports) ne 'ARRAY') { |
if (ref($ports) ne 'ARRAY') { |
| return 'List of ports to open needed.'; |
return 'List of ports to open needed.'; |
| } |
} |
| my $firewalld = &uses_firewalld(); |
my ($firewalld,$zone) = &uses_firewalld(); |
| foreach my $portnum (@{$ports}) { |
foreach my $portnum (@{$ports}) { |
| my $port = ''; |
my $port = ''; |
| if ($portnum =~ /^(\d+)$/) { |
if ($portnum =~ /^(\d+)$/) { |
|
Line 137 sub firewall_open_port {
|
Line 146 sub firewall_open_port {
|
| } else { |
} else { |
| foreach my $fw_chain (@okchains) { |
foreach my $fw_chain (@okchains) { |
| if ($firewalld) { |
if ($firewalld) { |
| my $cmd = 'firewall-cmd --zone=public --add-rich-rule \'rule family="ipv4" source address="'.$ip.'/32" port port="'.$port.'" protocol="tcp" accept\''; |
my $cmd = 'firewall-cmd --zone='.$zone.' --add-rich-rule \'rule family="ipv4" source address="'.$ip.'/32" port port="'.$port.'" protocol="tcp" accept\''; |
| if (open(PIPE,"$cmd |")) { |
if (open(PIPE,"$cmd |")) { |
| my $result = <PIPE>; |
my $result = <PIPE>; |
| chomp($result); |
chomp($result); |
|
Line 206 sub firewall_open_port {
|
Line 215 sub firewall_open_port {
|
| my (@port_errors,%command_errors); |
my (@port_errors,%command_errors); |
| foreach my $fw_chain (@okchains) { |
foreach my $fw_chain (@okchains) { |
| if ($firewalld) { |
if ($firewalld) { |
| my $cmd = 'firewall-cmd --zone=public --add-rich-rule \'rule family="ipv4" port port="'.$port.'" protocol="tcp" accept\''; |
my $cmd = 'firewall-cmd --zone='.$zone.' --add-rich-rule \'rule family="ipv4" port port="'.$port.'" protocol="tcp" accept\''; |
| if (open(PIPE,"$cmd |")) { |
if (open(PIPE,"$cmd |")) { |
| my $result = <PIPE>; |
my $result = <PIPE>; |
| chomp($result); |
chomp($result); |
|
Line 327 sub firewall_close_port {
|
Line 336 sub firewall_close_port {
|
| if (ref($ports) ne 'ARRAY') { |
if (ref($ports) ne 'ARRAY') { |
| return 'List of ports to close needed.'; |
return 'List of ports to close needed.'; |
| } |
} |
| my $firewalld = &uses_firewalld(); |
my ($firewalld,$zone) = &uses_firewalld(); |
| foreach my $portnum (@{$ports}) { |
foreach my $portnum (@{$ports}) { |
| my $port = ''; |
my $port = ''; |
| if ($portnum =~ /^(\d+)$/) { |
if ($portnum =~ /^(\d+)$/) { |
|
Line 364 sub firewall_close_port {
|
Line 373 sub firewall_close_port {
|
| if (keys(%to_close) > 0) { |
if (keys(%to_close) > 0) { |
| foreach my $ip (keys(%to_close)) { |
foreach my $ip (keys(%to_close)) { |
| if ($firewalld) { |
if ($firewalld) { |
| my $cmd = 'firewall-cmd --zone=public --remove-rich-rule \'rule family="ipv4" source address="'.$ip.'/32" port port="'.$port.'" protocol="tcp" accept\''; |
my $cmd = 'firewall-cmd --zone='.$zone.' --remove-rich-rule \'rule family="ipv4" source address="'.$ip.'/32" port port="'.$port.'" protocol="tcp" accept\''; |
| if (open(PIPE,"$cmd |")) { |
if (open(PIPE,"$cmd |")) { |
| my $result = <PIPE>; |
my $result = <PIPE>; |
| chomp($result); |
chomp($result); |
|
Line 423 sub firewall_close_port {
|
Line 432 sub firewall_close_port {
|
| } |
} |
| if ($to_close) { |
if ($to_close) { |
| if ($firewalld) { |
if ($firewalld) { |
| my $cmd = 'firewall-cmd --zone=public --remove-rich-rule \'rule family="ipv4" port port="'.$port.'" protocol="tcp" accept\''; |
my $cmd = 'firewall-cmd --zone='.$zone.' --remove-rich-rule \'rule family="ipv4" port port="'.$port.'" protocol="tcp" accept\''; |
| if (open(PIPE,"$cmd|")) { |
if (open(PIPE,"$cmd|")) { |
| my $result = <PIPE>; |
my $result = <PIPE>; |
| chomp($result); |
chomp($result); |
|
Line 461 sub firewall_close_port {
|
Line 470 sub firewall_close_port {
|
| |
|
| sub firewall_close_anywhere { |
sub firewall_close_anywhere { |
| my ($iptables,$fw_chain,$port) = @_; |
my ($iptables,$fw_chain,$port) = @_; |
| my $firewalld = &uses_firewalld(); |
my ($firewalld,$zone) = &uses_firewalld(); |
| if (open(PIPE, "$iptables --line-numbers -n -L $fw_chain |")) { |
if (open(PIPE, "$iptables --line-numbers -n -L $fw_chain |")) { |
| while (<PIPE>) { |
while (<PIPE>) { |
| next unless (/dpt:\Q$port\E/); |
next unless (/dpt:\Q$port\E/); |
|
Line 522 sub get_fw_chains {
|
Line 531 sub get_fw_chains {
|
| my @fw_chains; |
my @fw_chains; |
| my $suse_config = "/etc/sysconfig/SuSEfirewall2"; |
my $suse_config = "/etc/sysconfig/SuSEfirewall2"; |
| my $ubuntu_config = "/etc/ufw/ufw.conf"; |
my $ubuntu_config = "/etc/ufw/ufw.conf"; |
| if (&uses_firewalld($distro)) { |
my ($firewalld,$zone) = &uses_firewalld($distro); |
| push(@fw_chains,'IN_public_allow'); |
if ($firewalld) { |
| |
if ($zone ne '') { |
| |
push(@fw_chains,'IN_'.$zone.'_allow'); |
| |
} else { |
| |
push(@fw_chains,'IN_public_allow'); |
| |
} |
| } elsif (-e $suse_config) { |
} elsif (-e $suse_config) { |
| push(@fw_chains,'input_ext'); |
push(@fw_chains,'input_ext'); |
| } else { |
} else { |
![[BACK]](/icons/back.gif){kind=icon}
Return to Firewall.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / configuration