--- loncom/configuration/Firewall.pm	2019/06/09 02:35:45	1.18
+++ loncom/configuration/Firewall.pm	2021/12/20 03:13:29	1.23
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Firewall configuration to allow internal LON-CAPA communication between servers   
 #
-# $Id: Firewall.pm,v 1.18 2019/06/09 02:35:45 raeburn Exp $
+# $Id: Firewall.pm,v 1.23 2021/12/20 03:13:29 raeburn Exp $
 #
 # The LearningOnline Network with CAPA
 #
@@ -51,7 +51,7 @@ sub uses_firewalld {
         if ($1 >= 18) {
             $checkfirewalld = 1;
         }
-    } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) {
+    } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) {
         if ($1 >= 7) {
             $checkfirewalld = 1;
         }
@@ -119,6 +119,10 @@ sub firewall_open_port {
                 @lond_port_curropen);
             if (ref($iphost) eq 'HASH') {
                 if (keys(%{$iphost}) > 0) {
+                    my $count = scalar(keys(%{$iphost}));
+                    if ($count > 1) {
+                        print "Please be patient. Checking $count IPs.\n";
+                    }
                     my %curropen;
                     if ($firewalld) {
                         &firewall_close_anywhere($iptables,$zone,$port,$firewalld);
@@ -132,6 +136,7 @@ sub firewall_open_port {
                                                                  $lond_port,$iphost,\%curropen);
                         }
                     }
+                    my $countok = 0;
                     foreach my $key (keys(%{$iphost})) {
                         my $ip = '';
                         if ($key =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) {
@@ -179,12 +184,27 @@ sub firewall_open_port {
                                 }
                             }
                         }
+                        if ($count > 1) {
+                            $countok ++;
+                            print '.';
+                            if ($countok%40 == 0) {
+                                print "\n";
+                            }
+                        }
+                    }
+                    if ($count > 1) {
+                        if ($countok%40) { 
+                            print "\n"; 
+                        }
                     }
                 } else {
-                    print "no key found in $iphost hash ref\n";
+                    print "no key found in \$iphost hash ref.\n".
+                          "Domain Name Service (DNS) may not be available.\n".
+                          "If this LON-CAPA node is standalone, then you can fix this issue by modifying /etc/hosts.\n".
+                          "Use a text editor to add: IPaddress Hostname\n";
                 }
             } else {
-                print "$iphost is not a reference to a hash\n";
+                print "\$iphost is not a reference to a hash\n";
             }
             if (@lond_port_curropen) {
                 unless (grep(/^\Q$port\E$/,@opened)) {
@@ -276,6 +296,7 @@ sub firewall_is_port_open {
     # for other ports returns 1 if the firewall port is open, 0 if not.
     # if firewalld is in use, checks for rich rules only.
     my $count = 0;
+    # check if firewall is active or installed
     return $count if (! &firewall_is_active());
     if ($firewalld) {
         my $zone = &get_default_zone();
@@ -307,12 +328,7 @@ sub firewall_is_port_open {
                 close(PIPE);
             }
         }
-	return $count; 
-    }
-    return $count unless ($fw_chain !~ /^[\w-]+$/);
-    if (open(PIPE,"$iptables -L $fw_chain -n |")) {
-        # check if firewall is active or installed
-        return if (! &firewall_is_active());
+    } elsif (($fw_chain =~ /^[\w-]+$/) && (open(PIPE,"$iptables -L $fw_chain -n |"))) {
         while(<PIPE>) {
             if ($port eq $lond_port) {
                 if (ref($iphost) eq 'HASH') {
@@ -640,8 +656,8 @@ sub get_fw_chains {
     my $firewalld = &uses_firewalld($distro);
     if ($firewalld) {
         my ($dist,$version) = ($distro =~ /^([\D]+)(\d+)$/);
-        if ((($dist eq 'rhes') || ($dist eq 'centos')) &&
-             ($version >= 8)) {
+        if (((($dist eq 'rhes') || ($dist eq 'centos') || ($dist eq 'rocky') || ($dist eq 'alma')) &&
+             ($version >= 8)) || (($dist eq 'oracle') && ($version >= 7))) {
             push(@fw_chains,'INPUT');
         } else {
             my $zone = &get_default_zone();
@@ -660,7 +676,7 @@ sub get_fw_chains {
         } else {
             if ($distro =~ /^(debian|ubuntu|suse|sles)/) {
                 @posschains = ('INPUT'); 
-            } elsif ($distro =~ /^(fedora|rhes|centos|scientific)(\d+)$/) {
+            } elsif ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)$/) {
                 if ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) {
                     @posschains = ('INPUT');
                 } else {
@@ -673,7 +689,7 @@ sub get_fw_chains {
                         print("Unable to find iptables file containing static definitions.\n");
                     }
                 }
-                if ($distro =~ /^(fedora|rhes|centos|scientific)(\d+)$/) {
+                if ($distro =~ /^(fedora|rhes|centos|scientific|oracle|rocky|alma)(\d+)$/) {
                     unless ((($1 eq 'fedora') && ($2 > 15)) || (($1 ne 'fedora') && ($2 >= 7))) {
                         push(@fw_chains,'RH-Firewall-1-INPUT');
                     }