[LON-CAPA-cvs] cvs: loncom /configuration Firewall.pm

raeburn raeburn@source.lon-capa.org
Sun, 15 May 2011 00:49:41 -0000 

raeburn		Sun May 15 00:49:41 2011 EDT

  Modified files:              
    /loncom/configuration	Firewall.pm 
  Log:
  - Report if no IP addresses required termination of port access.   
  
  
Index: loncom/configuration/Firewall.pm
diff -u loncom/configuration/Firewall.pm:1.10 loncom/configuration/Firewall.pm:1.11
--- loncom/configuration/Firewall.pm:1.10	Sat May 14 22:34:12 2011
+++ loncom/configuration/Firewall.pm	Sun May 15 00:49:41 2011
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Firewall configuration to allow internal LON-CAPA communication between servers   
 #
-# $Id: Firewall.pm,v 1.10 2011/05/14 22:34:12 raeburn Exp $
+# $Id: Firewall.pm,v 1.11 2011/05/15 00:49:41 raeburn Exp $
 #
 # The LearningOnline Network with CAPA
 #
@@ -244,8 +244,9 @@
             print "Skipped non-numeric port: $portnum\n"; 
             next;
         }
-        print "Closing firewall access on port $port\n";
+        print "Closing firewall access on port $port.\n";
         if (($port ne '') && ($port eq $lond_port)) {
+            my $output;
             foreach my $fw_chain (@okchains) {
                 my (@port_error,@command_error,@lond_port_close);
                 my %to_close;
@@ -284,17 +285,22 @@
                     }
                 }
                 if (@lond_port_close) {
-                    print "Port closed for ".scalar(@lond_port_close)." IP addresses\n";
+                    $output .= "Port closed for ".scalar(@lond_port_close)." IP addresses\n";
                 }
                 if (@port_error) {
-                    print "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";
+                    $output .= "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";
                 }
                 if (@command_error) {
-                    print "Bad command error opening port for following IP addresses: ".
+                    $output .= "Bad command error opening port for following IP addresses: ".
                           join(', ',@command_error)."\n".
                           'Command was: "'."$iptables -D $fw_chain -p tcp -s ".'$ip'." -d 0/0 --dport $port -j ACCEPT".'", where $ip is IP address'."\n";
                 }
             }
+            if ($output) {
+                 print $output;
+            } else {
+                print "No IP addresses required discontinuation of access.\n";
+            }
         } else {
             foreach my $fw_chain (@okchains) {
                 my (@port_error,@command_error,@lond_port_close);