[LON-CAPA-cvs] cvs: loncom /configuration Firewall.pm
raeburn
raeburn at source.lon-capa.org
Thu Jun 13 13:18:38 EDT 2024
raeburn Thu Jun 13 17:18:38 2024 EDT
Modified files:
/loncom/configuration Firewall.pm
Log:
- Support Ubuntu 24 and Debian 12 in which output from iptables -n -L uses
IP protocol number instead of text when listing protocol for each rule.
Index: loncom/configuration/Firewall.pm
diff -u loncom/configuration/Firewall.pm:1.26 loncom/configuration/Firewall.pm:1.27
--- loncom/configuration/Firewall.pm:1.26 Wed Apr 24 21:34:44 2024
+++ loncom/configuration/Firewall.pm Thu Jun 13 17:18:38 2024
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Firewall configuration to allow internal LON-CAPA communication between servers
#
-# $Id: Firewall.pm,v 1.26 2024/04/24 21:34:44 raeburn Exp $
+# $Id: Firewall.pm,v 1.27 2024/06/13 17:18:38 raeburn Exp $
#
# The LearningOnline Network with CAPA
#
@@ -332,7 +332,7 @@
while(<PIPE>) {
if ($port eq $lond_port) {
if (ref($iphost) eq 'HASH') {
- if (/^ACCEPT\s+tcp\s+\-{2}\s+(\S+)\s+\S+\s+tcp\s+dpt\:\Q$port\E/) {
+ if (/^ACCEPT\s+(?:tcp|6)\s+\-{2}\s+(\S+)\s+\S+\s+tcp\s+dpt\:\Q$port\E/) {
my $ip = $1;
if ($iphost->{$ip}) {
$count ++;
@@ -470,7 +470,7 @@
while (<PIPE>) {
chomp();
next unless (/dpt:\Q$port\E/);
- if (/^ACCEPT\s+tcp\s+\-{2}\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+/) {
+ if (/^ACCEPT\s+(?:tcp|6)\s+\-{2}\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+/) {
my $ip = $1;
my $keepopen = 0;
if (ref($iphost) eq 'HASH') {
@@ -625,7 +625,7 @@
while (<PIPE>) {
next unless (/dpt:\Q$port\E/);
chomp();
- if (/^(\d+)\s+ACCEPT\s+tcp\s+\-{2}\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0/) {
+ if (/^(\d+)\s+ACCEPT\s+(?:tcp|6)\s+\-{2}\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0/) {
my $firewall_command = "$iptables -D $fw_chain $1";
system($firewall_command);
my $return_status = $?>>8;
More information about the LON-CAPA-cvs
mailing list